Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/emL3GWrBD8sWeX_EPFnB6_KtQ5M.roa
File:                     emL3GWrBD8sWeX_EPFnB6_KtQ5M.roa (raw, json)
Hash identifier:          awFVJeo/BpbbQnssKGQkDarzJ7bDHYntQtdoy9UlPFc=
Subject key identifier:   7A:62:F7:19:6A:C1:0F:CB:16:79:7F:C4:3C:59:C1:EB:F2:AD:43:93
Certificate issuer:       /CN=76ef0a0ee8fa154d7ada438af1212269ce0acc41
Certificate serial:       018E0E8CD3FF4439381EC4E1247818399607
Authority key identifier: 76:EF:0A:0E:E8:FA:15:4D:7A:DA:43:8A:F1:21:22:69:CE:0A:CC:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/du8KDuj6FU162kOK8SEiac4KzEE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/emL3GWrBD8sWeX_EPFnB6_KtQ5M.roa
Signing time:             Tue 05 Mar 2024 12:18:14 +0000
ROA not before:           Tue 05 Mar 2024 12:18:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57494
IP address blocks:        109.71.242.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/du8KDuj6FU162kOK8SEiac4KzEE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/du8KDuj6FU162kOK8SEiac4KzEE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/du8KDuj6FU162kOK8SEiac4KzEE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 15:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:0e:8c:d3:ff:44:39:38:1e:c4:e1:24:78:18:39:96:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76ef0a0ee8fa154d7ada438af1212269ce0acc41
        Validity
            Not Before: Mar  5 12:18:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a62f7196ac10fcb16797fc43c59c1ebf2ad4393
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:11:0b:06:29:ba:19:ef:4e:18:f8:7e:ff:e1:
                    18:b0:0b:e4:9c:59:f9:fa:02:b6:8a:06:1e:df:25:
                    7b:c8:b3:d1:ac:a1:eb:52:38:ef:08:22:16:29:da:
                    fa:47:c5:4f:78:59:d1:99:b2:80:3e:32:d0:61:33:
                    83:47:a4:d0:a4:60:de:e9:ff:93:28:c1:80:9e:1e:
                    ff:37:d2:52:4a:ba:7a:d8:36:f2:32:6f:d2:92:66:
                    49:87:76:2e:2d:7b:9c:51:d4:60:1c:50:5d:f1:ac:
                    f8:4b:7a:e6:12:2c:9a:8e:86:bf:a2:76:c7:63:a2:
                    8b:e5:2c:72:61:cf:7e:d4:5e:d8:cf:62:9a:01:24:
                    63:b4:98:a5:0b:a1:98:f2:16:51:50:bf:5d:a0:cf:
                    8f:6a:fa:b4:7c:60:aa:97:84:69:80:b3:2b:2f:08:
                    27:0e:6e:4c:29:63:6e:81:20:c9:18:cd:25:7f:a4:
                    63:63:d0:fa:06:c6:40:fc:33:fc:26:7b:cc:32:b2:
                    17:53:47:c1:95:ea:9e:49:3c:7f:da:53:c8:c2:c7:
                    91:7c:17:73:31:29:86:39:0c:8b:13:9b:a4:cd:30:
                    d0:3f:50:e3:09:e7:06:d1:82:e2:b2:34:85:b9:5f:
                    16:67:81:c1:7f:92:e3:3a:9c:ca:b6:f1:f5:20:ec:
                    c7:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:62:F7:19:6A:C1:0F:CB:16:79:7F:C4:3C:59:C1:EB:F2:AD:43:93
            X509v3 Authority Key Identifier:
                keyid:76:EF:0A:0E:E8:FA:15:4D:7A:DA:43:8A:F1:21:22:69:CE:0A:CC:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/du8KDuj6FU162kOK8SEiac4KzEE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/emL3GWrBD8sWeX_EPFnB6_KtQ5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/1686c3-da70-4b54-ab2b-3be995d2bbda/1/du8KDuj6FU162kOK8SEiac4KzEE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.71.242.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:65:e6:38:47:8d:6f:e8:9a:be:4e:aa:aa:3a:9c:cd:b1:1f:
         54:21:9c:dc:29:ca:b7:79:de:18:ed:e2:5c:b5:8a:16:9e:11:
         8f:dc:0c:d9:e4:01:7f:3a:8d:71:b8:9d:13:95:2f:6a:6a:c2:
         28:13:79:4d:cc:98:fb:6c:67:1b:8e:62:48:5a:4e:0c:2f:93:
         7e:ea:e9:8a:90:38:a6:59:de:2e:71:5b:64:81:9d:92:d0:68:
         45:f7:cf:42:2b:f3:6f:8e:31:69:cd:ac:ab:c8:d0:97:e8:db:
         6c:60:a8:4f:12:20:5f:65:3c:c9:a6:11:83:df:89:cd:1a:ca:
         f6:58:51:fc:f0:57:19:9e:54:3c:d9:02:d5:72:4d:0a:a6:fa:
         55:81:61:96:16:87:02:8e:c6:7a:69:04:b4:8e:fa:42:99:16:
         68:f3:1e:aa:43:95:b8:7e:31:c2:e5:c6:51:3a:f3:da:27:a2:
         d6:51:5b:94:04:d5:55:02:d5:6a:d9:dd:44:e5:14:38:36:08:
         56:51:12:e4:ea:b6:9c:bd:e1:4e:9c:22:dc:55:67:59:45:69:
         34:53:fc:49:d6:9e:e2:0c:9d:59:95:aa:58:86:60:f5:c2:d8:
         59:9b:a1:e0:53:98:b3:f3:e9:e4:92:fb:4b:99:c5:8a:64:72:
         aa:13:a7:a0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4OjNP/RDk4HsThJHgYOZYHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZWYwYTBlZThmYTE1NGQ3YWRhNDM4YWYxMjEyMjY5Y2Uw
YWNjNDEwHhcNMjQwMzA1MTIxODE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTYyZjcxOTZhYzEwZmNiMTY3OTdmYzQzYzU5YzFlYmYyYWQ0MzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnRELBim6Ge9OGPh+/+EYsAvknFn5
+gK2igYe3yV7yLPRrKHrUjjvCCIWKdr6R8VPeFnRmbKAPjLQYTODR6TQpGDe6f+T
KMGAnh7/N9JSSrp62DbyMm/SkmZJh3YuLXucUdRgHFBd8az4S3rmEiyajoa/onbH
Y6KL5SxyYc9+1F7Yz2KaASRjtJilC6GY8hZRUL9doM+Pavq0fGCql4RpgLMrLwgn
Dm5MKWNugSDJGM0lf6RjY9D6BsZA/DP8JnvMMrIXU0fBleqeSTx/2lPIwseRfBdz
MSmGOQyLE5ukzTDQP1DjCecG0YLisjSFuV8WZ4HBf5LjOpzKtvH1IOzHNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHpi9xlqwQ/LFnl/xDxZwevyrUOTMB8GA1UdIwQY
MBaAFHbvCg7o+hVNetpDivEhImnOCsxBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHU4S0R1ajZGVTE2MmtPSzhTRWlhYzRLekVFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS8xNjg2YzMtZGE3MC00YjU0LWFiMmIt
M2JlOTk1ZDJiYmRhLzEvZW1MM0dXckJEOHNXZVhfRVBGbkI2X0t0UTVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS8xNjg2YzMtZGE3MC00YjU0LWFiMmItM2JlOTk1ZDJiYmRh
LzEvZHU4S0R1ajZGVTE2MmtPSzhTRWlhYzRLekVFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAbUfyMA0G
CSqGSIb3DQEBCwUAA4IBAQBYZeY4R41v6Jq+TqqqOpzNsR9UIZzcKcq3ed4Y7eJc
tYoWnhGP3AzZ5AF/Oo1xuJ0TlS9qasIoE3lNzJj7bGcbjmJIWk4ML5N+6umKkDim
Wd4ucVtkgZ2S0GhF989CK/NvjjFpzayryNCX6NtsYKhPEiBfZTzJphGD34nNGsr2
WFH88FcZnlQ82QLVck0KpvpVgWGWFocCjsZ6aQS0jvpCmRZo8x6qQ5W4fjHC5cZR
OvPaJ6LWUVuUBNVVAtVq2d1E5RQ4NghWURLk6racveFOnCLcVWdZRWk0U/xJ1p7i
DJ1ZlapYhmD1wthZm6HgU5iz8+nkkvtLmcWKZHKqE6eg
-----END CERTIFICATE-----