Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/0a97f1-7bf5-4368-8260-8d715ac217e2/1/ess-pZBhPB9oD9CNfibJTBVHcPY.roa
File:                     ess-pZBhPB9oD9CNfibJTBVHcPY.roa (raw, json)
Hash identifier:          DQq3YxOCDosAEOhprffD747Nd4Tldg/PrtiytCMLSbg=
Subject key identifier:   7A:CB:3E:A5:90:61:3C:1F:68:0F:D0:8D:7E:26:C9:4C:15:47:70:F6
Certificate issuer:       /CN=cf5567122a88ca9889a1798b6c942dcc0cbc753b
Certificate serial:       018CC86F7412CECD221B46B298128A15F81C
Authority key identifier: CF:55:67:12:2A:88:CA:98:89:A1:79:8B:6C:94:2D:CC:0C:BC:75:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z1VnEiqIypiJoXmLbJQtzAy8dTs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/0a97f1-7bf5-4368-8260-8d715ac217e2/1/ess-pZBhPB9oD9CNfibJTBVHcPY.roa
Signing time:             Tue 02 Jan 2024 04:29:56 +0000
ROA not before:           Tue 02 Jan 2024 04:29:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     442444
IP address blocks:        2.144.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/0a97f1-7bf5-4368-8260-8d715ac217e2/1/z1VnEiqIypiJoXmLbJQtzAy8dTs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/0a97f1-7bf5-4368-8260-8d715ac217e2/1/z1VnEiqIypiJoXmLbJQtzAy8dTs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z1VnEiqIypiJoXmLbJQtzAy8dTs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:74:12:ce:cd:22:1b:46:b2:98:12:8a:15:f8:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf5567122a88ca9889a1798b6c942dcc0cbc753b
        Validity
            Not Before: Jan  2 04:29:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7acb3ea590613c1f680fd08d7e26c94c154770f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:15:be:64:26:95:3c:d7:17:75:8c:a9:e3:de:
                    13:53:ea:e2:9b:de:73:96:19:36:17:68:72:23:dc:
                    34:9a:5d:94:b6:40:4f:41:c3:a3:7e:a9:a5:df:f8:
                    e4:84:79:47:f3:9c:6d:59:c4:6b:4c:13:e2:59:ee:
                    36:f7:9a:90:0f:02:c1:72:a4:c7:5d:37:8e:a8:38:
                    45:e6:41:93:0f:c0:0a:2c:63:42:50:81:3a:36:a5:
                    10:29:bd:b4:a0:e3:65:07:74:b5:79:67:7f:7d:f9:
                    3c:29:78:0b:15:1c:c5:4c:9f:95:9a:62:d5:cc:08:
                    54:1d:69:a6:97:87:32:4c:7e:71:51:19:57:38:20:
                    41:60:2b:ee:21:4f:17:c4:8d:ea:5b:36:03:d0:68:
                    0a:7a:26:78:3a:50:a9:79:6b:de:fa:14:fa:0e:f9:
                    f3:9f:d8:1a:29:95:01:d4:9c:a9:67:9b:c1:c7:72:
                    5a:c8:31:f6:51:89:e4:4b:12:00:0c:22:1e:cc:d4:
                    8e:a1:42:28:51:96:44:b1:8b:8e:74:0d:7f:96:ae:
                    22:7a:6c:d7:a8:f3:1a:e2:a9:81:b1:32:12:8d:64:
                    e5:13:46:b3:dd:f7:2d:fa:1f:46:33:4b:d9:d1:79:
                    77:28:d6:94:70:85:af:20:7d:d4:f0:f9:3c:ce:53:
                    e3:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:CB:3E:A5:90:61:3C:1F:68:0F:D0:8D:7E:26:C9:4C:15:47:70:F6
            X509v3 Authority Key Identifier:
                keyid:CF:55:67:12:2A:88:CA:98:89:A1:79:8B:6C:94:2D:CC:0C:BC:75:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z1VnEiqIypiJoXmLbJQtzAy8dTs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/0a97f1-7bf5-4368-8260-8d715ac217e2/1/ess-pZBhPB9oD9CNfibJTBVHcPY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/0a97f1-7bf5-4368-8260-8d715ac217e2/1/z1VnEiqIypiJoXmLbJQtzAy8dTs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.144.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:f4:ad:89:72:ea:08:9c:5c:61:55:10:f5:ef:da:ea:b1:cd:
         c0:d5:70:9c:d6:24:7e:1f:a5:3d:af:8f:51:89:2b:8e:73:d3:
         5d:ce:28:a9:43:91:b7:f6:58:51:01:f0:45:10:7f:26:d9:77:
         2f:6b:86:5d:a7:a2:8e:04:14:9d:82:1a:9d:0e:15:4a:e3:15:
         ae:c3:46:11:98:8d:fb:32:a1:c7:ec:8c:bb:fa:65:42:50:87:
         e0:be:0d:bf:54:77:c2:d3:6b:a7:98:3d:2e:63:b0:2e:a8:a8:
         a3:31:b6:a0:7c:e6:36:f2:25:d3:e2:cc:f1:06:6e:43:a3:8e:
         72:8c:fa:c8:6c:72:3a:c6:12:b6:07:47:a7:54:b0:5a:ab:4b:
         09:11:df:db:7f:30:31:5c:f6:48:fe:79:56:ab:d3:39:84:c9:
         0c:a3:92:1c:f8:9a:12:0f:5f:d5:f5:92:da:0d:ad:d4:16:9f:
         66:a5:63:1e:26:1b:16:95:e3:66:62:fb:5d:3b:2f:df:80:8e:
         fd:7e:d9:38:23:66:9d:75:82:3c:06:9b:ed:97:5c:c5:e1:ea:
         dc:74:5b:6f:11:27:ed:67:55:5d:00:9f:e6:69:4e:bb:87:1e:
         f9:bb:17:c8:62:60:9d:51:f0:fe:21:f2:20:62:25:53:c5:0e:
         dd:d0:f4:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb3QSzs0iG0aymBKKFfgcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNTU2NzEyMmE4OGNhOTg4OWExNzk4YjZjOTQyZGNjMGNi
Yzc1M2IwHhcNMjQwMTAyMDQyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWNiM2VhNTkwNjEzYzFmNjgwZmQwOGQ3ZTI2Yzk0YzE1NDc3MGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRW+ZCaVPNcXdYyp494TU+rim95z
lhk2F2hyI9w0ml2UtkBPQcOjfqml3/jkhHlH85xtWcRrTBPiWe4295qQDwLBcqTH
XTeOqDhF5kGTD8AKLGNCUIE6NqUQKb20oONlB3S1eWd/ffk8KXgLFRzFTJ+VmmLV
zAhUHWmml4cyTH5xURlXOCBBYCvuIU8XxI3qWzYD0GgKeiZ4OlCpeWve+hT6Dvnz
n9gaKZUB1JypZ5vBx3JayDH2UYnkSxIADCIezNSOoUIoUZZEsYuOdA1/lq4iemzX
qPMa4qmBsTISjWTlE0az3fct+h9GM0vZ0Xl3KNaUcIWvIH3U8Pk8zlPjOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHrLPqWQYTwfaA/QjX4myUwVR3D2MB8GA1UdIwQY
MBaAFM9VZxIqiMqYiaF5i2yULcwMvHU7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejFWbkVpcUl5cGlKb1htTGJKUXR6QXk4ZFRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8wYTk3ZjEtN2JmNS00MzY4LTgyNjAt
OGQ3MTVhYzIxN2UyLzEvZXNzLXBaQmhQQjlvRDlDTmZpYkpUQlZIY1BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8wYTk3ZjEtN2JmNS00MzY4LTgyNjAtOGQ3MTVhYzIxN2Uy
LzEvejFWbkVpcUl5cGlKb1htTGJKUXR6QXk4ZFRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAApANMA0G
CSqGSIb3DQEBCwUAA4IBAQBl9K2JcuoInFxhVRD179rqsc3A1XCc1iR+H6U9r49R
iSuOc9NdziipQ5G39lhRAfBFEH8m2Xcva4Zdp6KOBBSdghqdDhVK4xWuw0YRmI37
MqHH7Iy7+mVCUIfgvg2/VHfC02unmD0uY7AuqKijMbagfOY28iXT4szxBm5Do45y
jPrIbHI6xhK2B0enVLBaq0sJEd/bfzAxXPZI/nlWq9M5hMkMo5Ic+JoSD1/V9ZLa
Da3UFp9mpWMeJhsWleNmYvtdOy/fgI79ftk4I2addYI8Bpvtl1zF4ercdFtvESft
Z1VdAJ/maU67hx75uxfIYmCdUfD+IfIgYiVTxQ7d0PRp
-----END CERTIFICATE-----