Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/7881d0-943b-4ab5-ad3c-268442bd7999/1/ekofCmeAwuq8qZA4Bv_hSK9DtJg.roa
File:                     ekofCmeAwuq8qZA4Bv_hSK9DtJg.roa (raw, json)
Hash identifier:          xBfl39b3TcyxRg9Xd/giLXvcE9CgLUamH+57nkw8ApQ=
Subject key identifier:   7A:4A:1F:0A:67:80:C2:EA:BC:A9:90:38:06:FF:E1:48:AF:43:B4:98
Certificate issuer:       /CN=3ed79628b5a60ff1489f473be12d6cefdee135e6
Certificate serial:       018CC4255ABCBC13CE2B18044296AFFEB5D7
Authority key identifier: 3E:D7:96:28:B5:A6:0F:F1:48:9F:47:3B:E1:2D:6C:EF:DE:E1:35:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PteWKLWmD_FIn0c74S1s797hNeY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/7881d0-943b-4ab5-ad3c-268442bd7999/1/ekofCmeAwuq8qZA4Bv_hSK9DtJg.roa
Signing time:             Mon 01 Jan 2024 08:30:31 +0000
ROA not before:           Mon 01 Jan 2024 08:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57514
IP address blocks:        185.225.76.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/7881d0-943b-4ab5-ad3c-268442bd7999/1/PteWKLWmD_FIn0c74S1s797hNeY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/7881d0-943b-4ab5-ad3c-268442bd7999/1/PteWKLWmD_FIn0c74S1s797hNeY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PteWKLWmD_FIn0c74S1s797hNeY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:5a:bc:bc:13:ce:2b:18:04:42:96:af:fe:b5:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3ed79628b5a60ff1489f473be12d6cefdee135e6
        Validity
            Not Before: Jan  1 08:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a4a1f0a6780c2eabca9903806ffe148af43b498
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:b3:e6:ce:bc:c1:d5:ab:a1:68:43:3f:33:db:
                    51:64:47:e3:01:c7:a9:30:6a:6b:25:49:2c:2b:fb:
                    ed:63:70:65:41:cb:10:88:f5:2f:78:ed:48:86:4a:
                    e9:8a:c7:4e:39:9c:eb:14:c5:a8:81:43:23:04:95:
                    bc:9a:69:f1:25:38:97:94:6c:ac:e0:23:1b:30:65:
                    d2:cf:ee:6b:50:ab:2b:74:08:68:af:ad:a0:35:4b:
                    d4:01:5d:6e:2d:fe:ef:54:82:11:34:49:53:02:7d:
                    8c:25:fc:c2:a6:5e:c0:ea:cd:e6:f7:57:65:de:d8:
                    3a:53:fb:18:0c:ea:63:49:a2:34:a2:bf:d7:f5:66:
                    be:d2:9b:1b:94:e1:ad:c0:b8:b1:8c:26:d0:39:d8:
                    34:a8:7f:60:3c:39:f1:ae:a0:3f:99:77:9b:b6:27:
                    da:97:56:28:fe:e8:e9:8a:88:9e:34:6e:5e:64:81:
                    11:c2:c6:61:6f:1e:2b:83:5c:9b:cc:ea:41:a8:f6:
                    c4:f5:83:73:6d:c9:06:95:84:57:1f:8e:b9:e9:dc:
                    ff:4a:6f:5f:ed:c1:68:4b:0e:fb:5b:97:10:86:5f:
                    1c:6a:58:cb:2e:dc:4b:b4:fd:39:13:33:83:a3:92:
                    9b:4a:96:8f:04:f6:ce:01:ce:d9:fb:66:7b:46:b6:
                    30:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:4A:1F:0A:67:80:C2:EA:BC:A9:90:38:06:FF:E1:48:AF:43:B4:98
            X509v3 Authority Key Identifier:
