Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/9da366-fb0a-43a7-83ba-c983b1fed79e/1/eAhR6KTFJDA3HMwbGsQPK0o1VK8.roa
File:                     eAhR6KTFJDA3HMwbGsQPK0o1VK8.roa (raw, json)
Hash identifier:          WcYp6g2h67uQd+b5ZXbElPdlPfBrcS5ukz/v0+o3wuI=
Subject key identifier:   78:08:51:E8:A4:C5:24:30:37:1C:CC:1B:1A:C4:0F:2B:4A:35:54:AF
Certificate issuer:       /CN=58e408c857c7f825ff77bc91eca7ffc921ad4dff
Certificate serial:       019428252AB7D2B55E97DFE9CC0BF7C0E9E1
Authority key identifier: 58:E4:08:C8:57:C7:F8:25:FF:77:BC:91:EC:A7:FF:C9:21:AD:4D:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WOQIyFfH-CX_d7yR7Kf_ySGtTf8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/9da366-fb0a-43a7-83ba-c983b1fed79e/1/eAhR6KTFJDA3HMwbGsQPK0o1VK8.roa
Signing time:             Thu 02 Jan 2025 17:51:51 +0000
ROA not before:           Thu 02 Jan 2025 17:51:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207092
IP address blocks:        185.193.12.0/23 maxlen: 23
                          185.193.13.0/24 maxlen: 24
                          185.193.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/9da366-fb0a-43a7-83ba-c983b1fed79e/1/WOQIyFfH-CX_d7yR7Kf_ySGtTf8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/9da366-fb0a-43a7-83ba-c983b1fed79e/1/WOQIyFfH-CX_d7yR7Kf_ySGtTf8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WOQIyFfH-CX_d7yR7Kf_ySGtTf8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:2a:b7:d2:b5:5e:97:df:e9:cc:0b:f7:c0:e9:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=58e408c857c7f825ff77bc91eca7ffc921ad4dff
        Validity
            Not Before: Jan  2 17:51:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=780851e8a4c52430371ccc1b1ac40f2b4a3554af
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:dc:d3:d7:7a:eb:84:07:bb:67:87:28:4b:49:
                    55:ea:94:a0:89:d7:2e:62:3b:7b:14:b4:e0:05:1d:
                    df:7c:58:fb:46:e8:f0:e9:93:4b:6b:a0:5a:f2:bf:
                    14:e3:d5:bf:f9:b5:eb:79:de:00:7c:55:f1:65:ce:
                    99:d5:4e:3a:4e:99:82:19:72:74:b9:7a:e5:59:a7:
                    c7:91:08:c8:c4:a1:7f:7b:1d:70:4c:14:45:3d:2b:
                    32:90:63:fc:61:cb:c9:00:90:59:57:d4:0c:14:2d:
                    c3:79:d2:97:4f:95:01:ab:be:d9:79:d7:93:7a:2d:
                    a3:9d:24:a2:2e:92:3f:59:4c:53:db:13:40:e4:b9:
                    33:4a:6b:74:af:79:9f:1f:25:1e:db:aa:ff:a9:b6:
                    e4:f1:3a:f4:3e:0c:52:a2:99:f5:7f:50:38:6f:a3:
                    a2:df:29:93:d0:69:a4:30:7d:44:03:15:d3:b0:82:
                    de:50:a7:4e:c2:a5:2a:13:db:22:77:18:fc:36:aa:
                    f6:ce:a1:30:86:ff:c1:62:4e:ef:ac:05:87:94:4b:
                    43:b1:9a:8d:e2:a7:9d:12:2d:7a:20:e9:0e:5d:e1:
                    41:55:93:9e:ac:56:32:78:78:0c:61:2b:95:c4:a6:
                    0d:39:6e:f0:be:31:d6:37:45:d5:79:2d:3f:0b:2e:
                    81:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:08:51:E8:A4:C5:24:30:37:1C:CC:1B:1A:C4:0F:2B:4A:35:54:AF
            X509v3 Authority Key Identifier:
