Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/eb7e0c-59a1-4f93-8b27-ac4883e47665/1/eanMkAqMiuyqfCVaCPJHg0BtCdk.roa
File:                     eanMkAqMiuyqfCVaCPJHg0BtCdk.roa (raw, json)
Hash identifier:          Bw2lZnNjVkygeGDB2ODdcLMKhFIs79Gv2mAxtR90ppI=
Subject key identifier:   79:A9:CC:90:0A:8C:8A:EC:AA:7C:25:5A:08:F2:47:83:40:6D:09:D9
Certificate issuer:       /CN=e67d7b3570077064013da18e29e690cd4c9bd710
Certificate serial:       0192B889BB41D450E441A1A3BC94524BF32E
Authority key identifier: E6:7D:7B:35:70:07:70:64:01:3D:A1:8E:29:E6:90:CD:4C:9B:D7:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5n17NXAHcGQBPaGOKeaQzUyb1xA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/eb7e0c-59a1-4f93-8b27-ac4883e47665/1/eanMkAqMiuyqfCVaCPJHg0BtCdk.roa
Signing time:             Wed 23 Oct 2024 08:41:26 +0000
ROA not before:           Wed 23 Oct 2024 08:41:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2116
IP address blocks:        2001:67c:514::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/eb7e0c-59a1-4f93-8b27-ac4883e47665/1/5n17NXAHcGQBPaGOKeaQzUyb1xA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/eb7e0c-59a1-4f93-8b27-ac4883e47665/1/5n17NXAHcGQBPaGOKeaQzUyb1xA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5n17NXAHcGQBPaGOKeaQzUyb1xA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b8:89:bb:41:d4:50:e4:41:a1:a3:bc:94:52:4b:f3:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e67d7b3570077064013da18e29e690cd4c9bd710
        Validity
            Not Before: Oct 23 08:41:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79a9cc900a8c8aecaa7c255a08f24783406d09d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:74:27:f9:b6:d6:07:fb:0e:2c:33:dc:40:20:
                    f2:9e:ad:de:ae:37:4a:c5:5b:69:4e:1e:a4:89:03:
                    c1:77:63:d4:c5:e6:c4:cf:ff:5f:94:01:c8:01:0f:
                    39:93:36:8f:9c:4a:f7:d4:5f:1e:c3:6c:50:b3:42:
                    7d:91:59:9c:d9:93:8e:12:b8:50:a1:3d:7d:c0:8d:
                    de:a1:96:b2:43:6b:68:77:b1:74:7a:eb:be:b1:30:
                    69:71:6f:3e:46:2b:58:c5:52:ed:e8:19:aa:b6:4f:
                    9f:8d:10:a5:a2:1e:ae:90:36:15:6c:2e:43:dc:7f:
                    81:f3:e9:74:33:b2:4b:67:7f:e8:86:a0:4a:0b:d1:
                    a6:1a:a1:29:1c:df:2f:85:30:00:c7:f1:73:ef:f0:
                    a6:6b:90:54:4c:bc:b4:bf:f6:7d:2a:b5:99:55:22:
                    a1:22:ba:f7:86:12:17:f7:fe:ba:bb:a7:d3:93:35:
                    8d:70:42:e4:c2:b9:34:70:db:34:4c:49:6b:77:a3:
                    ff:d1:90:14:5e:0b:4c:d2:6e:4c:28:0a:db:65:67:
                    fa:b3:36:28:98:6e:a8:18:a0:5f:39:17:de:83:04:
                    83:c4:fd:db:aa:3b:e0:56:78:51:41:41:3e:31:1a:
                    13:b0:4f:96:e8:f2:8f:90:05:cd:93:10:d5:b6:bc:
                    80:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:A9:CC:90:0A:8C:8A:EC:AA:7C:25:5A:08:F2:47:83:40:6D:09:D9
            X509v3 Authority Key Identifier:
