Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/b18f32-473c-4d9e-ab85-7bd0cfa239f6/1/eIsbAVTtvwjbzODn5iVrkC-Xyy4.roa
File:                     eIsbAVTtvwjbzODn5iVrkC-Xyy4.roa (raw, json)
Hash identifier:          Iy9diirHOT9W9+mSq6ZMYdx2BoEK27CWCCpzZEWki0A=
Subject key identifier:   78:8B:1B:01:54:ED:BF:08:DB:CC:E0:E7:E6:25:6B:90:2F:97:CB:2E
Certificate issuer:       /CN=e156a785bf7fe4d7c4a5c6b721214f0e96f3aec9
Certificate serial:       018CC3B69AEFBE14393A3436EE110FCAA605
Authority key identifier: E1:56:A7:85:BF:7F:E4:D7:C4:A5:C6:B7:21:21:4F:0E:96:F3:AE:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4Vanhb9_5NfEpca3ISFPDpbzrsk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/b18f32-473c-4d9e-ab85-7bd0cfa239f6/1/eIsbAVTtvwjbzODn5iVrkC-Xyy4.roa
Signing time:             Mon 01 Jan 2024 06:29:33 +0000
ROA not before:           Mon 01 Jan 2024 06:29:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     786
IP address blocks:        147.252.0.0/16 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/b18f32-473c-4d9e-ab85-7bd0cfa239f6/1/4Vanhb9_5NfEpca3ISFPDpbzrsk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/b18f32-473c-4d9e-ab85-7bd0cfa239f6/1/4Vanhb9_5NfEpca3ISFPDpbzrsk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4Vanhb9_5NfEpca3ISFPDpbzrsk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:9a:ef:be:14:39:3a:34:36:ee:11:0f:ca:a6:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e156a785bf7fe4d7c4a5c6b721214f0e96f3aec9
        Validity
            Not Before: Jan  1 06:29:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=788b1b0154edbf08dbcce0e7e6256b902f97cb2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ad:e4:54:15:0c:70:63:53:1a:d3:0f:4b:27:
                    e7:1a:d5:ad:4d:c5:e3:95:20:bf:53:64:c1:fc:53:
                    7b:1d:df:be:9d:11:95:0a:48:bd:80:1a:bc:75:f9:
                    94:3b:9d:af:4f:50:9d:cf:a8:d4:b7:b3:4f:51:75:
                    ac:7c:7f:d4:30:cc:35:91:0c:9c:c9:5a:7c:5e:27:
                    94:38:20:81:fe:47:1c:da:26:44:f0:2a:14:67:4d:
                    61:d9:dd:b7:ec:06:f6:5a:6c:e8:d4:43:2e:54:c1:
                    6f:0e:41:0a:5a:54:d4:ce:94:33:04:d3:3b:83:04:
                    21:7c:25:21:11:e6:a8:ce:8a:b2:dc:47:14:2b:d3:
                    a0:de:f0:4e:96:fc:6a:70:c5:97:5c:f1:1b:04:d6:
                    ad:ab:e8:02:f8:2d:db:bb:5a:71:a0:35:3b:34:2f:
                    c4:20:93:ca:50:bc:9a:a5:c3:a1:be:d0:05:10:92:
                    e4:ce:63:0e:02:e4:fb:75:36:f0:8f:43:b8:06:a7:
                    48:a8:4b:60:9e:cd:c5:92:9c:9b:1e:dc:1d:c6:9e:
                    5e:a3:4a:5a:c3:85:6c:03:e8:97:6b:0b:2c:ba:6c:
                    03:6a:a7:3e:23:e2:d1:a6:56:d9:29:ed:59:f1:01:
                    da:fe:0f:ce:75:b9:e5:62:54:25:cb:7d:e1:e0:37:
                    8b:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:8B:1B:01:54:ED:BF:08:DB:CC:E0:E7:E6:25:6B:90:2F:97:CB:2E
            X509v3 Authority Key Identifier:
