Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/ba9d13-8ca6-4577-a59c-9dd997eef4ef/1/eZKl1BTTil1E-oRrTnA7ejWmysg.roa
File:                     eZKl1BTTil1E-oRrTnA7ejWmysg.roa (raw, json)
Hash identifier:          PYapiy6nHyxq7m3EgK06QAasgMWixXgPiieggsBa7kE=
Subject key identifier:   79:92:A5:D4:14:D3:8A:5D:44:FA:84:6B:4E:70:3B:7A:35:A6:CA:C8
Certificate issuer:       /CN=1027a8a61299b80a3e71d1a981427ec00b849d17
Certificate serial:       018E2DB9F49A4348BBBA01DBAE057DF1DF9C
Authority key identifier: 10:27:A8:A6:12:99:B8:0A:3E:71:D1:A9:81:42:7E:C0:0B:84:9D:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ECeophKZuAo-cdGpgUJ-wAuEnRc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/ba9d13-8ca6-4577-a59c-9dd997eef4ef/1/eZKl1BTTil1E-oRrTnA7ejWmysg.roa
Signing time:             Mon 11 Mar 2024 13:35:45 +0000
ROA not before:           Mon 11 Mar 2024 13:35:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42812
IP address blocks:        193.202.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/ba9d13-8ca6-4577-a59c-9dd997eef4ef/1/ECeophKZuAo-cdGpgUJ-wAuEnRc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/ba9d13-8ca6-4577-a59c-9dd997eef4ef/1/ECeophKZuAo-cdGpgUJ-wAuEnRc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ECeophKZuAo-cdGpgUJ-wAuEnRc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 30 Jun 2024 01:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:2d:b9:f4:9a:43:48:bb:ba:01:db:ae:05:7d:f1:df:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1027a8a61299b80a3e71d1a981427ec00b849d17
        Validity
            Not Before: Mar 11 13:35:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7992a5d414d38a5d44fa846b4e703b7a35a6cac8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b5:da:79:05:9e:fd:4a:8a:4a:74:95:ca:85:
                    76:70:62:bc:db:da:0d:a2:44:90:7a:c2:10:4f:02:
                    24:a3:26:9f:64:1d:d3:d3:36:a6:a2:fc:93:fa:c9:
                    71:dc:d1:6b:05:09:7a:05:fb:df:dc:63:ed:84:31:
                    f8:12:65:97:3f:e1:84:45:96:d1:3f:c2:8c:9a:cf:
                    52:36:47:b3:43:6e:55:f9:ac:d8:50:fb:f9:2b:8d:
                    49:01:a4:38:92:31:b4:dc:f3:f7:9b:77:14:00:0b:
                    d8:03:0a:7c:23:02:5d:5c:bc:bc:36:95:42:93:d3:
                    9d:f5:e5:65:fb:84:95:03:66:c0:d8:c7:2a:1d:86:
                    80:e0:06:9e:cc:d9:15:86:7b:21:f9:21:ae:d0:3e:
                    c1:7f:63:2b:ed:e6:f4:9e:de:37:d8:ec:d2:40:8f:
                    0a:a2:ed:19:2e:db:1a:ad:58:0f:d7:b6:63:ee:b7:
                    3a:10:cd:54:a0:c4:a6:6b:65:8e:02:96:09:53:8f:
                    54:2b:1c:6d:66:59:1d:03:2d:38:c2:04:7c:80:3f:
                    07:c0:79:9b:f6:6b:a3:a6:18:b1:d0:7e:35:00:97:
                    9a:1d:4e:3d:3d:96:81:ab:05:e8:0c:d8:92:84:4a:
                    0e:9b:a8:d4:78:0d:51:91:94:25:a6:d0:cb:d9:f3:
                    ad:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:92:A5:D4:14:D3:8A:5D:44:FA:84:6B:4E:70:3B:7A:35:A6:CA:C8
            X509v3 Authority Key Identifier:
