Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/E8PSau4f1cIzO8n-LR4TG5ChDvA.roa
File:                     E8PSau4f1cIzO8n-LR4TG5ChDvA.roa (raw, json)
Hash identifier:          vdd2wpd8Vq/9YzkVcuHgTEyOfBVvJcug2SoWXAqeNC4=
Subject key identifier:   13:C3:D2:6A:EE:1F:D5:C2:33:3B:C9:FE:2D:1E:13:1B:90:A1:0E:F0
Certificate issuer:       /CN=bdb83e99bf7254f948057a5e981be6fa5c2054dd
Certificate serial:       018DF728E27CAE8203BDE3B29DABE6BC29DA
Authority key identifier: BD:B8:3E:99:BF:72:54:F9:48:05:7A:5E:98:1B:E6:FA:5C:20:54:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vbg-mb9yVPlIBXpemBvm-lwgVN0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/E8PSau4f1cIzO8n-LR4TG5ChDvA.roa
Signing time:             Thu 29 Feb 2024 23:17:48 +0000
ROA not before:           Thu 29 Feb 2024 23:17:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50304
IP address blocks:        185.37.0.0/24 maxlen: 24
                          185.37.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/vbg-mb9yVPlIBXpemBvm-lwgVN0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/vbg-mb9yVPlIBXpemBvm-lwgVN0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vbg-mb9yVPlIBXpemBvm-lwgVN0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:f7:28:e2:7c:ae:82:03:bd:e3:b2:9d:ab:e6:bc:29:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bdb83e99bf7254f948057a5e981be6fa5c2054dd
        Validity
            Not Before: Feb 29 23:17:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13c3d26aee1fd5c2333bc9fe2d1e131b90a10ef0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:57:76:2d:d5:ca:53:4b:24:32:87:62:fd:22:
                    28:cc:84:44:14:08:d6:18:f7:4f:d7:1a:91:10:9a:
                    aa:f8:73:57:3b:9a:cf:cf:1e:4e:92:c4:25:d6:08:
                    03:7f:5a:d9:59:2f:d3:4c:97:c3:44:5b:76:2e:05:
                    5d:cd:ab:4b:32:71:18:46:3b:48:ff:fb:16:43:27:
                    2f:39:69:61:7c:7f:6b:df:12:36:c3:4a:49:19:93:
                    22:18:03:0c:d0:d7:0f:aa:b4:1c:5e:50:f5:90:3f:
                    d9:ca:4f:49:a2:a6:9c:a9:12:01:41:29:7b:75:a2:
                    44:28:68:3d:7b:f7:57:bf:79:ed:9a:54:0b:92:13:
                    a4:2e:1b:8f:7c:3c:2e:3b:4f:26:67:9a:d3:d5:05:
                    8f:c9:73:e3:91:82:a1:d9:cb:c2:da:b8:9f:86:9d:
                    78:cf:ae:3d:f4:a7:3e:ed:a9:29:d7:1d:26:00:8f:
                    0d:a0:03:b3:92:28:69:28:c6:35:25:56:fe:30:7c:
                    43:83:64:ad:86:37:a2:db:4a:0d:46:e5:be:24:98:
                    6e:29:0d:ec:98:a6:dd:89:90:0d:37:0a:c2:1a:bc:
                    ec:bc:38:c5:81:2e:ef:36:2f:12:fe:53:1d:02:b1:
                    e2:41:1e:ab:f8:61:36:5f:82:5f:04:1e:61:15:19:
                    00:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:C3:D2:6A:EE:1F:D5:C2:33:3B:C9:FE:2D:1E:13:1B:90:A1:0E:F0
            X509v3 Authority Key Identifier:
