Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/19/3d6b1a-6d61-44b8-8cbb-23608f6ae2ea/1/eTOEUNbjSrG2VlTF4-EOHnuknqE.roa
File:                     eTOEUNbjSrG2VlTF4-EOHnuknqE.roa (raw, json)
Hash identifier:          xyXkjWhPbMnqzynHzFpjZcZeLuCmj4Mxdk617FfiS8Q=
Subject key identifier:   79:33:84:50:D6:E3:4A:B1:B6:56:54:C5:E3:E1:0E:1E:7B:A4:9E:A1
Certificate issuer:       /CN=921c4fda367c5383b15c2a7143ad4b10c955cea0
Certificate serial:       018CC94DF4DC2ABE0E3050275E6A1B603D31
Authority key identifier: 92:1C:4F:DA:36:7C:53:83:B1:5C:2A:71:43:AD:4B:10:C9:55:CE:A0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/khxP2jZ8U4OxXCpxQ61LEMlVzqA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/19/3d6b1a-6d61-44b8-8cbb-23608f6ae2ea/1/eTOEUNbjSrG2VlTF4-EOHnuknqE.roa
Signing time:             Tue 02 Jan 2024 08:32:58 +0000
ROA not before:           Tue 02 Jan 2024 08:32:58 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202680
IP address blocks:        185.152.104.0/22 maxlen: 22
                          2a07:8180::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/19/3d6b1a-6d61-44b8-8cbb-23608f6ae2ea/1/khxP2jZ8U4OxXCpxQ61LEMlVzqA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/19/3d6b1a-6d61-44b8-8cbb-23608f6ae2ea/1/khxP2jZ8U4OxXCpxQ61LEMlVzqA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/khxP2jZ8U4OxXCpxQ61LEMlVzqA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:f4:dc:2a:be:0e:30:50:27:5e:6a:1b:60:3d:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=921c4fda367c5383b15c2a7143ad4b10c955cea0
        Validity
            Not Before: Jan  2 08:32:58 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79338450d6e34ab1b65654c5e3e10e1e7ba49ea1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:c0:4a:9a:eb:c6:c3:c7:1e:57:31:e2:09:fb:
                    33:d4:9d:3f:28:50:ba:75:b2:8d:31:ed:f1:0f:85:
                    b7:28:ec:20:1d:44:40:4d:95:36:31:97:1a:47:3f:
                    21:af:e8:56:be:e2:b6:94:d7:28:d8:1e:7b:89:f6:
                    52:ec:7c:e8:64:74:38:fe:22:81:0a:c1:de:61:48:
                    74:bd:c3:56:09:da:cc:fe:28:da:9e:d2:c0:b4:19:
                    ee:28:be:9d:69:b9:56:a4:fd:a5:a1:b1:09:96:77:
                    70:72:0f:11:0a:8f:f4:69:e1:1d:ec:fa:1f:13:e0:
                    b0:59:2a:c3:7c:6d:ca:ce:d2:ac:88:3c:ab:c7:48:
                    80:b4:3b:ee:9f:28:b5:30:34:47:62:2e:5c:c9:b8:
                    cd:30:f9:78:a6:9b:2c:21:a7:ab:24:11:c9:9b:62:
                    70:6e:f3:28:06:76:17:22:67:44:8c:8a:00:51:70:
                    d6:4b:cb:c6:0f:ee:26:64:2a:b9:7f:b0:cf:dc:82:
                    b5:68:cd:d7:d6:17:44:9a:26:5d:9b:98:2b:5b:c1:
                    a4:30:f6:7c:3c:73:5d:65:0f:51:ac:a5:71:e6:91:
                    76:f4:2c:5b:3a:75:62:5b:0e:b0:55:e4:73:9f:ea:
                    c4:51:db:de:71:c7:e2:46:aa:0a:19:b2:62:2b:4d:
                    22:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:33:84:50:D6:E3:4A:B1:B6:56:54:C5:E3:E1:0E:1E:7B:A4:9E:A1
            X509v3 Authority Key Identifier:
