Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/eWfnHABP9SS6tAfjWP1w_yl7670.roa
File:                     eWfnHABP9SS6tAfjWP1w_yl7670.roa (raw, json)
Hash identifier:          RI9S3g0yJlRGZcRd9nWUxLxhatRPMg40cjlPHJllRtI=
Subject key identifier:   79:67:E7:1C:00:4F:F5:24:BA:B4:07:E3:58:FD:70:FF:29:7B:EB:BD
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018CC9BA96158B7886CCFF562AFA489D0B9F
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/eWfnHABP9SS6tAfjWP1w_yl7670.roa
Signing time:             Tue 02 Jan 2024 10:31:37 +0000
ROA not before:           Tue 02 Jan 2024 10:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25184
IP address blocks:        83.147.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 13:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:ba:96:15:8b:78:86:cc:ff:56:2a:fa:48:9d:0b:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jan  2 10:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7967e71c004ff524bab407e358fd70ff297bebbd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:e1:d2:ae:55:c1:0e:45:c3:a5:67:d6:b0:2f:
                    02:56:6e:e4:62:98:68:61:b8:c5:72:f8:9c:95:a3:
                    78:9d:64:7e:2b:fd:11:f0:86:fb:26:cf:c8:e9:d4:
                    e4:af:6e:ce:48:11:ea:78:24:6c:c9:47:cd:8a:e9:
                    22:10:ca:a9:e3:42:97:c8:35:75:2b:19:b1:50:c0:
                    36:17:42:84:41:9a:6a:3a:ea:64:9e:98:44:5b:d1:
                    bc:fc:bb:19:5b:69:76:8f:ff:67:3e:cf:2c:0e:e6:
                    54:aa:7f:ee:69:c3:e6:84:ab:5a:23:d8:18:16:94:
                    1c:ed:8d:77:0a:44:3a:39:ee:94:fc:b1:a1:0b:b5:
                    a6:9e:79:6e:98:a2:e3:75:dd:f3:56:93:3c:61:e6:
                    7f:23:ba:ab:f8:2e:de:fe:13:f6:42:b6:58:61:4b:
                    66:a2:f5:79:b7:40:d3:f7:b5:2d:79:3b:20:b3:84:
                    52:c0:f5:23:f7:a6:78:92:a7:bc:f1:8e:5e:e1:df:
                    57:6f:66:8f:ac:26:f3:0c:e4:1a:b1:64:e0:d3:92:
                    a2:11:96:66:3f:ce:1f:51:dc:44:a2:56:e5:df:81:
                    8c:c4:a5:0e:76:2b:f9:5c:69:33:a2:88:8e:58:5e:
                    75:cc:5a:95:3c:9b:93:da:84:ea:ee:ad:9f:71:2e:
                    23:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:67:E7:1C:00:4F:F5:24:BA:B4:07:E3:58:FD:70:FF:29:7B:EB:BD
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/eWfnHABP9SS6tAfjWP1w_yl7670.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         09:39:45:6e:7c:6b:55:eb:1a:aa:9c:c1:c2:7b:b4:d1:5f:87:
         a4:46:82:ae:35:46:31:f8:29:ef:c9:7c:0a:6f:e4:6e:45:d9:
         ff:38:04:06:bc:78:7e:04:de:fc:18:cf:37:d9:cc:29:cb:01:
         fd:d3:00:04:aa:c0:7d:4f:0c:6f:2e:73:a6:46:d3:2e:c7:de:
         64:a2:bb:53:80:0b:0d:23:2d:d6:dd:5b:3b:6b:83:30:ee:a7:
         fa:8b:15:c8:44:e4:c5:22:42:78:13:20:a1:f4:37:2f:60:7d:
         dd:bc:42:f4:cc:25:f1:83:cd:a3:3d:ba:90:ad:5f:e7:9e:5d:
         0b:f5:8d:fa:15:3b:aa:9b:57:1b:30:8d:e9:26:3c:4c:cb:c1:
         1b:7a:3e:1d:90:16:3d:47:98:27:f8:a9:11:96:ad:ed:b9:6f:
         f2:5e:dc:4f:12:b3:ff:23:5f:aa:74:21:d0:74:33:75:3a:41:
         e1:97:93:05:a2:6e:47:cc:7f:bd:da:f3:ef:e6:b6:48:f5:36:
         fb:f6:25:59:94:1b:38:de:f4:e8:a1:5b:e8:19:17:73:64:90:
         44:f2:1b:7d:09:e0:33:08:ae:97:60:96:10:07:9c:24:12:e0:
         b2:7d:59:b1:f8:ec:c6:b0:ff:e3:79:38:2e:c6:aa:a6:54:a4:
         bf:5f:e9:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJupYVi3iGzP9WKvpInQufMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwMTAyMTAzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTY3ZTcxYzAwNGZmNTI0YmFiNDA3ZTM1OGZkNzBmZjI5N2JlYmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAleHSrlXBDkXDpWfWsC8CVm7kYpho
YbjFcviclaN4nWR+K/0R8Ib7Js/I6dTkr27OSBHqeCRsyUfNiukiEMqp40KXyDV1
KxmxUMA2F0KEQZpqOupknphEW9G8/LsZW2l2j/9nPs8sDuZUqn/uacPmhKtaI9gY
FpQc7Y13CkQ6Oe6U/LGhC7WmnnlumKLjdd3zVpM8YeZ/I7qr+C7e/hP2QrZYYUtm
ovV5t0DT97UteTsgs4RSwPUj96Z4kqe88Y5e4d9Xb2aPrCbzDOQasWTg05KiEZZm
P84fUdxEolbl34GMxKUOdiv5XGkzooiOWF51zFqVPJuT2oTq7q2fcS4jeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHln5xwAT/UkurQH41j9cP8pe+u9MB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvZVdmbkhBQlA5U1M2dEFmaldQMXdfeWw3NjcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAU5PBMA0G
CSqGSIb3DQEBCwUAA4IBAQAJOUVufGtV6xqqnMHCe7TRX4ekRoKuNUYx+CnvyXwK
b+RuRdn/OAQGvHh+BN78GM832cwpywH90wAEqsB9TwxvLnOmRtMux95kortTgAsN
Iy3W3Vs7a4Mw7qf6ixXIROTFIkJ4EyCh9DcvYH3dvEL0zCXxg82jPbqQrV/nnl0L
9Y36FTuqm1cbMI3pJjxMy8Ebej4dkBY9R5gn+KkRlq3tuW/yXtxPErP/I1+qdCHQ
dDN1OkHhl5MFom5HzH+92vPv5rZI9Tb79iVZlBs43vTooVvoGRdzZJBE8ht9CeAz
CK6XYJYQB5wkEuCyfVmx+OzGsP/jeTguxqqmVKS/X+mv
-----END CERTIFICATE-----