Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/EIlKz_yGKgG9o6LgyJUb5CYuXik.roa
File:                     EIlKz_yGKgG9o6LgyJUb5CYuXik.roa (raw, json)
Hash identifier:          7XI12BZ8oMxeo0lKGJtUxLNV8B1NZwQt+C2hSEvkeaU=
Subject key identifier:   10:89:4A:CF:FC:86:2A:01:BD:A3:A2:E0:C8:95:1B:E4:26:2E:5E:29
Certificate issuer:       /CN=79d0d856764a3fee64be14f0a49f59a6865285d1
Certificate serial:       019427B615A27AF4A269C31B2B095439CA78
Authority key identifier: 79:D0:D8:56:76:4A:3F:EE:64:BE:14:F0:A4:9F:59:A6:86:52:85:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/edDYVnZKP-5kvhTwpJ9ZpoZShdE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/EIlKz_yGKgG9o6LgyJUb5CYuXik.roa
Signing time:             Thu 02 Jan 2025 15:50:32 +0000
ROA not before:           Thu 02 Jan 2025 15:50:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        193.28.240.0/24 maxlen: 24
                          193.28.241.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/edDYVnZKP-5kvhTwpJ9ZpoZShdE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/edDYVnZKP-5kvhTwpJ9ZpoZShdE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/edDYVnZKP-5kvhTwpJ9ZpoZShdE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:15:a2:7a:f4:a2:69:c3:1b:2b:09:54:39:ca:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=79d0d856764a3fee64be14f0a49f59a6865285d1
        Validity
            Not Before: Jan  2 15:50:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=10894acffc862a01bda3a2e0c8951be4262e5e29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:00:a6:9d:b0:c9:cf:02:f0:c0:2e:da:c5:56:
                    cf:bd:cc:2e:d5:40:9a:14:1c:89:22:39:ca:60:4f:
                    48:19:a2:52:35:d9:99:f2:46:d0:40:9a:3a:ba:87:
                    46:c3:60:01:87:6c:da:cc:e1:0e:84:6f:1d:42:de:
                    e4:fc:ab:c5:e5:aa:0f:0b:07:06:28:6f:99:ac:93:
                    cf:eb:5a:42:76:b2:a7:f9:85:cc:93:79:da:e2:13:
                    d1:f1:78:6e:9b:74:0d:a8:45:7e:6e:60:90:3c:d7:
                    34:aa:15:e1:5a:ee:43:f9:29:0a:a4:e3:0b:45:72:
                    9b:87:e9:ca:c1:b6:71:28:d1:68:75:06:21:4b:de:
                    9f:25:57:4a:bb:8c:62:57:a8:e2:73:e7:81:18:f4:
                    b1:e7:13:19:94:71:9a:b7:46:89:c5:49:5b:a6:c4:
                    ea:a4:69:3a:97:fe:88:da:7e:64:3c:3d:a5:c8:3f:
                    95:de:1b:38:be:d0:a2:2f:ba:63:b3:7c:8f:2c:72:
                    07:f1:44:9e:33:c4:23:4e:bf:42:40:fa:22:89:27:
                    96:4f:93:b7:1e:72:39:c5:b7:2a:f8:ad:af:71:ff:
                    bb:7e:4e:2c:21:4c:83:53:cb:2e:ea:29:fa:bb:1b:
                    c4:3d:5f:d1:f0:f2:4f:c5:2a:5d:b2:95:98:3a:3e:
                    f1:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:89:4A:CF:FC:86:2A:01:BD:A3:A2:E0:C8:95:1B:E4:26:2E:5E:29
            X509v3 Authority Key Identifier:
