Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/97d97e-6de9-4332-b4df-06e54dd92171/1/EOxNSg_Jj_9bqY4jubMUeyeLBrI.roa
File:                     EOxNSg_Jj_9bqY4jubMUeyeLBrI.roa (raw, json)
Hash identifier:          NAJfVw+4ODRNX1i46o8KoIn8l75pS02EDKh3FoA9lK8=
Subject key identifier:   10:EC:4D:4A:0F:C9:8F:FF:5B:A9:8E:23:B9:B3:14:7B:27:8B:06:B2
Certificate issuer:       /CN=ae6f18416d7d470aa04ad00bca57683c789d854d
Certificate serial:       018CC64B8912490FCFB18DC1A277341A88FB
Authority key identifier: AE:6F:18:41:6D:7D:47:0A:A0:4A:D0:0B:CA:57:68:3C:78:9D:85:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rm8YQW19RwqgStALyldoPHidhU0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/97d97e-6de9-4332-b4df-06e54dd92171/1/EOxNSg_Jj_9bqY4jubMUeyeLBrI.roa
Signing time:             Mon 01 Jan 2024 18:31:28 +0000
ROA not before:           Mon 01 Jan 2024 18:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3303
IP address blocks:        193.73.242.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/97d97e-6de9-4332-b4df-06e54dd92171/1/rm8YQW19RwqgStALyldoPHidhU0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/97d97e-6de9-4332-b4df-06e54dd92171/1/rm8YQW19RwqgStALyldoPHidhU0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rm8YQW19RwqgStALyldoPHidhU0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:89:12:49:0f:cf:b1:8d:c1:a2:77:34:1a:88:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ae6f18416d7d470aa04ad00bca57683c789d854d
        Validity
            Not Before: Jan  1 18:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10ec4d4a0fc98fff5ba98e23b9b3147b278b06b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:61:50:36:8a:31:e3:42:83:d4:7c:a3:77:c4:
                    d8:18:58:db:3a:73:66:ce:81:3a:45:5e:a3:71:cd:
                    52:29:cb:4a:64:06:a2:ef:ee:0d:39:b7:3e:56:4e:
                    89:eb:71:fe:85:bd:1d:4b:24:d1:c1:33:4a:df:7a:
                    c7:b6:1a:c0:be:24:c9:5f:6a:71:ef:85:5d:6c:70:
                    c5:e4:c8:ab:eb:c8:99:b8:45:27:bd:ff:dd:8a:cb:
                    44:a0:82:15:38:a6:70:b2:24:98:26:95:eb:f4:99:
                    3f:e8:84:a8:0b:f5:e0:c9:a8:36:02:cb:b7:6f:8d:
                    3b:97:00:83:15:36:b3:a2:91:3b:d9:87:4a:85:1c:
                    a8:d0:cf:77:79:32:0f:48:cd:22:4f:6d:c7:7c:34:
                    31:11:82:d2:aa:5d:16:39:37:a8:9d:e9:a8:e5:be:
                    d3:f8:af:05:dc:55:d4:2e:78:3b:2a:9f:22:df:7b:
                    0f:ed:05:5b:4a:4c:ff:1a:b8:47:60:01:c8:01:e9:
                    85:a4:e7:c0:81:b0:25:79:c2:3b:72:3e:8c:9e:39:
                    e5:1d:5d:2d:b3:be:10:3f:71:33:e6:e7:a8:97:1d:
                    4b:4b:af:68:22:64:e0:a4:aa:33:0b:23:41:71:83:
                    51:25:3c:25:67:b9:12:cc:2e:4e:60:25:66:b7:be:
                    51:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:EC:4D:4A:0F:C9:8F:FF:5B:A9:8E:23:B9:B3:14:7B:27:8B:06:B2
            X509v3 Authority Key Identifier:
