Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/fEYDfX4hG3B4jE7kbTWkm0hjZDE.roa
File:                     fEYDfX4hG3B4jE7kbTWkm0hjZDE.roa (raw, json)
Hash identifier:          Ef+DqRks6z8AT1j32zNVNv46VCkfmOyXHGOUzI0e1cU=
Subject key identifier:   7C:46:03:7D:7E:21:1B:70:78:8C:4E:E4:6D:35:A4:9B:48:63:64:31
Certificate issuer:       /CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
Certificate serial:       018F2FB16EB7B969F5099EC101342D81CA32
Authority key identifier: 67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/fEYDfX4hG3B4jE7kbTWkm0hjZDE.roa
Signing time:             Tue 30 Apr 2024 15:48:28 +0000
ROA not before:           Tue 30 Apr 2024 15:48:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207713
IP address blocks:        193.43.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:2f:b1:6e:b7:b9:69:f5:09:9e:c1:01:34:2d:81:ca:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=67955b1aa1c0284d2843b96f26c5fe751e66946f
        Validity
            Not Before: Apr 30 15:48:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c46037d7e211b70788c4ee46d35a49b48636431
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d1:4b:dd:d6:bc:49:a9:00:6f:e9:b1:37:bc:
                    14:10:f5:12:c1:9e:2b:20:d0:f4:42:66:65:4e:2b:
                    e6:75:9b:61:e9:d2:8c:eb:5f:64:03:b2:b3:48:e6:
                    dd:36:ec:e0:00:9e:41:85:af:1b:5f:ae:6c:d8:83:
                    f6:00:cd:b0:db:d2:cd:61:95:d1:d3:a5:7a:cc:80:
                    d5:ec:8c:46:69:7a:46:16:0e:31:a7:29:d0:23:ab:
                    e9:1a:16:01:fe:46:7a:30:19:45:df:3a:cd:b1:8b:
                    0d:e8:64:ad:90:2e:25:bc:fd:53:f9:cb:19:0a:af:
                    7b:bc:75:23:5c:b4:97:14:ba:95:2b:ef:e3:e0:0c:
                    53:fb:15:01:a0:75:77:7e:bc:06:dd:bc:70:64:c9:
                    1b:86:07:93:87:ff:23:ee:67:69:17:02:8c:6b:af:
                    6c:c8:fb:6e:58:96:fd:45:21:72:9a:1a:18:33:c0:
                    20:d1:28:fc:42:8e:4d:d2:51:7e:f3:c5:b0:d9:c9:
                    70:48:ad:b0:5f:d6:fa:cf:b1:63:07:bf:e9:cb:2f:
                    5d:34:0c:14:7e:76:2b:3f:74:1b:c1:80:02:54:a2:
                    2e:22:4f:21:4c:29:d2:04:64:27:ed:b9:9d:ac:5f:
                    9b:bb:4e:20:df:85:db:be:7b:ac:3e:46:3c:02:34:
                    9e:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:46:03:7D:7E:21:1B:70:78:8C:4E:E4:6D:35:A4:9B:48:63:64:31
            X509v3 Authority Key Identifier:
