Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/eECBZaB0aPAWIRVnWZZ3fbqeQB8.roa
File:                     eECBZaB0aPAWIRVnWZZ3fbqeQB8.roa (raw, json)
Hash identifier:          R27az59CIlmIgtRDmZeG9w5rH86/iu0ZIaQAcS2oSVU=
Subject key identifier:   78:40:81:65:A0:74:68:F0:16:21:15:67:59:96:77:7D:BA:9E:40:1F
Certificate issuer:       /CN=4f14112d05e9d876149d2778d48edaaa324db0a5
Certificate serial:       01942369FA49CF930DA6B20B43EC9C689630
Authority key identifier: 4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/eECBZaB0aPAWIRVnWZZ3fbqeQB8.roa
Signing time:             Wed 01 Jan 2025 19:48:55 +0000
ROA not before:           Wed 01 Jan 2025 19:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        94.103.187.0/24 maxlen: 24
                          185.244.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:fa:49:cf:93:0d:a6:b2:0b:43:ec:9c:68:96:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f14112d05e9d876149d2778d48edaaa324db0a5
        Validity
            Not Before: Jan  1 19:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78408165a07468f0162115675996777dba9e401f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:c0:b2:ae:29:58:06:c5:23:21:5c:5d:cb:9d:
                    1f:6b:6c:fc:0e:3d:1c:fc:9a:0c:f2:37:c0:34:a4:
                    7d:97:c4:1e:37:04:e1:43:2b:49:4d:64:b9:2d:21:
                    75:8e:5f:84:26:3f:83:fb:c2:89:8c:5d:6f:98:f1:
                    38:b6:bc:55:b3:af:d5:fb:c2:ec:6d:19:7b:4c:bc:
                    13:d0:2c:9e:63:90:c6:58:a8:fc:20:59:88:ad:99:
                    00:47:64:cc:6a:36:c6:b7:b8:96:49:3a:8c:11:c8:
                    37:73:17:b2:bc:35:62:12:db:7e:3a:fe:37:a6:83:
                    f9:2f:e7:56:9e:d5:69:3d:4b:99:df:85:76:62:d6:
                    42:5c:c8:7c:f0:ce:a0:f3:8e:df:71:95:c1:d6:f8:
                    c5:97:42:26:ae:44:f8:7c:0a:c2:ca:9b:41:8a:45:
                    ae:23:65:eb:73:9c:92:0a:c0:78:96:07:d6:87:e5:
                    e1:6f:02:c1:19:75:c2:cc:a9:cb:cd:ea:84:b4:d4:
                    87:3c:11:e3:c2:a6:fa:f7:28:16:a2:39:bc:7a:ee:
                    34:80:eb:fd:0e:09:a3:32:4a:e0:11:2d:20:26:8f:
                    fb:b9:ae:e0:8a:20:41:3f:8a:88:a0:8e:55:85:b5:
                    8d:b5:ed:1c:d3:14:b6:cf:57:df:be:a9:d3:72:d9:
                    28:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:40:81:65:A0:74:68:F0:16:21:15:67:59:96:77:7D:BA:9E:40:1F
            X509v3 Authority Key Identifier:
                keyid:4F:14:11:2D:05:E9:D8:76:14:9D:27:78:D4:8E:DA:AA:32:4D:B0:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TxQRLQXp2HYUnSd41I7aqjJNsKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/eECBZaB0aPAWIRVnWZZ3fbqeQB8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/3caa51-7a21-499d-a545-bafbdfc8132a/1/TxQRLQXp2HYUnSd41I7aqjJNsKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.103.187.0/24
