Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/eSa_S_ncy9IA5TTtmrsOHoizR-g.roa
File:                     eSa_S_ncy9IA5TTtmrsOHoizR-g.roa (raw, json)
Hash identifier:          H3jt7uyOjAF/O8d/Tj+at2OEEQDRJbgyLxiTH4sqNv0=
Subject key identifier:   79:26:BF:4B:F9:DC:CB:D2:00:E5:34:ED:9A:BB:0E:1E:88:B3:47:E8
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0192AFC4B4CF46CD838A88C71891F5593CA4
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/eSa_S_ncy9IA5TTtmrsOHoizR-g.roa
Signing time:             Mon 21 Oct 2024 15:49:16 +0000
ROA not before:           Mon 21 Oct 2024 15:49:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48266
IP address blocks:        77.111.100.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 23:17:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:af:c4:b4:cf:46:cd:83:8a:88:c7:18:91:f5:59:3c:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Oct 21 15:49:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7926bf4bf9dccbd200e534ed9abb0e1e88b347e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d3:93:21:0a:60:6f:9a:7f:30:14:56:ad:a0:
                    c4:cf:f1:c6:2f:0b:84:99:dc:18:de:15:c9:28:15:
                    c1:2e:11:fc:db:2e:89:bb:d8:27:45:20:14:a2:26:
                    2e:56:ef:80:7d:a1:1b:0c:b8:02:ee:b7:57:c2:55:
                    b1:ae:57:b9:b6:61:6c:57:2c:ec:45:e6:67:6b:7b:
                    0d:e8:6b:f4:21:ce:b8:7f:71:fb:90:8d:56:f0:8f:
                    08:ea:0e:12:33:93:a0:e8:47:cd:a9:9e:b4:43:b2:
                    d9:c2:49:38:c8:cc:2c:af:bc:16:54:68:5b:55:97:
                    db:ea:59:f8:34:ff:23:2e:38:12:c4:bb:46:14:80:
                    a5:9f:54:d3:a8:30:57:5e:75:b2:07:91:74:a8:df:
                    ff:06:6e:3e:b0:48:3c:3a:c0:3e:4e:b7:e9:62:2a:
                    f7:6f:ce:05:67:4e:f1:34:a4:09:6a:be:48:37:cd:
                    ce:db:8c:98:e8:20:6e:bc:18:51:6b:04:26:bd:b7:
                    e7:28:52:ef:54:ca:33:76:70:db:55:cf:cd:fa:68:
                    d1:73:2c:1a:a7:76:48:69:97:aa:f6:38:8e:bc:d0:
                    b6:43:39:d2:68:d2:c7:a9:22:f3:f7:70:c0:c1:b8:
                    8c:b9:db:d1:eb:95:06:7b:6e:b0:b4:5a:ad:e3:35:
                    7a:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:26:BF:4B:F9:DC:CB:D2:00:E5:34:ED:9A:BB:0E:1E:88:B3:47:E8
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/eSa_S_ncy9IA5TTtmrsOHoizR-g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:8d:e8:71:74:14:1d:03:cc:2a:ab:e2:12:13:44:5e:ac:e2:
         ec:4d:bd:54:f7:07:94:b9:aa:ed:0e:34:5c:72:74:bf:f9:d8:
         6e:62:5a:70:ee:de:72:bc:61:ea:fc:22:34:c1:17:5e:9b:a9:
         0d:bb:a8:e2:69:80:5d:b8:62:05:e8:54:68:45:a1:66:74:2c:
         89:4c:36:ed:5e:1a:3a:ed:bb:60:35:d0:2e:b8:cd:52:dc:8c:
         56:01:04:28:ea:34:c5:4c:8d:11:98:ea:2a:c0:0c:0f:b1:1e:
         91:53:c8:8f:e1:99:16:ac:2e:56:63:db:65:c4:cb:98:49:2d:
         9c:b4:64:d7:01:c1:c9:d8:8b:1e:2f:86:66:b2:fa:7e:9d:a8:
         57:88:a4:40:86:e6:7b:cd:15:e3:46:41:33:d6:c5:ae:60:e8:
         52:e4:f2:f8:6e:0a:f6:f1:e0:a9:d5:c0:08:37:54:75:3e:60:
         62:83:ac:5f:8e:de:3d:c7:ab:f3:51:08:36:a4:05:fd:03:05:
         c9:c2:c1:86:7f:10:5c:39:ba:4e:b6:be:25:0c:d6:87:f1:44:
         00:cb:6b:91:ad:d8:e5:e4:33:50:14:78:b9:a7:4d:7c:01:06:
         6e:be:07:5a:f8:ea:f5:47:58:75:80:6f:a9:7d:73:c6:57:49:
         5f:e9:6b:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKvxLTPRs2DiojHGJH1WTykMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQxMDIxMTU0OTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTI2YmY0YmY5ZGNjYmQyMDBlNTM0ZWQ5YWJiMGUxZTg4YjM0N2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9OTIQpgb5p/MBRWraDEz/HGLwuE
mdwY3hXJKBXBLhH82y6Ju9gnRSAUoiYuVu+AfaEbDLgC7rdXwlWxrle5tmFsVyzs
ReZna3sN6Gv0Ic64f3H7kI1W8I8I6g4SM5Og6EfNqZ60Q7LZwkk4yMwsr7wWVGhb
VZfb6ln4NP8jLjgSxLtGFICln1TTqDBXXnWyB5F0qN//Bm4+sEg8OsA+TrfpYir3
b84FZ07xNKQJar5IN83O24yY6CBuvBhRawQmvbfnKFLvVMozdnDbVc/N+mjRcywa
p3ZIaZeq9jiOvNC2QznSaNLHqSLz93DAwbiMudvR65UGe26wtFqt4zV6VQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHkmv0v53MvSAOU07Zq7Dh6Is0foMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvZVNhX1NfbmN5OUlBNVRUdG1yc09Ib2l6Ui1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATW9kMA0G
CSqGSIb3DQEBCwUAA4IBAQC7jehxdBQdA8wqq+ISE0RerOLsTb1U9weUuartDjRc
cnS/+dhuYlpw7t5yvGHq/CI0wRdem6kNu6jiaYBduGIF6FRoRaFmdCyJTDbtXho6
7btgNdAuuM1S3IxWAQQo6jTFTI0RmOoqwAwPsR6RU8iP4ZkWrC5WY9tlxMuYSS2c
tGTXAcHJ2IseL4Zmsvp+nahXiKRAhuZ7zRXjRkEz1sWuYOhS5PL4bgr28eCp1cAI
N1R1PmBig6xfjt49x6vzUQg2pAX9AwXJwsGGfxBcObpOtr4lDNaH8UQAy2uRrdjl
5DNQFHi5p018AQZuvgda+Or1R1h1gG+pfXPGV0lf6Wsl
-----END CERTIFICATE-----