Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/eyTPDyHnMvGnEntloukdlStH5kU.roa
File:                     eyTPDyHnMvGnEntloukdlStH5kU.roa (raw, json)
Hash identifier:          jp+EEccLH2ErDaRdgYgJ1SwfQwpFVpK1cXileDLghI8=
Subject key identifier:   7B:24:CF:0F:21:E7:32:F1:A7:12:7B:65:A2:E9:1D:95:2B:47:E6:45
Certificate issuer:       /CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
Certificate serial:       018CC3B7412F0C9EA3F74B481CED47336BB4
Authority key identifier: 76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/eyTPDyHnMvGnEntloukdlStH5kU.roa
Signing time:             Mon 01 Jan 2024 06:30:16 +0000
ROA not before:           Mon 01 Jan 2024 06:30:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        193.9.124.0/24 maxlen: 24
                          94.247.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 16:02:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:41:2f:0c:9e:a3:f7:4b:48:1c:ed:47:33:6b:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=767f3bd4bfbd3071c38cd4d7092bd3490920c3d9
        Validity
            Not Before: Jan  1 06:30:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b24cf0f21e732f1a7127b65a2e91d952b47e645
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f1:40:6e:ca:ad:2b:a8:6c:02:96:37:cb:c9:
                    b3:a6:b8:c6:f1:6f:f3:ac:5e:1f:4b:86:2a:15:c6:
                    6a:2f:8a:46:ea:00:c4:7a:d4:c3:2e:63:fb:03:cb:
                    6e:f0:1e:cd:31:20:87:d9:b4:ff:7c:69:5a:e1:fd:
                    0d:e9:e3:e9:10:11:91:76:c6:80:8e:13:bc:7e:82:
                    46:49:72:36:22:fb:ae:1b:18:bc:35:cd:f7:21:93:
                    0e:73:0f:3e:a2:b0:40:7b:8c:f9:8f:d5:11:f6:82:
                    de:05:cc:da:ad:12:27:ab:0b:6d:fc:a3:53:7f:76:
                    f1:68:f0:e4:49:6b:45:f0:99:0b:34:49:14:03:4f:
                    69:6b:0b:9d:b2:4b:52:ec:b9:5b:bb:0d:9e:80:f8:
                    6f:91:0a:68:01:86:67:2b:7a:43:2b:52:59:9b:7e:
                    1b:bd:a4:ad:a7:d9:83:ad:f3:5a:25:32:e1:06:b0:
                    bd:18:64:da:a1:e0:18:3d:ce:0b:71:eb:64:a8:ce:
                    46:4d:1b:f1:1b:48:67:62:24:66:6f:e5:cc:48:09:
                    1e:88:5b:fb:38:6d:ae:a7:cd:e8:dd:dd:05:c8:c3:
                    66:df:72:0d:c3:ba:9e:d4:35:4f:73:72:4d:3d:c1:
                    0a:93:b3:2f:81:5f:89:a7:7a:4f:74:cc:16:92:4d:
                    55:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:24:CF:0F:21:E7:32:F1:A7:12:7B:65:A2:E9:1D:95:2B:47:E6:45
            X509v3 Authority Key Identifier:
                keyid:76:7F:3B:D4:BF:BD:30:71:C3:8C:D4:D7:09:2B:D3:49:09:20:C3:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dn871L-9MHHDjNTXCSvTSQkgw9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/eyTPDyHnMvGnEntloukdlStH5kU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/ff5cc6-8f61-447b-b658-4fb559b3b9b3/1/dn871L-9MHHDjNTXCSvTSQkgw9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.247.139.0/24