                keyid:10:27:A8:A6:12:99:B8:0A:3E:71:D1:A9:81:42:7E:C0:0B:84:9D:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ECeophKZuAo-cdGpgUJ-wAuEnRc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ba9d13-8ca6-4577-a59c-9dd997eef4ef/1/eZKl1BTTil1E-oRrTnA7ejWmysg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/ba9d13-8ca6-4577-a59c-9dd997eef4ef/1/ECeophKZuAo-cdGpgUJ-wAuEnRc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.202.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:20:eb:aa:33:d1:d7:ef:3c:0f:d4:2c:d9:61:a1:64:ed:cc:
         a0:d6:0e:3f:73:2e:b7:3a:3b:54:a0:7e:3c:81:a7:b3:5f:5f:
         3c:9d:fb:a2:92:9c:a3:9d:3c:32:f7:74:79:ad:6b:d2:a5:7d:
         56:36:9d:5e:35:e3:bc:db:26:bb:c2:c6:6b:1c:3a:fd:28:c4:
         63:cf:94:a7:87:c7:8f:e4:90:36:e9:de:c0:4e:92:7d:16:aa:
         07:18:21:72:47:b0:83:46:d9:53:eb:a0:30:19:04:4d:9f:a8:
         bc:a5:a0:ed:30:8f:75:5b:69:05:34:c5:56:3e:f1:1b:97:cf:
         14:d0:b8:54:ae:40:15:87:12:e4:b3:1c:70:fa:3b:23:89:5e:
         d5:c7:66:9a:46:d5:35:5a:c6:f0:f6:e5:f2:7d:53:6e:4d:95:
         61:c6:e0:9a:24:3b:f0:7b:c0:08:49:80:d3:49:8d:2b:f9:c9:
         e3:9f:32:e0:4f:20:06:be:9e:16:bb:34:f2:f5:67:f1:95:33:
         19:8d:59:67:d4:a6:44:72:c6:b8:a7:f5:b7:4a:b9:39:f1:79:
         9f:cd:7d:c9:ec:2c:7b:1c:5c:47:35:2f:52:0f:f5:08:78:22:
         a2:f6:cc:78:d5:fb:0f:21:d6:73:e7:94:52:fa:f9:c1:bb:80:
         d6:ca:fe:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4tufSaQ0i7ugHbrgV98d+cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwMjdhOGE2MTI5OWI4MGEzZTcxZDFhOTgxNDI3ZWMwMGI4
NDlkMTcwHhcNMjQwMzExMTMzNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTkyYTVkNDE0ZDM4YTVkNDRmYTg0NmI0ZTcwM2I3YTM1YTZjYWM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbXaeQWe/UqKSnSVyoV2cGK829oN
okSQesIQTwIkoyafZB3T0zamovyT+slx3NFrBQl6Bfvf3GPthDH4EmWXP+GERZbR
P8KMms9SNkezQ25V+azYUPv5K41JAaQ4kjG03PP3m3cUAAvYAwp8IwJdXLy8NpVC
k9Od9eVl+4SVA2bA2McqHYaA4AaezNkVhnsh+SGu0D7Bf2Mr7eb0nt432OzSQI8K
ou0ZLtsarVgP17Zj7rc6EM1UoMSma2WOApYJU49UKxxtZlkdAy04wgR8gD8HwHmb
9mujphix0H41AJeaHU49PZaBqwXoDNiShEoOm6jUeA1RkZQlptDL2fOtOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmSpdQU04pdRPqEa05wO3o1psrIMB8GA1UdIwQY
MBaAFBAnqKYSmbgKPnHRqYFCfsALhJ0XMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUNlb3BoS1p1QW8tY2RHcGdVSi13QXVFblJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9iYTlkMTMtOGNhNi00NTc3LWE1OWMt
OWRkOTk3ZWVmNGVmLzEvZVpLbDFCVFRpbDFFLW9SclRuQTdlaldteXNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9iYTlkMTMtOGNhNi00NTc3LWE1OWMtOWRkOTk3ZWVmNGVm
LzEvRUNlb3BoS1p1QW8tY2RHcGdVSi13QXVFblJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcpLMA0G
CSqGSIb3DQEBCwUAA4IBAQB0IOuqM9HX7zwP1CzZYaFk7cyg1g4/cy63OjtUoH48
gaezX188nfuikpyjnTwy93R5rWvSpX1WNp1eNeO82ya7wsZrHDr9KMRjz5Snh8eP
5JA26d7ATpJ9FqoHGCFyR7CDRtlT66AwGQRNn6i8paDtMI91W2kFNMVWPvEbl88U
0LhUrkAVhxLksxxw+jsjiV7Vx2aaRtU1Wsbw9uXyfVNuTZVhxuCaJDvwe8AISYDT
SY0r+cnjnzLgTyAGvp4WuzTy9WfxlTMZjVln1KZEcsa4p/W3Srk58XmfzX3J7Cx7
HFxHNS9SD/UIeCKi9sx41fsPIdZz55RS+vnBu4DWyv5Q
-----END CERTIFICATE-----