Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/b31fec-50c0-47c7-983d-ebe2dc401616/1/sH0MKQ4NZ54uORR1_9i1QCnkgUw.roa
File:                     sH0MKQ4NZ54uORR1_9i1QCnkgUw.roa (raw, json)
Hash identifier:          Iy2uEuDAru/S6FbTyt4WECDGymswGaSuFdlQTSJMfKQ=
Subject key identifier:   B0:7D:0C:29:0E:0D:67:9E:2E:39:14:75:FF:D8:B5:40:29:E4:81:4C
Certificate issuer:       /CN=eceba2e659794b12215df1fa8abe3fcbd6686df7
Certificate serial:       018CC56E5F9D0115F1F3B06EF9DE9EE2A3D3
Authority key identifier: EC:EB:A2:E6:59:79:4B:12:21:5D:F1:FA:8A:BE:3F:CB:D6:68:6D:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7Oui5ll5SxIhXfH6ir4_y9Zobfc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2d/b31fec-50c0-47c7-983d-ebe2dc401616/1/sH0MKQ4NZ54uORR1_9i1QCnkgUw.roa
Signing time:             Mon 01 Jan 2024 14:29:54 +0000
ROA not before:           Mon 01 Jan 2024 14:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     25075
IP address blocks:        193.201.164.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2d/b31fec-50c0-47c7-983d-ebe2dc401616/1/7Oui5ll5SxIhXfH6ir4_y9Zobfc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2d/b31fec-50c0-47c7-983d-ebe2dc401616/1/7Oui5ll5SxIhXfH6ir4_y9Zobfc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7Oui5ll5SxIhXfH6ir4_y9Zobfc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:5f:9d:01:15:f1:f3:b0:6e:f9:de:9e:e2:a3:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eceba2e659794b12215df1fa8abe3fcbd6686df7
        Validity
            Not Before: Jan  1 14:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=b07d0c290e0d679e2e391475ffd8b54029e4814c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:d7:d2:ee:6e:e5:17:00:9a:d1:5a:ab:86:5b:
                    1a:1c:1c:14:fc:5f:c9:98:bb:c6:be:53:c6:df:53:
                    38:56:f4:ea:3d:2b:2d:e2:ba:6b:a5:ab:03:4f:32:
                    ca:d2:f8:3f:f1:06:a8:83:87:a6:14:ac:f0:c8:33:
                    3c:57:da:fd:47:71:d7:fe:c9:81:e1:4d:a3:f3:3f:
                    cc:4e:1e:6a:98:42:cd:7e:67:12:b8:88:77:d7:40:
                    c3:7d:1c:7a:24:50:1c:8e:88:1a:55:24:9c:93:c3:
                    8b:58:c8:9d:22:dd:a4:26:1c:c7:1c:d5:1c:49:90:
                    dd:51:16:c8:00:0b:d0:1a:e0:79:f5:df:88:30:ff:
                    01:77:ec:7e:e7:20:4d:08:4a:28:3e:38:a7:64:cd:
                    39:a8:c7:33:54:a2:86:b0:57:c1:81:f5:b0:41:c3:
                    7e:83:87:15:56:fb:2a:b0:cc:28:67:85:70:11:e2:
                    2c:13:5e:89:9c:db:a5:1e:18:0b:43:7d:b4:27:32:
                    1b:1b:8d:9d:ee:45:7f:7b:a8:f3:ea:1b:f8:da:69:
                    e4:a7:ed:1e:89:ce:d7:9a:b8:ae:a6:c2:c8:46:b2:
                    63:0d:2a:2d:d6:9b:c5:02:5e:e2:8d:08:e9:11:b3:
                    5a:7c:57:ba:4a:df:c4:de:82:91:a1:fc:75:61:3d:
                    eb:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:7D:0C:29:0E:0D:67:9E:2E:39:14:75:FF:D8:B5:40:29:E4:81:4C
            X509v3 Authority Key Identifier:
