Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/eLDjZ53uOZIORTzAt9FJHBhwqR8.roa
File:                     eLDjZ53uOZIORTzAt9FJHBhwqR8.roa (raw, json)
Hash identifier:          wZZAmud9uG/bHxXaWmnQOxd2z1jzQ590iIbVYuH/VvU=
Subject key identifier:   78:B0:E3:67:9D:EE:39:92:0E:45:3C:C0:B7:D1:49:1C:18:70:A9:1F
Certificate issuer:       /CN=279dbfdf4c20bdae8d6118566ece76444e46d171
Certificate serial:       018CC79442DCECE476A4D6705652F9466929
Authority key identifier: 27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/eLDjZ53uOZIORTzAt9FJHBhwqR8.roa
Signing time:             Tue 02 Jan 2024 00:30:31 +0000
ROA not before:           Tue 02 Jan 2024 00:30:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     21646
IP address blocks:        212.222.192.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 19:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:42:dc:ec:e4:76:a4:d6:70:56:52:f9:46:69:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=279dbfdf4c20bdae8d6118566ece76444e46d171
        Validity
            Not Before: Jan  2 00:30:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78b0e3679dee39920e453cc0b7d1491c1870a91f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c1:47:d5:c7:cf:58:c3:e4:8b:24:08:61:ee:
                    7a:3c:7d:a1:c5:ac:ef:36:af:06:cd:5c:af:ff:61:
                    5b:28:08:a5:36:44:bd:c8:2a:f0:67:73:de:60:49:
                    cf:28:af:60:27:af:f2:af:a7:c6:00:be:0c:56:2c:
                    4b:93:ff:8b:d6:09:5b:38:48:b5:40:02:90:96:89:
                    99:09:bf:db:cc:f6:b1:f9:66:6a:6d:ed:06:8a:41:
                    05:79:eb:d2:53:19:69:f8:c2:b6:0d:12:51:fe:cb:
                    86:49:a1:d4:d7:b9:ce:f3:1a:d0:50:71:bd:a2:23:
                    c9:14:5e:0d:ba:2a:4a:0f:4d:0d:5c:34:32:f8:ff:
                    e4:26:e1:6f:11:a8:73:9d:ea:4d:9b:71:cd:6e:49:
                    d7:07:1c:ab:1f:e2:06:6e:16:e1:fd:7e:cc:01:38:
                    22:25:2a:58:60:c3:a9:ef:8e:86:0a:2f:34:56:8e:
                    e1:a5:34:4e:c0:29:8c:62:42:ab:23:12:93:27:af:
                    c9:9e:00:9f:eb:a2:ac:20:bb:dd:99:86:cd:e0:87:
                    54:b0:cc:61:8a:2a:27:3c:f5:6d:ee:fe:7b:8d:83:
                    f2:a6:44:b0:99:cb:fd:c3:fe:f7:e8:26:e7:62:46:
                    21:f0:64:78:6b:55:f7:0e:fd:8f:cb:18:08:f7:ab:
                    d3:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:B0:E3:67:9D:EE:39:92:0E:45:3C:C0:B7:D1:49:1C:18:70:A9:1F
            X509v3 Authority Key Identifier:
