Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EgjAv4-0d5sYVyLqoZrqY9fONOg.roa
File:                     EgjAv4-0d5sYVyLqoZrqY9fONOg.roa (raw, json)
Hash identifier:          yy+gocPuw8u9GXNZoKzuuB1G1/9BQaOenGkFeljtdFk=
Subject key identifier:   12:08:C0:BF:8F:B4:77:9B:18:57:22:EA:A1:9A:EA:63:D7:CE:34:E8
Certificate issuer:       /CN=1056bcd426fd87cd6f4147e133216d03112b181b
Certificate serial:       018CC3B6DD6B53B3D5FDA74082DA8A22F627
Authority key identifier: 10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EgjAv4-0d5sYVyLqoZrqY9fONOg.roa
Signing time:             Mon 01 Jan 2024 06:29:50 +0000
ROA not before:           Mon 01 Jan 2024 06:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56876
IP address blocks:        81.31.252.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:dd:6b:53:b3:d5:fd:a7:40:82:da:8a:22:f6:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1056bcd426fd87cd6f4147e133216d03112b181b
        Validity
            Not Before: Jan  1 06:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1208c0bf8fb4779b185722eaa19aea63d7ce34e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:42:c9:ff:71:03:a2:8c:ae:28:1b:7f:d7:ea:
                    61:58:9f:5b:27:91:5d:23:85:6f:21:b7:ea:2b:ae:
                    f4:30:f8:7c:c6:db:3d:25:7a:e0:0a:6d:35:c8:70:
                    ec:c4:4c:8e:9a:4c:1a:ec:41:24:90:dc:67:89:00:
                    ac:74:bf:e6:0c:87:2f:49:70:87:11:4a:81:70:f1:
                    6f:e5:46:d3:1c:fa:d8:a5:a4:88:3f:97:2f:14:c6:
                    a8:2c:25:99:e2:76:6e:76:d7:f0:d8:63:16:5f:0e:
                    2f:35:a1:b3:22:05:b5:ab:61:70:cb:28:a1:5f:e2:
                    a1:7b:58:77:3a:15:4c:0e:21:9c:4f:44:94:f2:c8:
                    a2:e4:d9:83:23:b8:02:46:41:71:d8:4f:0a:57:9b:
                    93:36:25:05:fe:99:01:ac:29:aa:c5:a8:af:4d:f9:
                    a3:13:a3:d8:57:a8:b4:37:dd:6e:60:a5:e9:2f:9e:
                    a7:05:cb:ac:a5:14:db:5a:18:23:75:4b:a4:26:98:
                    8d:9a:b0:4e:29:5b:46:a2:8d:fa:7c:87:a9:9d:09:
                    79:b1:91:8d:78:c0:c6:7c:a5:9e:82:67:1f:93:89:
                    42:58:fd:49:78:56:c6:ea:f3:55:8f:25:94:49:a0:
                    eb:d2:5b:85:6e:13:b0:9c:6d:34:c3:e5:03:0e:db:
                    c1:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:08:C0:BF:8F:B4:77:9B:18:57:22:EA:A1:9A:EA:63:D7:CE:34:E8
            X509v3 Authority Key Identifier:
                keyid:10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EgjAv4-0d5sYVyLqoZrqY9fONOg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         3c:df:f8:6f:81:94:aa:39:17:bf:8e:e0:4b:dd:a9:be:08:75:
         32:f7:42:7f:2d:2c:da:c2:c3:09:80:73:7e:c8:b2:f7:e5:7c:
         97:b2:bf:07:b6:25:e3:1f:22:90:9c:54:98:17:49:33:55:ca:
         d3:5a:1b:dd:4f:39:63:77:c0:9e:42:06:80:e6:22:ba:53:0f:
         b0:95:f5:b7:a5:7a:36:5d:50:e9:9b:05:88:19:da:bf:9d:65:
         28:42:39:17:69:42:fd:43:dc:3b:09:62:5a:fd:b5:c1:32:19:
         8f:a0:d8:31:54:ca:2e:6c:d3:26:98:7d:11:2a:b3:87:a3:ab:
         ef:6f:b4:03:89:15:85:49:5d:8d:b0:0c:70:0a:ad:2a:fa:4d:
         5b:ad:fc:c6:f2:9f:7b:32:fe:a5:cd:6f:60:3e:b8:be:8f:db:
         68:ba:18:0e:6d:c5:45:8a:ba:cf:92:ca:47:12:21:39:26:0f:
         b6:d0:b1:a8:06:2d:85:b3:91:1a:61:87:de:3e:ce:39:04:64:
         01:8b:4e:a5:be:f5:25:e2:d8:6e:e9:7c:30:3f:78:7f:f4:04:
         64:7b:96:78:f2:e7:76:27:ef:fe:2f:d0:6b:d3:fb:cf:dd:5c:
         89:a3:0f:fa:66:5a:f8:9c:77:1b:7a:b3:3d:69:cd:7c:3c:61:
         f3:69:8e:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtt1rU7PV/adAgtqKIvYnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTZiY2Q0MjZmZDg3Y2Q2ZjQxNDdlMTMzMjE2ZDAzMTEy
YjE4MWIwHhcNMjQwMTAxMDYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjA4YzBiZjhmYjQ3NzliMTg1NzIyZWFhMTlhZWE2M2Q3Y2UzNGU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmkLJ/3EDooyuKBt/1+phWJ9bJ5Fd
I4VvIbfqK670MPh8xts9JXrgCm01yHDsxEyOmkwa7EEkkNxniQCsdL/mDIcvSXCH
EUqBcPFv5UbTHPrYpaSIP5cvFMaoLCWZ4nZudtfw2GMWXw4vNaGzIgW1q2Fwyyih
X+Khe1h3OhVMDiGcT0SU8sii5NmDI7gCRkFx2E8KV5uTNiUF/pkBrCmqxaivTfmj
E6PYV6i0N91uYKXpL56nBcuspRTbWhgjdUukJpiNmrBOKVtGoo36fIepnQl5sZGN
eMDGfKWegmcfk4lCWP1JeFbG6vNVjyWUSaDr0luFbhOwnG00w+UDDtvBBwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBIIwL+PtHebGFci6qGa6mPXzjToMB8GA1UdIwQY
MBaAFBBWvNQm/YfNb0FH4TMhbQMRKxgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzct
YWE4NTllMTkyYjE2LzEvRWdqQXY0LTBkNXNZVnlMcW9acnFZOWZPTk9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzctYWE4NTllMTkyYjE2
LzEvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUR/8MA0G
CSqGSIb3DQEBCwUAA4IBAQA83/hvgZSqORe/juBL3am+CHUy90J/LSzawsMJgHN+
yLL35XyXsr8HtiXjHyKQnFSYF0kzVcrTWhvdTzljd8CeQgaA5iK6Uw+wlfW3pXo2
XVDpmwWIGdq/nWUoQjkXaUL9Q9w7CWJa/bXBMhmPoNgxVMoubNMmmH0RKrOHo6vv
b7QDiRWFSV2NsAxwCq0q+k1brfzG8p97Mv6lzW9gPri+j9touhgObcVFirrPkspH
EiE5Jg+20LGoBi2Fs5EaYYfePs45BGQBi06lvvUl4thu6XwwP3h/9ARke5Z48ud2
J+/+L9Br0/vP3VyJow/6Zlr4nHcberM9ac18PGHzaY6C
-----END CERTIFICATE-----