Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/ec0b89-1e68-45a0-8b93-13a06a269aa8/1/IzGIYzfzaOk4hfn7FZBCGmfmVf0.roa
File:                     IzGIYzfzaOk4hfn7FZBCGmfmVf0.roa (raw, json)
Hash identifier:          BmMJpjYB9wvChjoLjUgi8E++ivutPCkwSmMyKSRd1uU=
Subject key identifier:   23:31:88:63:37:F3:68:E9:38:85:F9:FB:15:90:42:1A:67:E6:55:FD
Certificate issuer:       /CN=7ce68daf5f089456c0e1d02245393531ac5b8fcb
Certificate serial:       018CC7958E6603E313B59C8C8A561C4E6C68
Authority key identifier: 7C:E6:8D:AF:5F:08:94:56:C0:E1:D0:22:45:39:35:31:AC:5B:8F:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fOaNr18IlFbA4dAiRTk1Maxbj8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/ec0b89-1e68-45a0-8b93-13a06a269aa8/1/IzGIYzfzaOk4hfn7FZBCGmfmVf0.roa
Signing time:             Tue 02 Jan 2024 00:31:56 +0000
ROA not before:           Tue 02 Jan 2024 00:31:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5761
IP address blocks:        193.46.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/ec0b89-1e68-45a0-8b93-13a06a269aa8/1/fOaNr18IlFbA4dAiRTk1Maxbj8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/ec0b89-1e68-45a0-8b93-13a06a269aa8/1/fOaNr18IlFbA4dAiRTk1Maxbj8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fOaNr18IlFbA4dAiRTk1Maxbj8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 07:02:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:8e:66:03:e3:13:b5:9c:8c:8a:56:1c:4e:6c:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ce68daf5f089456c0e1d02245393531ac5b8fcb
        Validity
            Not Before: Jan  2 00:31:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2331886337f368e93885f9fb1590421a67e655fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e1:70:ed:ad:da:08:62:2f:68:0d:75:48:c3:
                    6f:0a:c3:6c:ea:5d:2a:a3:a2:b8:94:25:48:5b:26:
                    21:46:b4:e5:9f:eb:d4:62:43:90:1b:11:31:03:c9:
                    25:b7:f9:00:61:a1:f4:9d:ba:82:26:35:57:6f:dc:
                    3c:ec:39:8b:cb:d0:5a:10:3b:bc:c4:77:d3:15:e7:
                    37:c6:90:42:64:ed:bd:eb:af:15:b9:92:4b:ed:c7:
                    06:2a:dc:c9:56:fb:1e:49:93:dd:b0:ad:d4:9a:92:
                    8a:b2:6a:0c:06:26:d9:44:1b:e9:69:51:8c:21:21:
                    6d:79:29:7c:ea:96:52:2a:97:30:13:06:ac:eb:06:
                    51:d0:62:d7:6b:a1:33:66:24:91:03:c2:b9:8a:3f:
                    cb:53:68:a6:e0:0e:64:bb:2d:83:da:62:59:06:42:
                    cf:30:d2:ee:40:9d:34:9f:e1:d9:38:6a:c8:d1:56:
                    3c:69:85:9e:65:30:3e:87:97:e1:93:f3:e9:f4:98:
                    f0:7b:f0:0d:8d:e2:bf:3a:04:19:75:ab:3e:45:66:
                    cb:b2:88:ab:c6:0d:74:0b:66:e0:d3:d8:85:e9:50:
                    0d:05:9a:1c:65:71:7b:2f:b1:86:0a:a6:a3:bd:07:
                    50:d2:98:57:4c:0d:75:e0:0f:7d:0c:6e:9d:b2:57:
                    e2:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:31:88:63:37:F3:68:E9:38:85:F9:FB:15:90:42:1A:67:E6:55:FD
            X509v3 Authority Key Identifier:
                keyid:7C:E6:8D:AF:5F:08:94:56:C0:E1:D0:22:45:39:35:31:AC:5B:8F:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fOaNr18IlFbA4dAiRTk1Maxbj8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/ec0b89-1e68-45a0-8b93-13a06a269aa8/1/IzGIYzfzaOk4hfn7FZBCGmfmVf0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/ec0b89-1e68-45a0-8b93-13a06a269aa8/1/fOaNr18IlFbA4dAiRTk1Maxbj8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.46.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:50:d2:31:83:d9:56:09:91:76:50:95:c8:3e:3e:3e:a1:b7:
         7c:83:f4:54:f3:d4:aa:08:bd:3b:c9:da:59:d0:5c:b5:5c:62:
         45:63:71:1f:be:63:75:41:f2:40:da:ef:8e:39:d2:36:0b:03:
         9b:1f:30:4a:1a:12:6a:8e:12:38:c3:00:90:57:b9:9d:c9:73:
         bf:55:80:cf:dc:b4:bf:c0:eb:17:8a:8e:c6:05:9f:3a:85:24:
         cd:97:d6:fe:23:8c:44:6f:0e:d1:53:8b:9d:0f:9f:df:f7:5b:
         e9:75:a7:31:97:6e:40:0a:62:10:51:29:df:bf:9a:aa:f1:1c:
         b2:2c:f7:eb:6a:ba:79:53:48:da:b3:a8:e5:37:a9:84:15:f6:
         28:f7:0d:fe:ff:cf:73:a7:04:0d:44:db:08:1f:51:91:97:b0:
         ca:f6:18:72:83:15:8d:5d:92:7e:ef:2a:0b:11:16:9a:bd:28:
         7d:71:f7:3d:8b:39:49:72:8e:00:8a:4a:97:91:38:7b:d9:38:
         43:5f:da:c3:fe:75:ef:a2:9c:86:d7:bc:ed:e2:82:c1:82:f1:
         cf:81:8c:08:27:6e:94:ca:00:c7:68:d1:91:c3:2c:42:d1:fe:
         0c:ba:70:6a:53:b1:e8:df:73:f4:63:35:18:31:ec:11:06:be:
         5c:70:56:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlY5mA+MTtZyMilYcTmxoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjZTY4ZGFmNWYwODk0NTZjMGUxZDAyMjQ1MzkzNTMxYWM1
YjhmY2IwHhcNMjQwMTAyMDAzMTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzMxODg2MzM3ZjM2OGU5Mzg4NWY5ZmIxNTkwNDIxYTY3ZTY1NWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOFw7a3aCGIvaA11SMNvCsNs6l0q
o6K4lCVIWyYhRrTln+vUYkOQGxExA8klt/kAYaH0nbqCJjVXb9w87DmLy9BaEDu8
xHfTFec3xpBCZO29668VuZJL7ccGKtzJVvseSZPdsK3UmpKKsmoMBibZRBvpaVGM
ISFteSl86pZSKpcwEwas6wZR0GLXa6EzZiSRA8K5ij/LU2im4A5kuy2D2mJZBkLP
MNLuQJ00n+HZOGrI0VY8aYWeZTA+h5fhk/Pp9Jjwe/ANjeK/OgQZdas+RWbLsoir
xg10C2bg09iF6VANBZocZXF7L7GGCqajvQdQ0phXTA114A99DG6dslfitQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCMxiGM382jpOIX5+xWQQhpn5lX9MB8GA1UdIwQY
MBaAFHzmja9fCJRWwOHQIkU5NTGsW4/LMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk9hTnIxOElsRmJBNGRBaVJUazFNYXhiajhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9lYzBiODktMWU2OC00NWEwLThiOTMt
MTNhMDZhMjY5YWE4LzEvSXpHSVl6ZnphT2s0aGZuN0ZaQkNHbWZtVmYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9lYzBiODktMWU2OC00NWEwLThiOTMtMTNhMDZhMjY5YWE4
LzEvZk9hTnIxOElsRmJBNGRBaVJUazFNYXhiajhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwS75MA0G
CSqGSIb3DQEBCwUAA4IBAQBqUNIxg9lWCZF2UJXIPj4+obd8g/RU89SqCL07ydpZ
0Fy1XGJFY3EfvmN1QfJA2u+OOdI2CwObHzBKGhJqjhI4wwCQV7mdyXO/VYDP3LS/
wOsXio7GBZ86hSTNl9b+I4xEbw7RU4udD5/f91vpdacxl25ACmIQUSnfv5qq8Ryy
LPfrarp5U0jas6jlN6mEFfYo9w3+/89zpwQNRNsIH1GRl7DK9hhygxWNXZJ+7yoL
ERaavSh9cfc9izlJco4AikqXkTh72ThDX9rD/nXvopyG17zt4oLBgvHPgYwIJ26U
ygDHaNGRwyxC0f4MunBqU7Ho33P0YzUYMewRBr5ccFZ1
-----END CERTIFICATE-----