                keyid:27:9D:BF:DF:4C:20:BD:AE:8D:61:18:56:6E:CE:76:44:4E:46:D1:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J52_30wgva6NYRhWbs52RE5G0XE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/eLDjZ53uOZIORTzAt9FJHBhwqR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/9d54a5-0135-4b18-961a-0cf1093d4548/1/J52_30wgva6NYRhWbs52RE5G0XE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.222.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:12:9c:1e:22:5a:f5:ad:52:fb:d2:28:d7:99:94:fa:2e:67:
         5e:c2:60:cb:83:09:f7:14:73:3f:a2:11:02:67:ba:3d:36:73:
         24:dd:54:a2:78:33:e7:41:9f:c3:59:a4:a4:61:a8:cd:d3:11:
         2d:66:84:4b:fc:1a:81:d2:a8:16:81:04:8c:74:b2:7a:08:df:
         3f:98:6e:aa:48:78:04:8d:5b:fb:42:0f:08:19:fa:c6:0f:47:
         fd:6e:6c:19:c8:f1:fb:a6:ff:7a:e1:af:7a:6e:63:8f:3a:18:
         47:8d:d3:ce:78:4a:e7:89:e9:f0:59:65:fb:76:e3:1c:90:2c:
         54:69:9d:41:1c:fb:ea:be:c1:a3:35:c0:af:e7:59:2e:85:01:
         df:77:73:7d:fa:7d:db:a2:93:60:f1:e8:34:5c:f3:a9:eb:a0:
         6e:f8:09:c5:a7:38:1b:a9:43:1c:9c:f4:ee:05:cf:b5:8e:86:
         7f:49:b8:b9:fd:9e:4f:25:5c:8a:a6:e7:d2:56:61:25:2a:68:
         d4:65:e3:8c:31:9c:3a:f8:c8:ff:e6:cf:59:5f:9f:87:f1:4b:
         ed:bf:20:c8:85:4f:53:74:29:7c:18:db:58:87:1e:68:a6:e5:
         9b:40:f2:2a:43:2b:19:8d:21:93:11:dc:9c:b5:b6:e9:f1:2b:
         ba:71:8d:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlELc7OR2pNZwVlL5RmkpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3OWRiZmRmNGMyMGJkYWU4ZDYxMTg1NjZlY2U3NjQ0NGU0
NmQxNzEwHhcNMjQwMTAyMDAzMDMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGIwZTM2NzlkZWUzOTkyMGU0NTNjYzBiN2QxNDkxYzE4NzBhOTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8FH1cfPWMPkiyQIYe56PH2hxazv
Nq8GzVyv/2FbKAilNkS9yCrwZ3PeYEnPKK9gJ6/yr6fGAL4MVixLk/+L1glbOEi1
QAKQlomZCb/bzPax+WZqbe0GikEFeevSUxlp+MK2DRJR/suGSaHU17nO8xrQUHG9
oiPJFF4NuipKD00NXDQy+P/kJuFvEahznepNm3HNbknXBxyrH+IGbhbh/X7MATgi
JSpYYMOp746GCi80Vo7hpTROwCmMYkKrIxKTJ6/JngCf66KsILvdmYbN4IdUsMxh
iionPPVt7v57jYPypkSwmcv9w/736CbnYkYh8GR4a1X3Dv2PyxgI96vTPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHiw42ed7jmSDkU8wLfRSRwYcKkfMB8GA1UdIwQY
MBaAFCedv99MIL2ujWEYVm7OdkRORtFxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEt
MGNmMTA5M2Q0NTQ4LzEvZUxEalo1M3VPWklPUlR6QXQ5RkpIQmh3cVI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS85ZDU0YTUtMDEzNS00YjE4LTk2MWEtMGNmMTA5M2Q0NTQ4
LzEvSjUyXzMwd2d2YTZOWVJoV2JzNTJSRTVHMFhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1N7AMA0G
CSqGSIb3DQEBCwUAA4IBAQCOEpweIlr1rVL70ijXmZT6LmdewmDLgwn3FHM/ohEC
Z7o9NnMk3VSieDPnQZ/DWaSkYajN0xEtZoRL/BqB0qgWgQSMdLJ6CN8/mG6qSHgE
jVv7Qg8IGfrGD0f9bmwZyPH7pv964a96bmOPOhhHjdPOeErnienwWWX7duMckCxU
aZ1BHPvqvsGjNcCv51kuhQHfd3N9+n3bopNg8eg0XPOp66Bu+AnFpzgbqUMcnPTu
Bc+1joZ/Sbi5/Z5PJVyKpufSVmElKmjUZeOMMZw6+Mj/5s9ZX5+H8UvtvyDIhU9T
dCl8GNtYhx5opuWbQPIqQysZjSGTEdyctbbp8Su6cY0l
-----END CERTIFICATE-----