                keyid:EC:EB:A2:E6:59:79:4B:12:21:5D:F1:FA:8A:BE:3F:CB:D6:68:6D:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7Oui5ll5SxIhXfH6ir4_y9Zobfc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/b31fec-50c0-47c7-983d-ebe2dc401616/1/sH0MKQ4NZ54uORR1_9i1QCnkgUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/b31fec-50c0-47c7-983d-ebe2dc401616/1/7Oui5ll5SxIhXfH6ir4_y9Zobfc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.201.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:04:c1:15:8c:83:4d:b8:4d:bf:7d:43:00:5f:a7:61:53:97:
         14:a5:df:73:db:e0:92:03:94:71:61:4a:d9:4e:88:66:80:69:
         e0:41:c7:2f:79:18:ad:36:15:58:5a:b8:a2:44:56:28:41:d6:
         7a:23:26:26:a6:9c:fd:04:0b:37:1a:74:ca:5a:53:f6:52:11:
         8b:d9:f5:d0:d2:af:78:92:d3:9f:2c:45:6a:8f:64:d8:13:6e:
         21:2b:8a:b1:46:3d:9c:5f:92:d6:74:78:e1:46:96:5a:ab:05:
         c3:6a:f6:f6:e2:50:57:b7:e5:52:cd:c3:39:3d:d8:5c:84:c3:
         1b:4c:f5:2a:77:51:64:c4:82:f4:5b:46:fc:c3:33:c2:70:70:
         48:1e:51:15:f5:94:1c:83:48:9d:df:fd:b8:95:4c:47:0e:16:
         fe:84:6d:1a:fb:c0:83:ec:53:a4:2e:02:97:a7:9a:77:1d:cc:
         91:06:a3:bb:01:00:57:c9:b2:87:c4:ba:ab:eb:a5:dd:2e:45:
         73:5f:43:3c:1a:4b:8a:3a:6b:45:1c:c1:81:10:9c:d8:5f:13:
         b1:7b:2a:73:ed:08:6b:bd:a8:b8:8e:23:7a:61:4e:9c:50:2a:
         af:fe:e4:55:cf:8f:95:c5:01:11:ec:89:34:b0:f9:b2:fa:5c:
         71:dc:47:d8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbl+dARXx87Bu+d6e4qPTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjZWJhMmU2NTk3OTRiMTIyMTVkZjFmYThhYmUzZmNiZDY2
ODZkZjcwHhcNMjQwMTAxMTQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDdkMGMyOTBlMGQ2NzllMmUzOTE0NzVmZmQ4YjU0MDI5ZTQ4MTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3dfS7m7lFwCa0VqrhlsaHBwU/F/J
mLvGvlPG31M4VvTqPSst4rprpasDTzLK0vg/8Qaog4emFKzwyDM8V9r9R3HX/smB
4U2j8z/MTh5qmELNfmcSuIh310DDfRx6JFAcjogaVSSck8OLWMidIt2kJhzHHNUc
SZDdURbIAAvQGuB59d+IMP8Bd+x+5yBNCEooPjinZM05qMczVKKGsFfBgfWwQcN+
g4cVVvsqsMwoZ4VwEeIsE16JnNulHhgLQ320JzIbG42d7kV/e6jz6hv42mnkp+0e
ic7XmriupsLIRrJjDSot1pvFAl7ijQjpEbNafFe6St/E3oKRofx1YT3rbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLB9DCkODWeeLjkUdf/YtUAp5IFMMB8GA1UdIwQY
MBaAFOzrouZZeUsSIV3x+oq+P8vWaG33MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN091aTVsbDVTeEloWGZINmlyNF95OVpvYmZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9iMzFmZWMtNTBjMC00N2M3LTk4M2Qt
ZWJlMmRjNDAxNjE2LzEvc0gwTUtRNE5aNTR1T1JSMV85aTFRQ25rZ1V3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9iMzFmZWMtNTBjMC00N2M3LTk4M2QtZWJlMmRjNDAxNjE2
LzEvN091aTVsbDVTeEloWGZINmlyNF95OVpvYmZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwcmkMA0G
CSqGSIb3DQEBCwUAA4IBAQB5BMEVjINNuE2/fUMAX6dhU5cUpd9z2+CSA5RxYUrZ
TohmgGngQccveRitNhVYWriiRFYoQdZ6IyYmppz9BAs3GnTKWlP2UhGL2fXQ0q94
ktOfLEVqj2TYE24hK4qxRj2cX5LWdHjhRpZaqwXDavb24lBXt+VSzcM5PdhchMMb
TPUqd1FkxIL0W0b8wzPCcHBIHlEV9ZQcg0id3/24lUxHDhb+hG0a+8CD7FOkLgKX
p5p3HcyRBqO7AQBXybKHxLqr66XdLkVzX0M8GkuKOmtFHMGBEJzYXxOxeypz7Qhr
vai4jiN6YU6cUCqv/uRVz4+VxQER7Ik0sPmy+lxx3EfY
-----END CERTIFICATE-----