Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/EyBRIDnwB0hyubc80fwP1j1q29w.roa
File:                     EyBRIDnwB0hyubc80fwP1j1q29w.roa (raw, json)
Hash identifier:          JJWBAUP5HLWakbU2rh01hRQ30QJ0zLpfGD0v3ChtALM=
Subject key identifier:   13:20:51:20:39:F0:07:48:72:B9:B7:3C:D1:FC:0F:D6:3D:6A:DB:DC
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       018F1C426EFBDA9280D4971270B74E7C7556
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/EyBRIDnwB0hyubc80fwP1j1q29w.roa
Signing time:             Fri 26 Apr 2024 21:14:26 +0000
ROA not before:           Fri 26 Apr 2024 21:14:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     207967
IP address blocks:        193.233.108.0/22 maxlen: 22
                          193.233.116.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:02:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:1c:42:6e:fb:da:92:80:d4:97:12:70:b7:4e:7c:75:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Apr 26 21:14:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1320512039f0074872b9b73cd1fc0fd63d6adbdc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:62:db:96:ff:0e:86:0b:25:7a:f3:7a:5b:38:
                    44:90:15:c7:18:49:63:32:79:4b:dc:1b:d8:c6:92:
                    82:89:77:cd:48:a3:01:6c:bb:49:66:fc:a3:b1:4c:
                    d2:16:a8:b1:c2:ef:52:7e:19:73:c3:4d:27:04:1c:
                    75:07:90:41:19:01:22:34:e2:a2:3b:01:d0:2a:03:
                    90:d4:fe:62:f5:68:57:b3:ce:70:11:9b:cd:48:83:
                    fb:d7:83:87:6f:03:72:a1:8b:37:24:8d:10:d6:e8:
                    41:70:bb:f6:ed:89:0b:91:35:8d:a2:dd:ec:57:b7:
                    b3:b0:43:e6:55:14:fc:6e:77:11:d3:1a:0a:13:5f:
                    55:9f:a7:e4:87:22:e9:43:13:20:14:14:34:38:b8:
                    17:0b:6e:4c:e8:09:78:dc:3a:9e:c3:c5:2a:66:e8:
                    70:92:f3:ad:19:b8:28:62:fd:6f:b1:f2:7b:3c:b2:
                    2e:36:42:65:e6:5c:42:eb:96:7f:3c:8b:c5:ce:9b:
                    7e:5d:5d:21:49:80:84:39:0d:cd:10:4c:15:c6:5c:
                    36:62:48:90:65:8d:20:bc:85:a6:7b:29:e3:85:66:
                    98:0d:1f:29:51:3d:7e:3b:93:07:91:72:5a:23:f2:
                    cd:f3:02:ce:f2:f9:95:07:98:69:4b:28:47:d5:25:
                    ee:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:20:51:20:39:F0:07:48:72:B9:B7:3C:D1:FC:0F:D6:3D:6A:DB:DC
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/EyBRIDnwB0hyubc80fwP1j1q29w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.233.108.0/22
                  193.233.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         27:86:28:89:10:cc:7c:43:0f:01:a4:1a:3f:ee:ee:f8:9e:39:
         db:4c:12:52:99:2a:10:de:8a:85:72:6f:b0:18:5c:d9:01:f8:
         46:91:d7:05:40:0d:74:65:bd:b2:61:31:be:b7:ca:9a:a0:0b:
         2a:88:c5:38:4b:cd:e9:f5:1a:95:c4:25:ed:c0:0c:1c:89:d1:
         0a:38:a6:08:8e:7a:bd:53:2f:e8:22:ce:74:c8:87:68:53:ea:
         0f:c9:f6:37:6b:69:fb:98:c9:9e:cb:b3:6e:56:5b:cb:d2:15:
         62:a1:09:26:08:f8:53:d0:07:cd:1e:00:5c:e8:9e:ca:19:18:
         42:62:32:4b:93:2e:47:73:7e:d9:2e:23:cf:c5:0f:1b:ca:2f:
         66:3f:cd:b6:29:93:9e:6e:fd:dd:de:04:6a:9e:69:eb:6d:a2:
         27:06:57:0d:2a:48:90:c9:8d:d7:b5:cc:39:19:bf:52:a9:80:
         39:73:03:ab:1d:98:25:56:6e:17:d9:60:1c:b4:c4:2e:2d:d0:
         84:cc:09:4b:bb:47:a3:6e:89:4e:29:25:c7:68:76:e1:0e:79:
         c5:31:18:68:dd:78:4b:41:74:a2:b5:85:38:ff:11:c3:34:65:
         92:89:ec:79:1b:b0:41:ee:9b:9b:41:3d:79:b5:fa:f3:27:83:
         c9:92:16:df
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY8cQm772pKA1JcScLdOfHVWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjQwNDI2MjExNDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzIwNTEyMDM5ZjAwNzQ4NzJiOWI3M2NkMWZjMGZkNjNkNmFkYmRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr2Lblv8OhgslevN6WzhEkBXHGElj
MnlL3BvYxpKCiXfNSKMBbLtJZvyjsUzSFqixwu9Sfhlzw00nBBx1B5BBGQEiNOKi
OwHQKgOQ1P5i9WhXs85wEZvNSIP714OHbwNyoYs3JI0Q1uhBcLv27YkLkTWNot3s
V7ezsEPmVRT8bncR0xoKE19Vn6fkhyLpQxMgFBQ0OLgXC25M6Al43Dqew8UqZuhw
kvOtGbgoYv1vsfJ7PLIuNkJl5lxC65Z/PIvFzpt+XV0hSYCEOQ3NEEwVxlw2YkiQ
ZY0gvIWmeynjhWaYDR8pUT1+O5MHkXJaI/LN8wLO8vmVB5hpSyhH1SXuxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBMgUSA58AdIcrm3PNH8D9Y9atvcMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvRXlCUklEbndCMGh5dWJjODBmd1AxajFxMjl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwelsAwQC
wel0MA0GCSqGSIb3DQEBCwUAA4IBAQAnhiiJEMx8Qw8BpBo/7u74njnbTBJSmSoQ
3oqFcm+wGFzZAfhGkdcFQA10Zb2yYTG+t8qaoAsqiMU4S83p9RqVxCXtwAwcidEK
OKYIjnq9Uy/oIs50yIdoU+oPyfY3a2n7mMmey7NuVlvL0hVioQkmCPhT0AfNHgBc
6J7KGRhCYjJLky5Hc37ZLiPPxQ8byi9mP822KZOebv3d3gRqnmnrbaInBlcNKkiQ
yY3Xtcw5Gb9SqYA5cwOrHZglVm4X2WActMQuLdCEzAlLu0ejbolOKSXHaHbhDnnF
MRho3XhLQXSitYU4/xHDNGWSiex5G7BB7pubQT15tfrzJ4PJkhbf
-----END CERTIFICATE-----