Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/epLdfcsDb4ZbYTko8cUTZirk6nk.roa
File:                     epLdfcsDb4ZbYTko8cUTZirk6nk.roa (raw, json)
Hash identifier:          AEB5pTRre6+VicvykazoWKezXah/TnPSURi5gxKRduA=
Subject key identifier:   7A:92:DD:7D:CB:03:6F:86:5B:61:39:28:F1:C5:13:66:2A:E4:EA:79
Certificate issuer:       /CN=8f51b5b8132f9e307b717a3e1e54d1f7f45ae517
Certificate serial:       018CC9BBCB01247D7ADCD629A8F43E051E31
Authority key identifier: 8F:51:B5:B8:13:2F:9E:30:7B:71:7A:3E:1E:54:D1:F7:F4:5A:E5:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/epLdfcsDb4ZbYTko8cUTZirk6nk.roa
Signing time:             Tue 02 Jan 2024 10:32:56 +0000
ROA not before:           Tue 02 Jan 2024 10:32:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        193.239.162.0/24 maxlen: 24
                          193.239.163.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 08:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bb:cb:01:24:7d:7a:dc:d6:29:a8:f4:3e:05:1e:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8f51b5b8132f9e307b717a3e1e54d1f7f45ae517
        Validity
            Not Before: Jan  2 10:32:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a92dd7dcb036f865b613928f1c513662ae4ea79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:2a:64:06:0c:4b:77:e7:27:a5:cd:5d:48:4e:
                    6c:17:e9:44:d0:23:7b:a1:0c:36:a1:2b:03:04:31:
                    64:3b:41:26:c9:06:5d:7d:f0:0d:ba:91:25:f4:6e:
                    3d:2b:f3:81:62:63:98:59:a0:ab:0b:62:30:0c:51:
                    a4:46:9d:5b:92:22:d0:96:c9:36:ee:0a:d1:8c:89:
                    d5:a5:76:07:55:a0:39:18:6c:e7:40:b1:cd:cd:b9:
                    35:dd:80:ee:4b:c2:98:2e:31:05:b6:85:36:55:73:
                    3a:b8:fe:2e:fe:f0:62:bd:ca:a0:e2:38:99:05:de:
                    c2:47:8d:ee:1e:6a:4a:60:f7:5b:05:22:d8:77:3b:
                    07:0d:08:95:14:e0:f6:e4:b6:02:06:ab:e8:21:7b:
                    cf:fa:6d:c0:1f:25:db:11:77:e5:16:98:17:91:c4:
                    eb:a3:7e:f2:32:9a:49:0b:54:29:d8:bc:8c:01:9b:
                    f8:37:3a:d9:e4:27:41:66:d2:97:90:dd:58:75:39:
                    71:6f:5e:30:0e:27:60:a6:05:65:3a:71:9f:35:35:
                    13:95:9d:27:2a:12:82:db:52:68:12:3a:ec:31:a6:
                    06:81:2b:50:2d:ad:6b:85:b0:7c:d2:64:2a:12:83:
                    82:8b:a4:e2:00:c0:27:2f:8b:b1:b5:1b:eb:63:96:
                    59:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:92:DD:7D:CB:03:6F:86:5B:61:39:28:F1:C5:13:66:2A:E4:EA:79
            X509v3 Authority Key Identifier:
