Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/eassUqEiSfVlopCHPNrriq4ZWus.roa
File:                     eassUqEiSfVlopCHPNrriq4ZWus.roa (raw, json)
Hash identifier:          MFZatM0zwpZgWPYVkBLdWpTFlWmcQQfSlWJSB6yavpY=
Subject key identifier:   79:AB:2C:52:A1:22:49:F5:65:A2:90:87:3C:DA:EB:8A:AE:19:5A:EB
Certificate issuer:       /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial:       01917489A21933C9235E1C65E4FA897A39CE
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/eassUqEiSfVlopCHPNrriq4ZWus.roa
Signing time:             Wed 21 Aug 2024 10:44:22 +0000
ROA not before:           Wed 21 Aug 2024 10:44:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     26548
IP address blocks:        62.204.35.0/24 maxlen: 24
                          146.19.91.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:74:89:a2:19:33:c9:23:5e:1c:65:e4:fa:89:7a:39:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
        Validity
            Not Before: Aug 21 10:44:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79ab2c52a12249f565a290873cdaeb8aae195aeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:fb:c8:5c:4e:4e:91:dd:d0:63:c4:02:4c:33:
                    d4:f9:cb:4e:49:25:da:0b:73:05:81:c2:5a:c7:7e:
                    9a:e1:df:a0:2b:2f:e4:72:02:fb:a6:68:86:2b:d2:
                    db:93:6f:b2:99:1a:68:e6:43:03:d7:61:db:1c:be:
                    13:7a:4f:fb:5f:aa:07:1f:6f:91:3e:5a:f8:b8:ef:
                    f9:a6:ee:2c:02:6c:13:11:8a:b9:6a:26:5f:bc:bf:
                    0e:b3:f5:67:97:81:0c:6c:3e:89:a9:3e:30:c6:f7:
                    e8:6e:7f:67:d5:31:0f:88:5b:56:20:ee:79:ba:be:
                    13:76:38:49:51:f3:8b:1a:6e:8f:03:fc:d8:99:4f:
                    dc:8d:6b:df:98:c5:a0:9f:b7:3f:62:cc:4c:0b:32:
                    02:f1:68:c6:b6:ec:0d:55:8d:1f:db:68:08:42:6c:
                    d8:e4:50:28:e7:34:80:dd:2a:2f:2e:f2:be:5f:c9:
                    86:0c:1a:05:d9:52:e5:c9:10:84:c7:57:31:f6:26:
                    8d:f7:78:4a:71:6f:e3:6e:c3:41:71:78:30:23:3e:
                    3b:fa:8a:53:97:44:35:75:29:9f:7b:73:f0:8b:f1:
                    7d:f8:c4:86:f7:87:7d:ca:46:df:fd:01:27:d3:e6:
                    60:df:ba:1f:f4:6f:79:6f:1b:2d:12:5e:11:83:4b:
                    b9:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:AB:2C:52:A1:22:49:F5:65:A2:90:87:3C:DA:EB:8A:AE:19:5A:EB
            X509v3 Authority Key Identifier:
                keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/eassUqEiSfVlopCHPNrriq4ZWus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.204.35.0/24
                  146.19.91.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:7a:e7:b3:29:df:31:ba:d0:ad:29:47:36:a1:f2:00:00:c6:
         6d:56:d1:11:08:7d:de:24:85:80:31:e7:e8:11:ac:c7:92:22:
         a9:60:53:59:91:97:0c:93:e6:5c:cb:07:21:c2:8a:09:7f:98:
         0f:31:b4:5f:c1:6c:ff:09:ef:e2:c7:3b:b2:2a:38:a1:00:c0:
         52:c8:d9:27:83:ff:c8:dc:79:1e:bd:eb:86:2f:e2:0a:16:b8:
         9f:6b:11:6b:32:65:fd:20:f2:0c:49:cd:2b:1d:81:00:95:95:
         52:4a:e4:d8:fa:c3:bd:db:3f:b6:84:37:9f:97:b9:f3:93:05:
         7d:1b:ad:9c:ad:20:4d:70:77:e4:4a:70:8b:f7:eb:60:16:89:
         1b:b4:b5:6f:3c:90:d9:6a:13:17:8c:ed:3a:28:89:af:38:22:
         c9:12:d8:a3:69:e5:6c:1f:d6:66:a6:97:50:bf:15:a3:51:ed:
         92:cf:af:5a:34:bd:68:1f:1c:e5:a0:91:15:bc:fd:61:ab:a2:
         1c:e7:56:7a:6c:dd:0b:68:f1:8a:c7:41:2a:d9:34:51:15:76:
         cd:6b:3e:87:ce:40:06:09:10:c3:25:43:09:fe:40:78:bc:17:
         cf:32:ec:2a:33:f9:d3:96:d2:04:bd:b1:8a:5a:bd:08:f0:85:
         fd:cc:f3:05
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZF0iaIZM8kjXhxl5PqJejnOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjQwODIxMTA0NDIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWFiMmM1MmExMjI0OWY1NjVhMjkwODczY2RhZWI4YWFlMTk1YWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPvIXE5Okd3QY8QCTDPU+ctOSSXa
C3MFgcJax36a4d+gKy/kcgL7pmiGK9Lbk2+ymRpo5kMD12HbHL4Tek/7X6oHH2+R
Plr4uO/5pu4sAmwTEYq5aiZfvL8Os/Vnl4EMbD6JqT4wxvfobn9n1TEPiFtWIO55
ur4TdjhJUfOLGm6PA/zYmU/cjWvfmMWgn7c/YsxMCzIC8WjGtuwNVY0f22gIQmzY
5FAo5zSA3SovLvK+X8mGDBoF2VLlyRCEx1cx9iaN93hKcW/jbsNBcXgwIz47+opT
l0Q1dSmfe3Pwi/F9+MSG94d9ykbf/QEn0+Zg37of9G95bxstEl4Rg0u5hwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHmrLFKhIkn1ZaKQhzza64quGVrrMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvZWFzc1VxRWlTZlZsb3BDSFBOcnJpcTRaV3VzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPswjAwQA
khNbMA0GCSqGSIb3DQEBCwUAA4IBAQAMeuezKd8xutCtKUc2ofIAAMZtVtERCH3e
JIWAMefoEazHkiKpYFNZkZcMk+ZcywchwooJf5gPMbRfwWz/Ce/ixzuyKjihAMBS
yNkng//I3HkeveuGL+IKFrifaxFrMmX9IPIMSc0rHYEAlZVSSuTY+sO92z+2hDef
l7nzkwV9G62crSBNcHfkSnCL9+tgFokbtLVvPJDZahMXjO06KImvOCLJEtijaeVs
H9ZmppdQvxWjUe2Sz69aNL1oHxzloJEVvP1hq6Ic51Z6bN0LaPGKx0Eq2TRRFXbN
az6HzkAGCRDDJUMJ/kB4vBfPMuwqM/nTltIEvbGKWr0I8IX9zPMF
-----END CERTIFICATE-----