Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/EROMgi4wwUTG_WgWgiB-eb_hCL0.roa
File:                     EROMgi4wwUTG_WgWgiB-eb_hCL0.roa (raw, json)
Hash identifier:          l5YSorj5oA+JczSiOR0X0GutuEoSlnY5yUc70CzZVic=
Subject key identifier:   11:13:8C:82:2E:30:C1:44:C6:FD:68:16:82:20:7E:79:BF:E1:08:BD
Certificate issuer:       /CN=3183785916cd98d7c770d685145499a8a0a15722
Certificate serial:       01941F8C20025557432B47E672E842792D07
Authority key identifier: 31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/EROMgi4wwUTG_WgWgiB-eb_hCL0.roa
Signing time:             Wed 01 Jan 2025 01:47:44 +0000
ROA not before:           Wed 01 Jan 2025 01:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41461
IP address blocks:        85.120.216.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 04:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:20:02:55:57:43:2b:47:e6:72:e8:42:79:2d:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3183785916cd98d7c770d685145499a8a0a15722
        Validity
            Not Before: Jan  1 01:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11138c822e30c144c6fd681682207e79bfe108bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:1b:4e:a2:a6:ab:e1:6e:c5:a4:48:9c:25:fb:
                    5a:47:1b:36:46:fa:f5:81:7b:0f:c0:c8:ea:eb:d2:
                    f2:c4:93:a7:43:55:a0:23:71:43:0e:02:a6:90:22:
                    a8:14:3a:08:91:49:86:26:b5:91:23:0a:13:4c:58:
                    a6:41:68:0a:e8:69:88:81:17:f5:d1:7d:da:80:e4:
                    78:eb:3a:51:11:20:fd:58:80:c7:f7:e8:b0:99:10:
                    80:27:a9:87:bb:69:42:f1:3c:b6:86:74:6d:b4:8a:
                    6b:14:ab:fe:84:4f:9a:59:c2:12:3a:aa:2f:cd:cd:
                    9d:01:eb:8e:ce:fb:14:9f:12:6f:a5:a8:0c:02:4c:
                    f8:44:6a:b6:60:22:de:eb:12:42:3f:c2:b9:e6:0a:
                    32:70:9b:c2:2a:be:0d:5a:e3:75:8b:a7:06:8d:b8:
                    16:17:7e:0a:c7:87:a7:0c:0c:6b:8c:2c:4f:13:03:
                    52:22:70:37:d6:90:71:af:5e:7e:5c:11:6a:a0:ed:
                    bc:29:b2:8e:9c:1f:db:17:e7:00:b3:1e:1d:ee:43:
                    b5:52:52:b6:fc:49:07:c1:6c:12:c2:d8:c5:12:73:
                    d1:ae:f6:74:03:00:e3:aa:5d:fb:55:ee:29:9a:59:
                    a4:c8:17:b6:ca:67:c9:6c:cb:84:d0:f5:d8:35:1c:
                    14:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:13:8C:82:2E:30:C1:44:C6:FD:68:16:82:20:7E:79:BF:E1:08:BD
            X509v3 Authority Key Identifier:
                keyid:31:83:78:59:16:CD:98:D7:C7:70:D6:85:14:54:99:A8:A0:A1:57:22

