Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/egMGQNbSFhdbicOTJ5jEZxb2EI8.roa
File:                     egMGQNbSFhdbicOTJ5jEZxb2EI8.roa (raw, json)
Hash identifier:          oIF6s3VLEjfgEznkUk05hCAGGg89qlRDBv7UHttVEGQ=
Subject key identifier:   7A:03:06:40:D6:D2:16:17:5B:89:C3:93:27:98:C4:67:16:F6:10:8F
Certificate issuer:       /CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
Certificate serial:       018CC6B8F8AA97D762F958FD3CB4CA3FAFF0
Authority key identifier: E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/egMGQNbSFhdbicOTJ5jEZxb2EI8.roa
Signing time:             Mon 01 Jan 2024 20:31:00 +0000
ROA not before:           Mon 01 Jan 2024 20:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     375
IP address blocks:        192.163.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 24 Jun 2024 10:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b8:f8:aa:97:d7:62:f9:58:fd:3c:b4:ca:3f:af:f0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
        Validity
            Not Before: Jan  1 20:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a030640d6d216175b89c3932798c46716f6108f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:0e:35:03:37:86:12:8f:37:af:95:1a:91:43:
                    ac:4d:0a:cd:16:cd:91:ba:12:2d:d5:37:10:71:51:
                    1d:97:69:d2:29:54:85:7c:c2:92:ca:ca:9c:7b:32:
                    dc:85:6a:79:ef:50:71:0f:8b:7e:79:ba:ab:d2:5a:
                    a3:11:0d:42:79:e5:61:f1:5e:53:b8:3a:73:40:83:
                    89:41:7a:06:32:4c:77:37:15:28:21:c1:db:f3:93:
                    7f:55:f8:02:00:08:29:c8:37:4d:7c:f8:12:fa:1e:
                    bd:a2:92:8a:7a:f7:25:83:06:45:ae:f2:d4:a7:ed:
                    f6:ec:19:b1:26:6c:14:29:b2:38:72:f7:04:ba:ad:
                    8c:fe:e9:5d:3c:12:d5:6f:9f:c7:1f:54:f0:19:f0:
                    70:d3:0c:2b:cb:ec:52:13:f4:03:8d:34:20:d3:21:
                    f3:15:1a:66:aa:b7:de:c9:0a:67:fe:0d:65:c9:04:
                    9f:92:de:e2:96:b5:18:cb:b2:fe:65:a6:13:12:d1:
                    6f:09:3e:68:e6:4f:a8:f1:5a:50:a4:d4:66:4f:12:
                    62:9f:94:1b:6e:62:24:14:1b:9a:cc:9d:28:aa:5e:
                    db:79:b9:7a:2b:a4:f1:90:ec:00:df:e4:e2:af:0d:
                    30:1d:22:b7:2f:03:9d:ec:e7:0f:2b:68:67:3a:93:
                    a1:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:03:06:40:D6:D2:16:17:5B:89:C3:93:27:98:C4:67:16:F6:10:8F
            X509v3 Authority Key Identifier:
                keyid:E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/egMGQNbSFhdbicOTJ5jEZxb2EI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.163.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:2c:c5:20:3a:a8:f4:e7:c5:b2:98:a6:4b:1a:49:66:35:6c:
         5b:68:3c:19:48:72:b1:a9:79:89:70:72:36:f8:28:27:a1:eb:
         96:03:a0:5f:bf:f6:f1:82:91:44:a7:2a:86:93:72:2d:25:9c:
         37:11:5b:6d:79:28:e8:7f:97:af:32:dd:96:2f:27:f2:ae:51:
         5f:aa:68:5a:4a:3e:76:b4:77:44:60:d6:c6:d8:1f:b0:9a:ac:
         7c:7a:86:2c:c7:d7:dd:bb:bb:22:7d:4e:28:c1:05:25:83:89:
         9a:09:d9:b5:0c:46:4d:5f:b6:8e:71:1d:f4:45:58:e8:ef:30:
         40:e3:14:43:6c:c3:7e:84:7b:c3:c1:09:1b:44:84:07:4e:9d:
         42:78:04:8b:b0:d5:83:2d:b0:12:a9:22:42:4b:72:b0:99:2d:
         81:5b:ef:32:e8:47:30:f7:79:47:5c:78:a7:62:c8:16:a0:f0:
         c5:a8:24:52:17:93:22:21:98:e9:af:e9:ff:be:52:30:76:a9:
         41:32:9f:8b:45:06:91:c0:6e:2a:4d:2b:76:f2:a7:85:0f:95:
         10:22:83:ed:15:43:cb:fa:cd:62:45:12:c9:f1:a8:d0:bc:1d:
         16:b3:32:18:ca:06:39:05:80:d6:f1:ff:b4:0b:61:cb:7c:74:
         59:27:1e:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuPiql9di+Vj9PLTKP6/wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZGVlMWIwNmJhMjRhNjc2MjEzZjk3NmE0YjUwYzEyOWRj
YjJiNzMwHhcNMjQwMTAxMjAzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTAzMDY0MGQ2ZDIxNjE3NWI4OWMzOTMyNzk4YzQ2NzE2ZjYxMDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArw41AzeGEo83r5UakUOsTQrNFs2R
uhIt1TcQcVEdl2nSKVSFfMKSysqcezLchWp571BxD4t+ebqr0lqjEQ1CeeVh8V5T
uDpzQIOJQXoGMkx3NxUoIcHb85N/VfgCAAgpyDdNfPgS+h69opKKevclgwZFrvLU
p+327BmxJmwUKbI4cvcEuq2M/uldPBLVb5/HH1TwGfBw0wwry+xSE/QDjTQg0yHz
FRpmqrfeyQpn/g1lyQSfkt7ilrUYy7L+ZaYTEtFvCT5o5k+o8VpQpNRmTxJin5Qb
bmIkFBuazJ0oql7bebl6K6TxkOwA3+Tirw0wHSK3LwOd7OcPK2hnOpOh4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHoDBkDW0hYXW4nDkyeYxGcW9hCPMB8GA1UdIwQY
MBaAFODe4bBrokpnYhP5dqS1DBKdyytzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMt
MTVlOTBiZjg3ZmFiLzEvZWdNR1FOYlNGaGRiaWNPVEo1akVaeGIyRUk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMtMTVlOTBiZjg3ZmFi
LzEvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKORMA0G
CSqGSIb3DQEBCwUAA4IBAQAdLMUgOqj058WymKZLGklmNWxbaDwZSHKxqXmJcHI2
+CgnoeuWA6Bfv/bxgpFEpyqGk3ItJZw3EVtteSjof5evMt2WLyfyrlFfqmhaSj52
tHdEYNbG2B+wmqx8eoYsx9fdu7sifU4owQUlg4maCdm1DEZNX7aOcR30RVjo7zBA
4xRDbMN+hHvDwQkbRIQHTp1CeASLsNWDLbASqSJCS3KwmS2BW+8y6Ecw93lHXHin
YsgWoPDFqCRSF5MiIZjpr+n/vlIwdqlBMp+LRQaRwG4qTSt28qeFD5UQIoPtFUPL
+s1iRRLJ8ajQvB0WszIYygY5BYDW8f+0C2HLfHRZJx5B
-----END CERTIFICATE-----