Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/eVOsutSYdF-Xs5B-cWNPb1fQVGI.roa
File:                     eVOsutSYdF-Xs5B-cWNPb1fQVGI.roa (raw, json)
Hash identifier:          40vaSxGZRWj8DbIpSBigOB2bVuooe8qXLmF9qpKlDwg=
Subject key identifier:   79:53:AC:BA:D4:98:74:5F:97:B3:90:7E:71:63:4F:6F:57:D0:54:62
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       0192FAA6B3365F0BC1F200222C39C8AE7601
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/eVOsutSYdF-Xs5B-cWNPb1fQVGI.roa
Signing time:             Tue 05 Nov 2024 04:48:01 +0000
ROA not before:           Tue 05 Nov 2024 04:48:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56541
IP address blocks:        31.44.176.0/23 maxlen: 23
                          31.44.178.0/23 maxlen: 23
                          31.44.180.0/23 maxlen: 23
                          31.44.182.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:fa:a6:b3:36:5f:0b:c1:f2:00:22:2c:39:c8:ae:76:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Nov  5 04:48:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7953acbad498745f97b3907e71634f6f57d05462
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:05:ba:ed:9f:16:16:3a:11:d0:6e:8c:e1:13:
                    c5:bf:e7:1b:45:58:52:56:19:3a:c8:a2:d3:fa:0a:
                    49:62:c9:55:36:e7:c8:0e:af:c5:e3:47:1c:99:a9:
                    20:53:e8:e1:0a:a6:a5:45:2a:98:07:59:30:5d:41:
                    8c:c0:bd:a0:86:61:ef:6b:24:76:1b:0c:3d:4e:c7:
                    96:3e:29:e0:fb:ff:6f:b3:d1:55:a5:19:2a:72:38:
                    9f:0a:3a:56:06:c0:d8:29:f5:02:6a:6d:1a:c6:76:
                    da:19:76:eb:95:b2:29:ed:1e:c8:a3:c5:13:6d:e3:
                    eb:5c:50:95:aa:42:29:af:31:5d:15:54:35:f1:5a:
                    b6:d8:ba:07:56:20:f7:c4:d0:2c:45:e5:df:c9:ff:
                    c5:a5:cc:84:88:a9:5c:5c:ef:76:e5:b3:6e:76:38:
                    96:fd:4f:ad:80:44:6e:81:96:ec:c9:d6:9b:d0:38:
                    d5:25:60:1b:13:9b:b1:b9:a1:ff:75:f6:cb:13:7d:
                    d1:fd:94:9c:9c:58:52:47:1e:b4:a6:6a:ef:f2:bc:
                    5a:2d:eb:f8:ca:d9:32:1e:f1:ac:fd:aa:3b:6b:eb:
                    3e:2a:3e:ea:df:4c:3c:bd:b6:df:05:7f:4c:1a:a2:
                    62:a1:78:2f:81:c6:fd:11:bb:ce:8a:83:79:71:b2:
                    e1:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:53:AC:BA:D4:98:74:5F:97:B3:90:7E:71:63:4F:6F:57:D0:54:62
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/eVOsutSYdF-Xs5B-cWNPb1fQVGI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.44.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9d:70:2f:5d:d1:d7:a2:3c:58:ed:4c:c8:00:da:8f:fc:46:66:
         f0:7e:7a:ef:97:bc:63:cb:ad:ac:5d:3c:1d:7b:55:0a:3d:fc:
         78:49:fc:b4:8f:fa:ff:7b:3b:df:2f:84:11:00:5e:64:0f:5b:
         3d:a0:b0:bd:98:d8:6e:24:d3:b1:4e:e2:49:ac:35:31:75:06:
         b8:b6:c1:71:6d:ea:6a:f7:70:e3:89:bb:85:80:44:ce:96:f1:
         25:64:13:c5:d3:a6:70:9b:92:c6:e3:7d:52:9b:39:9f:98:ce:
         46:4f:31:49:f9:8a:9b:1b:20:06:9e:20:ce:b7:61:72:56:26:
         1a:2e:3f:0f:27:6e:12:2a:c1:59:fb:92:6e:2b:12:84:92:6b:
         b2:ee:28:c2:c5:e0:80:03:c6:f3:69:23:10:ee:1e:77:ba:6d:
         8b:18:37:86:9c:89:f8:61:3f:f4:15:ae:3a:11:ac:b0:8f:70:
         1a:f5:b9:35:4f:30:b3:cf:1b:6e:9e:e9:29:bd:5f:f8:04:27:
         b2:e2:16:9b:9e:2f:ad:21:23:4a:71:e6:56:b9:96:3e:5f:5d:
         a2:68:52:d3:4f:a0:56:6b:3f:f7:b3:3e:20:f7:51:aa:26:cf:
         4e:bf:2b:a3:f0:c0:3d:04:bc:92:17:10:e6:07:fe:f7:7d:0a:
         07:fb:54:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZL6prM2XwvB8gAiLDnIrnYBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjQxMTA1MDQ0ODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTUzYWNiYWQ0OTg3NDVmOTdiMzkwN2U3MTYzNGY2ZjU3ZDA1NDYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwQW67Z8WFjoR0G6M4RPFv+cbRVhS
Vhk6yKLT+gpJYslVNufIDq/F40ccmakgU+jhCqalRSqYB1kwXUGMwL2ghmHvayR2
Gww9TseWPing+/9vs9FVpRkqcjifCjpWBsDYKfUCam0axnbaGXbrlbIp7R7Io8UT
bePrXFCVqkIprzFdFVQ18Vq22LoHViD3xNAsReXfyf/FpcyEiKlcXO925bNudjiW
/U+tgERugZbsydab0DjVJWAbE5uxuaH/dfbLE33R/ZScnFhSRx60pmrv8rxaLev4
ytkyHvGs/ao7a+s+Kj7q30w8vbbfBX9MGqJioXgvgcb9EbvOioN5cbLh6QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHlTrLrUmHRfl7OQfnFjT29X0FRiMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvZVZPc3V0U1lkRi1YczVCLWNXTlBiMWZRVkdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDHyywMA0G
CSqGSIb3DQEBCwUAA4IBAQCdcC9d0deiPFjtTMgA2o/8Rmbwfnrvl7xjy62sXTwd
e1UKPfx4Sfy0j/r/ezvfL4QRAF5kD1s9oLC9mNhuJNOxTuJJrDUxdQa4tsFxbepq
93DjibuFgETOlvElZBPF06Zwm5LG431SmzmfmM5GTzFJ+YqbGyAGniDOt2FyViYa
Lj8PJ24SKsFZ+5JuKxKEkmuy7ijCxeCAA8bzaSMQ7h53um2LGDeGnIn4YT/0Fa46
Eaywj3Aa9bk1TzCzzxtunukpvV/4BCey4habni+tISNKceZWuZY+X12iaFLTT6BW
az/3sz4g91GqJs9Ovyuj8MA9BLySFxDmB/73fQoH+1QO
-----END CERTIFICATE-----