Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/eXWKr3WYP7uvBphkQ1jWTbr5p9A.roa
File:                     eXWKr3WYP7uvBphkQ1jWTbr5p9A.roa (raw, json)
Hash identifier:          RpKkAxSXAypCVQKdSzMxis/KkQvEASC/7jYzjJzwMhs=
Subject key identifier:   79:75:8A:AF:75:98:3F:BB:AF:06:98:64:43:58:D6:4D:BA:F9:A7:D0
Certificate issuer:       /CN=8ceb23e2c5d9f2c734488904505835ef2809fb3b
Certificate serial:       018F99DE292344D1C8B41A67BFDE9918A114
Authority key identifier: 8C:EB:23:E2:C5:D9:F2:C7:34:48:89:04:50:58:35:EF:28:09:FB:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/eXWKr3WYP7uvBphkQ1jWTbr5p9A.roa
Signing time:             Tue 21 May 2024 06:37:04 +0000
ROA not before:           Tue 21 May 2024 06:37:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57231
IP address blocks:        109.105.159.0/24 maxlen: 24
                          185.149.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 15:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:99:de:29:23:44:d1:c8:b4:1a:67:bf:de:99:18:a1:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ceb23e2c5d9f2c734488904505835ef2809fb3b
        Validity
            Not Before: May 21 06:37:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79758aaf75983fbbaf0698644358d64dbaf9a7d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:37:e1:ae:29:6b:07:e3:77:a4:dc:5e:dc:88:
                    19:c9:bb:93:70:90:a7:71:f8:b3:2d:b9:33:38:39:
                    1b:16:d1:75:81:2c:b4:f6:aa:76:56:1d:e6:91:6c:
                    a7:9d:24:93:83:27:ee:c1:b5:50:e8:f4:9d:14:71:
                    ba:be:2a:c5:fa:61:63:f7:36:93:6d:b7:8f:02:6d:
                    d1:fc:5a:52:8c:1a:35:41:d5:38:26:dc:72:aa:60:
                    56:be:0f:29:ba:9a:5f:6b:2d:88:64:0e:7c:2c:32:
                    98:48:ec:b6:f7:c7:1a:a0:d5:c0:3a:67:a6:9b:7c:
                    6b:4d:d3:fa:7d:4a:53:f8:74:4d:6e:5e:fd:28:0d:
                    c7:dc:64:f4:b5:69:99:e2:b1:1a:f4:88:cb:1f:d3:
                    f2:e1:7f:de:f4:1b:e6:8b:28:1e:36:b9:13:77:b6:
                    2d:83:a1:08:c8:bc:d0:6c:bf:02:30:93:c1:43:fd:
                    f1:47:b7:4a:ca:c6:1d:ca:ba:69:a6:b7:1f:89:74:
                    49:97:b4:2f:64:5b:9b:ea:2c:8a:b8:14:8a:ed:94:
                    5c:b5:6a:60:f7:7e:f8:86:8b:67:b1:83:1f:de:a1:
                    be:56:14:1d:35:5e:e5:fc:c1:59:f0:8d:1e:9c:63:
                    39:da:dc:8e:de:a8:23:4f:48:9d:6b:c2:ae:32:bf:
                    b7:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:75:8A:AF:75:98:3F:BB:AF:06:98:64:43:58:D6:4D:BA:F9:A7:D0
            X509v3 Authority Key Identifier:
                keyid:8C:EB:23:E2:C5:D9:F2:C7:34:48:89:04:50:58:35:EF:28:09:FB:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/eXWKr3WYP7uvBphkQ1jWTbr5p9A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/699292-3da0-4772-af82-8334e362236d/1/jOsj4sXZ8sc0SIkEUFg17ygJ-zs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.105.159.0/24