                keyid:58:E4:08:C8:57:C7:F8:25:FF:77:BC:91:EC:A7:FF:C9:21:AD:4D:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WOQIyFfH-CX_d7yR7Kf_ySGtTf8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/9da366-fb0a-43a7-83ba-c983b1fed79e/1/eAhR6KTFJDA3HMwbGsQPK0o1VK8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/9da366-fb0a-43a7-83ba-c983b1fed79e/1/WOQIyFfH-CX_d7yR7Kf_ySGtTf8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.193.12.0/23
                  185.193.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:55:ba:da:23:b8:db:ff:71:14:6e:d4:df:97:db:58:35:cd:
         14:71:47:c3:a0:c4:55:48:37:21:d7:4a:aa:6e:1b:77:bb:94:
         46:99:4f:ed:e1:45:ea:45:d6:c4:d6:3e:d9:65:f3:0d:c1:4f:
         2f:f4:15:a1:cb:24:97:76:94:31:b9:bb:79:6f:54:6b:99:d7:
         37:48:28:f6:63:d0:17:5c:38:a7:47:9f:29:e4:f7:f0:83:98:
         b8:21:6d:3f:c3:ae:d4:3b:3c:e8:65:85:95:64:6a:e7:2a:89:
         ba:17:73:67:a5:8d:8e:f3:71:ed:b0:bc:c9:66:72:1d:ee:76:
         a2:57:2d:a4:8a:c4:7d:f6:ac:22:86:a5:31:d5:bf:9b:7c:c4:
         52:ab:8d:2f:05:f6:3c:2e:85:8d:2a:ee:27:a4:9a:95:9c:63:
         a7:ed:74:dc:5f:a1:ea:c2:8c:6a:14:24:58:17:2d:cf:28:1a:
         9e:b5:07:c0:42:3d:e5:bb:0c:0e:e5:87:38:b2:3b:42:54:59:
         b6:35:57:56:6c:c2:0e:00:6b:fb:80:83:94:bc:83:bf:68:05:
         ce:80:99:7e:cb:14:98:33:92:c9:8b:ef:f4:d3:ea:d6:88:2b:
         dc:e3:06:46:c1:16:00:92:a4:a4:89:de:be:68:db:e1:e3:ac:
         99:c9:d8:0b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQoJSq30rVel9/pzAv3wOnhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4ZTQwOGM4NTdjN2Y4MjVmZjc3YmM5MWVjYTdmZmM5MjFh
ZDRkZmYwHhcNMjUwMTAyMTc1MTUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODA4NTFlOGE0YzUyNDMwMzcxY2NjMWIxYWM0MGYyYjRhMzU1NGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxNzT13rrhAe7Z4coS0lV6pSgidcu
Yjt7FLTgBR3ffFj7Rujw6ZNLa6Ba8r8U49W/+bXred4AfFXxZc6Z1U46TpmCGXJ0
uXrlWafHkQjIxKF/ex1wTBRFPSsykGP8YcvJAJBZV9QMFC3DedKXT5UBq77ZedeT
ei2jnSSiLpI/WUxT2xNA5LkzSmt0r3mfHyUe26r/qbbk8Tr0PgxSopn1f1A4b6Oi
3ymT0GmkMH1EAxXTsILeUKdOwqUqE9sidxj8Nqr2zqEwhv/BYk7vrAWHlEtDsZqN
4qedEi16IOkOXeFBVZOerFYyeHgMYSuVxKYNOW7wvjHWN0XVeS0/Cy6BKwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHgIUeikxSQwNxzMGxrEDytKNVSvMB8GA1UdIwQY
MBaAFFjkCMhXx/gl/3e8keyn/8khrU3/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV09RSXlGZkgtQ1hfZDd5UjdLZl95U0d0VGY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi85ZGEzNjYtZmIwYS00M2E3LTgzYmEt
Yzk4M2IxZmVkNzllLzEvZUFoUjZLVEZKREEzSE13YkdzUVBLMG8xVks4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi85ZGEzNjYtZmIwYS00M2E3LTgzYmEtYzk4M2IxZmVkNzll
LzEvV09RSXlGZkgtQ1hfZDd5UjdLZl95U0d0VGY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBucEMAwQA
ucEPMA0GCSqGSIb3DQEBCwUAA4IBAQAqVbraI7jb/3EUbtTfl9tYNc0UcUfDoMRV
SDch10qqbht3u5RGmU/t4UXqRdbE1j7ZZfMNwU8v9BWhyySXdpQxubt5b1Rrmdc3
SCj2Y9AXXDinR58p5Pfwg5i4IW0/w67UOzzoZYWVZGrnKom6F3NnpY2O83HtsLzJ
ZnId7naiVy2kisR99qwihqUx1b+bfMRSq40vBfY8LoWNKu4npJqVnGOn7XTcX6Hq
woxqFCRYFy3PKBqetQfAQj3luwwO5Yc4sjtCVFm2NVdWbMIOAGv7gIOUvIO/aAXO
gJl+yxSYM5LJi+/00+rWiCvc4wZGwRYAkqSkid6+aNvh46yZydgL
-----END CERTIFICATE-----