Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/31081a-8b5a-49ec-9036-862e99973fc3/1/eOouRe6sL1TZxYJ5lvR4NL_e7Zo.roa
File:                     eOouRe6sL1TZxYJ5lvR4NL_e7Zo.roa (raw, json)
Hash identifier:          e+Jr1T1GpV8P+yOTRAU2wXiNoN+qa7BBPT7O1VxZnIw=
Subject key identifier:   78:EA:2E:45:EE:AC:2F:54:D9:C5:82:79:96:F4:78:34:BF:DE:ED:9A
Certificate issuer:       /CN=f7822d4597e5493d15178bfb10e6841dd17e5897
Certificate serial:       01905459A24F0A6AF13E8FB364D4FAD8E60D
Authority key identifier: F7:82:2D:45:97:E5:49:3D:15:17:8B:FB:10:E6:84:1D:D1:7E:58:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/94ItRZflST0VF4v7EOaEHdF-WJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/31081a-8b5a-49ec-9036-862e99973fc3/1/eOouRe6sL1TZxYJ5lvR4NL_e7Zo.roa
Signing time:             Wed 26 Jun 2024 11:41:18 +0000
ROA not before:           Wed 26 Jun 2024 11:41:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202098
IP address blocks:        158.47.216.0/21 maxlen: 24
                          158.47.224.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/31081a-8b5a-49ec-9036-862e99973fc3/1/94ItRZflST0VF4v7EOaEHdF-WJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/31081a-8b5a-49ec-9036-862e99973fc3/1/94ItRZflST0VF4v7EOaEHdF-WJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/94ItRZflST0VF4v7EOaEHdF-WJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 02:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:54:59:a2:4f:0a:6a:f1:3e:8f:b3:64:d4:fa:d8:e6:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f7822d4597e5493d15178bfb10e6841dd17e5897
        Validity
            Not Before: Jun 26 11:41:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78ea2e45eeac2f54d9c5827996f47834bfdeed9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:c5:a6:77:ef:82:6e:7c:e4:1f:08:0c:96:eb:
                    64:6b:e3:2d:b6:e5:56:1f:d5:e9:5d:e7:5e:43:9a:
                    66:21:8e:72:bf:4b:f7:0b:c0:a1:f0:30:0e:b1:77:
                    f4:eb:d6:70:42:56:ef:eb:a4:18:c0:ac:86:ae:4b:
                    ed:80:14:20:82:43:1f:68:51:02:5d:c9:c5:cf:6d:
                    fb:f0:66:26:fe:af:7d:46:1b:36:71:3e:ff:bf:e1:
                    d2:c7:3b:a1:7d:35:65:3e:6f:93:bc:e1:ad:35:70:
                    29:4c:27:17:d9:1c:2d:69:a4:af:06:86:2b:af:89:
                    e2:69:15:52:d1:a3:19:1b:58:c5:95:cf:16:3a:f4:
                    32:d3:1b:01:aa:12:a0:62:6d:43:e5:23:ad:ef:99:
                    ca:9b:68:e4:56:5d:88:69:43:9f:0f:7c:48:c5:bd:
                    d1:dd:77:13:06:50:77:d1:8c:19:8c:a6:83:6b:2e:
                    ef:11:f2:33:f3:27:19:c0:7b:4a:fa:d1:a0:1e:7e:
                    a9:78:a6:9f:e0:03:35:00:be:12:13:5f:c7:40:38:
                    3a:16:c5:5f:fc:4a:01:76:fd:c5:21:ea:25:6b:a7:
                    11:1d:82:a5:1c:bf:73:d6:cd:5f:2b:c7:3e:99:90:
                    d1:c7:be:c7:3e:95:cc:46:ea:76:e9:08:39:03:f6:
                    4e:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:EA:2E:45:EE:AC:2F:54:D9:C5:82:79:96:F4:78:34:BF:DE:ED:9A
            X509v3 Authority Key Identifier:
