Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/eRKg1Qvc62zhi_0qvi5Cd4JCcLo.roa
File:                     eRKg1Qvc62zhi_0qvi5Cd4JCcLo.roa (raw, json)
Hash identifier:          co5NcsrT+Y749wDs87vtMnlGgo/TCFH2+pjDtbQgCcY=
Subject key identifier:   79:12:A0:D5:0B:DC:EB:6C:E1:8B:FD:2A:BE:2E:42:77:82:42:70:BA
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC7955914F83B779A9F338A05F9E7CF22
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/eRKg1Qvc62zhi_0qvi5Cd4JCcLo.roa
Signing time:             Tue 02 Jan 2024 00:31:42 +0000
ROA not before:           Tue 02 Jan 2024 00:31:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57060
IP address blocks:        86.105.27.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:59:14:f8:3b:77:9a:9f:33:8a:05:f9:e7:cf:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7912a0d50bdceb6ce18bfd2abe2e4277824270ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:63:70:86:4b:42:97:16:ae:7e:7a:08:05:13:
                    a2:bb:4f:85:3f:09:7d:bf:7d:d3:6b:95:f0:f3:04:
                    4d:f4:27:46:91:66:94:4b:54:a1:b8:3d:f6:7d:ec:
                    23:30:89:a8:d4:d1:01:3e:57:79:51:74:f5:0b:95:
                    1e:ce:a1:0e:42:74:74:a4:d7:19:12:ba:59:ca:9e:
                    cc:0d:66:b9:3d:88:3c:33:5a:3c:68:e2:dc:1a:a7:
                    c9:46:a0:72:57:47:f7:70:24:e3:71:f5:85:b1:8d:
                    44:ff:bb:dd:c8:a6:25:14:18:e3:b7:e5:32:68:a2:
                    3b:40:0c:64:4e:b6:68:63:a1:2b:7b:61:12:df:00:
                    5c:9b:14:af:3d:7a:43:8e:b1:fd:d9:4e:6b:8f:2c:
                    8c:c9:bd:a2:2d:8d:88:a7:3c:ff:38:50:d9:1e:99:
                    b1:ff:d0:b8:28:66:04:f8:92:7d:b3:a4:f2:ff:8d:
                    b3:80:cc:85:08:15:92:79:02:3b:f9:1c:b5:8c:95:
                    fc:51:7d:60:79:9a:30:c2:f7:09:27:50:50:8e:3d:
                    6b:ec:04:ad:f8:fa:d2:72:ef:3c:52:ce:dd:9b:c7:
                    b4:b1:9e:6d:69:1b:c9:f3:26:5d:ab:60:2c:a6:a6:
                    0f:bf:ed:55:59:8f:80:59:ee:58:48:ca:25:0a:12:
                    82:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:12:A0:D5:0B:DC:EB:6C:E1:8B:FD:2A:BE:2E:42:77:82:42:70:BA
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/eRKg1Qvc62zhi_0qvi5Cd4JCcLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.105.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:e0:f2:dd:c7:89:7d:17:6b:3e:85:55:d5:5f:5d:49:cc:c4:
         b4:68:a0:01:96:84:22:4f:9b:d2:5b:e5:ef:72:f8:40:87:05:
         f9:72:cd:dc:11:e1:39:4d:34:63:b1:5d:27:df:27:76:07:b7:
         4e:24:a4:1b:59:9a:a3:0a:90:35:04:88:49:6f:25:72:4f:ee:
         14:9e:26:c7:16:65:8e:0c:16:dd:63:39:69:d4:90:86:b2:67:
         b5:d5:0f:45:39:5a:ec:47:42:67:63:9d:03:05:be:fe:fd:68:
         b6:57:59:0d:b5:72:96:a7:b9:98:b9:a2:46:b8:65:b0:69:75:
         f7:00:f0:f8:91:20:e2:61:3c:96:d2:58:c4:a8:2d:a5:04:5b:
         7d:0d:a3:9c:c8:ab:d8:ca:2c:0a:44:ae:2b:69:b6:b8:67:49:
         43:b0:1f:65:71:7a:ea:af:37:f1:20:b0:0d:0d:0e:33:9b:db:
         a2:70:2b:26:a5:1b:59:3a:cd:f3:39:99:19:55:10:04:1a:97:
         82:cc:46:98:71:86:1b:c0:5e:68:28:58:57:e9:70:3a:aa:c6:
         cf:76:5b:06:ef:6f:6b:9a:79:6c:2e:01:d3:38:c1:0b:fa:fe:
         c1:aa:33:67:2b:60:bb:8c:c2:04:dd:1c:b1:f0:3a:1c:7c:4b:
         ce:2c:78:de
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlVkU+Dt3mp8zigX5588iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTEyYTBkNTBiZGNlYjZjZTE4YmZkMmFiZTJlNDI3NzgyNDI3MGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3GNwhktClxaufnoIBROiu0+FPwl9
v33Ta5Xw8wRN9CdGkWaUS1ShuD32fewjMImo1NEBPld5UXT1C5UezqEOQnR0pNcZ
ErpZyp7MDWa5PYg8M1o8aOLcGqfJRqByV0f3cCTjcfWFsY1E/7vdyKYlFBjjt+Uy
aKI7QAxkTrZoY6Ere2ES3wBcmxSvPXpDjrH92U5rjyyMyb2iLY2Ipzz/OFDZHpmx
/9C4KGYE+JJ9s6Ty/42zgMyFCBWSeQI7+Ry1jJX8UX1geZowwvcJJ1BQjj1r7ASt
+PrScu88Us7dm8e0sZ5taRvJ8yZdq2AspqYPv+1VWY+AWe5YSMolChKCoQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHkSoNUL3Ots4Yv9Kr4uQneCQnC6MB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2VSS2cxUXZjNjJ6aGlfMHF2aTVDZDRKQ2NMby5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBABWaRsw
DQYJKoZIhvcNAQELBQADggEBAJvg8t3HiX0Xaz6FVdVfXUnMxLRooAGWhCJPm9Jb
5e9y+ECHBflyzdwR4TlNNGOxXSffJ3YHt04kpBtZmqMKkDUEiElvJXJP7hSeJscW
ZY4MFt1jOWnUkIayZ7XVD0U5WuxHQmdjnQMFvv79aLZXWQ21cpanuZi5oka4ZbBp
dfcA8PiRIOJhPJbSWMSoLaUEW30No5zIq9jKLApEritptrhnSUOwH2VxeuqvN/Eg
sA0NDjOb26JwKyalG1k6zfM5mRlVEAQal4LMRphxhhvAXmgoWFfpcDqqxs92Wwbv
b2uaeWwuAdM4wQv6/sGqM2crYLuMwgTdHLHwOhx8S84seN4=
-----END CERTIFICATE-----