Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/58c87b-9aa8-48ea-85c3-06b163d359e0/1/EwrVsJtn0LM0zaICurdtWvdsApk.roa
File:                     EwrVsJtn0LM0zaICurdtWvdsApk.roa (raw, json)
Hash identifier:          GJMZoFGCarfCkWRh/urP4S2MvD3CWj9AlrEwb8y3a9Y=
Subject key identifier:   13:0A:D5:B0:9B:67:D0:B3:34:CD:A2:02:BA:B7:6D:5A:F7:6C:02:99
Certificate issuer:       /CN=d77c869a86fec833793eeedaccd4b1f7ca4433e9
Certificate serial:       018CC94DD4DBC01FB0CD4AFCFFF5A87DBCC4
Authority key identifier: D7:7C:86:9A:86:FE:C8:33:79:3E:EE:DA:CC:D4:B1:F7:CA:44:33:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/13yGmob-yDN5Pu7azNSx98pEM-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/58c87b-9aa8-48ea-85c3-06b163d359e0/1/EwrVsJtn0LM0zaICurdtWvdsApk.roa
Signing time:             Tue 02 Jan 2024 08:32:50 +0000
ROA not before:           Tue 02 Jan 2024 08:32:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58243
IP address blocks:        185.207.156.0/22 maxlen: 22
                          2a0b:25c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/58c87b-9aa8-48ea-85c3-06b163d359e0/1/13yGmob-yDN5Pu7azNSx98pEM-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/58c87b-9aa8-48ea-85c3-06b163d359e0/1/13yGmob-yDN5Pu7azNSx98pEM-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/13yGmob-yDN5Pu7azNSx98pEM-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:d4:db:c0:1f:b0:cd:4a:fc:ff:f5:a8:7d:bc:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d77c869a86fec833793eeedaccd4b1f7ca4433e9
        Validity
            Not Before: Jan  2 08:32:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=130ad5b09b67d0b334cda202bab76d5af76c0299
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:ee:fe:3a:d3:84:92:ae:dd:21:da:bf:c4:be:
                    40:68:ee:4c:88:53:79:c7:69:b6:bc:ef:1d:98:0d:
                    f2:7d:92:b5:af:62:93:85:b7:58:e8:5f:4c:9f:88:
                    42:a2:d3:73:9d:31:d4:51:b1:2e:eb:6c:a9:9b:17:
                    ae:c7:24:15:1d:5e:cd:54:dc:f5:a7:cb:54:d3:82:
                    df:8d:a9:e8:9f:55:32:ec:be:a3:80:37:21:27:f5:
                    8c:c2:51:c0:c3:cf:c8:e8:27:1e:1e:1d:37:fb:21:
                    52:73:3d:67:35:58:1d:5a:a8:e6:37:db:aa:b1:01:
                    cf:e5:e3:45:e3:9a:cb:78:b9:77:44:f7:e8:0f:a9:
                    c3:7e:ec:5c:5f:c8:ef:61:6a:07:96:35:91:17:1f:
                    a8:5b:d4:16:55:d6:ff:0e:0b:93:d2:ab:4f:41:76:
                    dd:c2:f1:06:98:71:c8:03:52:99:f1:19:bf:3b:46:
                    3f:7d:5f:24:ec:22:ab:8c:76:dc:2b:31:ac:48:37:
                    39:13:10:83:80:fe:af:85:63:09:f3:c4:0b:8b:5c:
                    fa:66:95:14:53:70:10:8f:1e:6c:43:ee:af:e2:2c:
                    21:9d:fc:0e:10:76:3a:2f:59:c7:9e:0c:63:5b:3d:
                    df:c1:ba:b8:98:66:2a:93:99:21:70:d5:3b:59:fb:
                    8f:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:0A:D5:B0:9B:67:D0:B3:34:CD:A2:02:BA:B7:6D:5A:F7:6C:02:99
            X509v3 Authority Key Identifier:
                keyid:D7:7C:86:9A:86:FE:C8:33:79:3E:EE:DA:CC:D4:B1:F7:CA:44:33:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/13yGmob-yDN5Pu7azNSx98pEM-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/58c87b-9aa8-48ea-85c3-06b163d359e0/1/EwrVsJtn0LM0zaICurdtWvdsApk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/58c87b-9aa8-48ea-85c3-06b163d359e0/1/13yGmob-yDN5Pu7azNSx98pEM-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.156.0/22
                IPv6:
                  2a0b:25c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         83:1b:2a:3b:68:c0:00:67:db:ab:c1:06:58:42:a3:ef:4f:85:
         58:05:2b:36:94:f3:fe:36:00:95:1a:85:de:c5:5d:d0:47:37:
         84:17:f7:ac:59:0f:1f:b5:6b:56:e2:2a:11:42:a8:74:6c:37:
         ca:63:e2:0f:47:80:ce:5c:43:39:7e:d2:54:0b:bd:23:91:e1:
         e6:8c:09:06:d2:8a:71:49:4e:c5:a0:be:ad:c2:34:4a:a9:e7:
         a1:2a:11:bd:c7:17:52:d4:32:d0:6b:8c:cc:fa:a5:a7:ed:39:
         38:74:ee:de:34:3e:c8:f6:dc:80:6e:00:d1:a4:3c:ef:3d:0e:
         8e:ca:5b:27:51:1c:a5:0c:f0:ff:e0:87:a7:ee:17:d0:b5:60:
         a5:7b:eb:1b:e3:f3:94:d7:61:a8:64:30:4f:e0:39:46:bd:ed:
         25:77:8d:d3:52:31:42:20:9f:6e:36:42:4f:59:b1:9f:08:07:
         97:e0:aa:18:46:5c:24:41:13:01:82:12:33:c2:8e:2c:d8:f9:
         51:87:45:6c:a8:8f:57:37:0d:cf:18:0d:6f:bb:0a:8b:ac:64:
         5c:d3:6a:c0:47:99:a7:e5:ca:79:c8:d5:ea:71:1d:75:b8:0f:
         c4:81:00:51:53:8e:1e:f9:7b:a4:d6:1f:fc:31:97:92:03:01:
         15:45:17:91
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTdTbwB+wzUr8//WofbzEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ3N2M4NjlhODZmZWM4MzM3OTNlZWVkYWNjZDRiMWY3Y2E0
NDMzZTkwHhcNMjQwMTAyMDgzMjUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzBhZDViMDliNjdkMGIzMzRjZGEyMDJiYWI3NmQ1YWY3NmMwMjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjO7+OtOEkq7dIdq/xL5AaO5MiFN5
x2m2vO8dmA3yfZK1r2KThbdY6F9Mn4hCotNznTHUUbEu62ypmxeuxyQVHV7NVNz1
p8tU04Lfjanon1Uy7L6jgDchJ/WMwlHAw8/I6CceHh03+yFScz1nNVgdWqjmN9uq
sQHP5eNF45rLeLl3RPfoD6nDfuxcX8jvYWoHljWRFx+oW9QWVdb/DguT0qtPQXbd
wvEGmHHIA1KZ8Rm/O0Y/fV8k7CKrjHbcKzGsSDc5ExCDgP6vhWMJ88QLi1z6ZpUU
U3AQjx5sQ+6v4iwhnfwOEHY6L1nHngxjWz3fwbq4mGYqk5khcNU7WfuPfwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBMK1bCbZ9CzNM2iArq3bVr3bAKZMB8GA1UdIwQY
MBaAFNd8hpqG/sgzeT7u2szUsffKRDPpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMTN5R21vYi15RE41UHU3YXpOU3g5OHBFTS1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy81OGM4N2ItOWFhOC00OGVhLTg1YzMt
MDZiMTYzZDM1OWUwLzEvRXdyVnNKdG4wTE0wemFJQ3VyZHRXdmRzQXBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy81OGM4N2ItOWFhOC00OGVhLTg1YzMtMDZiMTYzZDM1OWUw
LzEvMTN5R21vYi15RE41UHU3YXpOU3g5OHBFTS1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuc+cMA0E
AgACMAcDBQMqCyXAMA0GCSqGSIb3DQEBCwUAA4IBAQCDGyo7aMAAZ9urwQZYQqPv
T4VYBSs2lPP+NgCVGoXexV3QRzeEF/esWQ8ftWtW4ioRQqh0bDfKY+IPR4DOXEM5
ftJUC70jkeHmjAkG0opxSU7FoL6twjRKqeehKhG9xxdS1DLQa4zM+qWn7Tk4dO7e
ND7I9tyAbgDRpDzvPQ6OylsnURylDPD/4Ien7hfQtWCle+sb4/OU12GoZDBP4DlG
ve0ld43TUjFCIJ9uNkJPWbGfCAeX4KoYRlwkQRMBghIzwo4s2PlRh0VsqI9XNw3P
GA1vuwqLrGRc02rAR5mn5cp5yNXqcR11uA/EgQBRU44e+Xuk1h/8MZeSAwEVRReR
-----END CERTIFICATE-----