Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/ESzdElu9ct3J-BZv2I8DzLMhNlE.roa
File:                     ESzdElu9ct3J-BZv2I8DzLMhNlE.roa (raw, json)
Hash identifier:          PmGWtEJiaLk6uQGi7YVoqArZf0QhdMq/b8IFDj932iY=
Subject key identifier:   11:2C:DD:12:5B:BD:72:DD:C9:F8:16:6F:D8:8F:03:CC:B3:21:36:51
Certificate issuer:       /CN=c2c12b527a5d1f8b8bcf230eb611f52f11d52bbf
Certificate serial:       018CC26D4DB6C2481904861F4AEE78065F59
Authority key identifier: C2:C1:2B:52:7A:5D:1F:8B:8B:CF:23:0E:B6:11:F5:2F:11:D5:2B:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wsErUnpdH4uLzyMOthH1LxHVK78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/ESzdElu9ct3J-BZv2I8DzLMhNlE.roa
Signing time:             Mon 01 Jan 2024 00:29:52 +0000
ROA not before:           Mon 01 Jan 2024 00:29:52 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204428
IP address blocks:        80.94.95.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/wsErUnpdH4uLzyMOthH1LxHVK78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/wsErUnpdH4uLzyMOthH1LxHVK78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wsErUnpdH4uLzyMOthH1LxHVK78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 08:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:4d:b6:c2:48:19:04:86:1f:4a:ee:78:06:5f:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2c12b527a5d1f8b8bcf230eb611f52f11d52bbf
        Validity
            Not Before: Jan  1 00:29:52 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=112cdd125bbd72ddc9f8166fd88f03ccb3213651
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:7f:78:02:2d:4a:aa:f2:e2:2f:23:62:3f:69:
                    2f:4a:bc:52:7b:7f:ee:1e:cb:41:ae:73:74:ad:15:
                    cf:ff:0f:a9:b7:1a:ba:44:7c:43:b3:aa:a7:19:a3:
                    80:38:e8:c8:67:b3:eb:71:58:3f:df:90:9d:f2:4f:
                    80:70:e8:54:fe:90:78:45:1e:de:33:0e:40:de:14:
                    bc:2c:84:7b:45:d9:9a:f1:e5:4f:b7:c2:18:0f:9e:
                    b8:9b:45:68:43:bb:8c:35:e4:63:a6:6a:4a:fb:d3:
                    b8:78:09:4f:32:02:77:2f:3c:59:68:e6:53:ef:6d:
                    2e:ae:ff:47:3d:c9:ab:f4:02:e9:d0:60:a9:4c:99:
                    e0:c2:6c:26:98:ed:c6:cf:72:da:cb:c9:83:b2:01:
                    e5:bc:01:b4:24:b1:8d:79:37:06:7f:10:ec:e9:e2:
                    05:e5:7b:42:fd:90:00:d1:0a:e7:50:29:0f:8a:fb:
                    2a:37:7a:78:9c:61:86:2e:7c:e3:dd:37:6b:ed:3f:
                    4c:f6:d0:1e:1c:02:d1:54:a3:75:bd:25:75:a8:d2:
                    fa:ac:43:b8:5c:4a:c0:88:57:fd:ce:79:29:a8:3f:
                    e8:51:08:76:4c:2c:04:4d:be:d8:8b:a7:3b:02:26:
                    c5:07:aa:a5:c0:e0:03:bf:0d:c4:54:83:fd:4a:9a:
                    87:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:2C:DD:12:5B:BD:72:DD:C9:F8:16:6F:D8:8F:03:CC:B3:21:36:51
            X509v3 Authority Key Identifier:
