Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/oegNHOo5tDAfL4DpuvNktuhyYpU.roa
File:                     oegNHOo5tDAfL4DpuvNktuhyYpU.roa (raw, json)
Hash identifier:          1r64eHavl+R+oxq94nHU8HhE+05k07AU/YcPifwFzrc=
Subject key identifier:   A1:E8:0D:1C:EA:39:B4:30:1F:2F:80:E9:BA:F3:64:B6:E8:72:62:95
Certificate issuer:       /CN=eebe79d147882422ec275417dfd2affa93a02757
Certificate serial:       018F52E73B76DCCED1F55B2317EA48D86AB4
Authority key identifier: EE:BE:79:D1:47:88:24:22:EC:27:54:17:DF:D2:AF:FA:93:A0:27:57
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7r550UeIJCLsJ1QX39Kv-pOgJ1c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/oegNHOo5tDAfL4DpuvNktuhyYpU.roa
Signing time:             Tue 07 May 2024 11:53:56 +0000
ROA not before:           Tue 07 May 2024 11:53:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215374
IP address blocks:        193.8.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/7r550UeIJCLsJ1QX39Kv-pOgJ1c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/7r550UeIJCLsJ1QX39Kv-pOgJ1c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7r550UeIJCLsJ1QX39Kv-pOgJ1c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:52:e7:3b:76:dc:ce:d1:f5:5b:23:17:ea:48:d8:6a:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebe79d147882422ec275417dfd2affa93a02757
        Validity
            Not Before: May  7 11:53:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a1e80d1cea39b4301f2f80e9baf364b6e8726295
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:6a:76:81:4f:34:c7:78:83:23:07:aa:7f:45:
                    e4:64:5c:46:63:38:33:d8:66:5e:94:74:75:8e:57:
                    dc:02:5c:06:8d:da:77:a0:a5:b2:a5:51:0d:bc:49:
                    f5:ed:7c:e0:d8:65:8c:c6:9d:cc:fd:9e:cb:de:c1:
                    bb:9e:a3:5f:b1:14:8f:5a:64:72:70:fc:29:2a:3b:
                    e1:0c:bc:7b:9a:70:c1:a5:95:cf:52:84:81:e5:c2:
                    96:11:79:14:5c:cf:d6:d7:99:d2:58:65:b7:f5:33:
                    b6:f6:43:54:28:dc:03:90:30:8b:61:14:4b:5b:e6:
                    c8:c2:62:0f:6c:79:f5:83:6d:0c:d0:ad:6d:a7:28:
                    50:15:f0:02:90:0e:e1:85:e1:27:1c:87:c4:c2:ce:
                    17:0c:9a:23:0c:a4:1a:eb:53:63:5a:32:16:da:5c:
                    e6:d1:d6:c5:59:e5:8a:b5:ca:20:13:09:c5:d7:a8:
                    bb:0d:54:4b:b2:d2:81:25:40:13:4f:b7:20:fc:68:
                    a5:1c:1e:7b:3b:ea:c7:3e:d5:23:43:69:56:7d:36:
                    62:a2:10:cc:a7:41:47:6f:a3:95:82:22:93:fa:2f:
                    df:3a:35:7e:e1:1c:3c:fd:75:bb:49:70:3b:46:68:
                    d4:79:de:70:65:d6:f2:e1:22:c3:e1:d3:8c:68:9f:
                    3f:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A1:E8:0D:1C:EA:39:B4:30:1F:2F:80:E9:BA:F3:64:B6:E8:72:62:95
            X509v3 Authority Key Identifier:
                keyid:EE:BE:79:D1:47:88:24:22:EC:27:54:17:DF:D2:AF:FA:93:A0:27:57

