Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/2c0b8e-c726-4000-8dfe-9518daa17ae7/1/_L28wUlSr3MxgFq4SsKFKDzPCUI.roa
File:                     _L28wUlSr3MxgFq4SsKFKDzPCUI.roa (raw, json)
Hash identifier:          EGePfWPdZYm+N2IZtPKCKD6tulpCxgSvZYd6iAXkTIg=
Subject key identifier:   FC:BD:BC:C1:49:52:AF:73:31:80:5A:B8:4A:C2:85:28:3C:CF:09:42
Certificate issuer:       /CN=12e70457ebdee594b07144204454706ceaaf6bf6
Certificate serial:       018CC424A7485C3C1D18E69AD2173778CA97
Authority key identifier: 12:E7:04:57:EB:DE:E5:94:B0:71:44:20:44:54:70:6C:EA:AF:6B:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EucEV-ve5ZSwcUQgRFRwbOqva_Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/2c0b8e-c726-4000-8dfe-9518daa17ae7/1/_L28wUlSr3MxgFq4SsKFKDzPCUI.roa
Signing time:             Mon 01 Jan 2024 08:29:45 +0000
ROA not before:           Mon 01 Jan 2024 08:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212768
IP address blocks:        193.56.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/2c0b8e-c726-4000-8dfe-9518daa17ae7/1/EucEV-ve5ZSwcUQgRFRwbOqva_Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/2c0b8e-c726-4000-8dfe-9518daa17ae7/1/EucEV-ve5ZSwcUQgRFRwbOqva_Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EucEV-ve5ZSwcUQgRFRwbOqva_Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:a7:48:5c:3c:1d:18:e6:9a:d2:17:37:78:ca:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12e70457ebdee594b07144204454706ceaaf6bf6
        Validity
            Not Before: Jan  1 08:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fcbdbcc14952af7331805ab84ac285283ccf0942
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:12:73:17:10:11:7c:7c:71:e2:26:e5:e0:98:
                    b6:13:a9:a8:3c:8f:26:d1:5e:3e:7f:e9:68:e3:54:
                    80:79:9a:2a:76:e7:1d:b0:a3:ae:d6:fe:0e:a6:9f:
                    49:29:b7:b0:0a:38:e8:29:35:df:76:35:b6:7b:c4:
                    05:34:b8:a1:e4:46:75:6b:4b:16:df:c3:99:1c:93:
                    be:f2:71:30:08:4a:c6:d8:f1:23:4a:cc:fd:5c:64:
                    8c:7d:3c:81:52:34:57:80:2d:ed:ba:75:da:73:e5:
                    72:19:58:04:62:dd:ea:52:f3:78:2b:b2:7a:ce:57:
                    3c:15:54:5e:44:0c:ac:1c:51:f2:21:b0:6e:4c:88:
                    95:b9:e0:ea:ef:40:e3:ba:2f:59:3e:79:4e:df:ce:
                    19:a7:6e:27:3c:44:5e:88:95:3b:74:c7:9e:03:b5:
                    5e:ad:4f:10:b6:3f:72:3b:0a:8c:34:bc:c4:d3:86:
                    37:77:83:57:21:b1:bd:01:dd:8d:6a:90:60:bf:0f:
                    b3:c3:86:e3:9f:e5:0b:97:c1:f9:3b:a9:f6:fe:a0:
                    1a:87:2a:8c:3e:58:a3:fc:ad:f4:12:1a:b8:23:f9:
                    15:dc:69:f2:6d:71:c7:b4:4a:cd:27:b8:fd:82:a8:
                    79:5d:d0:f1:e5:0f:52:71:94:54:f1:43:9e:23:25:
                    1c:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:BD:BC:C1:49:52:AF:73:31:80:5A:B8:4A:C2:85:28:3C:CF:09:42
            X509v3 Authority Key Identifier:
                keyid:12:E7:04:57:EB:DE:E5:94:B0:71:44:20:44:54:70:6C:EA:AF:6B:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EucEV-ve5ZSwcUQgRFRwbOqva_Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/2c0b8e-c726-4000-8dfe-9518daa17ae7/1/_L28wUlSr3MxgFq4SsKFKDzPCUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/2c0b8e-c726-4000-8dfe-9518daa17ae7/1/EucEV-ve5ZSwcUQgRFRwbOqva_Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.56.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:83:1a:b1:ef:6a:a4:20:51:1c:ed:a3:c5:49:7d:35:db:ac:
         14:8f:e7:75:cb:7e:01:86:fb:ef:db:e6:91:2f:98:33:f1:f9:
         41:40:72:6c:44:f6:02:ef:87:4e:3c:ca:06:6c:36:40:4a:38:
         a9:07:70:60:5c:fd:16:a8:d0:b4:44:15:2a:b6:d9:fd:cc:c6:
         42:b2:08:dd:8b:0b:6c:d4:83:17:e9:d1:9f:c6:59:c4:bf:1c:
         a9:43:e6:2f:2f:b6:7e:fc:bd:45:07:65:9a:57:e1:22:ff:e4:
         6b:dd:5e:37:e1:b2:a9:09:52:64:8d:9c:8a:fb:2c:be:5d:2a:
         e1:cb:9a:58:28:04:d6:87:c6:57:2a:2a:d5:25:59:a9:04:34:
         57:d0:22:f6:ac:41:2d:62:4b:5e:7b:8f:90:5d:fc:56:bd:48:
         d2:88:ed:18:e5:ca:34:b8:ff:4c:0c:15:a8:23:f6:d8:32:a9:
         f0:a8:01:d2:92:dd:87:cd:37:d0:38:c0:97:13:a2:12:a4:6d:
         84:f5:28:3f:9e:64:5f:75:70:94:e7:96:5f:f7:e2:f0:4c:40:
         a7:a9:14:bb:ef:8f:27:09:26:cc:98:39:57:0b:6e:bf:36:b5:
         9d:bb:a9:29:80:9b:7c:d6:23:e9:ec:db:1f:a0:6b:1d:96:99:
         4f:62:a9:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJKdIXDwdGOaa0hc3eMqXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZTcwNDU3ZWJkZWU1OTRiMDcxNDQyMDQ0NTQ3MDZjZWFh
ZjZiZjYwHhcNMjQwMTAxMDgyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2JkYmNjMTQ5NTJhZjczMzE4MDVhYjg0YWMyODUyODNjY2YwOTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxJzFxARfHxx4ibl4Ji2E6moPI8m
0V4+f+lo41SAeZoqducdsKOu1v4Opp9JKbewCjjoKTXfdjW2e8QFNLih5EZ1a0sW
38OZHJO+8nEwCErG2PEjSsz9XGSMfTyBUjRXgC3tunXac+VyGVgEYt3qUvN4K7J6
zlc8FVReRAysHFHyIbBuTIiVueDq70Djui9ZPnlO384Zp24nPEReiJU7dMeeA7Ve
rU8Qtj9yOwqMNLzE04Y3d4NXIbG9Ad2NapBgvw+zw4bjn+ULl8H5O6n2/qAahyqM
Plij/K30Ehq4I/kV3GnybXHHtErNJ7j9gqh5XdDx5Q9ScZRU8UOeIyUcLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPy9vMFJUq9zMYBauErChSg8zwlCMB8GA1UdIwQY
MBaAFBLnBFfr3uWUsHFEIERUcGzqr2v2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXVjRVYtdmU1WlN3Y1VRZ1JGUndiT3F2YV9ZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8yYzBiOGUtYzcyNi00MDAwLThkZmUt
OTUxOGRhYTE3YWU3LzEvX0wyOHdVbFNyM014Z0ZxNFNzS0ZLRHpQQ1VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8yYzBiOGUtYzcyNi00MDAwLThkZmUtOTUxOGRhYTE3YWU3
LzEvRXVjRVYtdmU1WlN3Y1VRZ1JGUndiT3F2YV9ZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwTgKMA0G
CSqGSIb3DQEBCwUAA4IBAQABgxqx72qkIFEc7aPFSX0126wUj+d1y34Bhvvv2+aR
L5gz8flBQHJsRPYC74dOPMoGbDZASjipB3BgXP0WqNC0RBUqttn9zMZCsgjdiwts
1IMX6dGfxlnEvxypQ+YvL7Z+/L1FB2WaV+Ei/+Rr3V434bKpCVJkjZyK+yy+XSrh
y5pYKATWh8ZXKirVJVmpBDRX0CL2rEEtYktee4+QXfxWvUjSiO0Y5co0uP9MDBWo
I/bYMqnwqAHSkt2HzTfQOMCXE6ISpG2E9Sg/nmRfdXCU55Zf9+LwTECnqRS7748n
CSbMmDlXC26/NrWdu6kpgJt81iPp7NsfoGsdlplPYqnJ
-----END CERTIFICATE-----