                keyid:C2:C1:2B:52:7A:5D:1F:8B:8B:CF:23:0E:B6:11:F5:2F:11:D5:2B:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wsErUnpdH4uLzyMOthH1LxHVK78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/ESzdElu9ct3J-BZv2I8DzLMhNlE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/3ebb46-b9dd-4695-815c-46ee578a0bfe/1/wsErUnpdH4uLzyMOthH1LxHVK78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.94.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:2b:cb:13:9e:c4:2f:86:ee:13:8b:80:e0:7f:03:17:b8:74:
         41:6a:1a:f0:26:6c:f9:a5:f3:5d:2b:14:d5:30:fb:2d:5d:88:
         c0:6d:e6:2a:5f:04:89:31:b1:8d:76:79:8d:1d:30:5e:83:4a:
         2a:89:59:48:5a:07:17:a8:6e:f7:3c:c7:66:88:73:d3:87:45:
         f2:6b:6f:07:0a:2f:0a:d9:dc:4d:95:03:29:98:05:5a:08:0d:
         48:1d:0a:04:f5:71:e0:27:90:74:b0:b0:dd:70:65:b2:f1:69:
         37:4e:c6:c0:51:ae:62:e1:37:d4:b9:15:7d:9f:f8:d2:f2:b7:
         b8:9a:b2:d3:34:59:a6:f1:04:b7:fe:08:b5:72:11:f5:f9:e6:
         36:9f:ff:bf:75:99:92:0f:d3:52:5b:e6:49:a0:87:dd:ff:7b:
         9c:cd:69:37:a8:59:af:c9:00:8d:be:7f:a0:7d:89:a4:55:54:
         9c:04:39:d4:69:18:34:57:4c:68:31:3f:48:09:a1:48:73:20:
         51:0d:36:a6:e2:84:ae:26:4e:3e:81:8a:b2:bf:0d:45:e7:37:
         c6:5d:dc:d3:6e:d0:e2:c6:95:f8:12:2f:43:96:31:44:56:28:
         77:e0:3b:99:32:eb:50:bb:86:1f:8e:ed:f9:6a:02:6c:76:73:
         ef:80:58:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbU22wkgZBIYfSu54Bl9ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyYzEyYjUyN2E1ZDFmOGI4YmNmMjMwZWI2MTFmNTJmMTFk
NTJiYmYwHhcNMjQwMTAxMDAyOTUyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTJjZGQxMjViYmQ3MmRkYzlmODE2NmZkODhmMDNjY2IzMjEzNjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxX94Ai1KqvLiLyNiP2kvSrxSe3/u
HstBrnN0rRXP/w+ptxq6RHxDs6qnGaOAOOjIZ7PrcVg/35Cd8k+AcOhU/pB4RR7e
Mw5A3hS8LIR7Rdma8eVPt8IYD564m0VoQ7uMNeRjpmpK+9O4eAlPMgJ3LzxZaOZT
720urv9HPcmr9ALp0GCpTJngwmwmmO3Gz3Lay8mDsgHlvAG0JLGNeTcGfxDs6eIF
5XtC/ZAA0QrnUCkPivsqN3p4nGGGLnzj3Tdr7T9M9tAeHALRVKN1vSV1qNL6rEO4
XErAiFf9znkpqD/oUQh2TCwETb7Yi6c7AibFB6qlwOADvw3EVIP9SpqH8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBEs3RJbvXLdyfgWb9iPA8yzITZRMB8GA1UdIwQY
MBaAFMLBK1J6XR+Li88jDrYR9S8R1Su/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd3NFclVucGRINHVMenlNT3RoSDFMeEhWSzc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS8zZWJiNDYtYjlkZC00Njk1LTgxNWMt
NDZlZTU3OGEwYmZlLzEvRVN6ZEVsdTljdDNKLUJadjJJOER6TE1oTmxFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS8zZWJiNDYtYjlkZC00Njk1LTgxNWMtNDZlZTU3OGEwYmZl
LzEvd3NFclVucGRINHVMenlNT3RoSDFMeEhWSzc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUF5fMA0G
CSqGSIb3DQEBCwUAA4IBAQCzK8sTnsQvhu4Ti4DgfwMXuHRBahrwJmz5pfNdKxTV
MPstXYjAbeYqXwSJMbGNdnmNHTBeg0oqiVlIWgcXqG73PMdmiHPTh0Xya28HCi8K
2dxNlQMpmAVaCA1IHQoE9XHgJ5B0sLDdcGWy8Wk3TsbAUa5i4TfUuRV9n/jS8re4
mrLTNFmm8QS3/gi1chH1+eY2n/+/dZmSD9NSW+ZJoIfd/3uczWk3qFmvyQCNvn+g
fYmkVVScBDnUaRg0V0xoMT9ICaFIcyBRDTam4oSuJk4+gYqyvw1F5zfGXdzTbtDi
xpX4Ei9DljFEVih34DuZMutQu4Yfju35agJsdnPvgFh8
-----END CERTIFICATE-----