Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/d377cd-e36f-4cb9-825b-c02334be128c/1/EQQbPsyYvN3KkYxt0AgBdJMs8n4.roa
File:                     EQQbPsyYvN3KkYxt0AgBdJMs8n4.roa (raw, json)
Hash identifier:          Nb6ONfbOSagnj02e9oLNjLB7+i8MLfpzbj0jArK9uhQ=
Subject key identifier:   11:04:1B:3E:CC:98:BC:DD:CA:91:8C:6D:D0:08:01:74:93:2C:F2:7E
Certificate issuer:       /CN=ad9afade4183ae80048d6b84818eec46f680fa26
Certificate serial:       018CCA2A9F03D39BA00E8F23CE4AB000934F
Authority key identifier: AD:9A:FA:DE:41:83:AE:80:04:8D:6B:84:81:8E:EC:46:F6:80:FA:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rZr63kGDroAEjWuEgY7sRvaA-iY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/d377cd-e36f-4cb9-825b-c02334be128c/1/EQQbPsyYvN3KkYxt0AgBdJMs8n4.roa
Signing time:             Tue 02 Jan 2024 12:33:59 +0000
ROA not before:           Tue 02 Jan 2024 12:33:59 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31463
IP address blocks:        185.167.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/d377cd-e36f-4cb9-825b-c02334be128c/1/rZr63kGDroAEjWuEgY7sRvaA-iY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/d377cd-e36f-4cb9-825b-c02334be128c/1/rZr63kGDroAEjWuEgY7sRvaA-iY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rZr63kGDroAEjWuEgY7sRvaA-iY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:9f:03:d3:9b:a0:0e:8f:23:ce:4a:b0:00:93:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad9afade4183ae80048d6b84818eec46f680fa26
        Validity
            Not Before: Jan  2 12:33:59 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11041b3ecc98bcddca918c6dd0080174932cf27e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:25:1a:b7:b1:32:74:32:8a:ff:a1:72:d2:fc:
                    fd:12:dd:c8:81:51:34:7e:53:81:52:4a:6a:e7:e6:
                    cb:33:89:aa:a7:e1:7c:0e:ca:cb:fe:15:0d:4c:e8:
                    f6:d6:61:da:b5:eb:e3:7b:cd:c7:7e:66:03:84:24:
                    07:20:5b:de:2f:85:3c:ce:6c:a6:5e:e2:0e:4e:b6:
                    f7:39:a6:12:e5:24:a1:6a:01:17:36:8f:63:43:48:
                    20:4b:8c:98:96:9c:5d:43:9c:58:33:7e:b1:d0:02:
                    ee:0e:07:0b:5b:27:3a:44:aa:00:be:f2:cd:c7:1e:
                    1d:fd:f9:c7:e4:37:57:77:3c:19:8d:70:2a:04:be:
                    89:b7:d5:57:13:39:20:5c:41:2c:c1:9e:2c:30:83:
                    33:e0:11:09:57:0f:cd:84:08:ae:1d:31:a0:60:6a:
                    1d:86:b0:ce:9e:80:d2:2c:30:21:4b:46:36:b9:5b:
                    11:78:8f:14:65:5a:05:b5:eb:58:4a:4c:0a:dc:76:
                    05:56:e0:08:0d:b9:0c:9a:17:7c:ad:10:a9:99:cf:
                    a4:34:61:d9:65:10:90:bf:76:3c:94:88:79:a1:45:
                    b9:4f:06:9e:1d:72:58:b2:2a:31:c3:11:4b:fd:e6:
                    80:f8:6f:6a:30:47:5b:53:55:9e:51:ad:27:a7:c0:
                    43:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:04:1B:3E:CC:98:BC:DD:CA:91:8C:6D:D0:08:01:74:93:2C:F2:7E
            X509v3 Authority Key Identifier:
                keyid:AD:9A:FA:DE:41:83:AE:80:04:8D:6B:84:81:8E:EC:46:F6:80:FA:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rZr63kGDroAEjWuEgY7sRvaA-iY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/d377cd-e36f-4cb9-825b-c02334be128c/1/EQQbPsyYvN3KkYxt0AgBdJMs8n4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/d377cd-e36f-4cb9-825b-c02334be128c/1/rZr63kGDroAEjWuEgY7sRvaA-iY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.167.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:b5:fc:83:3a:5f:c0:45:5a:be:f9:b9:8e:56:3e:f4:62:ce:
         45:5b:cc:74:53:77:1d:cc:aa:f2:4c:37:9c:13:a4:5c:3e:97:
         34:b6:28:47:84:36:c3:c8:49:b0:6f:1c:c5:e6:aa:d8:0d:bd:
         74:ad:ba:74:71:af:ee:ec:40:55:e0:51:c2:58:e3:5e:48:e8:
         8b:3e:4a:be:6f:eb:5f:e4:7d:4f:74:9e:e2:c6:44:77:d5:0a:
         2a:b4:df:3d:c7:e1:4f:ef:23:4a:a4:c4:05:c9:d0:14:7c:c4:
         b5:59:ed:ab:9a:fc:24:dd:72:d1:0f:66:17:08:01:db:05:2f:
         ba:dd:2a:03:90:63:1c:cb:3d:5b:1c:83:6c:6c:e0:18:97:2c:
         40:f7:b5:04:23:76:45:80:96:c3:d6:75:bb:4f:b2:2e:fe:a6:
         45:96:b1:8d:18:82:e3:ac:bb:e7:ac:1f:7d:cb:dc:4e:d2:f7:
         28:bd:d8:bc:32:16:d9:a0:d7:c3:e1:b0:2d:8f:77:c6:77:26:
         c7:0a:80:c7:2e:38:b3:18:9a:63:8e:03:fd:f3:e2:90:4b:fa:
         cd:70:3f:18:18:72:f2:10:26:73:19:51:fb:82:10:0f:25:22:
         76:db:97:f3:d5:21:dd:97:46:04:27:27:ac:21:b4:20:10:c8:
         3c:0d:45:64
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKp8D05ugDo8jzkqwAJNPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkOWFmYWRlNDE4M2FlODAwNDhkNmI4NDgxOGVlYzQ2ZjY4
MGZhMjYwHhcNMjQwMTAyMTIzMzU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTA0MWIzZWNjOThiY2RkY2E5MThjNmRkMDA4MDE3NDkzMmNmMjdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoSUat7EydDKK/6Fy0vz9Et3IgVE0
flOBUkpq5+bLM4mqp+F8DsrL/hUNTOj21mHatevje83HfmYDhCQHIFveL4U8zmym
XuIOTrb3OaYS5SShagEXNo9jQ0ggS4yYlpxdQ5xYM36x0ALuDgcLWyc6RKoAvvLN
xx4d/fnH5DdXdzwZjXAqBL6Jt9VXEzkgXEEswZ4sMIMz4BEJVw/NhAiuHTGgYGod
hrDOnoDSLDAhS0Y2uVsReI8UZVoFtetYSkwK3HYFVuAIDbkMmhd8rRCpmc+kNGHZ
ZRCQv3Y8lIh5oUW5TwaeHXJYsioxwxFL/eaA+G9qMEdbU1WeUa0np8BDZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBEEGz7MmLzdypGMbdAIAXSTLPJ+MB8GA1UdIwQY
MBaAFK2a+t5Bg66ABI1rhIGO7Eb2gPomMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclpyNjNrR0Ryb0FFald1RWdZN3NSdmFBLWlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9kMzc3Y2QtZTM2Zi00Y2I5LTgyNWIt
YzAyMzM0YmUxMjhjLzEvRVFRYlBzeVl2TjNLa1l4dDBBZ0JkSk1zOG40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9kMzc3Y2QtZTM2Zi00Y2I5LTgyNWItYzAyMzM0YmUxMjhj
LzEvclpyNjNrR0Ryb0FFald1RWdZN3NSdmFBLWlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuafYMA0G
CSqGSIb3DQEBCwUAA4IBAQCUtfyDOl/ARVq++bmOVj70Ys5FW8x0U3cdzKryTDec
E6RcPpc0tihHhDbDyEmwbxzF5qrYDb10rbp0ca/u7EBV4FHCWONeSOiLPkq+b+tf
5H1PdJ7ixkR31QoqtN89x+FP7yNKpMQFydAUfMS1We2rmvwk3XLRD2YXCAHbBS+6
3SoDkGMcyz1bHINsbOAYlyxA97UEI3ZFgJbD1nW7T7Iu/qZFlrGNGILjrLvnrB99
y9xO0vcovdi8MhbZoNfD4bAtj3fGdybHCoDHLjizGJpjjgP98+KQS/rNcD8YGHLy
ECZzGVH7ghAPJSJ225fz1SHdl0YEJyesIbQgEMg8DUVk
-----END CERTIFICATE-----