                keyid:67:95:5B:1A:A1:C0:28:4D:28:43:B9:6F:26:C5:FE:75:1E:66:94:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/fEYDfX4hG3B4jE7kbTWkm0hjZDE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/631925-6b0e-4ea5-91d7-08ad94101d7e/1/Z5VbGqHAKE0oQ7lvJsX-dR5mlG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.43.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:14:fd:cb:c6:fd:77:ce:40:3e:7b:ba:c0:04:c2:a4:71:b8:
         8d:11:13:ae:8a:63:0b:d4:46:a6:bc:83:23:b5:78:c4:92:d2:
         cf:f7:ff:b6:8d:d2:80:76:85:01:d5:d0:69:0e:15:8f:67:ae:
         37:93:05:7a:0b:52:b8:cf:b4:55:5f:8e:04:99:16:6e:cc:e2:
         d1:42:a7:17:ae:11:c1:02:b7:8e:d7:e5:11:92:64:d1:6d:48:
         4f:cd:da:2e:f4:f9:a8:c1:3c:29:d4:a0:62:2b:a6:da:fb:50:
         7a:63:cf:5f:44:39:5d:70:fe:d6:19:ac:35:74:37:6d:eb:22:
         2a:49:35:1d:42:3e:a0:1f:90:09:76:ee:7a:e2:65:ce:3e:70:
         6f:67:1b:54:c1:80:a1:10:a4:d5:20:0c:36:06:a3:a6:3a:e0:
         70:ca:d8:e8:d2:47:0d:ff:bf:27:52:78:da:bb:79:68:a0:56:
         d1:1e:3b:c5:7e:7c:41:7d:96:9f:c0:e7:4b:b2:0d:5b:73:10:
         11:12:ae:31:95:55:1c:ac:e3:18:6a:cd:54:19:e9:21:79:b8:
         1c:fd:0c:f1:a4:50:74:c4:90:91:60:66:c4:7d:89:09:ee:28:
         dd:d3:ca:fa:8f:bd:5d:68:36:d2:e7:f9:ea:ce:bb:b1:f9:8e:
         52:9f:d6:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY8vsW63uWn1CZ7BATQtgcoyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OTU1YjFhYTFjMDI4NGQyODQzYjk2ZjI2YzVmZTc1MWU2
Njk0NmYwHhcNMjQwNDMwMTU0ODI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzQ2MDM3ZDdlMjExYjcwNzg4YzRlZTQ2ZDM1YTQ5YjQ4NjM2NDMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArtFL3da8SakAb+mxN7wUEPUSwZ4r
IND0QmZlTivmdZth6dKM619kA7KzSObdNuzgAJ5Bha8bX65s2IP2AM2w29LNYZXR
06V6zIDV7IxGaXpGFg4xpynQI6vpGhYB/kZ6MBlF3zrNsYsN6GStkC4lvP1T+csZ
Cq97vHUjXLSXFLqVK+/j4AxT+xUBoHV3frwG3bxwZMkbhgeTh/8j7mdpFwKMa69s
yPtuWJb9RSFymhoYM8Ag0Sj8Qo5N0lF+88Ww2clwSK2wX9b6z7FjB7/pyy9dNAwU
fnYrP3QbwYACVKIuIk8hTCnSBGQn7bmdrF+bu04g34XbvnusPkY8AjSeAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHxGA31+IRtweIxO5G01pJtIY2QxMB8GA1UdIwQY
MBaAFGeVWxqhwChNKEO5bybF/nUeZpRvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDct
MDhhZDk0MTAxZDdlLzEvZkVZRGZYNGhHM0I0akU3a2JUV2ttMGhqWkRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzE5MjUtNmIwZS00ZWE1LTkxZDctMDhhZDk0MTAxZDdl
LzEvWjVWYkdxSEFLRTBvUTdsdkpzWC1kUjVtbEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSv5MA0G
CSqGSIb3DQEBCwUAA4IBAQABFP3Lxv13zkA+e7rABMKkcbiNEROuimML1EamvIMj
tXjEktLP9/+2jdKAdoUB1dBpDhWPZ643kwV6C1K4z7RVX44EmRZuzOLRQqcXrhHB
AreO1+URkmTRbUhPzdou9PmowTwp1KBiK6ba+1B6Y89fRDldcP7WGaw1dDdt6yIq
STUdQj6gH5AJdu564mXOPnBvZxtUwYChEKTVIAw2BqOmOuBwytjo0kcN/78nUnja
u3looFbRHjvFfnxBfZafwOdLsg1bcxAREq4xlVUcrOMYas1UGekhebgc/QzxpFB0
xJCRYGbEfYkJ7ijd08r6j71daDbS5/nqzrux+Y5Sn9Zg
-----END CERTIFICATE-----