Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/eQMKyVnJ4wOU6t0f-qD5EAu24F4.roa
File:                     eQMKyVnJ4wOU6t0f-qD5EAu24F4.roa (raw, json)
Hash identifier:          K770PPa3q87NT3sqlL6fMy7s1JoEqH9RrPXpVjedhDA=
Subject key identifier:   79:03:0A:C9:59:C9:E3:03:94:EA:DD:1F:FA:A0:F9:10:0B:B6:E0:5E
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       018CC6B9358D8C93E9B5F07BB25CD2B90CC8
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/eQMKyVnJ4wOU6t0f-qD5EAu24F4.roa
Signing time:             Mon 01 Jan 2024 20:31:15 +0000
ROA not before:           Mon 01 Jan 2024 20:31:15 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55002
IP address blocks:        62.244.244.0/24 maxlen: 24
                          213.248.141.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 21 May 2024 08:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:35:8d:8c:93:e9:b5:f0:7b:b2:5c:d2:b9:0c:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 20:31:15 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79030ac959c9e30394eadd1ffaa0f9100bb6e05e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:69:05:9f:b9:01:06:2d:59:df:fd:ec:99:6c:
                    31:91:65:b6:0b:18:f6:8f:21:ed:66:f7:7c:55:88:
                    ca:37:16:b6:db:45:d4:6f:87:72:da:0c:17:87:e4:
                    48:e3:ad:32:15:63:b6:9e:4f:f6:8f:40:23:85:b6:
                    2e:be:c0:6f:03:cc:6e:7d:3a:45:12:b7:44:7c:83:
                    42:de:d2:c1:2d:46:1b:21:64:21:d7:14:67:53:f5:
                    b6:51:1d:2d:19:51:a2:d7:fd:e4:61:53:89:21:9c:
                    53:cf:84:bd:6a:7c:d4:e2:36:44:67:7c:24:39:71:
                    18:fd:55:2a:8c:a8:e5:41:ff:9f:1d:2c:42:31:46:
                    9b:e2:e6:f1:08:e9:78:61:d9:44:36:ae:91:1b:54:
                    99:26:11:a4:fd:1e:f9:3f:96:71:5d:36:1c:6d:df:
                    59:a8:38:63:ae:54:a4:0f:c2:f5:b8:44:ff:30:e0:
                    62:bc:41:b2:44:0f:1a:06:56:c2:fb:3a:df:41:57:
                    7d:27:98:65:57:53:34:8c:60:56:7a:e1:18:d4:f6:
                    69:81:77:3f:61:04:90:0e:59:4d:92:3e:7d:f8:17:
                    d0:17:ba:e9:6c:c8:32:b2:f3:2e:48:c4:1a:91:10:
                    ef:d4:e2:b9:63:aa:2f:2f:81:ae:12:0c:b7:12:9d:
                    89:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:03:0A:C9:59:C9:E3:03:94:EA:DD:1F:FA:A0:F9:10:0B:B6:E0:5E
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/eQMKyVnJ4wOU6t0f-qD5EAu24F4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.244.244.0/24
                  213.248.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         96:80:a5:7d:ae:ba:7f:d2:f2:c5:a9:c1:ee:7d:84:69:3a:15:
         86:a9:7e:07:5e:f9:15:15:4b:2c:f3:f8:91:04:90:3f:16:d3:
         18:01:57:86:a9:8f:30:6d:84:df:04:84:06:62:c5:e7:8f:d7:
         c5:16:bc:7d:b7:ef:5c:04:a5:3c:6b:fd:6c:d2:c9:0b:2b:6d:
         38:88:80:7a:f4:19:48:03:7e:d7:8e:ab:cd:50:c1:78:83:5c:
         7b:44:55:c4:78:46:8b:c8:06:80:23:ff:f8:5f:1e:d3:2a:2e:
         0a:d6:fa:06:95:ed:28:5d:8e:29:c4:ec:9f:d5:16:22:ae:ac:
         74:53:2d:a5:c6:44:80:96:3e:eb:1e:f4:dc:2b:5f:0c:35:eb:
         34:b3:96:44:a8:43:18:51:14:a1:fb:ca:df:5d:f4:48:04:a6:
         56:31:c7:e3:04:50:ec:ed:28:89:23:ea:68:a1:42:89:6b:87:
         9a:9a:0a:36:b1:f2:02:eb:b9:c3:cf:08:25:53:0d:5a:58:ed:
         96:5f:2e:9e:05:95:5a:c8:66:09:7c:49:4f:22:97:b5:c7:93:
         62:bf:b1:bf:95:fa:b9:da:e9:70:7d:9b:ad:f2:9b:f8:cb:2d:
         02:87:f5:4d:96:cd:c6:53:e3:28:6e:13:f6:da:5b:a1:7e:93:
         5b:69:24:f8
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGuTWNjJPptfB7slzSuQzIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjQwMTAxMjAzMTE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTAzMGFjOTU5YzllMzAzOTRlYWRkMWZmYWEwZjkxMDBiYjZlMDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhGkFn7kBBi1Z3/3smWwxkWW2Cxj2
jyHtZvd8VYjKNxa220XUb4dy2gwXh+RI460yFWO2nk/2j0AjhbYuvsBvA8xufTpF
ErdEfINC3tLBLUYbIWQh1xRnU/W2UR0tGVGi1/3kYVOJIZxTz4S9anzU4jZEZ3wk
OXEY/VUqjKjlQf+fHSxCMUab4ubxCOl4YdlENq6RG1SZJhGk/R75P5ZxXTYcbd9Z
qDhjrlSkD8L1uET/MOBivEGyRA8aBlbC+zrfQVd9J5hlV1M0jGBWeuEY1PZpgXc/
YQSQDllNkj59+BfQF7rpbMgysvMuSMQakRDv1OK5Y6ovL4GuEgy3Ep2JAQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHkDCslZyeMDlOrdH/qg+RALtuBeMB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvZVFNS3lWbko0d09VNnQwZi1xRDVFQXUyNEY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPvT0AwQA
1fiNMA0GCSqGSIb3DQEBCwUAA4IBAQCWgKV9rrp/0vLFqcHufYRpOhWGqX4HXvkV
FUss8/iRBJA/FtMYAVeGqY8wbYTfBIQGYsXnj9fFFrx9t+9cBKU8a/1s0skLK204
iIB69BlIA37XjqvNUMF4g1x7RFXEeEaLyAaAI//4Xx7TKi4K1voGle0oXY4pxOyf
1RYirqx0Uy2lxkSAlj7rHvTcK18MNes0s5ZEqEMYURSh+8rfXfRIBKZWMcfjBFDs
7SiJI+pooUKJa4eamgo2sfIC67nDzwglUw1aWO2WXy6eBZVayGYJfElPIpe1x5Ni
v7G/lfq52ulwfZut8pv4yy0Ch/VNls3GU+MobhP22luhfpNbaST4
-----END CERTIFICATE-----