Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/ac214b-3772-4810-9206-b92b094f3a3c/1/eZTV43h-dhm2H5hXCSDi1aYvGIY.roa
File:                     eZTV43h-dhm2H5hXCSDi1aYvGIY.roa (raw, json)
Hash identifier:          lOllEi8XPgyfqXg4rcbc5UDmGjN0mYWty1af5ireHE8=
Subject key identifier:   79:94:D5:E3:78:7E:76:19:B6:1F:98:57:09:20:E2:D5:A6:2F:18:86
Certificate issuer:       /CN=3651cea5ace77f4d7f4dd282f10ab9cb0ee4d1ec
Certificate serial:       018CC80120630800E3F424A1310C31BE6415
Authority key identifier: 36:51:CE:A5:AC:E7:7F:4D:7F:4D:D2:82:F1:0A:B9:CB:0E:E4:D1:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NlHOpaznf01_TdKC8Qq5yw7k0ew.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/ac214b-3772-4810-9206-b92b094f3a3c/1/eZTV43h-dhm2H5hXCSDi1aYvGIY.roa
Signing time:             Tue 02 Jan 2024 02:29:26 +0000
ROA not before:           Tue 02 Jan 2024 02:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     15600
IP address blocks:        193.163.186.0/24 maxlen: 24
                          2a10:f540::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/ac214b-3772-4810-9206-b92b094f3a3c/1/NlHOpaznf01_TdKC8Qq5yw7k0ew.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/ac214b-3772-4810-9206-b92b094f3a3c/1/NlHOpaznf01_TdKC8Qq5yw7k0ew.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NlHOpaznf01_TdKC8Qq5yw7k0ew.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:20:63:08:00:e3:f4:24:a1:31:0c:31:be:64:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3651cea5ace77f4d7f4dd282f10ab9cb0ee4d1ec
        Validity
            Not Before: Jan  2 02:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7994d5e3787e7619b61f98570920e2d5a62f1886
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:85:4c:2c:58:13:21:8d:77:b6:eb:a3:4f:f7:73:
                    48:92:4e:89:35:a9:f9:98:64:9a:03:b4:61:0c:e6:
                    35:24:9d:20:58:79:da:ec:96:c7:f4:03:7e:c0:0c:
                    ec:40:46:b2:3d:8d:07:76:25:fd:af:01:ab:36:39:
                    48:4e:32:cd:9c:8e:31:95:3e:69:1d:bb:17:cb:b7:
                    a7:c0:c4:04:68:9a:25:9a:92:ff:b3:d0:d2:23:56:
                    9f:41:72:20:cb:0e:fe:7b:cf:41:05:7b:09:f7:d3:
                    7c:49:3e:a0:cd:9a:1f:e4:f2:19:53:96:81:9d:1f:
                    bc:11:8c:43:4e:7d:b0:17:ec:20:e3:3f:d5:e4:be:
                    9f:f2:77:61:8e:5d:46:4e:e5:15:d4:c7:f5:ae:69:
                    e7:13:3c:e4:35:66:a2:ad:0e:a3:0c:9b:f8:0d:08:
                    ab:09:87:76:f4:b7:20:66:ea:63:50:24:97:0b:51:
                    84:fe:a8:a2:2a:ed:c6:a3:50:67:a6:a1:56:a7:56:
                    7c:c4:e8:e4:82:ff:59:67:55:ae:6c:ef:d9:5c:87:
                    f1:21:6c:7e:61:01:a8:11:3d:ec:77:1b:c1:43:6e:
                    a5:95:fb:13:a0:20:4c:8c:23:ae:6d:10:d4:92:0d:
                    0f:b4:e3:48:89:f4:e5:87:af:6a:ed:bb:97:ca:14:
                    10:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:94:D5:E3:78:7E:76:19:B6:1F:98:57:09:20:E2:D5:A6:2F:18:86
            X509v3 Authority Key Identifier:
                keyid:36:51:CE:A5:AC:E7:7F:4D:7F:4D:D2:82:F1:0A:B9:CB:0E:E4:D1:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NlHOpaznf01_TdKC8Qq5yw7k0ew.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/ac214b-3772-4810-9206-b92b094f3a3c/1/eZTV43h-dhm2H5hXCSDi1aYvGIY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/ac214b-3772-4810-9206-b92b094f3a3c/1/NlHOpaznf01_TdKC8Qq5yw7k0ew.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.186.0/24
                IPv6:
                  2a10:f540::/29

    Signature Algorithm: sha256WithRSAEncryption
         51:76:1d:56:fe:c2:db:43:37:a6:6d:68:76:b1:99:5b:1c:fe:
         49:89:ef:50:38:ba:97:e9:92:d4:94:e6:3d:7b:c6:66:9a:cd:
         d9:17:73:32:9c:70:6e:8d:d4:5b:92:40:d4:23:80:97:9d:16:
         27:26:59:80:de:6d:6e:09:12:a0:4b:45:15:82:04:c3:8a:03:
         89:10:39:7d:62:94:e4:b9:af:0f:fc:f1:13:8d:e8:b3:cc:6e:
         cf:a6:ce:73:cd:11:3f:63:c9:08:87:fa:a6:7b:d4:bc:23:d0:
         da:ff:2d:ff:06:49:05:5a:dd:50:3e:31:fb:ff:47:74:aa:0c:
         be:46:29:c0:25:5a:de:54:6b:4c:31:94:84:96:2d:72:de:ca:
         44:d9:12:70:5d:5b:37:9e:63:0f:4f:38:9e:cf:06:40:18:45:
         1c:b5:6d:bd:89:88:46:4d:23:d8:76:b4:19:84:1e:05:93:d1:
         bb:d5:06:ac:20:87:f3:8c:43:fd:bb:3c:4c:51:a6:d5:b4:11:
         ec:67:51:15:d4:94:d0:b1:78:6d:65:9a:e4:cc:be:b5:da:81:
         de:c6:d0:04:e0:47:62:21:bf:e4:55:fe:8f:df:36:53:9a:dc:
         61:50:86:72:14:fe:9c:a6:27:21:de:a4:7c:ab:fc:be:75:90:
         a0:fa:bb:c4
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzIASBjCADj9CShMQwxvmQVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2NTFjZWE1YWNlNzdmNGQ3ZjRkZDI4MmYxMGFiOWNiMGVl
NGQxZWMwHhcNMjQwMTAyMDIyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTk0ZDVlMzc4N2U3NjE5YjYxZjk4NTcwOTIwZTJkNWE2MmYxODg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUwsWBMhjXe266NP93NIkk6JNan5
mGSaA7RhDOY1JJ0gWHna7JbH9AN+wAzsQEayPY0HdiX9rwGrNjlITjLNnI4xlT5p
HbsXy7enwMQEaJolmpL/s9DSI1afQXIgyw7+e89BBXsJ99N8ST6gzZof5PIZU5aB
nR+8EYxDTn2wF+wg4z/V5L6f8ndhjl1GTuUV1Mf1rmnnEzzkNWairQ6jDJv4DQir
CYd29LcgZupjUCSXC1GE/qiiKu3Go1BnpqFWp1Z8xOjkgv9ZZ1WubO/ZXIfxIWx+
YQGoET3sdxvBQ26llfsToCBMjCOubRDUkg0PtONIifTlh69q7buXyhQQ7wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHmU1eN4fnYZth+YVwkg4tWmLxiGMB8GA1UdIwQY
MBaAFDZRzqWs539Nf03SgvEKucsO5NHsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmxIT3Bhem5mMDFfVGRLQzhRcTV5dzdrMGV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9hYzIxNGItMzc3Mi00ODEwLTkyMDYt
YjkyYjA5NGYzYTNjLzEvZVpUVjQzaC1kaG0ySDVoWENTRGkxYVl2R0lZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9hYzIxNGItMzc3Mi00ODEwLTkyMDYtYjkyYjA5NGYzYTNj
LzEvTmxIT3Bhem5mMDFfVGRLQzhRcTV5dzdrMGV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwaO6MA0E
AgACMAcDBQMqEPVAMA0GCSqGSIb3DQEBCwUAA4IBAQBRdh1W/sLbQzembWh2sZlb
HP5Jie9QOLqX6ZLUlOY9e8Zmms3ZF3MynHBujdRbkkDUI4CXnRYnJlmA3m1uCRKg
S0UVggTDigOJEDl9YpTkua8P/PETjeizzG7Pps5zzRE/Y8kIh/qme9S8I9Da/y3/
BkkFWt1QPjH7/0d0qgy+RinAJVreVGtMMZSEli1y3spE2RJwXVs3nmMPTziezwZA
GEUctW29iYhGTSPYdrQZhB4Fk9G71QasIIfzjEP9uzxMUabVtBHsZ1EV1JTQsXht
ZZrkzL612oHextAE4EdiIb/kVf6P3zZTmtxhUIZyFP6cpich3qR8q/y+dZCg+rvE
-----END CERTIFICATE-----