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MYN4WRbNmNfHcNaFFFSZqKChVyI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/EROMgi4wwUTG_WgWgiB-eb_hCL0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/15/7193db-7f85-42bb-b09a-f52c47c225db/1/MYN4WRbNmNfHcNaFFFSZqKChVyI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.120.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:9c:43:59:dd:b7:54:65:d3:9f:c7:bc:15:97:6e:04:77:99:
         90:95:75:01:79:49:a4:a4:b7:2e:24:51:bf:f1:bf:0c:c5:6a:
         25:cb:cf:a8:15:f9:fa:ba:8c:91:b7:33:4f:d9:57:bd:8f:7c:
         59:5c:5b:b1:6f:fb:65:ee:44:70:40:65:e6:88:eb:c0:90:f3:
         55:be:b6:31:e5:64:6b:d9:e8:ab:f5:18:90:c4:99:ec:05:17:
         f0:77:12:9c:d8:91:15:59:eb:42:9a:ef:4e:d6:78:5d:c6:ed:
         5f:c0:bb:66:6f:aa:93:14:1b:6d:dd:68:9e:88:76:12:72:73:
         b5:b4:b2:ea:00:2a:b8:f1:b5:b6:9b:f2:01:96:3b:ae:00:47:
         02:f0:80:8e:27:eb:48:6f:28:eb:6b:4c:4f:44:e4:d3:a0:87:
         5e:fe:8e:68:31:df:06:82:7b:c3:46:bb:e0:df:dd:e5:97:58:
         cd:c6:1b:2d:ae:ca:10:bf:fa:c6:ea:26:a7:83:f3:06:38:8a:
         9f:82:9f:3d:b9:3b:9b:f3:ec:30:8b:b1:97:43:cd:10:2b:ea:
         53:43:e2:67:89:81:b7:50:04:d6:f7:58:e6:fd:8d:e4:4f:66:
         42:83:25:45:e4:5b:85:87:67:85:41:c7:6c:a3:92:fb:0d:44:
         44:65:b2:f6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjCACVVdDK0fmcuhCeS0HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxODM3ODU5MTZjZDk4ZDdjNzcwZDY4NTE0NTQ5OWE4YTBh
MTU3MjIwHhcNMjUwMTAxMDE0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTEzOGM4MjJlMzBjMTQ0YzZmZDY4MTY4MjIwN2U3OWJmZTEwOGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhtOoqar4W7FpEicJftaRxs2Rvr1
gXsPwMjq69LyxJOnQ1WgI3FDDgKmkCKoFDoIkUmGJrWRIwoTTFimQWgK6GmIgRf1
0X3agOR46zpRESD9WIDH9+iwmRCAJ6mHu2lC8Ty2hnRttIprFKv+hE+aWcISOqov
zc2dAeuOzvsUnxJvpagMAkz4RGq2YCLe6xJCP8K55goycJvCKr4NWuN1i6cGjbgW
F34Kx4enDAxrjCxPEwNSInA31pBxr15+XBFqoO28KbKOnB/bF+cAsx4d7kO1UlK2
/EkHwWwSwtjFEnPRrvZ0AwDjql37Ve4pmlmkyBe2ymfJbMuE0PXYNRwUcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBETjIIuMMFExv1oFoIgfnm/4Qi9MB8GA1UdIwQY
MBaAFDGDeFkWzZjXx3DWhRRUmaigoVciMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEt
ZjUyYzQ3YzIyNWRiLzEvRVJPTWdpNHd3VVRHX1dnV2dpQi1lYl9oQ0wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNS83MTkzZGItN2Y4NS00MmJiLWIwOWEtZjUyYzQ3YzIyNWRi
LzEvTVlONFdSYk5tTmZIY05hRkZGU1pxS0NoVnlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVXjYMA0G
CSqGSIb3DQEBCwUAA4IBAQAenENZ3bdUZdOfx7wVl24Ed5mQlXUBeUmkpLcuJFG/
8b8MxWoly8+oFfn6uoyRtzNP2Ve9j3xZXFuxb/tl7kRwQGXmiOvAkPNVvrYx5WRr
2eir9RiQxJnsBRfwdxKc2JEVWetCmu9O1nhdxu1fwLtmb6qTFBtt3WieiHYScnO1
tLLqACq48bW2m/IBljuuAEcC8ICOJ+tIbyjra0xPROTToIde/o5oMd8GgnvDRrvg
393ll1jNxhstrsoQv/rG6iang/MGOIqfgp89uTub8+wwi7GXQ80QK+pTQ+JniYG3
UATW91jm/Y3kT2ZCgyVF5FuFh2eFQcdso5L7DUREZbL2
-----END CERTIFICATE-----