Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0a/0ba59b-ff4f-438c-8417-5fa380749497/1/EDcBofNjHlelGM--ZuDNYIfMSCU.roa
File:                     EDcBofNjHlelGM--ZuDNYIfMSCU.roa (raw, json)
Hash identifier:          QjLpPVSlIMakkO5yFzwjCX7mXy2GW/VUMKQnHVww+bQ=
Subject key identifier:   10:37:01:A1:F3:63:1E:57:A5:18:CF:BE:66:E0:CD:60:87:CC:48:25
Certificate issuer:       /CN=2457f73bf02f754b1e6317ee9a4f3e88637f1aa7
Certificate serial:       01902BB65C4207EBF2BC427A197A3237DF68
Authority key identifier: 24:57:F7:3B:F0:2F:75:4B:1E:63:17:EE:9A:4F:3E:88:63:7F:1A:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFf3O_AvdUseYxfumk8-iGN_Gqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0a/0ba59b-ff4f-438c-8417-5fa380749497/1/EDcBofNjHlelGM--ZuDNYIfMSCU.roa
Signing time:             Tue 18 Jun 2024 14:18:09 +0000
ROA not before:           Tue 18 Jun 2024 14:18:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     29691
IP address blocks:        203.56.112.0/23 maxlen: 23
                          2a14:3e40::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0a/0ba59b-ff4f-438c-8417-5fa380749497/1/JFf3O_AvdUseYxfumk8-iGN_Gqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0a/0ba59b-ff4f-438c-8417-5fa380749497/1/JFf3O_AvdUseYxfumk8-iGN_Gqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFf3O_AvdUseYxfumk8-iGN_Gqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 17:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2b:b6:5c:42:07:eb:f2:bc:42:7a:19:7a:32:37:df:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2457f73bf02f754b1e6317ee9a4f3e88637f1aa7
        Validity
            Not Before: Jun 18 14:18:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=103701a1f3631e57a518cfbe66e0cd6087cc4825
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:cf:93:6e:33:1d:46:ca:ec:e5:04:eb:16:cf:
                    c1:ed:3d:d2:86:e4:e8:b9:0d:71:28:da:6d:3b:b4:
                    50:57:92:3d:f3:13:9d:03:e3:8d:95:a4:24:03:36:
                    c5:4c:a3:91:41:a1:5f:c6:cb:88:98:36:0f:f2:91:
                    89:d4:32:60:88:7e:65:b1:bf:b8:48:b1:85:c8:ef:
                    de:d0:c7:63:9e:1a:d7:e0:57:68:22:d8:79:37:6c:
                    f4:ee:dd:c4:ff:e4:f7:5a:fa:31:ff:41:7b:cb:30:
                    1c:8c:ac:ef:db:8d:de:63:a5:54:fd:ba:b9:f1:6f:
                    df:17:ad:e0:1d:74:d3:12:a5:a6:a1:7a:88:81:10:
                    61:04:a2:9e:65:b9:db:01:6a:79:75:bf:12:3c:25:
                    de:27:c3:58:40:23:ff:c5:3c:6d:54:53:10:c8:fe:
                    73:0a:9d:d0:0c:52:dd:0e:e7:a7:c6:37:c6:a9:48:
                    71:ea:11:48:0e:6d:83:2a:02:c9:d7:f3:cb:40:66:
                    c2:36:10:3b:d5:77:ae:eb:1f:1c:c0:40:0a:7e:c1:
                    0e:33:39:f1:81:40:18:5d:c5:07:e0:ea:4e:f9:a2:
                    9d:92:f9:6d:7c:2b:88:c5:d9:28:4b:c4:ca:1a:ed:
                    3f:58:1b:f2:a5:db:53:a5:95:ce:53:3d:9d:63:06:
                    30:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:37:01:A1:F3:63:1E:57:A5:18:CF:BE:66:E0:CD:60:87:CC:48:25
            X509v3 Authority Key Identifier:
                keyid:24:57:F7:3B:F0:2F:75:4B:1E:63:17:EE:9A:4F:3E:88:63:7F:1A:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFf3O_AvdUseYxfumk8-iGN_Gqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/0ba59b-ff4f-438c-8417-5fa380749497/1/EDcBofNjHlelGM--ZuDNYIfMSCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0a/0ba59b-ff4f-438c-8417-5fa380749497/1/JFf3O_AvdUseYxfumk8-iGN_Gqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.56.112.0/23
                IPv6:
                  2a14:3e40::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:bc:32:02:07:76:7d:a5:c8:e1:cf:47:17:25:29:e2:c8:d0:
         81:75:7e:a8:32:6f:cb:36:c5:68:c9:a0:2f:5c:a6:74:fa:a5:
         d9:a9:20:c7:aa:01:2e:78:d9:4b:62:0e:3d:07:b8:35:ea:5f:
         36:8a:95:6d:60:db:4d:22:38:fe:10:03:6c:45:a5:9d:b6:61:
         b1:e3:e0:48:4b:73:5e:e7:38:a7:b3:18:e6:60:00:86:d9:ed:
         2e:09:2b:1d:4a:f5:0b:bf:2b:d8:e3:1a:14:2b:60:13:ea:70:
         6b:21:25:2b:f6:09:99:6e:3e:0b:ed:e6:d6:9c:a1:2e:7e:35:
         53:d6:4d:a9:32:f9:97:0b:27:d0:1d:77:21:b5:27:32:02:b3:
         9a:a2:32:40:bd:24:7d:d9:bc:4e:b0:b8:f5:d3:03:79:e1:92:
         a8:62:bd:27:11:bf:66:bc:40:50:f7:0a:2c:46:aa:18:34:7b:
         a3:72:4f:63:9e:51:f0:33:20:6c:56:c4:53:7f:2e:0c:8c:ec:
         ea:e5:56:41:69:01:24:89:d0:d4:68:c3:8d:15:26:73:b8:f8:
         94:34:8c:94:83:4c:f7:26:d4:69:15:7e:2d:07:a3:6e:62:8b:
         4f:81:5d:fe:53:bf:92:19:5f:a0:b6:ec:42:11:4b:22:ed:fa:
         aa:bb:20:44
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZArtlxCB+vyvEJ6GXoyN99oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTdmNzNiZjAyZjc1NGIxZTYzMTdlZTlhNGYzZTg4NjM3
ZjFhYTcwHhcNMjQwNjE4MTQxODA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDM3MDFhMWYzNjMxZTU3YTUxOGNmYmU2NmUwY2Q2MDg3Y2M0ODI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8+TbjMdRsrs5QTrFs/B7T3ShuTo
uQ1xKNptO7RQV5I98xOdA+ONlaQkAzbFTKORQaFfxsuImDYP8pGJ1DJgiH5lsb+4
SLGFyO/e0MdjnhrX4FdoIth5N2z07t3E/+T3Wvox/0F7yzAcjKzv243eY6VU/bq5
8W/fF63gHXTTEqWmoXqIgRBhBKKeZbnbAWp5db8SPCXeJ8NYQCP/xTxtVFMQyP5z
Cp3QDFLdDuenxjfGqUhx6hFIDm2DKgLJ1/PLQGbCNhA71Xeu6x8cwEAKfsEOMznx
gUAYXcUH4OpO+aKdkvltfCuIxdkoS8TKGu0/WBvypdtTpZXOUz2dYwYw0QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBA3AaHzYx5XpRjPvmbgzWCHzEglMB8GA1UdIwQY
MBaAFCRX9zvwL3VLHmMX7ppPPohjfxqnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZmM09fQXZkVXNlWXhmdW1rOC1pR05fR3FjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYS8wYmE1OWItZmY0Zi00MzhjLTg0MTct
NWZhMzgwNzQ5NDk3LzEvRURjQm9mTmpIbGVsR00tLVp1RE5ZSWZNU0NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYS8wYmE1OWItZmY0Zi00MzhjLTg0MTctNWZhMzgwNzQ5NDk3
LzEvSkZmM09fQXZkVXNlWXhmdW1rOC1pR05fR3FjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQByzhwMA0E
AgACMAcDBQAqFD5AMA0GCSqGSIb3DQEBCwUAA4IBAQAhvDICB3Z9pcjhz0cXJSni
yNCBdX6oMm/LNsVoyaAvXKZ0+qXZqSDHqgEueNlLYg49B7g16l82ipVtYNtNIjj+
EANsRaWdtmGx4+BIS3Ne5zinsxjmYACG2e0uCSsdSvULvyvY4xoUK2AT6nBrISUr
9gmZbj4L7ebWnKEufjVT1k2pMvmXCyfQHXchtScyArOaojJAvSR92bxOsLj10wN5
4ZKoYr0nEb9mvEBQ9wosRqoYNHujck9jnlHwMyBsVsRTfy4MjOzq5VZBaQEkidDU
aMONFSZzuPiUNIyUg0z3JtRpFX4tB6NuYotPgV3+U7+SGV+gtuxCEUsi7fqquyBE
-----END CERTIFICATE-----