                keyid:BD:B8:3E:99:BF:72:54:F9:48:05:7A:5E:98:1B:E6:FA:5C:20:54:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vbg-mb9yVPlIBXpemBvm-lwgVN0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/E8PSau4f1cIzO8n-LR4TG5ChDvA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5e205a-ec0a-4fee-aef1-e495aaa0cac0/1/vbg-mb9yVPlIBXpemBvm-lwgVN0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.0.0/23

    Signature Algorithm: sha256WithRSAEncryption
         44:7f:c1:b2:ba:c8:df:59:b1:d9:8b:dc:a3:5b:59:97:8a:ad:
         cc:4a:e3:42:48:c7:70:23:49:97:6c:e6:db:cb:ce:5e:41:4b:
         0d:a2:c1:53:1d:eb:f6:66:ce:c0:15:95:ad:e4:bd:f4:fc:26:
         96:e8:26:89:21:3f:43:d7:1f:a8:c0:79:5a:cb:df:aa:86:9c:
         87:a1:b3:e5:94:71:8f:8f:ea:65:d3:bc:2a:f2:1d:27:48:d7:
         cf:a6:33:c0:b7:b7:df:26:1d:52:0f:f5:b8:4a:bc:f1:a3:b7:
         24:e8:84:00:f6:61:79:d4:03:68:c0:94:0c:79:ce:03:4a:f5:
         df:06:14:10:2c:08:e0:03:c8:8e:c7:9e:00:5f:bb:14:96:ff:
         47:d0:8d:7f:80:ee:d7:2e:64:52:e7:99:f3:e5:32:3a:b5:02:
         45:d6:94:a1:88:f4:02:31:6b:0d:7c:53:87:f0:59:7a:17:97:
         be:c6:b2:e1:60:71:7f:75:ca:39:6c:b0:fb:7b:88:44:18:e3:
         2c:0b:d1:8a:51:3e:33:f2:6b:60:de:36:fc:f7:a9:04:ce:cc:
         a3:6f:bc:2e:50:d9:a1:0f:82:8c:61:05:3d:e2:a0:19:ad:87:
         b4:27:4a:7c:41:9b:36:29:e5:fd:73:5b:f2:97:7a:00:f9:92:
         68:00:72:ae
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY33KOJ8roIDveOynavmvCnaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkYjgzZTk5YmY3MjU0Zjk0ODA1N2E1ZTk4MWJlNmZhNWMy
MDU0ZGQwHhcNMjQwMjI5MjMxNzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2MzZDI2YWVlMWZkNWMyMzMzYmM5ZmUyZDFlMTMxYjkwYTEwZWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1d2LdXKU0skModi/SIozIREFAjW
GPdP1xqREJqq+HNXO5rPzx5OksQl1ggDf1rZWS/TTJfDRFt2LgVdzatLMnEYRjtI
//sWQycvOWlhfH9r3xI2w0pJGZMiGAMM0NcPqrQcXlD1kD/Zyk9JoqacqRIBQSl7
daJEKGg9e/dXv3ntmlQLkhOkLhuPfDwuO08mZ5rT1QWPyXPjkYKh2cvC2rifhp14
z6499Kc+7akp1x0mAI8NoAOzkihpKMY1JVb+MHxDg2Sthjei20oNRuW+JJhuKQ3s
mKbdiZANNwrCGrzsvDjFgS7vNi8S/lMdArHiQR6r+GE2X4JfBB5hFRkAJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBPD0mruH9XCMzvJ/i0eExuQoQ7wMB8GA1UdIwQY
MBaAFL24Ppm/clT5SAV6Xpgb5vpcIFTdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdmJnLW1iOXlWUGxJQlhwZW1Cdm0tbHdnVk4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81ZTIwNWEtZWMwYS00ZmVlLWFlZjEt
ZTQ5NWFhYTBjYWMwLzEvRThQU2F1NGYxY0l6TzhuLUxSNFRHNUNoRHZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81ZTIwNWEtZWMwYS00ZmVlLWFlZjEtZTQ5NWFhYTBjYWMw
LzEvdmJnLW1iOXlWUGxJQlhwZW1Cdm0tbHdnVk4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuSUAMA0G
CSqGSIb3DQEBCwUAA4IBAQBEf8GyusjfWbHZi9yjW1mXiq3MSuNCSMdwI0mXbObb
y85eQUsNosFTHev2Zs7AFZWt5L30/CaW6CaJIT9D1x+owHlay9+qhpyHobPllHGP
j+pl07wq8h0nSNfPpjPAt7ffJh1SD/W4Srzxo7ck6IQA9mF51ANowJQMec4DSvXf
BhQQLAjgA8iOx54AX7sUlv9H0I1/gO7XLmRS55nz5TI6tQJF1pShiPQCMWsNfFOH
8Fl6F5e+xrLhYHF/dco5bLD7e4hEGOMsC9GKUT4z8mtg3jb896kEzsyjb7wuUNmh
D4KMYQU94qAZrYe0J0p8QZs2KeX9c1vyl3oA+ZJoAHKu
-----END CERTIFICATE-----