Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/39d5f1-66f7-49d8-afba-14a1909b1237/1/sxEZEEWAU1EUn5MwZudFBV21m2o.roa
File:                     sxEZEEWAU1EUn5MwZudFBV21m2o.roa (raw, json)
Hash identifier:          4IUTcmnihy5cGg5OJAyro4y8mptoSq2a9OAObZs3QI8=
Subject key identifier:   B3:11:19:10:45:80:53:51:14:9F:93:30:66:E7:45:05:5D:B5:9B:6A
Certificate issuer:       /CN=ee1cce901e5fb7c92f09a915cf6e656f693ba100
Certificate serial:       0192B8782F80EA353C3E45503DA49B943BAD
Authority key identifier: EE:1C:CE:90:1E:5F:B7:C9:2F:09:A9:15:CF:6E:65:6F:69:3B:A1:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hzOkB5ft8kvCakVz25lb2k7oQA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/39d5f1-66f7-49d8-afba-14a1909b1237/1/sxEZEEWAU1EUn5MwZudFBV21m2o.roa
Signing time:             Wed 23 Oct 2024 08:22:17 +0000
ROA not before:           Wed 23 Oct 2024 08:22:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10122
IP address blocks:        185.155.137.0/24 maxlen: 24
                          185.155.139.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/39d5f1-66f7-49d8-afba-14a1909b1237/1/7hzOkB5ft8kvCakVz25lb2k7oQA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/39d5f1-66f7-49d8-afba-14a1909b1237/1/7hzOkB5ft8kvCakVz25lb2k7oQA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hzOkB5ft8kvCakVz25lb2k7oQA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:b8:78:2f:80:ea:35:3c:3e:45:50:3d:a4:9b:94:3b:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1cce901e5fb7c92f09a915cf6e656f693ba100
        Validity
            Not Before: Oct 23 08:22:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b311191045805351149f933066e745055db59b6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:14:7e:48:59:1b:36:ae:26:a0:30:2c:68:aa:
                    0c:26:9d:86:99:33:7f:33:0e:7c:7a:16:b6:cb:f4:
                    13:00:62:cb:97:0b:5c:d5:91:5d:de:c8:68:5f:69:
                    c1:92:b7:2d:dd:fc:f7:50:d1:f3:a0:93:4c:7a:21:
                    47:fb:cc:dc:4d:c8:de:40:f3:b3:97:19:2b:4d:df:
                    e7:ef:55:90:68:d7:a0:19:cf:e1:fa:e5:22:8c:dc:
                    37:60:5f:9b:bb:0d:d1:98:6f:62:86:c9:0a:0a:5c:
                    66:a6:f5:83:97:a6:0b:67:70:98:b3:e3:98:74:22:
                    f5:06:0a:9c:29:5d:76:7a:12:aa:01:26:28:f3:e4:
                    5d:97:a6:04:92:43:0b:d4:08:23:12:ff:3c:67:ac:
                    3c:52:e3:f5:44:6f:ec:0e:1a:77:5c:0c:6a:39:87:
                    2e:10:89:a5:1e:49:1e:99:c3:5a:c9:08:81:b8:f5:
                    c4:dc:bd:44:d4:46:6d:35:54:23:3d:4d:36:8e:27:
                    6b:13:0d:a0:82:ed:56:70:c8:72:95:45:9c:bb:df:
                    48:11:df:a2:69:76:a1:14:9a:b6:9f:b5:59:b3:fa:
                    46:69:72:e3:e0:af:10:7c:06:fa:76:e2:f2:54:fa:
                    8e:c6:60:c0:fb:4b:80:5f:8f:6a:58:08:ce:ad:22:
                    d8:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:11:19:10:45:80:53:51:14:9F:93:30:66:E7:45:05:5D:B5:9B:6A
            X509v3 Authority Key Identifier:
                keyid:EE:1C:CE:90:1E:5F:B7:C9:2F:09:A9:15:CF:6E:65:6F:69:3B:A1:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hzOkB5ft8kvCakVz25lb2k7oQA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/39d5f1-66f7-49d8-afba-14a1909b1237/1/sxEZEEWAU1EUn5MwZudFBV21m2o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/39d5f1-66f7-49d8-afba-14a1909b1237/1/7hzOkB5ft8kvCakVz25lb2k7oQA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.155.137.0/24
                  185.155.139.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:e2:e9:2f:2a:f5:af:c9:e6:48:e4:b6:e2:2f:cd:03:4b:d0:
         98:67:f1:bc:0e:81:97:01:40:c6:5f:e2:84:98:8f:ed:1d:00:
         6d:f4:74:e9:65:af:37:51:6e:b2:d9:f4:7c:ae:6a:c7:fc:dc:
         19:59:cf:5d:99:9d:4a:4d:82:8c:21:28:c6:f9:24:42:de:bd:
         ca:e1:4d:ec:9c:29:47:5e:56:df:10:28:ba:ed:50:e0:43:f7:
         bf:ae:42:8a:d7:a5:22:fe:68:a4:33:f1:26:a9:33:62:a3:23:
         f2:01:31:61:58:e4:9a:d3:18:f8:94:a6:bf:ba:d6:50:44:80:
         5b:74:6f:a8:32:ed:d0:38:66:c5:e4:74:99:bd:c2:c2:3b:4d:
         37:16:11:8f:11:b6:f6:71:19:2d:66:72:4a:88:59:3a:f1:a7:
         c7:bf:41:48:ef:56:29:eb:33:07:67:4f:05:ab:05:01:80:f9:
         36:b0:36:66:9f:34:7f:84:09:18:1f:e9:7b:d7:1f:ca:eb:c9:
         8a:61:30:f7:9e:b0:44:28:46:5f:8e:27:7f:84:6b:72:71:13:
         46:ff:67:ae:13:00:43:03:f5:44:a8:d0:d9:91:f2:29:13:be:
         bb:8b:65:07:bc:59:17:10:e0:ec:27:81:13:b4:53:34:91:ad:
         81:e5:8a:10
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZK4eC+A6jU8PkVQPaSblDutMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWNjZTkwMWU1ZmI3YzkyZjA5YTkxNWNmNmU2NTZmNjkz
YmExMDAwHhcNMjQxMDIzMDgyMjE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzExMTkxMDQ1ODA1MzUxMTQ5ZjkzMzA2NmU3NDUwNTVkYjU5YjZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1BR+SFkbNq4moDAsaKoMJp2GmTN/
Mw58eha2y/QTAGLLlwtc1ZFd3shoX2nBkrct3fz3UNHzoJNMeiFH+8zcTcjeQPOz
lxkrTd/n71WQaNegGc/h+uUijNw3YF+buw3RmG9ihskKClxmpvWDl6YLZ3CYs+OY
dCL1BgqcKV12ehKqASYo8+Rdl6YEkkML1AgjEv88Z6w8UuP1RG/sDhp3XAxqOYcu
EImlHkkemcNayQiBuPXE3L1E1EZtNVQjPU02jidrEw2ggu1WcMhylUWcu99IEd+i
aXahFJq2n7VZs/pGaXLj4K8QfAb6duLyVPqOxmDA+0uAX49qWAjOrSLYCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLMRGRBFgFNRFJ+TMGbnRQVdtZtqMB8GA1UdIwQY
MBaAFO4czpAeX7fJLwmpFc9uZW9pO6EAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h6T2tCNWZ0OGt2Q2FrVnoyNWxiMms3b1FBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS8zOWQ1ZjEtNjZmNy00OWQ4LWFmYmEt
MTRhMTkwOWIxMjM3LzEvc3hFWkVFV0FVMUVVbjVNd1p1ZEZCVjIxbTJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS8zOWQ1ZjEtNjZmNy00OWQ4LWFmYmEtMTRhMTkwOWIxMjM3
LzEvN2h6T2tCNWZ0OGt2Q2FrVnoyNWxiMms3b1FBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuZuJAwQA
uZuLMA0GCSqGSIb3DQEBCwUAA4IBAQAn4ukvKvWvyeZI5LbiL80DS9CYZ/G8DoGX
AUDGX+KEmI/tHQBt9HTpZa83UW6y2fR8rmrH/NwZWc9dmZ1KTYKMISjG+SRC3r3K
4U3snClHXlbfECi67VDgQ/e/rkKK16Ui/mikM/EmqTNioyPyATFhWOSa0xj4lKa/
utZQRIBbdG+oMu3QOGbF5HSZvcLCO003FhGPEbb2cRktZnJKiFk68afHv0FI71Yp
6zMHZ08FqwUBgPk2sDZmnzR/hAkYH+l71x/K68mKYTD3nrBEKEZfjid/hGtycRNG
/2euEwBDA/VEqNDZkfIpE767i2UHvFkXEODsJ4ETtFM0ka2B5YoQ
-----END CERTIFICATE-----