                keyid:79:D0:D8:56:76:4A:3F:EE:64:BE:14:F0:A4:9F:59:A6:86:52:85:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/edDYVnZKP-5kvhTwpJ9ZpoZShdE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/EIlKz_yGKgG9o6LgyJUb5CYuXik.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/11/43e309-75c5-4f40-9db3-f2bb69e75e74/1/edDYVnZKP-5kvhTwpJ9ZpoZShdE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.28.240.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:d1:4a:88:0b:f7:7f:77:c6:09:05:77:3a:26:04:80:4d:43:
         ea:5d:f5:b9:45:35:21:be:ab:ba:8b:4b:39:7a:88:e8:0f:95:
         72:fb:aa:9e:4f:c4:14:eb:07:17:f6:97:99:50:6d:40:21:97:
         4b:e9:a0:86:0b:65:e8:d7:43:bd:41:d4:8f:52:e7:bf:d9:22:
         8f:1d:1d:0a:3c:b9:73:9f:cf:87:9a:de:a1:2e:9f:92:42:b9:
         f5:a3:76:8c:0d:45:14:b6:0b:9e:a4:d7:85:e1:54:f2:07:ee:
         ae:4b:5f:eb:4a:fa:89:1d:a9:0e:ba:b8:41:86:c9:0d:7a:3f:
         d6:13:63:bb:80:23:13:39:8a:1c:62:15:a3:b4:83:f2:ce:5b:
         b7:ad:aa:e1:6e:54:29:22:b6:44:a2:26:c3:fb:51:59:a1:62:
         72:86:fc:34:df:a0:7f:3e:8a:09:5d:f5:dd:ab:98:1b:08:12:
         c1:2d:1f:50:59:ac:8d:cd:1e:84:6b:dc:9d:b6:27:3a:52:03:
         b3:da:bc:a3:d4:5e:ca:1f:49:b5:02:b8:28:6c:58:4d:13:77:
         d0:5a:1e:e5:fc:d6:6c:9f:62:e9:e4:aa:a4:ff:28:ea:d4:33:
         08:cc:06:2d:60:69:8d:da:9c:09:eb:a5:66:c0:b0:2a:d1:76:
         51:bd:0c:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnthWievSiacMbKwlUOcp4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc5ZDBkODU2NzY0YTNmZWU2NGJlMTRmMGE0OWY1OWE2ODY1
Mjg1ZDEwHhcNMjUwMTAyMTU1MDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDg5NGFjZmZjODYyYTAxYmRhM2EyZTBjODk1MWJlNDI2MmU1ZTI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjQCmnbDJzwLwwC7axVbPvcwu1UCa
FByJIjnKYE9IGaJSNdmZ8kbQQJo6uodGw2ABh2zazOEOhG8dQt7k/KvF5aoPCwcG
KG+ZrJPP61pCdrKn+YXMk3na4hPR8Xhum3QNqEV+bmCQPNc0qhXhWu5D+SkKpOML
RXKbh+nKwbZxKNFodQYhS96fJVdKu4xiV6jic+eBGPSx5xMZlHGat0aJxUlbpsTq
pGk6l/6I2n5kPD2lyD+V3hs4vtCiL7pjs3yPLHIH8USeM8QjTr9CQPoiiSeWT5O3
HnI5xbcq+K2vcf+7fk4sIUyDU8su6in6uxvEPV/R8PJPxSpdspWYOj7xTwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBCJSs/8hioBvaOi4MiVG+QmLl4pMB8GA1UdIwQY
MBaAFHnQ2FZ2Sj/uZL4U8KSfWaaGUoXRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZWREWVZuWktQLTVrdmhUd3BKOVpwb1pTaGRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS80M2UzMDktNzVjNS00ZjQwLTlkYjMt
ZjJiYjY5ZTc1ZTc0LzEvRUlsS3pfeUdLZ0c5bzZMZ3lKVWI1Q1l1WGlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS80M2UzMDktNzVjNS00ZjQwLTlkYjMtZjJiYjY5ZTc1ZTc0
LzEvZWREWVZuWktQLTVrdmhUd3BKOVpwb1pTaGRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwRzwMA0G
CSqGSIb3DQEBCwUAA4IBAQBy0UqIC/d/d8YJBXc6JgSATUPqXfW5RTUhvqu6i0s5
eojoD5Vy+6qeT8QU6wcX9peZUG1AIZdL6aCGC2Xo10O9QdSPUue/2SKPHR0KPLlz
n8+Hmt6hLp+SQrn1o3aMDUUUtguepNeF4VTyB+6uS1/rSvqJHakOurhBhskNej/W
E2O7gCMTOYocYhWjtIPyzlu3rarhblQpIrZEoibD+1FZoWJyhvw036B/PooJXfXd
q5gbCBLBLR9QWayNzR6Ea9ydtic6UgOz2ryj1F7KH0m1ArgobFhNE3fQWh7l/NZs
n2Lp5Kqk/yjq1DMIzAYtYGmN2pwJ66VmwLAq0XZRvQyL
-----END CERTIFICATE-----