Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/e17e9a-d3e9-43b1-a2c7-5f65103e6f70/1/ezzW9ec_j-nVCwdTBwf3bRFAgB8.roa
File:                     ezzW9ec_j-nVCwdTBwf3bRFAgB8.roa (raw, json)
Hash identifier:          FEQCaYFb9t2gI8inEOxlJAIWe0D6VWSOwC0guxJIRKk=
Subject key identifier:   7B:3C:D6:F5:E7:3F:8F:E9:D5:0B:07:53:07:07:F7:6D:11:40:80:1F
Certificate issuer:       /CN=2e738cf32e6e4f940220f3b828f07b77e813d096
Certificate serial:       018F4CF689D524CDDEDCE4934CACBF6E21AA
Authority key identifier: 2E:73:8C:F3:2E:6E:4F:94:02:20:F3:B8:28:F0:7B:77:E8:13:D0:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LnOM8y5uT5QCIPO4KPB7d-gT0JY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/e17e9a-d3e9-43b1-a2c7-5f65103e6f70/1/ezzW9ec_j-nVCwdTBwf3bRFAgB8.roa
Signing time:             Mon 06 May 2024 08:12:56 +0000
ROA not before:           Mon 06 May 2024 08:12:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215337
IP address blocks:        212.102.104.0/24 maxlen: 24
                          2a0d:58c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/e17e9a-d3e9-43b1-a2c7-5f65103e6f70/1/LnOM8y5uT5QCIPO4KPB7d-gT0JY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/e17e9a-d3e9-43b1-a2c7-5f65103e6f70/1/LnOM8y5uT5QCIPO4KPB7d-gT0JY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LnOM8y5uT5QCIPO4KPB7d-gT0JY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 15:27:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:4c:f6:89:d5:24:cd:de:dc:e4:93:4c:ac:bf:6e:21:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e738cf32e6e4f940220f3b828f07b77e813d096
        Validity
            Not Before: May  6 08:12:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b3cd6f5e73f8fe9d50b07530707f76d1140801f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:34:cf:3c:ce:4c:8b:30:21:79:97:87:af:86:
                    82:f3:a3:a0:0d:6d:fd:e1:20:c9:fc:86:57:72:cf:
                    f3:fe:ec:17:88:fb:cf:fe:33:f6:96:2a:81:9b:92:
                    ea:34:a9:36:0c:10:6d:90:7a:f2:ed:2f:6f:95:91:
                    03:17:2d:7b:c6:f0:1b:ce:eb:3d:68:f8:64:16:ab:
                    58:df:09:04:a6:94:da:b8:4c:93:03:c8:7c:5d:00:
                    a3:d6:a8:81:fb:5f:77:a8:98:ee:dd:e4:02:b5:0e:
                    1e:96:f1:52:54:72:60:41:4e:38:19:56:09:9c:b5:
                    57:b5:28:b6:63:90:c4:d9:0e:e5:cc:fe:fa:20:1c:
                    ea:94:6f:76:44:ab:da:d4:df:27:0f:42:04:b6:72:
                    03:c5:68:b4:1c:52:f9:5c:64:dc:77:c1:9e:85:3e:
                    6c:25:df:b3:b8:61:5e:a3:92:45:8a:cd:82:e7:17:
                    36:46:4a:44:99:1b:0d:58:ea:db:af:9c:d6:d5:f0:
                    89:3f:80:c3:19:32:dc:a4:42:a9:f5:3e:77:b7:1f:
                    fb:ef:a4:19:ba:a0:d3:d1:1e:9d:e8:0e:6f:1a:98:
                    ea:cf:0d:f3:d6:f2:a7:a9:c1:50:c5:55:01:dd:c9:
                    4b:d4:d7:73:bc:ea:cb:e8:39:c0:a7:ed:df:36:1e:
                    dc:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:3C:D6:F5:E7:3F:8F:E9:D5:0B:07:53:07:07:F7:6D:11:40:80:1F
            X509v3 Authority Key Identifier:
                keyid:2E:73:8C:F3:2E:6E:4F:94:02:20:F3:B8:28:F0:7B:77:E8:13:D0:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LnOM8y5uT5QCIPO4KPB7d-gT0JY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/e17e9a-d3e9-43b1-a2c7-5f65103e6f70/1/ezzW9ec_j-nVCwdTBwf3bRFAgB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/e17e9a-d3e9-43b1-a2c7-5f65103e6f70/1/LnOM8y5uT5QCIPO4KPB7d-gT0JY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.102.104.0/24
                IPv6:
                  2a0d:58c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:c3:30:72:5b:8d:7f:52:58:65:75:e7:ef:93:e5:e7:b4:c3:
         40:e2:aa:e7:60:e1:e7:b8:90:9e:ac:21:e4:e6:29:bb:65:7d:
         94:37:ae:96:69:11:54:67:83:73:fc:1e:c8:c8:9c:2a:e6:35:
         a0:58:4d:7f:5d:a2:84:32:b2:0a:3d:ca:05:f2:13:d4:4d:44:
         b9:9d:60:d1:31:a8:90:6d:ad:37:ef:1e:d3:fe:aa:34:0b:86:
         84:d6:3b:e8:7c:36:07:01:27:9e:4d:7d:db:90:a5:9f:20:a1:
         e1:43:60:3c:4c:f8:6f:bd:59:34:4c:c6:88:a6:41:75:c6:d3:
         70:47:bb:d6:44:51:e1:f0:b6:3a:bc:f2:e7:ac:79:b5:19:80:
         67:35:13:f9:bd:da:08:84:2d:1e:6d:6d:1b:96:8e:1f:01:42:
         5b:9a:88:cc:bb:af:57:a3:59:54:bb:43:cb:bc:c2:dd:de:f1:
         41:f2:94:fb:4f:07:07:2c:6e:ca:0d:67:1d:5b:5c:e7:4c:01:
         df:42:fd:a9:e0:22:a7:e6:f1:f4:93:07:13:22:6f:7e:e3:84:
         48:f3:a3:68:73:28:bf:81:ec:3c:55:0e:d8:91:01:c8:39:f7:
         38:96:1b:b2:f8:40:90:c3:f5:ce:8f:3b:40:5c:6d:f6:2f:4a:
         9b:4f:91:a3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY9M9onVJM3e3OSTTKy/biGqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlNzM4Y2YzMmU2ZTRmOTQwMjIwZjNiODI4ZjA3Yjc3ZTgx
M2QwOTYwHhcNMjQwNTA2MDgxMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjNjZDZmNWU3M2Y4ZmU5ZDUwYjA3NTMwNzA3Zjc2ZDExNDA4MDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwDTPPM5MizAheZeHr4aC86OgDW39
4SDJ/IZXcs/z/uwXiPvP/jP2liqBm5LqNKk2DBBtkHry7S9vlZEDFy17xvAbzus9
aPhkFqtY3wkEppTauEyTA8h8XQCj1qiB+193qJju3eQCtQ4elvFSVHJgQU44GVYJ
nLVXtSi2Y5DE2Q7lzP76IBzqlG92RKva1N8nD0IEtnIDxWi0HFL5XGTcd8GehT5s
Jd+zuGFeo5JFis2C5xc2RkpEmRsNWOrbr5zW1fCJP4DDGTLcpEKp9T53tx/776QZ
uqDT0R6d6A5vGpjqzw3z1vKnqcFQxVUB3clL1NdzvOrL6DnAp+3fNh7cSQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHs81vXnP4/p1QsHUwcH920RQIAfMB8GA1UdIwQY
MBaAFC5zjPMubk+UAiDzuCjwe3foE9CWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG5PTTh5NXVUNVFDSVBPNEtQQjdkLWdUMEpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS9lMTdlOWEtZDNlOS00M2IxLWEyYzct
NWY2NTEwM2U2ZjcwLzEvZXp6VzllY19qLW5WQ3dkVEJ3ZjNiUkZBZ0I4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS9lMTdlOWEtZDNlOS00M2IxLWEyYzctNWY2NTEwM2U2Zjcw
LzEvTG5PTTh5NXVUNVFDSVBPNEtQQjdkLWdUMEpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1GZoMA0E
AgACMAcDBQMqDVjAMA0GCSqGSIb3DQEBCwUAA4IBAQBHwzByW41/Ulhldefvk+Xn
tMNA4qrnYOHnuJCerCHk5im7ZX2UN66WaRFUZ4Nz/B7IyJwq5jWgWE1/XaKEMrIK
PcoF8hPUTUS5nWDRMaiQba037x7T/qo0C4aE1jvofDYHASeeTX3bkKWfIKHhQ2A8
TPhvvVk0TMaIpkF1xtNwR7vWRFHh8LY6vPLnrHm1GYBnNRP5vdoIhC0ebW0blo4f
AUJbmojMu69Xo1lUu0PLvMLd3vFB8pT7TwcHLG7KDWcdW1znTAHfQv2p4CKn5vH0
kwcTIm9+44RI86Nocyi/gew8VQ7YkQHIOfc4lhuy+ECQw/XOjztAXG32L0qbT5Gj
-----END CERTIFICATE-----