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7r550UeIJCLsJ1QX39Kv-pOgJ1c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/oegNHOo5tDAfL4DpuvNktuhyYpU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d9/c44b7f-5bcd-4ee7-8712-38823c1449af/1/7r550UeIJCLsJ1QX39Kv-pOgJ1c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:62:e0:42:0f:c8:45:91:8e:8b:30:b5:31:09:1a:00:ac:5c:
         f2:53:92:1e:cc:f8:05:6c:ec:03:2a:1c:7d:63:27:e9:39:32:
         0c:b1:79:e0:aa:bb:c7:1c:11:b7:07:9d:8f:6d:5f:f1:26:51:
         1d:20:6c:f9:b6:82:00:ea:2f:67:03:39:84:69:4e:e2:0a:df:
         b2:88:ed:d4:9e:0f:6a:a5:64:72:21:cd:55:21:3f:05:65:92:
         b2:76:ab:ca:12:83:2c:85:e8:45:9c:27:b1:8a:9d:14:9a:40:
         86:c4:cb:80:b7:e1:1a:fa:81:ca:bb:08:cd:5e:d0:84:7d:c7:
         f3:b2:1d:c6:d2:0a:f2:3e:ac:8b:05:aa:94:2f:10:fb:ff:8a:
         1d:d7:6c:6f:e8:e5:1b:61:e2:eb:64:bf:ed:ea:3d:b4:5e:35:
         13:10:89:76:64:cb:e6:bf:58:2d:76:27:85:d8:e1:c5:2a:2a:
         f2:28:bb:b1:db:5f:23:a6:43:68:c7:65:12:8f:d7:ed:b3:a5:
         27:08:59:f3:88:4f:ab:92:2d:bd:ce:26:73:85:f7:2e:7a:41:
         58:fc:52:a1:97:3b:ff:f3:a0:48:ba:e9:48:ee:82:6b:13:5a:
         17:a7:ed:4e:eb:6b:0e:b4:41:0e:66:96:da:f0:d7:e2:af:b5:
         7d:b3:c8:3a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY9S5zt23M7R9VsjF+pI2Gq0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmU3OWQxNDc4ODI0MjJlYzI3NTQxN2RmZDJhZmZhOTNh
MDI3NTcwHhcNMjQwNTA3MTE1MzU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMWU4MGQxY2VhMzliNDMwMWYyZjgwZTliYWYzNjRiNmU4NzI2Mjk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmp2gU80x3iDIweqf0XkZFxGYzgz
2GZelHR1jlfcAlwGjdp3oKWypVENvEn17Xzg2GWMxp3M/Z7L3sG7nqNfsRSPWmRy
cPwpKjvhDLx7mnDBpZXPUoSB5cKWEXkUXM/W15nSWGW39TO29kNUKNwDkDCLYRRL
W+bIwmIPbHn1g20M0K1tpyhQFfACkA7hheEnHIfEws4XDJojDKQa61NjWjIW2lzm
0dbFWeWKtcogEwnF16i7DVRLstKBJUATT7cg/GilHB57O+rHPtUjQ2lWfTZiohDM
p0FHb6OVgiKT+i/fOjV+4Rw8/XW7SXA7RmjUed5wZdby4SLD4dOMaJ8/2wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKHoDRzqObQwHy+A6brzZLbocmKVMB8GA1UdIwQY
MBaAFO6+edFHiCQi7CdUF9/Sr/qToCdXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3I1NTBVZUlKQ0xzSjFRWDM5S3YtcE9nSjFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kOS9jNDRiN2YtNWJjZC00ZWU3LTg3MTIt
Mzg4MjNjMTQ0OWFmLzEvb2VnTkhPbzV0REFmTDREcHV2Tmt0dWh5WXBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kOS9jNDRiN2YtNWJjZC00ZWU3LTg3MTItMzg4MjNjMTQ0OWFm
LzEvN3I1NTBVZUlKQ0xzSjFRWDM5S3YtcE9nSjFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQhJMA0G
CSqGSIb3DQEBCwUAA4IBAQB2YuBCD8hFkY6LMLUxCRoArFzyU5IezPgFbOwDKhx9
YyfpOTIMsXngqrvHHBG3B52PbV/xJlEdIGz5toIA6i9nAzmEaU7iCt+yiO3Ung9q
pWRyIc1VIT8FZZKydqvKEoMshehFnCexip0UmkCGxMuAt+Ea+oHKuwjNXtCEfcfz
sh3G0gryPqyLBaqULxD7/4od12xv6OUbYeLrZL/t6j20XjUTEIl2ZMvmv1gtdieF
2OHFKiryKLux218jpkNox2USj9fts6UnCFnziE+rki29ziZzhfcuekFY/FKhlzv/
86BIuulI7oJrE1oXp+1O62sOtEEOZpba8Nfir7V9s8g6
-----END CERTIFICATE-----