Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/eEJsJu9Gc0iFKenDrfVY9suGCMM.roa
File:                     eEJsJu9Gc0iFKenDrfVY9suGCMM.roa (raw, json)
Hash identifier:          oyjZi7r4OJVtiDHlLCrQshjhFuE75hWIgSlerwYK2OU=
Subject key identifier:   78:42:6C:26:EF:46:73:48:85:29:E9:C3:AD:F5:58:F6:CB:86:08:C3
Certificate issuer:       /CN=38b22023b6ead4c29683a9fed4493d03dee2c685
Certificate serial:       018FF959458C8A9B499216D1F3421E1E8D71
Authority key identifier: 38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/eEJsJu9Gc0iFKenDrfVY9suGCMM.roa
Signing time:             Sat 08 Jun 2024 19:35:28 +0000
ROA not before:           Sat 08 Jun 2024 19:35:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215098
IP address blocks:        80.250.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 16:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f9:59:45:8c:8a:9b:49:92:16:d1:f3:42:1e:1e:8d:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=38b22023b6ead4c29683a9fed4493d03dee2c685
        Validity
            Not Before: Jun  8 19:35:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78426c26ef4673488529e9c3adf558f6cb8608c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:d6:96:c2:46:68:fc:71:10:19:39:40:94:dc:
                    e7:38:fc:df:47:99:eb:b6:ba:61:05:f1:90:c6:db:
                    58:2a:f7:93:57:e8:2e:93:92:a6:7d:78:8d:89:d8:
                    0b:35:dc:26:fd:f2:5c:c8:a7:f9:99:97:10:33:8a:
                    12:20:50:ac:6d:9b:8c:eb:94:9a:72:33:ca:d1:65:
                    d7:83:47:3b:3b:bd:1a:16:c5:cf:99:f3:f5:92:81:
                    bc:58:30:99:d2:fd:76:9e:de:4b:97:c2:03:8e:68:
                    dc:cf:14:0e:76:7a:e1:ee:e4:d7:39:bf:84:e6:ea:
                    3d:71:2b:f8:3f:74:f7:00:64:75:64:57:c1:d9:7a:
                    b7:83:36:d7:b9:a6:92:79:36:30:60:16:41:ff:8c:
                    33:a2:33:45:b4:ba:64:c4:c4:20:e9:44:35:21:60:
                    ab:8c:68:6a:f0:e0:e5:5a:a1:9c:ee:07:d1:ca:81:
                    9e:62:2f:97:fa:05:21:77:c2:0a:60:98:36:cf:5f:
                    f6:ec:86:23:3e:d4:8f:d1:b5:74:2a:33:c2:08:97:
                    84:1f:dd:af:31:a8:94:28:77:7d:1f:5b:f7:19:3d:
                    55:de:ac:93:cc:88:44:1d:e5:a7:20:75:bb:44:57:
                    51:f7:09:2a:7c:2d:88:93:75:f8:68:ab:03:be:41:
                    ce:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:42:6C:26:EF:46:73:48:85:29:E9:C3:AD:F5:58:F6:CB:86:08:C3
            X509v3 Authority Key Identifier:
                keyid:38:B2:20:23:B6:EA:D4:C2:96:83:A9:FE:D4:49:3D:03:DE:E2:C6:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OLIgI7bq1MKWg6n-1Ek9A97ixoU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/eEJsJu9Gc0iFKenDrfVY9suGCMM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/8813f5-4e7b-4d51-b5f3-40d95bd33fcb/1/OLIgI7bq1MKWg6n-1Ek9A97ixoU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.250.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:0e:e2:9f:dc:48:07:4d:89:5a:f0:82:15:bb:1c:6f:2c:22:
         c9:3a:0f:08:95:82:eb:8c:20:56:12:7e:d9:43:ff:6c:5c:f6:
         a3:cd:27:75:b1:71:55:fd:78:57:37:16:8d:0e:25:b1:0b:1c:
         81:b7:70:bb:bd:d8:5f:2b:af:f1:04:a2:22:4c:91:d3:c3:57:
         a6:9a:6d:35:7b:e3:3d:a2:21:ad:d0:6a:1b:df:f8:cc:2a:1a:
         8a:8a:9f:b1:2e:c3:ab:a6:d0:9a:a7:ba:a8:b6:2d:58:b6:5e:
         f9:fe:95:ab:5e:b1:c6:a2:a6:84:67:ca:a6:fc:0f:9b:7b:ed:
         aa:8e:05:60:06:92:be:1a:08:61:52:d4:ca:72:6a:5b:ac:f4:
         fd:37:e8:5c:36:ce:d4:27:4b:fd:6b:0b:b1:89:b9:cf:00:78:
         8f:9d:20:64:fa:32:c7:55:ac:81:db:b9:3b:02:bb:3e:53:7b:
         12:c6:40:e7:74:70:cc:a3:75:7c:52:1f:fb:80:74:a1:9d:37:
         94:d4:80:e3:e9:97:07:3e:8e:46:37:f8:34:64:35:66:f7:fb:
         96:41:a6:07:7f:14:83:86:a7:02:57:29:99:d3:b5:f1:bd:25:
         11:51:60:5e:6b:64:98:7a:e0:93:bc:b4:2b:36:1d:63:2d:d7:
         c2:d3:e0:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/5WUWMiptJkhbR80IeHo1xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM4YjIyMDIzYjZlYWQ0YzI5NjgzYTlmZWQ0NDkzZDAzZGVl
MmM2ODUwHhcNMjQwNjA4MTkzNTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODQyNmMyNmVmNDY3MzQ4ODUyOWU5YzNhZGY1NThmNmNiODYwOGMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydaWwkZo/HEQGTlAlNznOPzfR5nr
trphBfGQxttYKveTV+guk5KmfXiNidgLNdwm/fJcyKf5mZcQM4oSIFCsbZuM65Sa
cjPK0WXXg0c7O70aFsXPmfP1koG8WDCZ0v12nt5Ll8IDjmjczxQOdnrh7uTXOb+E
5uo9cSv4P3T3AGR1ZFfB2Xq3gzbXuaaSeTYwYBZB/4wzojNFtLpkxMQg6UQ1IWCr
jGhq8ODlWqGc7gfRyoGeYi+X+gUhd8IKYJg2z1/27IYjPtSP0bV0KjPCCJeEH92v
MaiUKHd9H1v3GT1V3qyTzIhEHeWnIHW7RFdR9wkqfC2Ik3X4aKsDvkHORQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhCbCbvRnNIhSnpw631WPbLhgjDMB8GA1UdIwQY
MBaAFDiyICO26tTCloOp/tRJPQPe4saFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMt
NDBkOTViZDMzZmNiLzEvZUVKc0p1OUdjMGlGS2VuRHJmVlk5c3VHQ01NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy84ODEzZjUtNGU3Yi00ZDUxLWI1ZjMtNDBkOTViZDMzZmNi
LzEvT0xJZ0k3YnExTUtXZzZuLTFFazlBOTdpeG9VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUPqlMA0G
CSqGSIb3DQEBCwUAA4IBAQAsDuKf3EgHTYla8IIVuxxvLCLJOg8IlYLrjCBWEn7Z
Q/9sXPajzSd1sXFV/XhXNxaNDiWxCxyBt3C7vdhfK6/xBKIiTJHTw1emmm01e+M9
oiGt0Gob3/jMKhqKip+xLsOrptCap7qoti1Ytl75/pWrXrHGoqaEZ8qm/A+be+2q
jgVgBpK+GghhUtTKcmpbrPT9N+hcNs7UJ0v9awuxibnPAHiPnSBk+jLHVayB27k7
Ars+U3sSxkDndHDMo3V8Uh/7gHShnTeU1IDj6ZcHPo5GN/g0ZDVm9/uWQaYHfxSD
hqcCVymZ07XxvSURUWBea2SYeuCTvLQrNh1jLdfC0+CY
-----END CERTIFICATE-----