Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/EcNMJEL0y1CEe2ynjbhYmQOzUXs.roa
File:                     EcNMJEL0y1CEe2ynjbhYmQOzUXs.roa (raw, json)
Hash identifier:          5YSG4d8pDolHMKxMZb2gzBqn6SggVAWC1tn9824ZWd0=
Subject key identifier:   11:C3:4C:24:42:F4:CB:50:84:7B:6C:A7:8D:B8:58:99:03:B3:51:7B
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018CC7951F4255FB4F023155B8505BB35A33
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/EcNMJEL0y1CEe2ynjbhYmQOzUXs.roa
Signing time:             Tue 02 Jan 2024 00:31:28 +0000
ROA not before:           Tue 02 Jan 2024 00:31:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2587
IP address blocks:        193.233.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 20:58:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:1f:42:55:fb:4f:02:31:55:b8:50:5b:b3:5a:33
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan  2 00:31:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11c34c2442f4cb50847b6ca78db8589903b3517b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:52:ec:3a:f1:f2:09:24:aa:b4:c5:a5:4b:ba:
                    30:ee:09:17:6c:aa:b3:14:ef:37:7c:6e:12:9b:71:
                    4c:83:05:59:28:74:27:90:63:a8:7c:70:73:dd:bb:
                    df:bf:58:74:44:ac:46:76:3c:56:43:84:79:c4:18:
                    6e:97:24:58:c0:1b:ed:85:f9:d6:63:90:16:66:65:
                    a5:7b:cd:d9:2b:7d:d8:67:dd:a3:29:ec:29:ea:a9:
                    9d:09:a9:f0:23:34:33:fc:6e:8d:0d:6c:17:a9:fa:
                    a5:f7:40:fb:4f:59:51:dc:95:bd:70:d0:04:0d:bb:
                    4b:51:3c:59:54:7c:f6:cf:99:85:14:b8:b2:ac:5e:
                    79:b5:52:27:9a:e8:e3:91:3c:06:16:0e:a1:92:13:
                    ce:b3:95:ec:e1:a2:b7:ee:90:fb:55:bc:c9:a9:d3:
                    f3:27:1a:f8:8a:55:75:fd:ab:4c:f1:a9:85:6d:92:
                    b1:2a:22:b9:61:ce:0c:26:2f:3a:5f:99:3e:cd:69:
                    bc:48:a2:db:4e:55:d0:8e:e1:58:91:a6:f5:51:85:
                    a7:70:ca:d7:79:2c:7e:21:5b:e4:b7:a9:60:4e:52:
                    31:a1:26:46:1b:bd:bf:d0:b9:43:6d:ea:88:e3:b8:
                    05:bc:81:7a:f0:1d:17:6c:b4:3d:27:db:cf:a2:32:
                    ca:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:C3:4C:24:42:F4:CB:50:84:7B:6C:A7:8D:B8:58:99:03:B3:51:7B
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/EcNMJEL0y1CEe2ynjbhYmQOzUXs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:b9:b2:82:09:e0:7a:bc:d1:61:aa:60:a3:78:47:9b:11:c0:
         a4:ec:9c:7d:2f:8a:82:57:7b:69:92:29:00:7a:34:24:fb:87:
         de:9d:d3:0b:b3:6f:1b:f5:0e:f1:9e:4a:cc:05:80:b0:98:5c:
         fb:4a:4f:97:52:9a:ac:33:5b:bc:c7:0a:41:2d:1d:ea:7f:4a:
         f1:76:18:8e:b5:9f:81:6b:f0:e2:82:5e:3d:12:9f:70:39:65:
         2b:d2:12:1d:92:76:b7:97:7b:22:0d:d9:6c:51:cb:f7:06:d6:
         32:24:f7:50:16:ed:ac:5f:a3:ce:57:77:81:77:72:56:43:c3:
         21:2c:53:c4:7e:bc:6c:29:8a:00:30:74:17:9f:26:7a:13:0d:
         56:89:fb:fa:40:0c:d5:29:4e:03:23:cb:9a:51:91:5e:86:a2:
         1b:e5:24:72:d2:12:83:78:b2:2e:fd:62:07:a5:86:0d:40:d6:
         d0:7c:e8:00:44:ec:87:a9:a9:a5:72:f0:84:c1:99:fb:dc:a8:
         e8:58:b0:b3:2a:02:11:ea:ae:b7:34:9b:8f:8d:c1:bb:f2:f6:
         b4:94:d5:79:5a:89:05:21:40:39:2a:3f:6c:62:00:e7:36:ff:
         91:a6:eb:64:23:70:96:3f:d3:f9:4b:d2:47:3e:87:f5:f3:ea:
         b4:07:5b:f4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlR9CVftPAjFVuFBbs1ozMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwMTAyMDAzMTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWMzNGMyNDQyZjRjYjUwODQ3YjZjYTc4ZGI4NTg5OTAzYjM1MTdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4lLsOvHyCSSqtMWlS7ow7gkXbKqz
FO83fG4Sm3FMgwVZKHQnkGOofHBz3bvfv1h0RKxGdjxWQ4R5xBhulyRYwBvthfnW
Y5AWZmWle83ZK33YZ92jKewp6qmdCanwIzQz/G6NDWwXqfql90D7T1lR3JW9cNAE
DbtLUTxZVHz2z5mFFLiyrF55tVInmujjkTwGFg6hkhPOs5Xs4aK37pD7VbzJqdPz
Jxr4ilV1/atM8amFbZKxKiK5Yc4MJi86X5k+zWm8SKLbTlXQjuFYkab1UYWncMrX
eSx+IVvkt6lgTlIxoSZGG72/0LlDbeqI47gFvIF68B0XbLQ9J9vPojLK+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBHDTCRC9MtQhHtsp424WJkDs1F7MB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvRWNOTUpFTDB5MUNFZTJ5bmpiaFltUU96VVhzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwekOMA0G
CSqGSIb3DQEBCwUAA4IBAQCFubKCCeB6vNFhqmCjeEebEcCk7Jx9L4qCV3tpkikA
ejQk+4fendMLs28b9Q7xnkrMBYCwmFz7Sk+XUpqsM1u8xwpBLR3qf0rxdhiOtZ+B
a/Digl49Ep9wOWUr0hIdkna3l3siDdlsUcv3BtYyJPdQFu2sX6POV3eBd3JWQ8Mh
LFPEfrxsKYoAMHQXnyZ6Ew1Wifv6QAzVKU4DI8uaUZFehqIb5SRy0hKDeLIu/WIH
pYYNQNbQfOgAROyHqamlcvCEwZn73KjoWLCzKgIR6q63NJuPjcG78va0lNV5WokF
IUA5Kj9sYgDnNv+RputkI3CWP9P5S9JHPof18+q0B1v0
-----END CERTIFICATE-----