                keyid:E6:7D:7B:35:70:07:70:64:01:3D:A1:8E:29:E6:90:CD:4C:9B:D7:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5n17NXAHcGQBPaGOKeaQzUyb1xA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/eb7e0c-59a1-4f93-8b27-ac4883e47665/1/eanMkAqMiuyqfCVaCPJHg0BtCdk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/eb7e0c-59a1-4f93-8b27-ac4883e47665/1/5n17NXAHcGQBPaGOKeaQzUyb1xA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:67c:514::/48

    Signature Algorithm: sha256WithRSAEncryption
         10:21:da:3a:86:c6:72:53:14:76:df:95:b5:88:57:6c:00:10:
         2d:d6:55:0e:43:e3:45:16:dc:77:60:e7:08:62:36:74:2c:9d:
         32:d8:5d:8c:06:78:b8:d4:80:29:fc:b2:00:2e:88:c7:5c:56:
         a8:a5:2c:bd:bb:70:5e:e8:7e:4d:a9:e4:86:bb:20:8e:a8:2f:
         50:7f:a4:a1:28:f0:1f:a2:5e:ff:0b:c1:40:b3:1f:d6:e3:f9:
         fe:ba:23:80:42:2f:8a:32:51:d0:ff:46:fb:0e:9d:f1:25:2d:
         2d:f8:f8:ab:0c:67:63:92:16:f0:d5:76:13:2c:c6:69:b6:6c:
         d5:32:14:aa:50:8b:ca:3a:ea:9a:09:08:61:f8:20:03:6e:ed:
         3d:f2:ca:36:5d:a8:48:d6:3a:d2:06:de:2c:d9:b5:7d:73:19:
         92:15:db:40:cc:79:de:15:09:45:5c:b5:e8:5e:fb:95:63:4d:
         82:05:ed:a2:5e:7b:5b:e5:4d:c3:c1:10:5c:87:c6:88:07:16:
         3f:2d:ac:2b:64:dc:c5:30:3c:03:b5:9a:ee:1b:ae:ee:e2:86:
         eb:4e:c9:f5:b2:8d:40:71:71:5c:83:f1:78:1a:4e:48:c1:43:
         ce:df:b6:a5:b7:16:e4:28:53:7c:37:4d:85:21:fa:5f:09:f0:
         4c:7d:57:1c
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZK4ibtB1FDkQaGjvJRSS/MuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2N2Q3YjM1NzAwNzcwNjQwMTNkYTE4ZTI5ZTY5MGNkNGM5
YmQ3MTAwHhcNMjQxMDIzMDg0MTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWE5Y2M5MDBhOGM4YWVjYWE3YzI1NWEwOGYyNDc4MzQwNmQwOWQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq3Qn+bbWB/sOLDPcQCDynq3erjdK
xVtpTh6kiQPBd2PUxebEz/9flAHIAQ85kzaPnEr31F8ew2xQs0J9kVmc2ZOOErhQ
oT19wI3eoZayQ2tod7F0euu+sTBpcW8+RitYxVLt6Bmqtk+fjRCloh6ukDYVbC5D
3H+B8+l0M7JLZ3/ohqBKC9GmGqEpHN8vhTAAx/Fz7/Cma5BUTLy0v/Z9KrWZVSKh
Irr3hhIX9/66u6fTkzWNcELkwrk0cNs0TElrd6P/0ZAUXgtM0m5MKArbZWf6szYo
mG6oGKBfORfegwSDxP3bqjvgVnhRQUE+MRoTsE+W6PKPkAXNkxDVtryA4QIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFHmpzJAKjIrsqnwlWgjyR4NAbQnZMB8GA1UdIwQY
MBaAFOZ9ezVwB3BkAT2hjinmkM1Mm9cQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNW4xN05YQUhjR1FCUGFHT0tlYVF6VXliMXhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9lYjdlMGMtNTlhMS00ZjkzLThiMjct
YWM0ODgzZTQ3NjY1LzEvZWFuTWtBcU1pdXlxZkNWYUNQSkhnMEJ0Q2RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9lYjdlMGMtNTlhMS00ZjkzLThiMjctYWM0ODgzZTQ3NjY1
LzEvNW4xN05YQUhjR1FCUGFHT0tlYVF6VXliMXhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAIAEGfAUU
MA0GCSqGSIb3DQEBCwUAA4IBAQAQIdo6hsZyUxR235W1iFdsABAt1lUOQ+NFFtx3
YOcIYjZ0LJ0y2F2MBni41IAp/LIALojHXFaopSy9u3Be6H5NqeSGuyCOqC9Qf6Sh
KPAfol7/C8FAsx/W4/n+uiOAQi+KMlHQ/0b7Dp3xJS0t+PirDGdjkhbw1XYTLMZp
tmzVMhSqUIvKOuqaCQhh+CADbu098so2XahI1jrSBt4s2bV9cxmSFdtAzHneFQlF
XLXoXvuVY02CBe2iXntb5U3DwRBch8aIBxY/LawrZNzFMDwDtZruG67u4obrTsn1
so1AcXFcg/F4Gk5IwUPO37altxbkKFN8N02FIfpfCfBMfVcc
-----END CERTIFICATE-----