Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/5f8074-01ce-4cc4-b945-024e7257335f/1/EBp8FPomAjz-fJECFgdn5Kk0Sik.roa
File:                     EBp8FPomAjz-fJECFgdn5Kk0Sik.roa (raw, json)
Hash identifier:          V1BbvemmFGDZNIpt/J1Q4nVP7R7H+EyQbSb8eICOYWQ=
Subject key identifier:   10:1A:7C:14:FA:26:02:3C:FE:7C:91:02:16:07:67:E4:A9:34:4A:29
Certificate issuer:       /CN=5ad443ad19444814122f3b27cb93a505abe50799
Certificate serial:       019422FB0CAF962BB8B5E53BD02C1F9D8204
Authority key identifier: 5A:D4:43:AD:19:44:48:14:12:2F:3B:27:CB:93:A5:05:AB:E5:07:99
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WtRDrRlESBQSLzsny5OlBavlB5k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/5f8074-01ce-4cc4-b945-024e7257335f/1/EBp8FPomAjz-fJECFgdn5Kk0Sik.roa
Signing time:             Wed 01 Jan 2025 17:47:45 +0000
ROA not before:           Wed 01 Jan 2025 17:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49788
IP address blocks:        91.242.200.0/21 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/5f8074-01ce-4cc4-b945-024e7257335f/1/WtRDrRlESBQSLzsny5OlBavlB5k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/5f8074-01ce-4cc4-b945-024e7257335f/1/WtRDrRlESBQSLzsny5OlBavlB5k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WtRDrRlESBQSLzsny5OlBavlB5k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:0c:af:96:2b:b8:b5:e5:3b:d0:2c:1f:9d:82:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5ad443ad19444814122f3b27cb93a505abe50799
        Validity
            Not Before: Jan  1 17:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=101a7c14fa26023cfe7c9102160767e4a9344a29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:fc:5a:83:8b:c1:65:7a:05:44:0e:e8:09:f8:
                    ba:43:49:9c:56:58:82:49:a6:e5:2a:6c:1e:02:68:
                    0f:05:c1:1c:46:ce:fe:d6:d2:cf:68:92:1e:b9:e2:
                    0b:b9:86:b7:8b:5d:d2:f2:62:20:86:da:70:1d:97:
                    6c:1d:89:b2:9e:c0:31:09:56:36:22:86:42:57:d5:
                    e5:ae:94:2a:c9:60:5f:0c:54:3d:5c:2e:dd:30:9e:
                    3e:88:75:d8:af:c8:88:fc:c5:c1:7e:5c:13:c1:2d:
                    e0:03:45:41:c5:b0:18:ba:b3:b7:f7:58:9c:8e:39:
                    64:3b:e0:a2:8b:fc:69:de:de:b0:61:ef:5f:70:cb:
                    97:70:cd:3e:15:cc:76:00:10:1d:33:29:79:b5:2a:
                    b8:77:21:71:be:ca:95:9f:12:ff:be:d5:97:85:6e:
                    a0:3a:e4:73:b8:17:81:fa:06:2c:30:c9:b3:9c:a2:
                    ab:14:ce:5b:b1:11:7f:32:e1:53:3c:a9:05:47:78:
                    08:39:14:f0:22:6f:4a:da:ab:0c:e5:10:0d:5d:47:
                    34:c7:2d:37:20:1a:f0:14:a3:4e:6c:50:c5:84:4d:
                    b2:bb:eb:fd:eb:f6:5c:c9:f9:d2:5a:cb:ca:ce:eb:
                    42:30:3f:9b:b2:ae:83:0d:a9:ac:55:2b:6d:2b:35:
                    17:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:1A:7C:14:FA:26:02:3C:FE:7C:91:02:16:07:67:E4:A9:34:4A:29
            X509v3 Authority Key Identifier:
                keyid:5A:D4:43:AD:19:44:48:14:12:2F:3B:27:CB:93:A5:05:AB:E5:07:99

