Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EhX1hPDzJYnH9DoG2wmKa06SULU.roa
File:                     EhX1hPDzJYnH9DoG2wmKa06SULU.roa (raw, json)
Hash identifier:          /rdvF4NzWW9XJvcM7kiH8OMJ8+UDbzP2g52qpC5yIJg=
Subject key identifier:   12:15:F5:84:F0:F3:25:89:C7:F4:3A:06:DB:09:8A:6B:4E:92:50:B5
Certificate issuer:       /CN=1056bcd426fd87cd6f4147e133216d03112b181b
Certificate serial:       018CC3B6DCF0537BF9B42CDEA621B88BF22E
Authority key identifier: 10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EhX1hPDzJYnH9DoG2wmKa06SULU.roa
Signing time:             Mon 01 Jan 2024 06:29:50 +0000
ROA not before:           Mon 01 Jan 2024 06:29:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48716
IP address blocks:        81.31.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 12:00:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b6:dc:f0:53:7b:f9:b4:2c:de:a6:21:b8:8b:f2:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1056bcd426fd87cd6f4147e133216d03112b181b
        Validity
            Not Before: Jan  1 06:29:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1215f584f0f32589c7f43a06db098a6b4e9250b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:85:ec:c4:58:fa:88:a6:61:51:a1:76:1e:0b:
                    70:03:24:33:4d:81:b0:2c:ec:41:6c:4e:25:0c:5c:
                    61:31:59:1a:de:66:c2:f0:37:7f:30:c4:98:ac:36:
                    06:8e:45:66:ef:2f:cd:3d:48:1c:55:a4:21:97:22:
                    0f:fc:45:69:c2:73:69:f3:59:0d:1a:b3:18:cb:81:
                    0e:37:13:30:75:77:f1:f2:20:a4:f6:97:c3:c1:79:
                    a6:9b:db:41:58:06:1d:6e:ca:94:32:ee:9b:16:a9:
                    8e:f7:a8:c7:91:73:b8:9f:3d:30:54:b2:b1:aa:9f:
                    82:0e:3d:f4:61:94:43:68:88:8a:1c:ac:0f:10:97:
                    7f:68:34:83:6d:43:0a:02:ef:a8:97:ad:e0:84:b4:
                    b2:ff:b3:3a:bb:76:1b:9e:15:0e:e4:e2:c7:2c:6c:
                    d7:f4:b4:5e:41:95:6a:9c:8b:f9:13:95:1c:c3:d0:
                    b1:ab:26:1a:12:ec:c0:1a:9d:44:d6:2e:2e:61:49:
                    17:1e:d7:ac:a2:19:0d:04:7c:22:e7:cb:a4:b1:74:
                    f1:d9:32:29:7c:47:4f:8a:e1:31:40:c5:28:2b:33:
                    22:04:f8:81:f8:13:27:9c:1c:8f:a9:52:dc:bd:3d:
                    1f:62:a1:ce:43:c2:f6:9b:c2:31:8c:cc:ca:62:57:
                    4f:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:15:F5:84:F0:F3:25:89:C7:F4:3A:06:DB:09:8A:6B:4E:92:50:B5
            X509v3 Authority Key Identifier:
                keyid:10:56:BC:D4:26:FD:87:CD:6F:41:47:E1:33:21:6D:03:11:2B:18:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EFa81Cb9h81vQUfhMyFtAxErGBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EhX1hPDzJYnH9DoG2wmKa06SULU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/e6f4e4-68bb-4496-90c7-aa859e192b16/1/EFa81Cb9h81vQUfhMyFtAxErGBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.31.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:0c:a4:89:ac:a9:e5:9a:8f:ae:85:d6:69:1e:bd:1b:69:67:
         12:11:ac:a3:97:40:1b:fb:af:10:29:b1:be:82:87:4f:49:4a:
         6d:5b:91:73:d2:34:c7:66:9e:e0:48:d5:a6:93:fe:06:38:a7:
         fd:33:b9:c4:a9:02:4d:c4:a0:cc:ee:65:a7:a0:40:d6:ff:2d:
         e3:fc:ab:e4:a7:5a:e8:b4:1f:47:73:46:85:53:9f:10:81:16:
         bd:7c:c6:47:2e:62:01:a3:bb:75:18:cd:b7:21:43:a3:d3:de:
         eb:35:28:6f:41:89:73:99:02:74:1c:81:45:21:d5:b7:63:b8:
         13:bb:3f:62:3d:16:61:d6:93:91:34:ab:2d:44:5a:9e:b9:34:
         46:b6:fd:e9:db:9c:4b:96:a8:1a:4f:06:22:5a:a0:f7:7e:0d:
         ea:fa:ae:ad:14:23:27:ed:d4:fe:56:7e:74:a2:d6:2a:77:55:
         d0:44:5d:13:2d:b5:4f:37:fa:30:23:c7:02:e5:fd:e7:a8:5a:
         f8:b9:f3:98:31:2a:12:10:71:93:e8:ee:fd:51:13:87:b6:81:
         20:2a:1f:5e:ce:05:e2:63:d2:2f:cf:ef:92:ab:31:ca:6d:f7:
         6a:55:a6:bc:92:ab:4f:38:88:b0:9e:8f:ae:81:b0:c2:ab:e7:
         cc:45:cf:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDttzwU3v5tCzepiG4i/IuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNTZiY2Q0MjZmZDg3Y2Q2ZjQxNDdlMTMzMjE2ZDAzMTEy
YjE4MWIwHhcNMjQwMTAxMDYyOTUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjE1ZjU4NGYwZjMyNTg5YzdmNDNhMDZkYjA5OGE2YjRlOTI1MGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIXsxFj6iKZhUaF2HgtwAyQzTYGw
LOxBbE4lDFxhMVka3mbC8Dd/MMSYrDYGjkVm7y/NPUgcVaQhlyIP/EVpwnNp81kN
GrMYy4EONxMwdXfx8iCk9pfDwXmmm9tBWAYdbsqUMu6bFqmO96jHkXO4nz0wVLKx
qp+CDj30YZRDaIiKHKwPEJd/aDSDbUMKAu+ol63ghLSy/7M6u3YbnhUO5OLHLGzX
9LReQZVqnIv5E5Ucw9CxqyYaEuzAGp1E1i4uYUkXHtesohkNBHwi58uksXTx2TIp
fEdPiuExQMUoKzMiBPiB+BMnnByPqVLcvT0fYqHOQ8L2m8IxjMzKYldPKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBIV9YTw8yWJx/Q6BtsJimtOklC1MB8GA1UdIwQY
MBaAFBBWvNQm/YfNb0FH4TMhbQMRKxgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzct
YWE4NTllMTkyYjE2LzEvRWhYMWhQRHpKWW5IOURvRzJ3bUthMDZTVUxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy9lNmY0ZTQtNjhiYi00NDk2LTkwYzctYWE4NTllMTkyYjE2
LzEvRUZhODFDYjloODF2UVVmaE15RnRBeEVyR0JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUR/2MA0G
CSqGSIb3DQEBCwUAA4IBAQApDKSJrKnlmo+uhdZpHr0baWcSEayjl0Ab+68QKbG+
godPSUptW5Fz0jTHZp7gSNWmk/4GOKf9M7nEqQJNxKDM7mWnoEDW/y3j/Kvkp1ro
tB9Hc0aFU58QgRa9fMZHLmIBo7t1GM23IUOj097rNShvQYlzmQJ0HIFFIdW3Y7gT
uz9iPRZh1pORNKstRFqeuTRGtv3p25xLlqgaTwYiWqD3fg3q+q6tFCMn7dT+Vn50
otYqd1XQRF0TLbVPN/owI8cC5f3nqFr4ufOYMSoSEHGT6O79UROHtoEgKh9ezgXi
Y9Ivz++SqzHKbfdqVaa8kqtPOIiwno+ugbDCq+fMRc9v
-----END CERTIFICATE-----