Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/f413c2-c2ec-41f1-9d85-5d8634ab7d91/1/I0aJJQNYqKsnLSGzYmkpfMA17AA.roa
File:                     I0aJJQNYqKsnLSGzYmkpfMA17AA.roa (raw, json)
Hash identifier:          uiZ3ibyW/sNDbzTLWgyYPoPBVrI/wXTaawDWIQu+KWk=
Subject key identifier:   23:46:89:25:03:58:A8:AB:27:2D:21:B3:62:69:29:7C:C0:35:EC:00
Certificate issuer:       /CN=e7507db088a7c81a0dbec8f1addb52f95bd10143
Certificate serial:       018CC4922688D4297C6C12A780D60F9EEA83
Authority key identifier: E7:50:7D:B0:88:A7:C8:1A:0D:BE:C8:F1:AD:DB:52:F9:5B:D1:01:43
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51B9sIinyBoNvsjxrdtS-VvRAUM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/f413c2-c2ec-41f1-9d85-5d8634ab7d91/1/I0aJJQNYqKsnLSGzYmkpfMA17AA.roa
Signing time:             Mon 01 Jan 2024 10:29:21 +0000
ROA not before:           Mon 01 Jan 2024 10:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50673
IP address blocks:        45.141.28.0/22 maxlen: 22
                          91.199.167.0/24 maxlen: 24
                          2a0e:c9c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/f413c2-c2ec-41f1-9d85-5d8634ab7d91/1/51B9sIinyBoNvsjxrdtS-VvRAUM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/f413c2-c2ec-41f1-9d85-5d8634ab7d91/1/51B9sIinyBoNvsjxrdtS-VvRAUM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/51B9sIinyBoNvsjxrdtS-VvRAUM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:92:26:88:d4:29:7c:6c:12:a7:80:d6:0f:9e:ea:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7507db088a7c81a0dbec8f1addb52f95bd10143
        Validity
            Not Before: Jan  1 10:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=234689250358a8ab272d21b36269297cc035ec00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:08:f5:57:05:b3:bb:d8:cc:a9:84:90:c0:03:
                    33:2e:3a:5f:2b:88:e8:a6:b7:dd:25:8e:31:02:c6:
                    c0:49:78:4c:e1:dd:d3:c6:90:ac:b9:89:a8:01:79:
                    4b:7b:f1:e9:5f:74:b7:f2:26:17:62:f4:ef:92:e8:
                    58:6c:ef:09:bc:18:74:a4:6d:47:c9:35:b0:ab:bf:
                    70:c9:79:20:5c:18:48:40:07:06:a4:3c:03:13:5c:
                    e1:44:e6:e5:f7:65:f5:38:06:20:05:7b:12:1c:72:
                    3e:ad:68:30:54:8b:c5:3e:24:6a:01:35:dc:10:67:
                    f3:69:bb:a9:f7:21:95:40:62:e5:6f:25:b0:52:d4:
                    a3:77:43:2c:ff:69:0a:78:1b:c8:eb:39:a2:a7:49:
                    fe:86:79:f4:7d:3b:e5:1f:44:38:2d:1f:de:b6:93:
                    d9:d2:cc:63:35:2d:0d:de:6e:46:a6:7f:f2:9f:5e:
                    57:33:d1:af:83:4d:e8:5d:c7:0c:ab:ee:79:2f:8c:
                    67:7b:78:eb:f3:a1:d1:45:2f:a0:2c:8d:05:07:54:
                    f9:a4:00:fe:e7:71:18:5d:17:13:b8:42:d6:2b:93:
                    05:cd:44:70:c7:68:a6:83:84:8a:2b:15:42:35:ec:
                    8c:a0:0e:ed:1b:f4:5a:b0:6e:c6:bd:bb:d9:7d:f6:
                    4a:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:46:89:25:03:58:A8:AB:27:2D:21:B3:62:69:29:7C:C0:35:EC:00
            X509v3 Authority Key Identifier:
                keyid:E7:50:7D:B0:88:A7:C8:1A:0D:BE:C8:F1:AD:DB:52:F9:5B:D1:01:43