                keyid:AE:6F:18:41:6D:7D:47:0A:A0:4A:D0:0B:CA:57:68:3C:78:9D:85:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rm8YQW19RwqgStALyldoPHidhU0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/97d97e-6de9-4332-b4df-06e54dd92171/1/EOxNSg_Jj_9bqY4jubMUeyeLBrI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/97d97e-6de9-4332-b4df-06e54dd92171/1/rm8YQW19RwqgStALyldoPHidhU0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.73.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:18:3f:ca:dc:c1:80:0f:28:4c:39:44:84:91:b4:d9:72:45:
         5d:ee:18:0f:2c:01:9d:ef:2d:5d:ff:7a:10:bc:4d:a2:5a:ef:
         08:2d:e6:6f:9c:c3:fc:2a:07:86:ef:33:e1:c8:ca:ba:fc:20:
         09:94:00:5e:3d:a7:3c:c2:ef:85:47:22:2a:3e:5c:74:98:ba:
         62:7c:28:0f:ad:51:12:75:90:c5:04:84:f3:26:12:61:03:d1:
         e5:56:18:1d:18:4f:32:0d:6d:65:a7:b9:88:18:92:c7:1a:9f:
         89:42:24:94:e1:59:d5:b1:42:1e:05:bc:63:52:6a:5e:12:44:
         b9:87:41:ba:82:ec:03:f5:19:4e:85:bc:25:59:58:a0:77:0e:
         92:47:e0:7e:43:86:82:4d:ad:e0:24:28:bc:23:57:74:6e:ec:
         7e:ed:d2:0a:fd:f6:fc:5f:35:40:bd:05:c9:0c:90:a6:fc:da:
         9b:f2:a6:01:35:a9:5e:36:56:09:9f:c8:66:62:5a:30:28:2e:
         52:f6:f0:e5:55:a3:a9:33:7c:87:b4:6e:eb:00:c4:63:b0:9f:
         f1:cb:4b:db:61:22:50:c2:70:30:76:e1:12:2f:63:7f:e8:0f:
         1f:bc:31:7d:44:30:d6:92:95:b5:1d:5f:01:cb:f1:48:ff:8e:
         64:e5:97:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGS4kSSQ/PsY3Bonc0Goj7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlNmYxODQxNmQ3ZDQ3MGFhMDRhZDAwYmNhNTc2ODNjNzg5
ZDg1NGQwHhcNMjQwMTAxMTgzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGVjNGQ0YTBmYzk4ZmZmNWJhOThlMjNiOWIzMTQ3YjI3OGIwNmIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGFQNoox40KD1Hyjd8TYGFjbOnNm
zoE6RV6jcc1SKctKZAai7+4NObc+Vk6J63H+hb0dSyTRwTNK33rHthrAviTJX2px
74VdbHDF5Mir68iZuEUnvf/distEoIIVOKZwsiSYJpXr9Jk/6ISoC/Xgyag2Asu3
b407lwCDFTazopE72YdKhRyo0M93eTIPSM0iT23HfDQxEYLSql0WOTeonemo5b7T
+K8F3FXULng7Kp8i33sP7QVbSkz/GrhHYAHIAemFpOfAgbAlecI7cj6MnjnlHV0t
s74QP3Ez5ueolx1LS69oImTgpKozCyNBcYNRJTwlZ7kSzC5OYCVmt75RIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBDsTUoPyY//W6mOI7mzFHsniwayMB8GA1UdIwQY
MBaAFK5vGEFtfUcKoErQC8pXaDx4nYVNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm04WVFXMTlSd3FnU3RBTHlsZG9QSGlkaFUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC85N2Q5N2UtNmRlOS00MzMyLWI0ZGYt
MDZlNTRkZDkyMTcxLzEvRU94TlNnX0pqXzlicVk0anViTVVleWVMQnJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC85N2Q5N2UtNmRlOS00MzMyLWI0ZGYtMDZlNTRkZDkyMTcx
LzEvcm04WVFXMTlSd3FnU3RBTHlsZG9QSGlkaFUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwUnyMA0G
CSqGSIb3DQEBCwUAA4IBAQCbGD/K3MGADyhMOUSEkbTZckVd7hgPLAGd7y1d/3oQ
vE2iWu8ILeZvnMP8KgeG7zPhyMq6/CAJlABePac8wu+FRyIqPlx0mLpifCgPrVES
dZDFBITzJhJhA9HlVhgdGE8yDW1lp7mIGJLHGp+JQiSU4VnVsUIeBbxjUmpeEkS5
h0G6guwD9RlOhbwlWVigdw6SR+B+Q4aCTa3gJCi8I1d0bux+7dIK/fb8XzVAvQXJ
DJCm/Nqb8qYBNaleNlYJn8hmYlowKC5S9vDlVaOpM3yHtG7rAMRjsJ/xy0vbYSJQ
wnAwduESL2N/6A8fvDF9RDDWkpW1HV8By/FI/45k5ZeT
-----END CERTIFICATE-----