Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/f97aed-f5c2-4fb7-a7d1-0725f0697b83/1/nEbEAI4Kl6B2pRjyWWyJm8nX5QI.roa
File:                     nEbEAI4Kl6B2pRjyWWyJm8nX5QI.roa (raw, json)
Hash identifier:          qYyg303gwHsQ9ddKUak/IzlrW/XAojDoUTpf0GFgduI=
Subject key identifier:   9C:46:C4:00:8E:0A:97:A0:76:A5:18:F2:59:6C:89:9B:C9:D7:E5:02
Certificate issuer:       /CN=60e88ffe6f0de5f2f1fc9d14ef62f25670bd5b4a
Certificate serial:       018D1827696310E83259FF502747959A3751
Authority key identifier: 60:E8:8F:FE:6F:0D:E5:F2:F1:FC:9D:14:EF:62:F2:56:70:BD:5B:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YOiP_m8N5fLx_J0U72LyVnC9W0o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/f97aed-f5c2-4fb7-a7d1-0725f0697b83/1/nEbEAI4Kl6B2pRjyWWyJm8nX5QI.roa
Signing time:             Wed 17 Jan 2024 16:00:52 +0000
ROA not before:           Wed 17 Jan 2024 16:00:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     52152
IP address blocks:        195.54.190.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/f97aed-f5c2-4fb7-a7d1-0725f0697b83/1/YOiP_m8N5fLx_J0U72LyVnC9W0o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/f97aed-f5c2-4fb7-a7d1-0725f0697b83/1/YOiP_m8N5fLx_J0U72LyVnC9W0o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YOiP_m8N5fLx_J0U72LyVnC9W0o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 04:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:18:27:69:63:10:e8:32:59:ff:50:27:47:95:9a:37:51
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60e88ffe6f0de5f2f1fc9d14ef62f25670bd5b4a
        Validity
            Not Before: Jan 17 16:00:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9c46c4008e0a97a076a518f2596c899bc9d7e502
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:22:af:ea:0d:ab:1e:53:88:6d:26:04:28:12:
                    99:77:bf:8e:42:c4:6f:c5:cf:d9:39:6e:3f:83:41:
                    6c:4f:1f:bc:8f:04:b2:bd:b1:51:4d:cb:55:86:e1:
                    c2:aa:12:3c:16:13:1e:09:cf:d3:a5:44:98:d0:78:
                    c7:9f:a2:9f:f7:fd:00:b8:8b:eb:d7:f2:26:4f:ce:
                    d1:17:c7:b4:0d:86:08:ef:54:5d:df:74:59:ce:24:
                    ef:f9:56:5b:43:28:5d:0a:1d:95:69:fd:15:0a:3d:
                    7b:dd:22:e3:b7:b6:33:72:f8:20:33:1e:70:0b:94:
                    9f:60:9f:7e:3b:54:0f:9b:ec:11:0a:ff:0d:e2:e1:
                    f9:0d:e8:ee:7d:8c:1b:21:bc:b7:00:bf:a3:50:c7:
                    9b:c4:76:e1:0f:0e:cb:48:03:e3:3b:cf:f8:2b:84:
                    a1:3a:5a:02:b8:f6:6a:74:03:65:f2:78:99:35:0f:
                    30:64:84:2e:89:af:a3:d9:52:c9:e6:a7:54:7c:3e:
                    c5:74:10:1b:c3:12:98:d7:a8:75:e9:e1:1a:dc:33:
                    81:68:a8:53:58:7a:ad:fd:de:b6:c7:76:92:4b:40:
                    c6:ff:21:68:fa:12:9f:17:4d:cd:9a:ec:09:a5:36:
                    06:c0:97:09:16:8d:d7:98:d0:ec:9b:cd:f0:18:e9:
                    9a:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:46:C4:00:8E:0A:97:A0:76:A5:18:F2:59:6C:89:9B:C9:D7:E5:02
            X509v3 Authority Key Identifier:
                keyid:60:E8:8F:FE:6F:0D:E5:F2:F1:FC:9D:14:EF:62:F2:56:70:BD:5B:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YOiP_m8N5fLx_J0U72LyVnC9W0o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/f97aed-f5c2-4fb7-a7d1-0725f0697b83/1/nEbEAI4Kl6B2pRjyWWyJm8nX5QI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/f97aed-f5c2-4fb7-a7d1-0725f0697b83/1/YOiP_m8N5fLx_J0U72LyVnC9W0o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.54.190.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:8c:45:4f:3d:66:b3:6a:68:30:69:4a:85:9a:8a:1a:26:c2:
         ed:a9:65:bd:3b:77:88:ba:72:6d:22:49:eb:fe:74:4e:72:be:
         9e:8f:36:70:9e:9e:ce:59:27:6f:9e:44:ff:64:67:2b:ca:cd:
         45:85:c4:c2:3a:3f:05:1e:90:3b:2f:3e:6e:85:e3:96:b1:0c:
         36:14:9e:7f:e9:8f:c3:4f:e9:5b:1d:7d:13:f6:60:4b:87:ff:
         67:05:83:80:2e:6d:6e:4e:45:95:c7:98:e1:b7:3a:d3:e8:5a:
         4c:b5:33:24:5a:c0:c2:53:3d:9f:7c:62:57:ba:b5:48:c9:0f:
         f0:f6:35:02:6d:3f:e5:1b:5f:21:09:c0:df:62:fd:01:8e:47:
         00:49:31:e5:66:81:b1:e3:ce:ce:07:63:4a:0f:c2:16:28:ee:
         bb:de:63:fe:f8:bb:e5:e2:7a:da:14:6f:68:eb:51:6e:43:93:
         f2:e8:cb:c4:95:bb:92:31:a4:fd:01:9d:4a:f9:5a:18:df:95:
         dc:ec:40:94:23:17:8d:67:f9:74:35:25:7b:cd:b0:47:c4:fc:
         de:c6:91:a9:71:7f:39:2d:7c:5e:f5:bd:67:e2:1f:95:ef:d6:
         fa:b7:78:d8:df:bf:87:09:7b:be:e4:3e:6e:6b:f7:5f:bd:f1:
         47:ec:17:b9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0YJ2ljEOgyWf9QJ0eVmjdRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZTg4ZmZlNmYwZGU1ZjJmMWZjOWQxNGVmNjJmMjU2NzBi
ZDViNGEwHhcNMjQwMTE3MTYwMDUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YzQ2YzQwMDhlMGE5N2EwNzZhNTE4ZjI1OTZjODk5YmM5ZDdlNTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgSKv6g2rHlOIbSYEKBKZd7+OQsRv
xc/ZOW4/g0FsTx+8jwSyvbFRTctVhuHCqhI8FhMeCc/TpUSY0HjHn6Kf9/0AuIvr
1/ImT87RF8e0DYYI71Rd33RZziTv+VZbQyhdCh2Vaf0VCj173SLjt7YzcvggMx5w
C5SfYJ9+O1QPm+wRCv8N4uH5DejufYwbIby3AL+jUMebxHbhDw7LSAPjO8/4K4Sh
OloCuPZqdANl8niZNQ8wZIQuia+j2VLJ5qdUfD7FdBAbwxKY16h16eEa3DOBaKhT
WHqt/d62x3aSS0DG/yFo+hKfF03NmuwJpTYGwJcJFo3XmNDsm83wGOmajwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJxGxACOCpegdqUY8llsiZvJ1+UCMB8GA1UdIwQY
MBaAFGDoj/5vDeXy8fydFO9i8lZwvVtKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU9pUF9tOE41Zkx4X0owVTcyTHlWbkM5VzBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9mOTdhZWQtZjVjMi00ZmI3LWE3ZDEt
MDcyNWYwNjk3YjgzLzEvbkViRUFJNEtsNkIycFJqeVdXeUptOG5YNVFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9mOTdhZWQtZjVjMi00ZmI3LWE3ZDEtMDcyNWYwNjk3Yjgz
LzEvWU9pUF9tOE41Zkx4X0owVTcyTHlWbkM5VzBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwza+MA0G
CSqGSIb3DQEBCwUAA4IBAQB7jEVPPWazamgwaUqFmooaJsLtqWW9O3eIunJtIknr
/nROcr6ejzZwnp7OWSdvnkT/ZGcrys1FhcTCOj8FHpA7Lz5uheOWsQw2FJ5/6Y/D
T+lbHX0T9mBLh/9nBYOALm1uTkWVx5jhtzrT6FpMtTMkWsDCUz2ffGJXurVIyQ/w
9jUCbT/lG18hCcDfYv0BjkcASTHlZoGx487OB2NKD8IWKO673mP++Lvl4nraFG9o
61FuQ5Py6MvElbuSMaT9AZ1K+VoY35Xc7ECUIxeNZ/l0NSV7zbBHxPzexpGpcX85
LXxe9b1n4h+V79b6t3jY37+HCXu+5D5ua/dfvfFH7Be5
-----END CERTIFICATE-----