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51B9sIinyBoNvsjxrdtS-VvRAUM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f413c2-c2ec-41f1-9d85-5d8634ab7d91/1/I0aJJQNYqKsnLSGzYmkpfMA17AA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/f413c2-c2ec-41f1-9d85-5d8634ab7d91/1/51B9sIinyBoNvsjxrdtS-VvRAUM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.141.28.0/22
                  91.199.167.0/24
                IPv6:
                  2a0e:c9c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         20:c2:53:d9:45:21:16:c9:a8:fe:f6:45:66:d9:e4:cd:ee:c4:
         71:f0:0d:f5:ad:83:36:88:f8:ec:fa:1b:3d:27:ea:99:4f:86:
         63:80:bb:df:92:83:ea:40:49:ef:e1:fc:9d:b1:30:99:0d:b6:
         4f:38:c6:db:77:85:99:8c:20:7d:9e:36:96:89:8e:4c:4c:2f:
         16:74:1c:23:fe:a2:82:11:3a:a0:97:ee:f6:ad:ea:8e:f9:e6:
         03:62:ec:76:d5:66:c5:65:3a:61:9d:8d:01:e1:9d:e3:5a:cc:
         9f:f1:77:ad:78:6b:75:77:62:eb:f3:48:9a:33:36:da:fb:7c:
         d7:70:5d:8f:43:f8:e1:2f:83:7f:f3:a9:fa:9c:1b:78:dd:4a:
         59:f4:0e:4b:49:f3:f8:ea:59:f2:d3:e6:4e:12:97:06:79:80:
         df:5c:79:80:24:67:2b:35:a9:50:d7:cf:04:97:0a:ee:7c:b5:
         33:3b:f8:5c:4f:9a:8c:cd:bb:6c:81:61:37:f7:09:64:b9:82:
         69:d9:5c:d8:96:d4:8c:79:3f:87:72:df:17:87:ed:16:c5:7d:
         0d:97:48:03:01:e7:18:89:1c:82:cd:d4:a3:3c:e9:8e:71:96:
         9b:b5:79:9f:40:a2:27:1e:0b:b1:bb:86:51:a0:1c:ec:52:64:
         2c:b8:15:f5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzEkiaI1Cl8bBKngNYPnuqDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NTA3ZGIwODhhN2M4MWEwZGJlYzhmMWFkZGI1MmY5NWJk
MTAxNDMwHhcNMjQwMTAxMTAyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzQ2ODkyNTAzNThhOGFiMjcyZDIxYjM2MjY5Mjk3Y2MwMzVlYzAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogj1VwWzu9jMqYSQwAMzLjpfK4jo
prfdJY4xAsbASXhM4d3TxpCsuYmoAXlLe/HpX3S38iYXYvTvkuhYbO8JvBh0pG1H
yTWwq79wyXkgXBhIQAcGpDwDE1zhRObl92X1OAYgBXsSHHI+rWgwVIvFPiRqATXc
EGfzabup9yGVQGLlbyWwUtSjd0Ms/2kKeBvI6zmip0n+hnn0fTvlH0Q4LR/etpPZ
0sxjNS0N3m5Gpn/yn15XM9Gvg03oXccMq+55L4xne3jr86HRRS+gLI0FB1T5pAD+
53EYXRcTuELWK5MFzURwx2img4SKKxVCNeyMoA7tG/RasG7GvbvZffZKwwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCNGiSUDWKirJy0hs2JpKXzANewAMB8GA1UdIwQY
MBaAFOdQfbCIp8gaDb7I8a3bUvlb0QFDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTFCOXNJaW55Qm9OdnNqeHJkdFMtVnZSQVVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9mNDEzYzItYzJlYy00MWYxLTlkODUt
NWQ4NjM0YWI3ZDkxLzEvSTBhSkpRTllxS3NuTFNHellta3BmTUExN0FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9mNDEzYzItYzJlYy00MWYxLTlkODUtNWQ4NjM0YWI3ZDkx
LzEvNTFCOXNJaW55Qm9OdnNqeHJkdFMtVnZSQVVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCLY0cAwQA
W8enMA0EAgACMAcDBQMqDsnAMA0GCSqGSIb3DQEBCwUAA4IBAQAgwlPZRSEWyaj+
9kVm2eTN7sRx8A31rYM2iPjs+hs9J+qZT4ZjgLvfkoPqQEnv4fydsTCZDbZPOMbb
d4WZjCB9njaWiY5MTC8WdBwj/qKCETqgl+72reqO+eYDYux21WbFZTphnY0B4Z3j
Wsyf8XeteGt1d2Lr80iaMzba+3zXcF2PQ/jhL4N/86n6nBt43UpZ9A5LSfP46lny
0+ZOEpcGeYDfXHmAJGcrNalQ188ElwrufLUzO/hcT5qMzbtsgWE39wlkuYJp2VzY
ltSMeT+Hct8Xh+0WxX0Nl0gDAecYiRyCzdSjPOmOcZabtXmfQKInHguxu4ZRoBzs
UmQsuBX1
-----END CERTIFICATE-----