Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/811108-e8f7-47af-bc8b-a5b7831a8ce1/1/eSlvXeW5vxsdLNaO-ZQUtYOG4qQ.roa
File:                     eSlvXeW5vxsdLNaO-ZQUtYOG4qQ.roa (raw, json)
Hash identifier:          uMhMw+4UtBdP7M1/HJCwD+tJkPc/nkpY8RX12EcXDFE=
Subject key identifier:   79:29:6F:5D:E5:B9:BF:1B:1D:2C:D6:8E:F9:94:14:B5:83:86:E2:A4
Certificate issuer:       /CN=2e0e338d73e758468456632f5bcaae07af0d8731
Certificate serial:       018CC56EB87256021E0CAE6881E812AA3B6E
Authority key identifier: 2E:0E:33:8D:73:E7:58:46:84:56:63:2F:5B:CA:AE:07:AF:0D:87:31
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Lg4zjXPnWEaEVmMvW8quB68NhzE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/811108-e8f7-47af-bc8b-a5b7831a8ce1/1/eSlvXeW5vxsdLNaO-ZQUtYOG4qQ.roa
Signing time:             Mon 01 Jan 2024 14:30:16 +0000
ROA not before:           Mon 01 Jan 2024 14:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     13136
IP address blocks:        80.85.128.0/21 maxlen: 21
                          2a02:13d0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/811108-e8f7-47af-bc8b-a5b7831a8ce1/1/Lg4zjXPnWEaEVmMvW8quB68NhzE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/811108-e8f7-47af-bc8b-a5b7831a8ce1/1/Lg4zjXPnWEaEVmMvW8quB68NhzE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Lg4zjXPnWEaEVmMvW8quB68NhzE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:b8:72:56:02:1e:0c:ae:68:81:e8:12:aa:3b:6e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e0e338d73e758468456632f5bcaae07af0d8731
        Validity
            Not Before: Jan  1 14:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79296f5de5b9bf1b1d2cd68ef99414b58386e2a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:cc:81:8b:1d:5a:be:3c:d3:3b:40:c0:06:86:
                    ee:6d:13:e5:e7:f3:88:0c:64:db:4f:50:d9:e8:5d:
                    d5:96:b4:74:e6:ec:d8:f8:fc:a4:7b:23:dd:36:f0:
                    dd:16:1c:0b:fe:95:cc:52:a5:71:4a:2e:7f:97:9a:
                    8b:a0:25:a2:eb:2f:29:f2:98:ee:81:39:19:66:82:
                    4b:a1:bc:63:39:09:a0:eb:7b:ef:35:7e:4f:ea:00:
                    c4:65:47:81:74:6e:90:f5:70:4d:61:cd:c3:14:9a:
                    a3:90:db:26:eb:d4:17:2c:6b:46:c4:f1:2b:37:ef:
                    d9:68:f3:f7:a7:63:e6:b8:f1:df:ea:ed:84:b8:67:
                    25:fd:49:82:13:9d:35:b5:87:7c:91:81:3d:7a:f1:
                    32:19:2f:f9:a1:4d:70:4d:47:05:e7:62:5c:89:7d:
                    a3:37:43:f1:d5:0c:69:7c:75:52:64:08:76:bc:25:
                    a8:57:26:7a:ed:05:c0:7e:2d:78:47:e0:70:ad:0b:
                    f6:b6:44:01:28:06:47:74:15:98:17:77:a9:8c:1e:
                    fa:a7:2d:5e:34:35:dc:fb:9c:6a:43:b1:a2:49:cc:
                    9f:6d:4e:27:39:2c:5f:cc:06:5b:2d:51:98:69:80:
                    80:d0:af:2d:76:28:a4:69:51:48:37:45:9f:31:e9:
                    77:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:29:6F:5D:E5:B9:BF:1B:1D:2C:D6:8E:F9:94:14:B5:83:86:E2:A4
            X509v3 Authority Key Identifier:
                keyid:2E:0E:33:8D:73:E7:58:46:84:56:63:2F:5B:CA:AE:07:AF:0D:87:31