                keyid:8F:51:B5:B8:13:2F:9E:30:7B:71:7A:3E:1E:54:D1:F7:F4:5A:E5:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/epLdfcsDb4ZbYTko8cUTZirk6nk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/da2427-b33b-4b81-af37-e2251e489cbb/1/j1G1uBMvnjB7cXo-HlTR9_Ra5Rc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.162.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:a4:27:ae:8f:79:4a:25:7e:fa:78:11:89:d1:ef:30:c9:7d:
         1b:e3:cd:c1:5d:b2:2c:15:d0:c3:5b:c7:f8:43:9b:6c:a9:8b:
         97:2a:24:67:c6:9c:3f:40:a7:73:ee:6e:77:f9:48:3e:cc:88:
         83:a6:6f:5f:29:4b:0a:82:0b:a8:cf:40:96:35:a3:66:68:b1:
         dc:16:3c:69:05:a3:40:cb:f9:40:a5:75:f4:83:59:ef:74:03:
         3f:45:d4:e0:13:45:3c:74:0e:af:ba:88:a3:0c:04:6a:64:d6:
         a8:ea:be:aa:9f:6b:d1:16:cc:7f:6a:d1:b6:d6:11:86:2c:6c:
         46:2a:22:e9:15:70:5e:b2:25:fb:40:17:90:52:3a:9d:71:65:
         15:1c:4f:f5:a0:b2:4b:9b:82:3e:7e:b9:1c:0c:1e:07:bb:ed:
         42:31:dc:0d:47:06:83:cb:07:64:df:4b:be:45:8e:c2:34:1f:
         19:69:e4:9d:7e:83:9d:4b:0b:0a:34:57:7a:b5:e4:b1:34:8a:
         34:4d:83:84:13:0d:16:73:33:b8:06:9e:87:8d:64:df:ee:ea:
         9b:81:57:9b:0a:9e:b9:88:ae:5c:fa:d5:f0:84:eb:e9:1c:61:
         a7:3a:b9:15:12:39:08:03:ef:9c:c1:90:9b:4a:77:14:09:8d:
         1b:73:2a:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJu8sBJH163NYpqPQ+BR4xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhmNTFiNWI4MTMyZjllMzA3YjcxN2EzZTFlNTRkMWY3ZjQ1
YWU1MTcwHhcNMjQwMTAyMTAzMjU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTkyZGQ3ZGNiMDM2Zjg2NWI2MTM5MjhmMWM1MTM2NjJhZTRlYTc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuipkBgxLd+cnpc1dSE5sF+lE0CN7
oQw2oSsDBDFkO0EmyQZdffANupEl9G49K/OBYmOYWaCrC2IwDFGkRp1bkiLQlsk2
7grRjInVpXYHVaA5GGznQLHNzbk13YDuS8KYLjEFtoU2VXM6uP4u/vBivcqg4jiZ
Bd7CR43uHmpKYPdbBSLYdzsHDQiVFOD25LYCBqvoIXvP+m3AHyXbEXflFpgXkcTr
o37yMppJC1Qp2LyMAZv4NzrZ5CdBZtKXkN1YdTlxb14wDidgpgVlOnGfNTUTlZ0n
KhKC21JoEjrsMaYGgStQLa1rhbB80mQqEoOCi6TiAMAnL4uxtRvrY5ZZvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHqS3X3LA2+GW2E5KPHFE2Yq5Op5MB8GA1UdIwQY
MBaAFI9RtbgTL54we3F6Ph5U0ff0WuUXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvajFHMXVCTXZuakI3Y1hvLUhsVFI5X1JhNVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9kYTI0MjctYjMzYi00YjgxLWFmMzct
ZTIyNTFlNDg5Y2JiLzEvZXBMZGZjc0RiNFpiWVRrbzhjVVRaaXJrNm5rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9kYTI0MjctYjMzYi00YjgxLWFmMzctZTIyNTFlNDg5Y2Ji
LzEvajFHMXVCTXZuakI3Y1hvLUhsVFI5X1JhNVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwe+iMA0G
CSqGSIb3DQEBCwUAA4IBAQBRpCeuj3lKJX76eBGJ0e8wyX0b483BXbIsFdDDW8f4
Q5tsqYuXKiRnxpw/QKdz7m53+Ug+zIiDpm9fKUsKgguoz0CWNaNmaLHcFjxpBaNA
y/lApXX0g1nvdAM/RdTgE0U8dA6vuoijDARqZNao6r6qn2vRFsx/atG21hGGLGxG
KiLpFXBesiX7QBeQUjqdcWUVHE/1oLJLm4I+frkcDB4Hu+1CMdwNRwaDywdk30u+
RY7CNB8ZaeSdfoOdSwsKNFd6teSxNIo0TYOEEw0WczO4Bp6HjWTf7uqbgVebCp65
iK5c+tXwhOvpHGGnOrkVEjkIA++cwZCbSncUCY0bcyo2
-----END CERTIFICATE-----