Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/eeeaee-08d7-4e24-84dd-307b4971e266/1/PBx77Cfoqn4EL1ZkzcRKpln_28c.roa
File:                     PBx77Cfoqn4EL1ZkzcRKpln_28c.roa (raw, json)
Hash identifier:          +HOQRukDSjybshPbEXhp7b1Z1FV+ltp0SFjv4PVKWmM=
Subject key identifier:   3C:1C:7B:EC:27:E8:AA:7E:04:2F:56:64:CD:C4:4A:A6:59:FF:DB:C7
Certificate issuer:       /CN=ef75517b3161a047762413301614217679a82608
Certificate serial:       018EC8C298BAC25C3728D2BF9452DED466F7
Authority key identifier: EF:75:51:7B:31:61:A0:47:76:24:13:30:16:14:21:76:79:A8:26:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/73VRezFhoEd2JBMwFhQhdnmoJgg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/eeeaee-08d7-4e24-84dd-307b4971e266/1/PBx77Cfoqn4EL1ZkzcRKpln_28c.roa
Signing time:             Wed 10 Apr 2024 16:06:19 +0000
ROA not before:           Wed 10 Apr 2024 16:06:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49556
IP address blocks:        185.93.88.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/eeeaee-08d7-4e24-84dd-307b4971e266/1/73VRezFhoEd2JBMwFhQhdnmoJgg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/eeeaee-08d7-4e24-84dd-307b4971e266/1/73VRezFhoEd2JBMwFhQhdnmoJgg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/73VRezFhoEd2JBMwFhQhdnmoJgg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 19:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c8:c2:98:ba:c2:5c:37:28:d2:bf:94:52:de:d4:66:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef75517b3161a047762413301614217679a82608
        Validity
            Not Before: Apr 10 16:06:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=3c1c7bec27e8aa7e042f5664cdc44aa659ffdbc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:2e:25:98:e2:3f:7c:1d:69:c0:ca:a3:83:0a:
                    46:0c:49:32:cd:88:be:7d:68:ca:12:25:9a:d6:4f:
                    ed:53:01:da:a2:56:51:71:7f:7e:f3:43:e3:4e:8a:
                    86:c0:83:c4:43:f5:7a:14:a2:aa:e0:2f:6d:90:cd:
                    16:1f:04:e6:f5:7c:fa:4b:dc:0c:e5:eb:cb:0d:85:
                    c9:72:0d:1c:c3:12:0a:73:7b:42:66:f2:d8:cf:5f:
                    85:73:e9:b3:38:b6:d7:7b:ad:79:c6:da:59:bb:6d:
                    ac:fc:19:8a:85:ef:f9:76:24:fa:18:b4:22:b0:ce:
                    af:5b:69:49:6a:c8:cc:0b:f7:d1:86:6f:08:73:1a:
                    67:39:11:11:4f:8f:22:e3:28:33:07:bb:5b:02:f2:
                    c7:bc:2f:2e:1d:f5:5f:5b:14:57:eb:47:bc:19:5d:
                    b6:f5:c2:14:d2:2b:26:a0:c3:ac:e1:d3:d3:7a:dc:
                    fa:43:e1:2b:1c:88:56:04:0a:c2:48:0e:24:dd:90:
                    58:c6:e1:48:52:85:08:b7:01:2d:92:ce:af:2b:79:
                    dd:2a:a4:a1:d5:62:96:cc:29:ed:eb:0c:2d:e7:8e:
                    c6:b0:32:ef:1c:da:fe:0b:36:54:9e:42:64:54:a8:
                    7d:b6:a4:8b:90:2c:fa:4b:74:5d:c2:c1:d1:88:5e:
                    2d:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3C:1C:7B:EC:27:E8:AA:7E:04:2F:56:64:CD:C4:4A:A6:59:FF:DB:C7
            X509v3 Authority Key Identifier:
                keyid:EF:75:51:7B:31:61:A0:47:76:24:13:30:16:14:21:76:79:A8:26:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/73VRezFhoEd2JBMwFhQhdnmoJgg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/eeeaee-08d7-4e24-84dd-307b4971e266/1/PBx77Cfoqn4EL1ZkzcRKpln_28c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/eeeaee-08d7-4e24-84dd-307b4971e266/1/73VRezFhoEd2JBMwFhQhdnmoJgg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.93.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:fc:d7:94:05:e7:c9:44:c4:d5:bb:b6:75:eb:f5:d0:06:79:
         92:62:04:58:43:71:39:d1:13:11:19:d9:f4:bc:63:d5:15:8f:
         ba:d1:b2:cd:43:12:4b:d8:13:a1:83:72:1d:e6:52:02:63:5a:
         db:1d:4d:76:02:de:b4:4a:15:99:1d:62:b6:4c:0d:ac:4d:69:
         b4:3d:99:00:28:5e:c5:57:35:cf:d2:59:1f:0d:52:22:08:a1:
         74:c5:85:e5:8e:94:7b:48:58:fe:ac:31:9c:e3:43:fe:88:52:
         14:6a:04:51:bb:1c:5c:8f:95:a6:a1:ae:de:43:1f:b9:53:cf:
         3a:81:ef:ee:e0:9f:7d:47:4f:37:34:31:56:d0:27:10:ab:7c:
         85:0c:37:31:ec:ea:eb:ff:81:c1:b4:f9:83:6d:87:c8:bb:e0:
         8c:eb:8d:b6:72:fe:73:2e:82:3d:01:c7:74:62:b4:8b:0e:00:
         af:54:58:cd:e0:bf:af:6c:0d:e4:cd:d0:a9:76:fe:01:7b:4f:
         39:1e:13:c2:12:71:17:a9:1c:cc:8d:ed:16:59:ca:77:3a:44:
         a2:f1:a4:6b:fc:eb:2e:47:0a:25:a8:b2:19:51:55:7f:0e:6f:
         65:0c:8b:d7:f5:bb:9d:e6:fc:70:47:ae:1b:e0:55:5c:f3:74:
         e3:e9:1c:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7Iwpi6wlw3KNK/lFLe1Gb3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNzU1MTdiMzE2MWEwNDc3NjI0MTMzMDE2MTQyMTc2Nzlh
ODI2MDgwHhcNMjQwNDEwMTYwNjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzFjN2JlYzI3ZThhYTdlMDQyZjU2NjRjZGM0NGFhNjU5ZmZkYmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmC4lmOI/fB1pwMqjgwpGDEkyzYi+
fWjKEiWa1k/tUwHaolZRcX9+80PjToqGwIPEQ/V6FKKq4C9tkM0WHwTm9Xz6S9wM
5evLDYXJcg0cwxIKc3tCZvLYz1+Fc+mzOLbXe615xtpZu22s/BmKhe/5diT6GLQi
sM6vW2lJasjMC/fRhm8IcxpnORERT48i4ygzB7tbAvLHvC8uHfVfWxRX60e8GV22
9cIU0ismoMOs4dPTetz6Q+ErHIhWBArCSA4k3ZBYxuFIUoUItwEtks6vK3ndKqSh
1WKWzCnt6wwt547GsDLvHNr+CzZUnkJkVKh9tqSLkCz6S3RdwsHRiF4tqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDwce+wn6Kp+BC9WZM3ESqZZ/9vHMB8GA1UdIwQY
MBaAFO91UXsxYaBHdiQTMBYUIXZ5qCYIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzNWUmV6RmhvRWQySkJNd0ZoUWhkbm1vSmdnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC9lZWVhZWUtMDhkNy00ZTI0LTg0ZGQt
MzA3YjQ5NzFlMjY2LzEvUEJ4NzdDZm9xbjRFTDFaa3pjUktwbG5fMjhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC9lZWVhZWUtMDhkNy00ZTI0LTg0ZGQtMzA3YjQ5NzFlMjY2
LzEvNzNWUmV6RmhvRWQySkJNd0ZoUWhkbm1vSmdnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuV1YMA0G
CSqGSIb3DQEBCwUAA4IBAQAY/NeUBefJRMTVu7Z16/XQBnmSYgRYQ3E50RMRGdn0
vGPVFY+60bLNQxJL2BOhg3Id5lICY1rbHU12At60ShWZHWK2TA2sTWm0PZkAKF7F
VzXP0lkfDVIiCKF0xYXljpR7SFj+rDGc40P+iFIUagRRuxxcj5Wmoa7eQx+5U886
ge/u4J99R083NDFW0CcQq3yFDDcx7Orr/4HBtPmDbYfIu+CM6422cv5zLoI9Acd0
YrSLDgCvVFjN4L+vbA3kzdCpdv4Be085HhPCEnEXqRzMje0WWcp3OkSi8aRr/Osu
RwolqLIZUVV/Dm9lDIvX9bud5vxwR64b4FVc83Tj6RxV
-----END CERTIFICATE-----