Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/E8kn7aEukt3A02XfkuhthKBKbNM.roa
File:                     E8kn7aEukt3A02XfkuhthKBKbNM.roa (raw, json)
Hash identifier:          Tt0umHn7tFpaKFeQtx4HB3IwGyxvBq1weMf6aMmIN9c=
Subject key identifier:   13:C9:27:ED:A1:2E:92:DD:C0:D3:65:DF:92:E8:6D:84:A0:4A:6C:D3
Certificate issuer:       /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial:       01942746EC17E51CF122643CA6345BE67797
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/E8kn7aEukt3A02XfkuhthKBKbNM.roa
Signing time:             Thu 02 Jan 2025 13:49:06 +0000
ROA not before:           Thu 02 Jan 2025 13:49:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5394
IP address blocks:        195.180.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:46:ec:17:e5:1c:f1:22:64:3c:a6:34:5b:e6:77:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
        Validity
            Not Before: Jan  2 13:49:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13c927eda12e92ddc0d365df92e86d84a04a6cd3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:9f:e6:ee:31:e8:be:1f:4d:38:7c:ab:de:5d:
                    22:97:91:f3:89:a5:2c:fc:ef:5c:ff:a0:f4:b5:d4:
                    1e:12:d8:23:d8:1f:80:46:7c:e0:84:6a:8b:fb:a9:
                    3c:bd:71:c4:7c:bf:81:9a:bd:df:17:69:2d:73:bb:
                    6b:03:37:74:31:90:89:b3:af:8f:ce:d3:5a:19:a0:
                    89:64:9e:b4:a2:a1:24:33:ac:69:f7:95:f9:55:e4:
                    a1:f3:22:67:ec:f9:7c:00:30:78:57:09:d3:88:ed:
                    13:6b:42:3f:c1:21:47:8b:f6:af:35:25:ff:50:e8:
                    c9:f7:dc:a3:12:3b:29:f8:80:03:b9:78:16:80:c2:
                    6c:90:40:0b:d0:00:99:c1:de:bd:d6:ff:7f:08:b0:
                    ae:6e:4e:82:e9:15:9e:38:9c:e3:a5:c5:0e:8f:ad:
                    3e:e5:80:57:80:5e:3b:36:d2:0e:33:be:df:a1:3d:
                    85:7e:e9:88:a4:4c:cc:68:19:c8:99:46:79:df:d9:
                    b0:b0:7b:de:b5:a6:50:63:3a:e9:f2:21:e6:89:35:
                    c7:90:0d:f9:f1:2b:2d:4a:c0:a2:63:c5:6e:45:8d:
                    05:12:c1:eb:45:1f:40:2e:90:b4:3a:e0:3d:cf:20:
                    85:f8:6e:f1:16:e2:c6:98:f2:51:26:2c:ef:a5:fd:
                    60:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:C9:27:ED:A1:2E:92:DD:C0:D3:65:DF:92:E8:6D:84:A0:4A:6C:D3
            X509v3 Authority Key Identifier:
                keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/E8kn7aEukt3A02XfkuhthKBKbNM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.180.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         61:ea:e3:3a:4a:be:70:90:df:72:c3:b2:d6:ed:8a:10:79:42:
         0c:1f:ee:97:d1:25:cc:64:d8:19:e8:b7:25:15:fb:54:66:87:
         da:78:a7:26:de:bd:32:4c:75:57:90:af:aa:3f:de:e1:f0:0a:
         72:d9:09:96:07:f6:f6:95:c6:62:43:d0:cb:71:58:7c:8d:33:
         ed:c1:92:f7:8b:a7:4c:f0:95:8c:2f:29:e5:89:f2:3a:1c:b2:
         9b:09:02:d1:45:69:02:01:e2:ca:e0:28:78:8b:0c:76:23:c8:
         f5:4b:b8:7c:8b:ad:c2:eb:9c:26:5f:0d:9a:a2:8c:55:99:72:
         b4:cf:b8:05:67:78:59:f3:6f:8e:94:96:ba:52:5d:f3:fa:cd:
         ea:54:32:80:ba:04:69:78:7c:1f:6c:44:1f:ad:6d:c9:84:79:
         9f:f2:30:fe:cd:f8:9f:a3:bf:51:c8:c2:f8:5a:1c:49:67:02:
         a4:d7:b2:2e:12:7d:1f:cf:ee:82:d3:3e:b2:9e:b7:ef:7e:45:
         fd:61:fa:69:d8:2b:b8:47:06:2a:e5:00:5e:5a:30:e1:1e:82:
         68:c3:39:48:df:84:1e:3b:9e:fc:a9:1a:8b:d5:db:03:63:8f:
         bc:d0:5b:57:e5:09:7f:ba:02:a5:73:2e:ad:7c:36:c3:36:60:
         58:ff:59:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnRuwX5RzxImQ8pjRb5neXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3NDcwMTc1NjRjNzExYmNiZDU3NjgwYTBkZmQwMGYyYTVk
MDk5ZGIwHhcNMjUwMTAyMTM0OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2M5MjdlZGExMmU5MmRkYzBkMzY1ZGY5MmU4NmQ4NGEwNGE2Y2QzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxp/m7jHovh9NOHyr3l0il5HziaUs
/O9c/6D0tdQeEtgj2B+ARnzghGqL+6k8vXHEfL+Bmr3fF2ktc7trAzd0MZCJs6+P
ztNaGaCJZJ60oqEkM6xp95X5VeSh8yJn7Pl8ADB4VwnTiO0Ta0I/wSFHi/avNSX/
UOjJ99yjEjsp+IADuXgWgMJskEAL0ACZwd691v9/CLCubk6C6RWeOJzjpcUOj60+
5YBXgF47NtIOM77foT2FfumIpEzMaBnImUZ539mwsHvetaZQYzrp8iHmiTXHkA35
8SstSsCiY8VuRY0FEsHrRR9ALpC0OuA9zyCF+G7xFuLGmPJRJizvpf1gswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBPJJ+2hLpLdwNNl35LobYSgSmzTMB8GA1UdIwQY
MBaAFNdHAXVkxxG8vVdoCg39APKl0JnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjIt
NGYwZThjZTExYTdkLzEvRThrbjdhRXVrdDNBMDJYZmt1aHRoS0JLYk5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9iYTIzNjItMGNjNS00OWJkLWE1MjItNGYwZThjZTExYTdk
LzEvMTBjQmRXVEhFYnk5VjJnS0RmMEE4cVhRbWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw7SLMA0G
CSqGSIb3DQEBCwUAA4IBAQBh6uM6Sr5wkN9yw7LW7YoQeUIMH+6X0SXMZNgZ6Lcl
FftUZofaeKcm3r0yTHVXkK+qP97h8Apy2QmWB/b2lcZiQ9DLcVh8jTPtwZL3i6dM
8JWMLynlifI6HLKbCQLRRWkCAeLK4Ch4iwx2I8j1S7h8i63C65wmXw2aooxVmXK0
z7gFZ3hZ82+OlJa6Ul3z+s3qVDKAugRpeHwfbEQfrW3JhHmf8jD+zfifo79RyML4
WhxJZwKk17IuEn0fz+6C0z6ynrfvfkX9Yfpp2Cu4RwYq5QBeWjDhHoJowzlI34Qe
O578qRqL1dsDY4+80FtX5Ql/ugKlcy6tfDbDNmBY/1kP
-----END CERTIFICATE-----