                keyid:E1:56:A7:85:BF:7F:E4:D7:C4:A5:C6:B7:21:21:4F:0E:96:F3:AE:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4Vanhb9_5NfEpca3ISFPDpbzrsk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b18f32-473c-4d9e-ab85-7bd0cfa239f6/1/eIsbAVTtvwjbzODn5iVrkC-Xyy4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/b18f32-473c-4d9e-ab85-7bd0cfa239f6/1/4Vanhb9_5NfEpca3ISFPDpbzrsk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.252.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         07:37:9f:42:75:0a:e8:dd:e4:c0:6b:52:c3:d7:58:c8:a6:bf:
         61:3f:72:94:f1:86:73:24:66:ac:21:d3:73:43:0d:51:d8:18:
         2d:5f:ff:15:25:19:f2:8a:d4:3a:fe:19:1b:01:da:45:38:41:
         63:4b:37:31:63:02:4f:a8:78:ff:19:66:b0:b3:d3:0b:99:8e:
         aa:9c:1a:6c:57:58:a3:67:9d:a1:20:8f:2b:8a:55:32:2b:ef:
         b4:44:77:61:67:aa:2a:a7:7d:70:04:d3:02:99:04:ea:64:bf:
         f6:50:77:12:7f:2d:97:1d:6f:e9:75:5a:28:66:7b:13:52:53:
         6c:fa:71:b3:bc:e4:d9:3b:a1:5b:f7:23:4d:1d:c5:9b:de:bc:
         c4:b8:40:1e:71:11:44:66:ae:36:97:79:37:b8:5e:f6:f1:51:
         16:5e:50:15:d7:b3:32:6d:c7:c5:31:98:f7:bb:e3:60:cf:6e:
         7e:3a:5e:03:0c:83:27:c9:0f:63:34:be:1a:90:10:48:14:25:
         61:8b:87:77:18:a7:8a:16:cb:04:05:a7:61:4b:28:3a:63:e7:
         09:da:f6:96:a9:85:7a:36:f1:92:c4:70:44:33:ec:10:22:c8:
         20:1a:9a:e9:47:be:37:37:1b:37:29:4e:1d:29:eb:a7:ee:a0:
         a9:61:36:09
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAYzDtprvvhQ5OjQ27hEPyqYFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxNTZhNzg1YmY3ZmU0ZDdjNGE1YzZiNzIxMjE0ZjBlOTZm
M2FlYzkwHhcNMjQwMTAxMDYyOTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODhiMWIwMTU0ZWRiZjA4ZGJjY2UwZTdlNjI1NmI5MDJmOTdjYjJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjq3kVBUMcGNTGtMPSyfnGtWtTcXj
lSC/U2TB/FN7Hd++nRGVCki9gBq8dfmUO52vT1Cdz6jUt7NPUXWsfH/UMMw1kQyc
yVp8XieUOCCB/kcc2iZE8CoUZ01h2d237Ab2Wmzo1EMuVMFvDkEKWlTUzpQzBNM7
gwQhfCUhEeaozoqy3EcUK9Og3vBOlvxqcMWXXPEbBNatq+gC+C3bu1pxoDU7NC/E
IJPKULyapcOhvtAFEJLkzmMOAuT7dTbwj0O4BqdIqEtgns3FkpybHtwdxp5eo0pa
w4VsA+iXawssumwDaqc+I+LRplbZKe1Z8QHa/g/OdbnlYlQly33h4DeLyQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFHiLGwFU7b8I28zg5+Yla5Avl8suMB8GA1UdIwQY
MBaAFOFWp4W/f+TXxKXGtyEhTw6W867JMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNFZhbmhiOV81TmZFcGNhM0lTRlBEcGJ6cnNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9iMThmMzItNDczYy00ZDllLWFiODUt
N2JkMGNmYTIzOWY2LzEvZUlzYkFWVHR2d2piek9EbjVpVnJrQy1YeXk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9iMThmMzItNDczYy00ZDllLWFiODUtN2JkMGNmYTIzOWY2
LzEvNFZhbmhiOV81TmZFcGNhM0lTRlBEcGJ6cnNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAk/wwDQYJ
KoZIhvcNAQELBQADggEBAAc3n0J1Cujd5MBrUsPXWMimv2E/cpTxhnMkZqwh03ND
DVHYGC1f/xUlGfKK1Dr+GRsB2kU4QWNLNzFjAk+oeP8ZZrCz0wuZjqqcGmxXWKNn
naEgjyuKVTIr77REd2FnqiqnfXAE0wKZBOpkv/ZQdxJ/LZcdb+l1WihmexNSU2z6
cbO85Nk7oVv3I00dxZvevMS4QB5xEURmrjaXeTe4XvbxURZeUBXXszJtx8UxmPe7
42DPbn46XgMMgyfJD2M0vhqQEEgUJWGLh3cYp4oWywQFp2FLKDpj5wna9paphXo2
8ZLEcEQz7BAiyCAamulHvjc3GzcpTh0p66fuoKlhNgk=
-----END CERTIFICATE-----