                keyid:3E:D7:96:28:B5:A6:0F:F1:48:9F:47:3B:E1:2D:6C:EF:DE:E1:35:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PteWKLWmD_FIn0c74S1s797hNeY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/7881d0-943b-4ab5-ad3c-268442bd7999/1/ekofCmeAwuq8qZA4Bv_hSK9DtJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/7881d0-943b-4ab5-ad3c-268442bd7999/1/PteWKLWmD_FIn0c74S1s797hNeY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.76.0/24

    Signature Algorithm: sha256WithRSAEncryption
         00:f8:29:5c:2f:a7:bc:53:d4:58:e1:2c:a6:6b:cc:c5:44:9a:
         82:ca:d5:de:af:bd:ce:6d:50:86:be:4b:c3:75:20:d6:9b:d7:
         2c:08:61:a1:73:9d:ee:8c:19:d2:10:70:63:c6:74:61:be:53:
         73:88:30:5b:e3:4f:13:9c:cc:36:fa:ba:b9:d3:fd:64:4b:e3:
         e5:a6:9f:2b:9a:1c:d3:e0:ae:55:59:b1:dc:ce:ca:69:2f:e2:
         62:b3:97:65:e2:70:e8:2f:67:03:52:af:24:97:0c:5f:e8:51:
         c2:34:b3:ff:7a:37:00:94:2f:fa:28:b4:d5:05:c7:7f:db:cc:
         04:2a:ac:6a:95:82:f8:71:b9:87:38:70:58:2d:4b:e7:64:6b:
         46:64:bf:47:69:4c:ae:f1:02:91:3c:6c:27:b2:83:e7:81:72:
         73:1b:af:d4:33:bc:8c:88:fe:98:8a:2a:29:f7:74:9e:15:4b:
         fc:dc:28:20:ae:24:5a:ef:4a:51:6c:68:d7:3f:69:23:9a:69:
         42:53:94:75:11:0d:c5:50:72:3f:7a:02:f6:6c:e8:df:db:fd:
         9d:66:02:83:59:72:c5:52:37:ae:7d:5a:94:27:39:fb:ca:e4:
         02:0b:74:6e:94:85:2e:10:30:a5:2b:db:f6:c2:2a:ae:b3:77:
         af:ea:42:78
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJVq8vBPOKxgEQpav/rXXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlZDc5NjI4YjVhNjBmZjE0ODlmNDczYmUxMmQ2Y2VmZGVl
MTM1ZTYwHhcNMjQwMTAxMDgzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTRhMWYwYTY3ODBjMmVhYmNhOTkwMzgwNmZmZTE0OGFmNDNiNDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiLPmzrzB1auhaEM/M9tRZEfjAcep
MGprJUksK/vtY3BlQcsQiPUveO1IhkrpisdOOZzrFMWogUMjBJW8mmnxJTiXlGys
4CMbMGXSz+5rUKsrdAhor62gNUvUAV1uLf7vVIIRNElTAn2MJfzCpl7A6s3m91dl
3tg6U/sYDOpjSaI0or/X9Wa+0psblOGtwLixjCbQOdg0qH9gPDnxrqA/mXebtifa
l1Yo/ujpioieNG5eZIERwsZhbx4rg1ybzOpBqPbE9YNzbckGlYRXH4656dz/Sm9f
7cFoSw77W5cQhl8caljLLtxLtP05EzODo5KbSpaPBPbOAc7Z+2Z7RrYwMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHpKHwpngMLqvKmQOAb/4UivQ7SYMB8GA1UdIwQY
MBaAFD7Xlii1pg/xSJ9HO+EtbO/e4TXmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHRlV0tMV21EX0ZJbjBjNzRTMXM3OTdoTmVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC83ODgxZDAtOTQzYi00YWI1LWFkM2Mt
MjY4NDQyYmQ3OTk5LzEvZWtvZkNtZUF3dXE4cVpBNEJ2X2hTSzlEdEpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC83ODgxZDAtOTQzYi00YWI1LWFkM2MtMjY4NDQyYmQ3OTk5
LzEvUHRlV0tMV21EX0ZJbjBjNzRTMXM3OTdoTmVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueFMMA0G
CSqGSIb3DQEBCwUAA4IBAQAA+ClcL6e8U9RY4Syma8zFRJqCytXer73ObVCGvkvD
dSDWm9csCGGhc53ujBnSEHBjxnRhvlNziDBb408TnMw2+rq50/1kS+Plpp8rmhzT
4K5VWbHczsppL+Jis5dl4nDoL2cDUq8klwxf6FHCNLP/ejcAlC/6KLTVBcd/28wE
KqxqlYL4cbmHOHBYLUvnZGtGZL9HaUyu8QKRPGwnsoPngXJzG6/UM7yMiP6Yiiop
93SeFUv83CggriRa70pRbGjXP2kjmmlCU5R1EQ3FUHI/egL2bOjf2/2dZgKDWXLF
UjeufVqUJzn7yuQCC3RulIUuEDClK9v2wiqus3ev6kJ4
-----END CERTIFICATE-----