                  185.149.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:e3:9b:7c:d9:03:e3:a3:61:71:2d:9c:68:7a:1e:c8:39:55:
         a8:3e:cf:ec:58:e2:e4:96:88:81:1f:76:45:00:5a:47:7c:54:
         45:27:fd:9e:b5:bb:c3:42:0c:0c:3a:f8:58:47:f2:6c:94:f8:
         2b:98:2f:cc:46:87:c9:1d:9e:b0:74:25:ae:93:b8:ef:51:0a:
         19:0a:3f:af:1c:58:39:d2:8a:3a:a5:54:2e:2c:e8:4f:59:0c:
         6c:16:fd:ed:50:fb:5b:7f:00:1f:98:b4:4e:29:4a:81:c1:9f:
         54:6c:85:2a:8f:ad:b8:c9:7d:0c:02:71:a4:23:55:38:4a:82:
         e8:50:21:c9:10:0e:25:ec:22:63:c7:f0:65:b2:35:30:ff:f5:
         73:d6:7a:46:44:6a:f5:b4:66:a3:bd:e5:a5:0f:a9:19:0d:9e:
         0c:1a:cf:9e:43:a0:ae:4f:fb:b5:01:bc:9f:7f:95:10:6b:f6:
         81:d4:32:90:1e:f2:07:99:4a:25:a6:99:38:ba:8b:ac:7f:3a:
         fb:ba:89:55:18:26:3d:e9:d8:31:20:6c:09:d1:e8:04:c3:b0:
         d4:76:78:06:82:4a:a4:a9:54:bd:b0:7b:77:42:96:a8:2c:1a:
         6f:80:e1:5a:ac:f9:0d:5c:40:9d:33:b2:72:fd:39:60:61:63:
         5c:57:7e:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY+Z3ikjRNHItBpnv96ZGKEUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZWIyM2UyYzVkOWYyYzczNDQ4ODkwNDUwNTgzNWVmMjgw
OWZiM2IwHhcNMjQwNTIxMDYzNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTc1OGFhZjc1OTgzZmJiYWYwNjk4NjQ0MzU4ZDY0ZGJhZjlhN2QwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApDfhrilrB+N3pNxe3IgZybuTcJCn
cfizLbkzODkbFtF1gSy09qp2Vh3mkWynnSSTgyfuwbVQ6PSdFHG6virF+mFj9zaT
bbePAm3R/FpSjBo1QdU4JtxyqmBWvg8puppfay2IZA58LDKYSOy298caoNXAOmem
m3xrTdP6fUpT+HRNbl79KA3H3GT0tWmZ4rEa9IjLH9Py4X/e9BvmiygeNrkTd7Yt
g6EIyLzQbL8CMJPBQ/3xR7dKysYdyrppprcfiXRJl7QvZFub6iyKuBSK7ZRctWpg
9374hotnsYMf3qG+VhQdNV7l/MFZ8I0enGM52tyO3qgjT0ida8KuMr+3JwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHl1iq91mD+7rwaYZENY1k26+afQMB8GA1UdIwQY
MBaAFIzrI+LF2fLHNEiJBFBYNe8oCfs7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak9zajRzWFo4c2MwU0lrRVVGZzE3eWdKLXpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi82OTkyOTItM2RhMC00NzcyLWFmODIt
ODMzNGUzNjIyMzZkLzEvZVhXS3IzV1lQN3V2QnBoa1ExaldUYnI1cDlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi82OTkyOTItM2RhMC00NzcyLWFmODItODMzNGUzNjIyMzZk
LzEvak9zajRzWFo4c2MwU0lrRVVGZzE3eWdKLXpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAbWmfAwQA
uZWuMA0GCSqGSIb3DQEBCwUAA4IBAQBG45t82QPjo2FxLZxoeh7IOVWoPs/sWOLk
loiBH3ZFAFpHfFRFJ/2etbvDQgwMOvhYR/JslPgrmC/MRofJHZ6wdCWuk7jvUQoZ
Cj+vHFg50oo6pVQuLOhPWQxsFv3tUPtbfwAfmLROKUqBwZ9UbIUqj624yX0MAnGk
I1U4SoLoUCHJEA4l7CJjx/BlsjUw//Vz1npGRGr1tGajveWlD6kZDZ4MGs+eQ6Cu
T/u1Abyff5UQa/aB1DKQHvIHmUolppk4uousfzr7uolVGCY96dgxIGwJ0egEw7DU
dngGgkqkqVS9sHt3QpaoLBpvgOFarPkNXECdM7Jy/TlgYWNcV34a
-----END CERTIFICATE-----