Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/EaAMnFH-hB2qHl4ouB7WX5rseGY.roa
File:                     EaAMnFH-hB2qHl4ouB7WX5rseGY.roa (raw, json)
Hash identifier:          pGSLbQywLVFAW/Ackf3Ye80oSWyNjmKo/4ncxHEHLig=
Subject key identifier:   11:A0:0C:9C:51:FE:84:1D:AA:1E:5E:28:B8:1E:D6:5F:9A:EC:78:66
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       018CC86FAF792FDDF6F4D48C7F107112D3B8
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/EaAMnFH-hB2qHl4ouB7WX5rseGY.roa
Signing time:             Tue 02 Jan 2024 04:30:11 +0000
ROA not before:           Tue 02 Jan 2024 04:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57707
IP address blocks:        92.119.184.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:af:79:2f:dd:f6:f4:d4:8c:7f:10:71:12:d3:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  2 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11a00c9c51fe841daa1e5e28b81ed65f9aec7866
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:a8:d2:7e:43:83:47:f1:5e:a9:a8:b9:b2:44:
                    8f:47:18:34:4d:ff:c5:77:f5:2e:b5:a9:c8:bc:63:
                    1c:ec:f6:bc:c4:06:be:98:3d:95:c4:a0:93:26:b6:
                    84:d3:2d:30:f0:02:9c:01:68:7a:db:3b:b4:86:df:
                    6d:ac:82:3d:3f:d1:f0:af:e1:ed:c4:7c:85:1b:f6:
                    fb:44:e8:be:4e:ff:66:9b:2f:84:f3:27:a2:93:8d:
                    df:3f:92:db:a1:7c:d0:07:39:0e:7d:47:0c:fa:12:
                    1f:99:da:86:67:2d:46:af:69:87:69:d2:88:60:2e:
                    26:1c:85:42:68:ce:a8:67:9c:73:c0:2a:1c:b7:07:
                    24:81:45:3a:c4:39:40:e5:59:44:57:2a:33:d3:e9:
                    66:8d:5b:b3:69:33:f6:56:70:c6:5a:aa:f1:3e:c3:
                    aa:1d:68:30:56:19:30:e1:ad:6d:50:48:9a:b7:0b:
                    80:7f:07:71:02:4a:5e:58:f8:59:10:0f:1a:bb:88:
                    81:c1:bc:8b:60:cf:fd:96:b2:df:6b:67:1f:79:f9:
                    d8:8d:35:c8:66:fb:19:90:e1:50:00:cf:e1:e0:61:
                    4a:ce:5d:e0:69:54:a9:9b:6c:76:b9:42:a0:3b:7f:
                    bb:ea:02:65:cd:54:7e:d1:36:5c:d4:71:3f:b1:de:
                    de:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:A0:0C:9C:51:FE:84:1D:AA:1E:5E:28:B8:1E:D6:5F:9A:EC:78:66
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/EaAMnFH-hB2qHl4ouB7WX5rseGY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.119.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4d:ba:a8:75:eb:db:40:e1:ef:7a:25:20:25:9e:ea:8e:33:de:
         92:1d:55:69:b6:3a:75:e0:55:70:ba:a6:6d:51:39:d0:3a:b2:
         97:69:f3:59:e6:df:4c:62:b8:86:82:95:d1:c9:f6:56:7c:e4:
         76:f7:bd:fb:79:a9:dc:47:c2:b0:62:1c:e9:c1:0b:28:42:84:
         cb:ed:c0:89:11:a1:37:ce:70:4c:24:48:cf:4d:0b:2e:51:7f:
         dc:f8:e9:fb:9d:67:cd:7d:4b:21:3b:8a:30:7d:d2:21:8d:dd:
         b0:5b:51:38:15:a9:e7:90:9e:e1:31:fd:f7:c2:64:a4:b1:52:
         c3:93:e0:c5:e1:54:0d:40:4d:9b:66:61:58:0a:02:31:ab:76:
         af:e3:97:9e:ea:b8:c0:b7:b7:7a:fb:65:a6:e0:60:a3:d2:a4:
         01:8f:fb:e2:de:2b:e6:1b:2c:f6:82:e0:47:0f:d3:0b:fb:39:
         ae:13:b8:e7:f4:3b:61:b0:ff:36:16:31:2e:1f:70:6b:ef:9d:
         93:fa:2c:fb:4d:54:d2:9f:dc:dd:e0:68:c8:8d:00:18:ff:7c:
         cd:b1:f6:b2:3c:40:8f:41:7c:a3:5d:47:aa:9a:80:16:69:90:
         89:6c:48:29:a3:2d:8c:01:50:fe:2a:42:ff:2f:2b:86:9c:ea:
         e9:8a:14:e3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb695L9329NSMfxBxEtO4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwMTAyMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWEwMGM5YzUxZmU4NDFkYWExZTVlMjhiODFlZDY1ZjlhZWM3ODY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoajSfkODR/Feqai5skSPRxg0Tf/F
d/UutanIvGMc7Pa8xAa+mD2VxKCTJraE0y0w8AKcAWh62zu0ht9trII9P9Hwr+Ht
xHyFG/b7ROi+Tv9mmy+E8yeik43fP5LboXzQBzkOfUcM+hIfmdqGZy1Gr2mHadKI
YC4mHIVCaM6oZ5xzwCoctwckgUU6xDlA5VlEVyoz0+lmjVuzaTP2VnDGWqrxPsOq
HWgwVhkw4a1tUEiatwuAfwdxAkpeWPhZEA8au4iBwbyLYM/9lrLfa2cfefnYjTXI
ZvsZkOFQAM/h4GFKzl3gaVSpm2x2uUKgO3+76gJlzVR+0TZc1HE/sd7eAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGgDJxR/oQdqh5eKLge1l+a7HhmMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvRWFBTW5GSC1oQjJxSGw0b3VCN1dYNXJzZUdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXHe4MA0G
CSqGSIb3DQEBCwUAA4IBAQBNuqh169tA4e96JSAlnuqOM96SHVVptjp14FVwuqZt
UTnQOrKXafNZ5t9MYriGgpXRyfZWfOR29737eancR8KwYhzpwQsoQoTL7cCJEaE3
znBMJEjPTQsuUX/c+On7nWfNfUshO4owfdIhjd2wW1E4FannkJ7hMf33wmSksVLD
k+DF4VQNQE2bZmFYCgIxq3av45ee6rjAt7d6+2Wm4GCj0qQBj/vi3ivmGyz2guBH
D9ML+zmuE7jn9DthsP82FjEuH3Br752T+iz7TVTSn9zd4GjIjQAY/3zNsfayPECP
QXyjXUeqmoAWaZCJbEgpoy2MAVD+KkL/LyuGnOrpihTj
-----END CERTIFICATE-----