Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/95a5e6-5583-4cce-86e9-e230462fc57b/1/EQ4_8ZP2FfQAokW_dzoqweBvj58.roa
File:                     EQ4_8ZP2FfQAokW_dzoqweBvj58.roa (raw, json)
Hash identifier:          K4b13ClRE+vNeGR+sIkz0aXCANnLV6maqlXEDSmxRA8=
Subject key identifier:   11:0E:3F:F1:93:F6:15:F4:00:A2:45:BF:77:3A:2A:C1:E0:6F:8F:9F
Certificate issuer:       /CN=cc977e9d52afbc47799d3975fcee8ac51ca0cf6a
Certificate serial:       018CC8DE6D041835B9BBA4F9669F7184D7ED
Authority key identifier: CC:97:7E:9D:52:AF:BC:47:79:9D:39:75:FC:EE:8A:C5:1C:A0:CF:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zJd-nVKvvEd5nTl1_O6KxRygz2o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bc/95a5e6-5583-4cce-86e9-e230462fc57b/1/EQ4_8ZP2FfQAokW_dzoqweBvj58.roa
Signing time:             Tue 02 Jan 2024 06:31:09 +0000
ROA not before:           Tue 02 Jan 2024 06:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     396982
IP address blocks:        85.208.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bc/95a5e6-5583-4cce-86e9-e230462fc57b/1/zJd-nVKvvEd5nTl1_O6KxRygz2o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bc/95a5e6-5583-4cce-86e9-e230462fc57b/1/zJd-nVKvvEd5nTl1_O6KxRygz2o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zJd-nVKvvEd5nTl1_O6KxRygz2o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:de:6d:04:18:35:b9:bb:a4:f9:66:9f:71:84:d7:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cc977e9d52afbc47799d3975fcee8ac51ca0cf6a
        Validity
            Not Before: Jan  2 06:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=110e3ff193f615f400a245bf773a2ac1e06f8f9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:cf:d3:5d:e4:81:8b:17:da:98:73:cc:d8:81:
                    f9:f6:b5:dc:3e:a8:39:19:4f:c5:65:ac:22:88:73:
                    3e:9f:e4:88:5d:36:77:7d:1f:5e:f2:57:45:f3:fb:
                    91:be:21:fc:25:e6:26:58:56:55:71:94:e8:2c:5b:
                    0c:7b:8c:41:14:92:6d:f2:dd:42:62:06:fb:74:ee:
                    9e:aa:31:9e:b1:a3:2e:98:b1:7c:fa:bc:12:0f:3c:
                    59:26:90:1c:73:a1:b0:de:a8:3b:5f:14:37:27:1b:
                    19:a3:c6:ef:e9:6b:51:3c:7a:f7:88:3f:15:be:87:
                    f4:34:6e:90:74:dd:bd:30:52:11:0a:ea:f6:8f:8d:
                    aa:6c:a4:5d:b0:1a:02:61:d6:72:55:7f:db:fb:01:
                    9d:b2:20:a3:76:d1:fd:be:e8:25:9c:5c:a8:d6:93:
                    1c:01:b8:13:82:c7:59:97:4b:cd:8f:ec:5e:f9:ba:
                    63:92:ef:d3:47:a0:87:39:c8:e7:fa:71:2f:dd:98:
                    c7:89:f1:32:93:56:dc:a7:68:58:3d:d3:ae:50:08:
                    b8:07:5c:17:f7:8b:93:bf:b4:c5:91:0a:56:96:f0:
                    2b:88:29:91:79:98:c3:0a:4d:7f:9f:a6:91:52:47:
                    ff:12:da:b9:ea:32:1d:a0:3d:3b:9b:eb:df:f0:66:
                    42:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:0E:3F:F1:93:F6:15:F4:00:A2:45:BF:77:3A:2A:C1:E0:6F:8F:9F
            X509v3 Authority Key Identifier:
                keyid:CC:97:7E:9D:52:AF:BC:47:79:9D:39:75:FC:EE:8A:C5:1C:A0:CF:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zJd-nVKvvEd5nTl1_O6KxRygz2o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/95a5e6-5583-4cce-86e9-e230462fc57b/1/EQ4_8ZP2FfQAokW_dzoqweBvj58.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/95a5e6-5583-4cce-86e9-e230462fc57b/1/zJd-nVKvvEd5nTl1_O6KxRygz2o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:56:34:09:ca:08:9e:54:39:5b:ea:cd:b6:ca:cd:1f:a7:c9:
         cb:a2:aa:88:6b:1b:e7:52:12:1b:e5:d1:c2:49:18:63:e6:b4:
         85:a6:d2:56:06:e1:bd:dd:7f:22:17:0d:dd:5d:c3:86:6b:38:
         c3:4f:04:39:ce:32:45:bb:b3:29:66:5d:18:6e:c8:db:11:50:
         cd:dc:63:89:0a:fd:ab:f0:55:64:bf:af:62:22:ee:2f:ea:bc:
         da:e2:9e:c3:bc:33:88:8a:f7:0f:c4:a6:b7:6a:02:f4:2e:48:
         38:ff:6c:5e:5c:9f:a5:ac:49:1f:06:bb:4c:0a:ee:8d:ba:20:
         f7:9f:79:5f:22:a5:a5:e4:47:e7:be:b7:32:df:56:cd:fc:89:
         1b:91:6a:1d:2b:fc:69:c3:0f:93:b8:f5:3e:53:61:36:f7:ba:
         56:81:b2:a4:38:b2:0e:7e:c6:46:8a:f6:f3:9d:6f:8a:18:70:
         bf:0c:1a:fc:74:72:7f:3e:0f:fd:66:14:5c:5b:38:ce:d5:25:
         8c:0c:23:6f:45:94:57:1d:70:d7:bc:94:37:41:f0:76:1c:ff:
         66:64:f9:83:13:0a:8b:ce:93:1b:d1:a8:9a:0a:32:b3:06:02:
         dd:74:55:2d:0a:f7:ee:51:ee:e8:d6:9c:71:a2:32:44:3e:7e:
         23:74:0f:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3m0EGDW5u6T5Zp9xhNftMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjOTc3ZTlkNTJhZmJjNDc3OTlkMzk3NWZjZWU4YWM1MWNh
MGNmNmEwHhcNMjQwMTAyMDYzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTBlM2ZmMTkzZjYxNWY0MDBhMjQ1YmY3NzNhMmFjMWUwNmY4ZjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmM/TXeSBixfamHPM2IH59rXcPqg5
GU/FZawiiHM+n+SIXTZ3fR9e8ldF8/uRviH8JeYmWFZVcZToLFsMe4xBFJJt8t1C
Ygb7dO6eqjGesaMumLF8+rwSDzxZJpAcc6Gw3qg7XxQ3JxsZo8bv6WtRPHr3iD8V
vof0NG6QdN29MFIRCur2j42qbKRdsBoCYdZyVX/b+wGdsiCjdtH9vuglnFyo1pMc
AbgTgsdZl0vNj+xe+bpjku/TR6CHOcjn+nEv3ZjHifEyk1bcp2hYPdOuUAi4B1wX
94uTv7TFkQpWlvAriCmReZjDCk1/n6aRUkf/Etq56jIdoD07m+vf8GZCxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBEOP/GT9hX0AKJFv3c6KsHgb4+fMB8GA1UdIwQY
MBaAFMyXfp1Sr7xHeZ05dfzuisUcoM9qMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekpkLW5WS3Z2RWQ1blRsMV9PNkt4UnlnejJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy85NWE1ZTYtNTU4My00Y2NlLTg2ZTkt
ZTIzMDQ2MmZjNTdiLzEvRVE0XzhaUDJGZlFBb2tXX2R6b3F3ZUJ2ajU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy85NWE1ZTYtNTU4My00Y2NlLTg2ZTktZTIzMDQ2MmZjNTdi
LzEvekpkLW5WS3Z2RWQ1blRsMV9PNkt4UnlnejJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdBiMA0G
CSqGSIb3DQEBCwUAA4IBAQBvVjQJygieVDlb6s22ys0fp8nLoqqIaxvnUhIb5dHC
SRhj5rSFptJWBuG93X8iFw3dXcOGazjDTwQ5zjJFu7MpZl0YbsjbEVDN3GOJCv2r
8FVkv69iIu4v6rza4p7DvDOIivcPxKa3agL0Lkg4/2xeXJ+lrEkfBrtMCu6NuiD3
n3lfIqWl5Efnvrcy31bN/IkbkWodK/xpww+TuPU+U2E297pWgbKkOLIOfsZGivbz
nW+KGHC/DBr8dHJ/Pg/9ZhRcWzjO1SWMDCNvRZRXHXDXvJQ3QfB2HP9mZPmDEwqL
zpMb0aiaCjKzBgLddFUtCvfuUe7o1pxxojJEPn4jdA/1
-----END CERTIFICATE-----