                keyid:92:1C:4F:DA:36:7C:53:83:B1:5C:2A:71:43:AD:4B:10:C9:55:CE:A0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/khxP2jZ8U4OxXCpxQ61LEMlVzqA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3d6b1a-6d61-44b8-8cbb-23608f6ae2ea/1/eTOEUNbjSrG2VlTF4-EOHnuknqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/19/3d6b1a-6d61-44b8-8cbb-23608f6ae2ea/1/khxP2jZ8U4OxXCpxQ61LEMlVzqA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.152.104.0/22
                IPv6:
                  2a07:8180::/29

    Signature Algorithm: sha256WithRSAEncryption
         11:e8:1e:af:62:31:01:e8:fb:5a:9c:74:f4:91:39:69:47:8b:
         43:55:c8:fd:6d:b7:07:c6:bc:34:d1:9e:f4:23:83:10:4f:c4:
         41:ea:c9:a6:86:a4:1f:48:b3:4f:46:5e:e2:cf:dd:bd:5d:75:
         0e:1f:73:30:10:0b:b2:6a:3d:47:8e:aa:2b:a7:6f:2b:96:27:
         51:c6:af:83:5c:ce:73:22:88:f0:75:c0:83:58:a6:25:3a:39:
         ff:1c:92:25:87:9e:34:e0:f4:a5:56:bc:17:e7:26:49:8e:dc:
         43:77:d4:69:b5:24:02:60:82:71:bb:10:4f:3c:8b:81:d3:6e:
         b8:56:d2:06:47:6a:be:70:26:48:11:56:ce:65:00:5e:bd:d9:
         65:50:a9:ad:0a:88:82:01:56:56:c4:2a:04:4d:b2:23:32:8b:
         63:c9:30:39:26:19:19:0c:8e:e8:53:2b:85:99:b4:a6:97:99:
         f6:d8:87:6b:8d:14:22:74:df:d7:7a:62:ec:53:28:8a:ab:da:
         21:7f:41:e0:c6:2d:ee:90:fe:77:04:49:c9:e4:1a:59:fd:23:
         92:57:24:41:8a:dd:f1:2b:38:49:3d:df:ff:c3:d3:4e:2a:67:
         b8:66:2c:f0:47:7f:49:bf:01:ff:84:f0:e7:2f:c0:3c:4e:60:
         22:5d:2b:46
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzJTfTcKr4OMFAnXmobYD0xMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyMWM0ZmRhMzY3YzUzODNiMTVjMmE3MTQzYWQ0YjEwYzk1
NWNlYTAwHhcNMjQwMTAyMDgzMjU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTMzODQ1MGQ2ZTM0YWIxYjY1NjU0YzVlM2UxMGUxZTdiYTQ5ZWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjsBKmuvGw8ceVzHiCfsz1J0/KFC6
dbKNMe3xD4W3KOwgHURATZU2MZcaRz8hr+hWvuK2lNco2B57ifZS7HzoZHQ4/iKB
CsHeYUh0vcNWCdrM/ijantLAtBnuKL6dablWpP2lobEJlndwcg8RCo/0aeEd7Pof
E+CwWSrDfG3KztKsiDyrx0iAtDvunyi1MDRHYi5cybjNMPl4ppssIaerJBHJm2Jw
bvMoBnYXImdEjIoAUXDWS8vGD+4mZCq5f7DP3IK1aM3X1hdEmiZdm5grW8GkMPZ8
PHNdZQ9RrKVx5pF29CxbOnViWw6wVeRzn+rEUdveccfiRqoKGbJiK00isQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHkzhFDW40qxtlZUxePhDh57pJ6hMB8GA1UdIwQY
MBaAFJIcT9o2fFODsVwqcUOtSxDJVc6gMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2h4UDJqWjhVNE94WENweFE2MUxFTWxWenFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOS8zZDZiMWEtNmQ2MS00NGI4LThjYmIt
MjM2MDhmNmFlMmVhLzEvZVRPRVVOYmpTckcyVmxURjQtRU9IbnVrbnFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOS8zZDZiMWEtNmQ2MS00NGI4LThjYmItMjM2MDhmNmFlMmVh
LzEva2h4UDJqWjhVNE94WENweFE2MUxFTWxWenFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZhoMA0E
AgACMAcDBQMqB4GAMA0GCSqGSIb3DQEBCwUAA4IBAQAR6B6vYjEB6PtanHT0kTlp
R4tDVcj9bbcHxrw00Z70I4MQT8RB6smmhqQfSLNPRl7iz929XXUOH3MwEAuyaj1H
jqorp28rlidRxq+DXM5zIojwdcCDWKYlOjn/HJIlh5404PSlVrwX5yZJjtxDd9Rp
tSQCYIJxuxBPPIuB0264VtIGR2q+cCZIEVbOZQBevdllUKmtCoiCAVZWxCoETbIj
MotjyTA5JhkZDI7oUyuFmbSml5n22IdrjRQidN/XemLsUyiKq9ohf0Hgxi3ukP53
BEnJ5BpZ/SOSVyRBit3xKzhJPd//w9NOKme4ZizwR39JvwH/hPDnL8A8TmAiXStG
-----END CERTIFICATE-----