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Lg4zjXPnWEaEVmMvW8quB68NhzE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/811108-e8f7-47af-bc8b-a5b7831a8ce1/1/eSlvXeW5vxsdLNaO-ZQUtYOG4qQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/811108-e8f7-47af-bc8b-a5b7831a8ce1/1/Lg4zjXPnWEaEVmMvW8quB68NhzE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.85.128.0/21
                IPv6:
                  2a02:13d0::/29

    Signature Algorithm: sha256WithRSAEncryption
         28:59:97:60:9e:f5:71:81:56:7e:ad:34:22:f0:53:6d:2f:a1:
         ac:d5:ec:6b:91:4e:7d:2f:f2:69:9c:98:b4:06:4c:44:d1:1d:
         32:69:e7:06:9a:4c:0a:49:f6:60:cd:89:f5:7b:ec:cc:b0:29:
         77:78:2c:bb:cd:5a:3c:68:c3:e0:05:cb:7f:19:3b:94:16:d0:
         f8:db:b3:fa:f3:7e:de:5a:6f:93:b7:ad:3e:3d:21:48:3c:2d:
         99:f5:58:1c:16:46:69:50:b1:c1:02:b3:a1:c0:d2:d4:ad:5c:
         9a:47:95:99:3a:88:f1:90:15:3f:80:f5:bf:b6:6c:f3:6e:fb:
         90:af:96:cc:38:e0:13:6d:f3:c5:8a:23:cd:f6:4b:bb:60:11:
         66:1e:97:57:00:2f:ba:fb:24:0b:7c:5d:09:50:72:0f:fb:35:
         e7:54:ad:51:7e:15:cc:36:9a:ef:b2:8f:e0:02:70:7c:6d:26:
         d1:ad:9c:c7:1c:55:b7:7f:bb:2f:18:eb:7d:19:13:bb:3b:ea:
         7c:76:af:1b:bd:6f:0f:39:ad:70:36:77:da:9e:5a:b7:80:53:
         17:48:d5:8b:a4:c2:61:72:40:9a:98:ca:c7:55:0c:94:6d:e0:
         ad:51:05:ff:0b:3f:38:8b:a5:4c:e6:22:d8:53:46:54:79:9a:
         a7:c8:36:33
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbrhyVgIeDK5ogegSqjtuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlMGUzMzhkNzNlNzU4NDY4NDU2NjMyZjViY2FhZTA3YWYw
ZDg3MzEwHhcNMjQwMTAxMTQzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTI5NmY1ZGU1YjliZjFiMWQyY2Q2OGVmOTk0MTRiNTgzODZlMmE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusyBix1avjzTO0DABobubRPl5/OI
DGTbT1DZ6F3VlrR05uzY+PykeyPdNvDdFhwL/pXMUqVxSi5/l5qLoCWi6y8p8pju
gTkZZoJLobxjOQmg63vvNX5P6gDEZUeBdG6Q9XBNYc3DFJqjkNsm69QXLGtGxPEr
N+/ZaPP3p2PmuPHf6u2EuGcl/UmCE501tYd8kYE9evEyGS/5oU1wTUcF52JciX2j
N0Px1QxpfHVSZAh2vCWoVyZ67QXAfi14R+BwrQv2tkQBKAZHdBWYF3epjB76py1e
NDXc+5xqQ7GiScyfbU4nOSxfzAZbLVGYaYCA0K8tdiikaVFIN0WfMel3XQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHkpb13lub8bHSzWjvmUFLWDhuKkMB8GA1UdIwQY
MBaAFC4OM41z51hGhFZjL1vKrgevDYcxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTGc0empYUG5XRWFFVm1Ndlc4cXVCNjhOaHpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy84MTExMDgtZThmNy00N2FmLWJjOGIt
YTViNzgzMWE4Y2UxLzEvZVNsdlhlVzV2eHNkTE5hTy1aUVV0WU9HNHFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy84MTExMDgtZThmNy00N2FmLWJjOGItYTViNzgzMWE4Y2Ux
LzEvTGc0empYUG5XRWFFVm1Ndlc4cXVCNjhOaHpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDUFWAMA0E
AgACMAcDBQMqAhPQMA0GCSqGSIb3DQEBCwUAA4IBAQAoWZdgnvVxgVZ+rTQi8FNt
L6Gs1exrkU59L/JpnJi0BkxE0R0yaecGmkwKSfZgzYn1e+zMsCl3eCy7zVo8aMPg
Bct/GTuUFtD427P6837eWm+Tt60+PSFIPC2Z9VgcFkZpULHBArOhwNLUrVyaR5WZ
OojxkBU/gPW/tmzzbvuQr5bMOOATbfPFiiPN9ku7YBFmHpdXAC+6+yQLfF0JUHIP
+zXnVK1RfhXMNprvso/gAnB8bSbRrZzHHFW3f7svGOt9GRO7O+p8dq8bvW8POa1w
Nnfanlq3gFMXSNWLpMJhckCamMrHVQyUbeCtUQX/Cz84i6VM5iLYU0ZUeZqnyDYz
-----END CERTIFICATE-----