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WtRDrRlESBQSLzsny5OlBavlB5k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/5f8074-01ce-4cc4-b945-024e7257335f/1/EBp8FPomAjz-fJECFgdn5Kk0Sik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/5f8074-01ce-4cc4-b945-024e7257335f/1/WtRDrRlESBQSLzsny5OlBavlB5k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.242.200.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9c:4a:cc:68:bb:76:a9:d2:c9:e6:4d:32:b0:4b:c1:4d:4e:7a:
         ff:f4:58:08:40:1a:a8:59:9d:78:d5:6e:f4:40:70:60:a4:f5:
         04:6b:19:29:f3:b4:ce:d8:06:1c:55:21:4e:7f:e5:56:fc:75:
         9b:d3:c6:53:ac:07:2f:d4:97:e8:e9:ad:ca:5e:1b:52:82:b3:
         ac:24:cf:72:d4:55:a2:9b:cb:a6:b5:6e:59:3c:ac:fe:af:18:
         f2:98:10:83:56:ff:58:c9:45:94:7f:16:d8:9d:ce:b5:2b:fc:
         3c:49:6b:ff:99:fa:bd:6e:93:84:5f:a6:50:4b:2a:ed:97:99:
         af:04:ca:1e:c2:d5:25:74:9b:1c:1a:77:f7:fb:dc:68:10:0a:
         47:aa:a1:50:33:c4:14:c8:13:68:5b:6a:8a:54:43:03:6f:78:
         b9:bd:60:8e:f8:39:9f:a0:4e:3d:79:dd:e1:56:39:11:c5:42:
         cb:a2:d5:51:00:f7:cb:dd:fa:a0:6a:34:10:c7:53:7b:b3:a7:
         91:12:df:77:d7:c0:ab:c0:fa:d2:bb:2f:e0:5c:1d:11:83:bd:
         e0:73:98:1a:ba:65:94:f4:eb:96:5c:62:d9:4f:b1:88:d1:ff:
         b7:1a:f0:87:b9:67:e5:3f:f8:ca:6f:a7:12:b2:45:5b:3e:34:
         fe:31:31:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+wyvliu4teU70CwfnYIEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVhZDQ0M2FkMTk0NDQ4MTQxMjJmM2IyN2NiOTNhNTA1YWJl
NTA3OTkwHhcNMjUwMTAxMTc0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDFhN2MxNGZhMjYwMjNjZmU3YzkxMDIxNjA3NjdlNGE5MzQ0YTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjfxag4vBZXoFRA7oCfi6Q0mcVliC
SablKmweAmgPBcEcRs7+1tLPaJIeueILuYa3i13S8mIghtpwHZdsHYmynsAxCVY2
IoZCV9XlrpQqyWBfDFQ9XC7dMJ4+iHXYr8iI/MXBflwTwS3gA0VBxbAYurO391ic
jjlkO+Cii/xp3t6wYe9fcMuXcM0+Fcx2ABAdMyl5tSq4dyFxvsqVnxL/vtWXhW6g
OuRzuBeB+gYsMMmznKKrFM5bsRF/MuFTPKkFR3gIORTwIm9K2qsM5RANXUc0xy03
IBrwFKNObFDFhE2yu+v96/ZcyfnSWsvKzutCMD+bsq6DDamsVSttKzUXcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBAafBT6JgI8/nyRAhYHZ+SpNEopMB8GA1UdIwQY
MBaAFFrUQ60ZREgUEi87J8uTpQWr5QeZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV3RSRHJSbEVTQlFTTHpzbnk1T2xCYXZsQjVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi81ZjgwNzQtMDFjZS00Y2M0LWI5NDUt
MDI0ZTcyNTczMzVmLzEvRUJwOEZQb21BanotZkpFQ0ZnZG41S2swU2lrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi81ZjgwNzQtMDFjZS00Y2M0LWI5NDUtMDI0ZTcyNTczMzVm
LzEvV3RSRHJSbEVTQlFTTHpzbnk1T2xCYXZsQjVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW/LIMA0G
CSqGSIb3DQEBCwUAA4IBAQCcSsxou3ap0snmTTKwS8FNTnr/9FgIQBqoWZ141W70
QHBgpPUEaxkp87TO2AYcVSFOf+VW/HWb08ZTrAcv1Jfo6a3KXhtSgrOsJM9y1FWi
m8umtW5ZPKz+rxjymBCDVv9YyUWUfxbYnc61K/w8SWv/mfq9bpOEX6ZQSyrtl5mv
BMoewtUldJscGnf3+9xoEApHqqFQM8QUyBNoW2qKVEMDb3i5vWCO+DmfoE49ed3h
VjkRxULLotVRAPfL3fqgajQQx1N7s6eREt9318CrwPrSuy/gXB0Rg73gc5gaumWU
9OuWXGLZT7GI0f+3GvCHuWflP/jKb6cSskVbPjT+MTEU
-----END CERTIFICATE-----