                keyid:F7:82:2D:45:97:E5:49:3D:15:17:8B:FB:10:E6:84:1D:D1:7E:58:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/94ItRZflST0VF4v7EOaEHdF-WJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/31081a-8b5a-49ec-9036-862e99973fc3/1/eOouRe6sL1TZxYJ5lvR4NL_e7Zo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/31081a-8b5a-49ec-9036-862e99973fc3/1/94ItRZflST0VF4v7EOaEHdF-WJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  158.47.216.0-158.47.255.255

    Signature Algorithm: sha256WithRSAEncryption
         76:02:98:32:d3:1a:dd:37:18:61:08:02:86:bd:10:8d:a3:19:
         3c:c7:3f:8b:70:4f:28:4d:4d:54:78:dd:e9:81:bb:48:bc:ef:
         a0:88:25:06:7f:60:ac:60:6d:5b:5d:f2:1c:a2:57:6f:8f:fe:
         bd:77:ca:91:ea:c9:29:79:87:4c:b9:78:0f:d1:82:a4:0f:b6:
         0b:5f:b4:93:d9:02:ac:c9:35:d2:1a:e0:f5:4e:c1:84:d3:e0:
         d5:2b:1b:ee:4b:91:d0:d5:01:df:59:16:e5:26:67:e2:49:7e:
         e5:cf:ea:7d:eb:c8:a2:f8:3d:46:b7:f3:3a:f6:c7:f8:bb:7e:
         cb:f1:60:76:73:0a:1f:70:ec:b3:06:34:69:9c:01:b4:46:65:
         72:99:bb:49:51:82:5c:0b:a9:53:d3:df:c9:c5:11:86:69:1f:
         3b:65:38:a1:c7:e8:10:69:03:29:51:ba:c7:10:2d:bb:da:c1:
         ac:95:7c:d2:37:48:3b:b7:42:96:91:0c:ad:4f:63:9e:5f:d9:
         69:65:ef:67:24:96:c1:dc:74:7c:53:28:0f:58:41:a2:e4:60:
         9e:64:28:40:5b:99:f2:06:32:7b:ff:30:a8:8f:93:2f:11:d8:
         e9:db:19:f6:7f:3f:14:a1:cc:1c:fc:9c:7c:8f:40:8f:2e:d7:
         7b:5c:16:e7
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZBUWaJPCmrxPo+zZNT62OYNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3ODIyZDQ1OTdlNTQ5M2QxNTE3OGJmYjEwZTY4NDFkZDE3
ZTU4OTcwHhcNMjQwNjI2MTE0MTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGVhMmU0NWVlYWMyZjU0ZDljNTgyNzk5NmY0NzgzNGJmZGVlZDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsMWmd++CbnzkHwgMlutka+MttuVW
H9XpXedeQ5pmIY5yv0v3C8Ch8DAOsXf069ZwQlbv66QYwKyGrkvtgBQggkMfaFEC
XcnFz2378GYm/q99Rhs2cT7/v+HSxzuhfTVlPm+TvOGtNXApTCcX2RwtaaSvBoYr
r4niaRVS0aMZG1jFlc8WOvQy0xsBqhKgYm1D5SOt75nKm2jkVl2IaUOfD3xIxb3R
3XcTBlB30YwZjKaDay7vEfIz8ycZwHtK+tGgHn6peKaf4AM1AL4SE1/HQDg6FsVf
/EoBdv3FIeola6cRHYKlHL9z1s1fK8c+mZDRx77HPpXMRup26Qg5A/ZOhwIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFHjqLkXurC9U2cWCeZb0eDS/3u2aMB8GA1UdIwQY
MBaAFPeCLUWX5Uk9FReL+xDmhB3RfliXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTRJdFJaZmxTVDBWRjR2N0VPYUVIZEYtV0pjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy8zMTA4MWEtOGI1YS00OWVjLTkwMzYt
ODYyZTk5OTczZmMzLzEvZU9vdVJlNnNMMVRaeFlKNWx2UjROTF9lN1pvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy8zMTA4MWEtOGI1YS00OWVjLTkwMzYtODYyZTk5OTczZmMz
LzEvOTRJdFJaZmxTVDBWRjR2N0VPYUVIZEYtV0pjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANMAsDBAOeL9gD
AwSeIDANBgkqhkiG9w0BAQsFAAOCAQEAdgKYMtMa3TcYYQgChr0QjaMZPMc/i3BP
KE1NVHjd6YG7SLzvoIglBn9grGBtW13yHKJXb4/+vXfKkerJKXmHTLl4D9GCpA+2
C1+0k9kCrMk10hrg9U7BhNPg1Ssb7kuR0NUB31kW5SZn4kl+5c/qfevIovg9Rrfz
OvbH+Lt+y/FgdnMKH3DsswY0aZwBtEZlcpm7SVGCXAupU9PfycURhmkfO2U4ocfo
EGkDKVG6xxAtu9rBrJV80jdIO7dClpEMrU9jnl/ZaWXvZySWwdx0fFMoD1hBouRg
nmQoQFuZ8gYye/8wqI+TLxHY6dsZ9n8/FKHMHPycfI9Ajy7Xe1wW5w==
-----END CERTIFICATE-----