                  193.9.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:dc:89:6f:27:f2:a3:4c:48:9b:fe:8b:be:d4:91:ac:53:ca:
         c5:c3:64:f4:08:64:dd:cf:56:78:3f:1f:2a:73:71:91:58:a2:
         8b:e2:96:42:27:0e:8b:76:09:7c:35:0c:aa:a9:be:95:3b:8a:
         e3:a4:b8:f3:52:38:44:af:83:df:1a:1f:9b:a4:1c:1e:17:e6:
         ca:c6:b2:00:44:b3:87:9a:35:06:d2:0b:b6:81:17:ba:41:38:
         f3:15:33:fe:5c:00:dc:02:60:18:38:a9:6e:4d:45:b8:cc:16:
         7f:a3:b1:70:5a:d8:a0:27:00:53:ab:04:45:3b:09:0d:b5:55:
         05:e1:cf:d7:f5:ab:5d:ef:44:b3:55:7b:6f:2a:29:46:2b:bf:
         20:cd:b9:c9:77:4c:19:aa:04:7b:bb:40:5e:d6:f6:4a:d9:97:
         aa:e4:55:bd:4e:fb:45:8a:45:25:90:e8:ba:a2:60:b7:d4:41:
         b7:97:98:88:40:54:1f:d5:7a:80:53:ad:67:8d:19:3d:b0:c1:
         09:a2:41:17:86:45:2d:55:ad:38:67:7a:19:40:85:1b:44:8f:
         7c:50:de:9f:6a:86:2d:a8:00:fb:b6:24:9e:b2:1c:b8:9b:87:
         c9:0b:df:0b:fe:36:3b:da:f0:bd:34:fa:ae:35:5d:1a:75:02:
         8d:11:5f:7d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzDt0EvDJ6j90tIHO1HM2u0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2N2YzYmQ0YmZiZDMwNzFjMzhjZDRkNzA5MmJkMzQ5MDky
MGMzZDkwHhcNMjQwMTAxMDYzMDE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjI0Y2YwZjIxZTczMmYxYTcxMjdiNjVhMmU5MWQ5NTJiNDdlNjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvfFAbsqtK6hsApY3y8mzprjG8W/z
rF4fS4YqFcZqL4pG6gDEetTDLmP7A8tu8B7NMSCH2bT/fGla4f0N6ePpEBGRdsaA
jhO8foJGSXI2IvuuGxi8Nc33IZMOcw8+orBAe4z5j9UR9oLeBczarRInqwtt/KNT
f3bxaPDkSWtF8JkLNEkUA09pawudsktS7Llbuw2egPhvkQpoAYZnK3pDK1JZm34b
vaStp9mDrfNaJTLhBrC9GGTaoeAYPc4LcetkqM5GTRvxG0hnYiRmb+XMSAkeiFv7
OG2up83o3d0FyMNm33INw7qe1DVPc3JNPcEKk7MvgV+Jp3pPdMwWkk1VVQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHskzw8h5zLxpxJ7ZaLpHZUrR+ZFMB8GA1UdIwQY
MBaAFHZ/O9S/vTBxw4zU1wkr00kJIMPZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgt
NGZiNTU5YjNiOWIzLzEvZXlUUER5SG5NdkduRW50bG91a2RsU3RINWtVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi9mZjVjYzYtOGY2MS00NDdiLWI2NTgtNGZiNTU5YjNiOWIz
LzEvZG44NzFMLTlNSEhEak5UWENTdlRTUWtndzlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXveLAwQA
wQl8MA0GCSqGSIb3DQEBCwUAA4IBAQAr3IlvJ/KjTEib/ou+1JGsU8rFw2T0CGTd
z1Z4Px8qc3GRWKKL4pZCJw6Ldgl8NQyqqb6VO4rjpLjzUjhEr4PfGh+bpBweF+bK
xrIARLOHmjUG0gu2gRe6QTjzFTP+XADcAmAYOKluTUW4zBZ/o7FwWtigJwBTqwRF
OwkNtVUF4c/X9atd70SzVXtvKilGK78gzbnJd0wZqgR7u0Be1vZK2Zeq5FW9TvtF
ikUlkOi6omC31EG3l5iIQFQf1XqAU61njRk9sMEJokEXhkUtVa04Z3oZQIUbRI98
UN6faoYtqAD7tiSeshy4m4fJC98L/jY72vC9NPquNV0adQKNEV99
-----END CERTIFICATE-----