                  185.244.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c4:5c:75:f0:ac:a4:e8:db:39:cc:25:e4:7a:d5:93:4a:68:8d:
         9e:19:83:0f:f2:b6:79:40:ff:a8:7e:58:0f:2c:fd:cc:18:4f:
         16:81:6e:60:f8:59:8b:12:52:af:f8:68:38:0c:35:43:53:14:
         59:74:ff:b1:f5:35:88:cb:53:47:21:82:73:e6:a6:2d:a5:e5:
         59:96:7c:f8:d9:88:b4:b3:91:36:61:83:d8:9f:da:c2:a2:5b:
         d2:55:e2:94:d9:84:87:53:9c:79:b2:39:71:01:e9:e3:3b:a6:
         8a:30:19:91:ff:3e:82:8c:16:63:14:71:5e:41:7a:a6:06:8a:
         0c:f9:51:8c:fe:40:b3:04:0d:14:92:8e:81:4a:21:02:16:1c:
         eb:5a:61:83:a8:9f:4e:15:ea:25:e8:87:39:27:fd:e4:56:a1:
         9b:d7:e6:3f:00:4f:31:69:2f:31:2c:b3:90:1f:70:38:82:3c:
         03:26:22:ad:b1:cc:85:85:b7:7a:1a:d0:21:ef:7f:12:0c:4a:
         7c:77:3f:e1:46:e8:51:44:c7:02:0d:3b:1c:ac:f0:57:6a:fd:
         84:aa:68:88:f3:06:22:18:fc:44:c1:f5:50:e7:4f:8b:07:86:
         3b:22:1a:f1:40:c2:dd:29:ac:f2:16:6a:71:3c:52:dc:cf:92:
         41:a0:5c:8f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQjafpJz5MNprILQ+ycaJYwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmMTQxMTJkMDVlOWQ4NzYxNDlkMjc3OGQ0OGVkYWFhMzI0
ZGIwYTUwHhcNMjUwMTAxMTk0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODQwODE2NWEwNzQ2OGYwMTYyMTE1Njc1OTk2Nzc3ZGJhOWU0MDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMCyrilYBsUjIVxdy50fa2z8Dj0c
/JoM8jfANKR9l8QeNwThQytJTWS5LSF1jl+EJj+D+8KJjF1vmPE4trxVs6/V+8Ls
bRl7TLwT0CyeY5DGWKj8IFmIrZkAR2TMajbGt7iWSTqMEcg3cxeyvDViEtt+Ov43
poP5L+dWntVpPUuZ34V2YtZCXMh88M6g847fcZXB1vjFl0ImrkT4fArCyptBikWu
I2Xrc5ySCsB4lgfWh+XhbwLBGXXCzKnLzeqEtNSHPBHjwqb69ygWojm8eu40gOv9
DgmjMkrgES0gJo/7ua7giiBBP4qIoI5VhbWNte0c0xS2z1ffvqnTctko5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHhAgWWgdGjwFiEVZ1mWd326nkAfMB8GA1UdIwQY
MBaAFE8UES0F6dh2FJ0neNSO2qoyTbClMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUt
YmFmYmRmYzgxMzJhLzEvZUVDQlphQjBhUEFXSVJWbldaWjNmYnFlUUI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS8zY2FhNTEtN2EyMS00OTlkLWE1NDUtYmFmYmRmYzgxMzJh
LzEvVHhRUkxRWHAySFlVblNkNDFJN2FxakpOc0tVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXme7AwQA
ufRoMA0GCSqGSIb3DQEBCwUAA4IBAQDEXHXwrKTo2znMJeR61ZNKaI2eGYMP8rZ5
QP+oflgPLP3MGE8WgW5g+FmLElKv+Gg4DDVDUxRZdP+x9TWIy1NHIYJz5qYtpeVZ
lnz42Yi0s5E2YYPYn9rColvSVeKU2YSHU5x5sjlxAenjO6aKMBmR/z6CjBZjFHFe
QXqmBooM+VGM/kCzBA0Uko6BSiECFhzrWmGDqJ9OFeol6Ic5J/3kVqGb1+Y/AE8x
aS8xLLOQH3A4gjwDJiKtscyFhbd6GtAh738SDEp8dz/hRuhRRMcCDTscrPBXav2E
qmiI8wYiGPxEwfVQ50+LB4Y7IhrxQMLdKazyFmpxPFLcz5JBoFyP
-----END CERTIFICATE-----