Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/EazJw5UBNkwW9d5WAZDLQ07dT80.roa
File:                     EazJw5UBNkwW9d5WAZDLQ07dT80.roa (raw, json)
Hash identifier:          pPyJQYhUXS8q8djAfj8uggxy4omx2PXBaFq4MjfDYjA=
Subject key identifier:   11:AC:C9:C3:95:01:36:4C:16:F5:DE:56:01:90:CB:43:4E:DD:4F:CD
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       019033F7C6DA39F364BE52FB166591E4B9F5
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/EazJw5UBNkwW9d5WAZDLQ07dT80.roa
Signing time:             Thu 20 Jun 2024 04:46:34 +0000
ROA not before:           Thu 20 Jun 2024 04:46:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208924
IP address blocks:        2a0d:6f80:1f74::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 02:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:33:f7:c6:da:39:f3:64:be:52:fb:16:65:91:e4:b9:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jun 20 04:46:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11acc9c39501364c16f5de560190cb434edd4fcd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:3c:ad:65:ca:66:9a:ee:d7:ad:da:1c:16:85:
                    70:3d:6c:9a:e2:aa:e4:7d:74:4c:bb:9b:e5:fb:87:
                    a1:01:3c:60:2a:aa:00:68:66:3a:10:46:00:e9:28:
                    70:36:78:9d:8a:53:e4:60:41:3c:3d:01:31:b8:5c:
                    e7:c8:09:87:e0:4e:00:8a:25:6b:cd:97:80:2b:b6:
                    ee:82:92:16:19:07:e7:c2:8a:98:1c:83:a6:df:25:
                    5d:66:0a:01:01:6e:ec:67:6a:65:1a:ac:e7:ff:0d:
                    2f:88:3d:36:fd:41:d3:a9:85:6c:a6:5a:ed:75:bf:
                    60:0a:67:34:bb:7b:5b:ee:9b:ac:e3:9d:d3:bf:cb:
                    65:78:88:51:2a:b5:d1:ec:c4:26:b8:40:1b:3c:50:
                    de:82:8b:1a:79:6f:b6:1f:1c:6f:7a:79:fe:66:9b:
                    09:4a:fb:ad:54:66:11:98:98:da:00:89:34:a3:db:
                    0d:11:b2:31:df:e0:ff:00:db:9a:7c:e1:52:11:56:
                    0f:5f:8d:4e:17:23:d1:76:80:39:fc:92:fb:04:16:
                    df:24:22:74:63:0d:01:a4:28:7f:0f:2d:99:ad:a5:
                    11:fe:3a:c7:9d:5a:23:36:85:a1:ac:db:ae:6f:25:
                    f3:19:52:bb:fc:56:e8:55:b4:00:d9:67:a9:d8:c6:
                    db:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:AC:C9:C3:95:01:36:4C:16:F5:DE:56:01:90:CB:43:4E:DD:4F:CD
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/EazJw5UBNkwW9d5WAZDLQ07dT80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:6f80:1f74::/48

    Signature Algorithm: sha256WithRSAEncryption
         83:5a:cd:fa:fa:61:bb:d0:02:1b:4f:f0:cb:58:56:54:9a:d0:
         58:90:9e:ea:91:fd:c8:5e:2d:76:4a:1e:89:b8:89:3f:40:37:
         cf:f6:aa:d7:19:53:3d:1f:04:5a:6f:bc:02:51:7b:e7:bb:fc:
         99:5a:70:19:df:c6:6b:28:1d:91:8e:68:3e:68:d9:da:83:81:
         0e:b9:ac:84:f5:b0:c5:e1:ba:d3:dd:19:a1:7b:46:c0:d3:e8:
         58:42:7e:eb:0e:14:d9:4f:89:c4:f7:d8:b7:7b:76:73:94:0e:
         7d:f0:18:bb:ab:0c:b2:33:60:f3:ce:50:fc:a0:83:f4:b1:af:
         d2:2e:ac:05:ea:66:01:6c:93:39:f5:de:c2:04:36:08:4d:da:
         34:8c:23:5d:73:c5:96:56:4d:0f:fd:e2:96:4f:36:73:8c:13:
         2a:c2:df:dc:71:46:88:f4:03:d1:8c:bd:9b:b4:9f:6d:c8:a7:
         72:92:d9:43:b5:98:ba:24:4e:fe:05:de:1f:06:df:12:9f:e4:
         fa:0c:0f:89:ee:3a:a0:b7:74:72:7e:63:aa:61:be:f7:df:a0:
         90:5c:ba:2c:1b:de:fa:1f:3c:92:9e:bf:3c:25:63:3d:f7:2b:
         24:db:da:05:ba:38:60:c6:8e:f5:b8:02:bd:a2:3f:b6:cb:87:
         90:fe:52:39
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZAz98baOfNkvlL7FmWR5Ln1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjQwNjIwMDQ0NjM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWFjYzljMzk1MDEzNjRjMTZmNWRlNTYwMTkwY2I0MzRlZGQ0ZmNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zytZcpmmu7XrdocFoVwPWya4qrk
fXRMu5vl+4ehATxgKqoAaGY6EEYA6ShwNnidilPkYEE8PQExuFznyAmH4E4AiiVr
zZeAK7bugpIWGQfnwoqYHIOm3yVdZgoBAW7sZ2plGqzn/w0viD02/UHTqYVsplrt
db9gCmc0u3tb7pus453Tv8tleIhRKrXR7MQmuEAbPFDegosaeW+2Hxxvenn+ZpsJ
SvutVGYRmJjaAIk0o9sNEbIx3+D/ANuafOFSEVYPX41OFyPRdoA5/JL7BBbfJCJ0
Yw0BpCh/Dy2ZraUR/jrHnVojNoWhrNuubyXzGVK7/FboVbQA2Wep2MbbLQIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBGsycOVATZMFvXeVgGQy0NO3U/NMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvRWF6Snc1VUJOa3dXOWQ1V0FaRExRMDdkVDgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg1vgB90
MA0GCSqGSIb3DQEBCwUAA4IBAQCDWs36+mG70AIbT/DLWFZUmtBYkJ7qkf3IXi12
Sh6JuIk/QDfP9qrXGVM9HwRab7wCUXvnu/yZWnAZ38ZrKB2Rjmg+aNnag4EOuayE
9bDF4brT3Rmhe0bA0+hYQn7rDhTZT4nE99i3e3ZzlA598Bi7qwyyM2DzzlD8oIP0
sa/SLqwF6mYBbJM59d7CBDYITdo0jCNdc8WWVk0P/eKWTzZzjBMqwt/ccUaI9APR
jL2btJ9tyKdyktlDtZi6JE7+Bd4fBt8Sn+T6DA+J7jqgt3RyfmOqYb7336CQXLos
G976HzySnr88JWM99ysk29oFujhgxo71uAK9oj+2y4eQ/lI5
-----END CERTIFICATE-----