Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/decb7d-0388-4e3c-8db4-a302f51d382c/1/KeEqdxQhsWSOWZRhjZM889NGdho.roa
File:                     KeEqdxQhsWSOWZRhjZM889NGdho.roa (raw, json)
Hash identifier:          5ABXKA5L2b/tXDJpyrz81qCqEisGBK+nOKu/qXUSMfg=
Subject key identifier:   29:E1:2A:77:14:21:B1:64:8E:59:94:61:8D:93:3C:F3:D3:46:76:1A
Certificate issuer:       /CN=0b934c36b773008865b9c9fb0fd48669395ac730
Certificate serial:       018CCA2BAE7A4B69E87F34DA71DF0F494BAC
Authority key identifier: 0B:93:4C:36:B7:73:00:88:65:B9:C9:FB:0F:D4:86:69:39:5A:C7:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C5NMNrdzAIhlucn7D9SGaTlaxzA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/decb7d-0388-4e3c-8db4-a302f51d382c/1/KeEqdxQhsWSOWZRhjZM889NGdho.roa
Signing time:             Tue 02 Jan 2024 12:35:09 +0000
ROA not before:           Tue 02 Jan 2024 12:35:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2906
IP address blocks:        37.77.184.0/21 maxlen: 24
                          185.2.220.0/22 maxlen: 24
                          2a00:86c0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/decb7d-0388-4e3c-8db4-a302f51d382c/1/C5NMNrdzAIhlucn7D9SGaTlaxzA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/decb7d-0388-4e3c-8db4-a302f51d382c/1/C5NMNrdzAIhlucn7D9SGaTlaxzA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C5NMNrdzAIhlucn7D9SGaTlaxzA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:02:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:ae:7a:4b:69:e8:7f:34:da:71:df:0f:49:4b:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b934c36b773008865b9c9fb0fd48669395ac730
        Validity
            Not Before: Jan  2 12:35:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=29e12a771421b1648e5994618d933cf3d346761a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:57:7a:fa:8b:62:ab:63:d7:91:65:4a:f8:72:
                    17:5a:11:e3:52:80:2f:fd:de:4d:a9:47:1b:27:ad:
                    8c:46:53:08:7a:4b:56:63:b4:92:75:be:a1:e9:aa:
                    b6:82:9a:a6:12:ab:99:2a:6a:01:cf:75:f1:c8:07:
                    ea:ba:27:43:39:97:bf:4a:75:dc:c8:00:52:c0:6e:
                    1d:80:a2:d0:fa:8a:6f:1a:f4:38:c2:82:97:04:97:
                    f2:33:ee:0d:77:c2:06:5f:65:f7:ac:d2:51:26:57:
                    86:39:8c:7a:f3:0f:24:c9:b9:43:48:50:c9:ec:e4:
                    8b:c4:30:c7:ae:f1:64:da:81:a4:f0:d8:96:89:b0:
                    5e:6e:a6:97:bf:d6:d5:73:76:e8:81:ed:e2:f7:dc:
                    d6:76:ca:bb:a7:1e:38:fe:fa:ef:ff:44:56:83:b0:
                    02:1b:d2:3f:57:1c:91:37:d9:8b:cd:03:d6:84:06:
                    dc:7e:fc:89:72:9a:28:40:e1:e4:6b:eb:05:df:a1:
                    98:34:0e:ee:e6:21:ee:54:25:5e:35:3e:b7:5c:d6:
                    84:94:ff:c6:bd:24:c2:8d:78:25:57:50:ef:d3:82:
                    59:4c:23:2b:20:6e:a9:87:67:52:db:2f:da:81:26:
                    b9:23:d9:96:67:63:03:3d:19:fb:34:66:8d:5a:25:
                    6d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:E1:2A:77:14:21:B1:64:8E:59:94:61:8D:93:3C:F3:D3:46:76:1A
            X509v3 Authority Key Identifier:
                keyid:0B:93:4C:36:B7:73:00:88:65:B9:C9:FB:0F:D4:86:69:39:5A:C7:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C5NMNrdzAIhlucn7D9SGaTlaxzA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/decb7d-0388-4e3c-8db4-a302f51d382c/1/KeEqdxQhsWSOWZRhjZM889NGdho.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/decb7d-0388-4e3c-8db4-a302f51d382c/1/C5NMNrdzAIhlucn7D9SGaTlaxzA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.77.184.0/21
                  185.2.220.0/22
                IPv6:
                  2a00:86c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         38:9b:12:b6:67:2e:5a:7b:13:09:11:8f:ad:3e:f5:9b:6b:6a:
         90:46:29:72:75:8b:ae:4e:2b:7c:63:ae:a1:83:3a:c9:ff:23:
         d1:9b:92:4f:80:63:d7:dd:da:56:62:26:48:cb:18:c4:77:99:
         a6:bb:e6:5d:15:71:ac:49:a7:de:e1:08:9d:db:3b:a9:fa:e7:
         7f:a6:2c:e3:b6:6c:90:0a:6f:f7:14:91:ad:16:cf:6d:94:a0:
         41:d1:3f:06:62:47:f0:a6:bb:5f:13:d5:36:57:a0:b0:f5:9d:
         ae:64:2b:85:bc:f2:8d:b9:ff:1c:20:02:4b:fc:1e:6d:5b:d3:
         2e:c7:e6:44:f8:d5:ea:cf:90:aa:20:a5:5b:18:df:64:18:bd:
         e4:30:0b:cc:a7:5d:c6:bb:42:39:72:52:32:11:24:1e:fc:18:
         77:2f:d3:0e:2c:68:20:a0:9c:28:60:f3:b2:b1:9f:85:d7:70:
         96:69:39:5f:45:a3:b3:07:a9:27:1d:ad:73:a1:e7:35:88:51:
         8a:98:3b:f6:aa:23:c5:13:c8:ed:69:07:eb:b6:37:f5:a1:63:
         d9:05:ce:db:bc:6b:cb:5a:02:66:9d:0c:2c:22:c2:e6:12:be:
         f7:d1:a4:f3:ca:df:5d:8b:20:48:d5:2c:f2:85:fe:32:2d:a0:
         46:31:74:1b
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzKK656S2nofzTacd8PSUusMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiOTM0YzM2Yjc3MzAwODg2NWI5YzlmYjBmZDQ4NjY5Mzk1
YWM3MzAwHhcNMjQwMTAyMTIzNTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOWUxMmE3NzE0MjFiMTY0OGU1OTk0NjE4ZDkzM2NmM2QzNDY3NjFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVd6+otiq2PXkWVK+HIXWhHjUoAv
/d5NqUcbJ62MRlMIektWY7SSdb6h6aq2gpqmEquZKmoBz3XxyAfquidDOZe/SnXc
yABSwG4dgKLQ+opvGvQ4woKXBJfyM+4Nd8IGX2X3rNJRJleGOYx68w8kyblDSFDJ
7OSLxDDHrvFk2oGk8NiWibBebqaXv9bVc3boge3i99zWdsq7px44/vrv/0RWg7AC
G9I/VxyRN9mLzQPWhAbcfvyJcpooQOHka+sF36GYNA7u5iHuVCVeNT63XNaElP/G
vSTCjXglV1Dv04JZTCMrIG6ph2dS2y/agSa5I9mWZ2MDPRn7NGaNWiVtfwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCnhKncUIbFkjlmUYY2TPPPTRnYaMB8GA1UdIwQY
MBaAFAuTTDa3cwCIZbnJ+w/Uhmk5WscwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzVOTU5yZHpBSWhsdWNuN0Q5U0dhVGxheHpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC9kZWNiN2QtMDM4OC00ZTNjLThkYjQt
YTMwMmY1MWQzODJjLzEvS2VFcWR4UWhzV1NPV1pSaGpaTTg4OU5HZGhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC9kZWNiN2QtMDM4OC00ZTNjLThkYjQtYTMwMmY1MWQzODJj
LzEvQzVOTU5yZHpBSWhsdWNuN0Q5U0dhVGxheHpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDJU24AwQC
uQLcMA0EAgACMAcDBQAqAIbAMA0GCSqGSIb3DQEBCwUAA4IBAQA4mxK2Zy5aexMJ
EY+tPvWba2qQRilydYuuTit8Y66hgzrJ/yPRm5JPgGPX3dpWYiZIyxjEd5mmu+Zd
FXGsSafe4Qid2zup+ud/pizjtmyQCm/3FJGtFs9tlKBB0T8GYkfwprtfE9U2V6Cw
9Z2uZCuFvPKNuf8cIAJL/B5tW9Mux+ZE+NXqz5CqIKVbGN9kGL3kMAvMp13Gu0I5
clIyESQe/Bh3L9MOLGggoJwoYPOysZ+F13CWaTlfRaOzB6knHa1zoec1iFGKmDv2
qiPFE8jtaQfrtjf1oWPZBc7bvGvLWgJmnQwsIsLmEr730aTzyt9diyBI1Szyhf4y
LaBGMXQb
-----END CERTIFICATE-----