Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/eBXk11Y6FpngklWouPqqtSWqMrc.roa
File:                     eBXk11Y6FpngklWouPqqtSWqMrc.roa (raw, json)
Hash identifier:          ljwrImlsgRlRLJOcrRtVTrYb1thFFT8lPF/EvpWNx24=
Subject key identifier:   78:15:E4:D7:56:3A:16:99:E0:92:55:A8:B8:FA:AA:B5:25:AA:32:B7
Certificate issuer:       /CN=969948d0fe4d7f99d54ba8bffcd99a1a608ae0d3
Certificate serial:       018CC94E15C4C02EBCD5A70A4CAB80371BD9
Authority key identifier: 96:99:48:D0:FE:4D:7F:99:D5:4B:A8:BF:FC:D9:9A:1A:60:8A:E0:D3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lplI0P5Nf5nVS6i__NmaGmCK4NM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/eBXk11Y6FpngklWouPqqtSWqMrc.roa
Signing time:             Tue 02 Jan 2024 08:33:06 +0000
ROA not before:           Tue 02 Jan 2024 08:33:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45794
IP address blocks:        134.97.18.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/lplI0P5Nf5nVS6i__NmaGmCK4NM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/lplI0P5Nf5nVS6i__NmaGmCK4NM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lplI0P5Nf5nVS6i__NmaGmCK4NM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:15:c4:c0:2e:bc:d5:a7:0a:4c:ab:80:37:1b:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=969948d0fe4d7f99d54ba8bffcd99a1a608ae0d3
        Validity
            Not Before: Jan  2 08:33:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7815e4d7563a1699e09255a8b8faaab525aa32b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:e7:4f:13:4c:c1:70:98:ae:bb:74:0f:ab:9c:
                    f8:28:c7:5e:da:21:78:76:3e:72:ac:3d:19:75:60:
                    9a:be:22:88:60:ed:2f:b8:0e:90:cc:ba:33:70:d5:
                    de:dc:6c:c9:06:83:7c:62:7a:25:cf:2b:4e:52:cc:
                    7d:a8:6a:6c:9b:e6:a7:74:0e:f2:ab:6a:f6:8d:41:
                    88:e6:cf:00:d7:10:0a:2b:81:a9:14:fb:f5:ad:0b:
                    c8:1a:f9:a9:c6:95:25:d0:13:77:18:8d:7d:eb:20:
                    d0:33:7b:46:61:ee:ed:02:c0:ef:53:ed:43:19:51:
                    79:7d:5a:b4:4d:0e:22:ce:15:f3:29:9b:6b:fc:93:
                    1e:50:2c:30:00:21:5a:e3:59:ed:c0:2f:af:92:a6:
                    51:50:71:21:b3:af:90:c8:94:f4:0f:33:8f:93:80:
                    cd:50:30:14:6e:8b:24:61:a4:44:f2:93:20:fe:6d:
                    d4:90:56:cc:4c:34:61:2d:54:68:77:be:e3:53:8d:
                    0d:19:de:a5:93:04:d4:72:e4:d5:6f:96:41:4e:24:
                    14:db:99:9c:13:c8:09:16:ea:78:74:0a:a3:29:c4:
                    a5:df:69:49:ef:8a:4b:0c:52:70:d4:da:69:1b:a9:
                    56:0e:c7:45:87:67:7f:47:4c:66:c0:4b:c0:93:d3:
                    52:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:15:E4:D7:56:3A:16:99:E0:92:55:A8:B8:FA:AA:B5:25:AA:32:B7
            X509v3 Authority Key Identifier:
                keyid:96:99:48:D0:FE:4D:7F:99:D5:4B:A8:BF:FC:D9:9A:1A:60:8A:E0:D3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lplI0P5Nf5nVS6i__NmaGmCK4NM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/eBXk11Y6FpngklWouPqqtSWqMrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2f/1a2fa2-eeb3-4312-9130-53cc5daf52cf/1/lplI0P5Nf5nVS6i__NmaGmCK4NM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.97.18.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:c7:f9:ea:ca:8b:07:30:d9:77:7b:8c:78:27:82:f4:bd:c3:
         20:bb:cf:94:93:d1:e7:ed:bf:c6:9f:3b:48:73:22:8d:15:17:
         a6:dd:ad:dd:92:91:23:c0:e3:34:d6:b5:fb:98:59:12:19:1c:
         ed:52:71:bc:9d:25:29:7d:d6:f2:6f:e2:a2:4d:24:3c:21:29:
         34:00:6c:7c:7a:92:9c:e2:ff:5a:9d:6c:9a:2b:e6:31:c0:d0:
         1e:14:55:7c:b7:80:7c:ac:dc:17:88:57:2c:0e:ea:5e:27:dc:
         77:6c:1c:21:e4:10:f3:a5:60:5f:8e:be:6d:ca:ab:e8:95:e1:
         4c:7d:27:81:cf:fc:25:fc:08:eb:14:4f:4f:dd:d1:f2:b6:2d:
         45:0f:32:5a:2f:6f:f7:1e:e8:bb:51:3a:94:aa:91:dc:95:32:
         8b:1d:91:e7:91:c1:5d:3b:13:e8:2f:0d:28:51:c3:ce:cd:12:
         5f:19:a7:81:f8:b7:2f:bf:7b:b7:ad:60:8b:e1:b4:5c:64:92:
         2b:b0:c5:1b:c5:0d:c6:47:8a:f9:b1:32:03:85:7a:47:a7:99:
         67:1f:e6:55:c5:24:44:60:52:6b:d5:dd:5a:99:01:3c:fc:49:
         a9:9f:61:85:64:23:be:96:05:f8:2d:92:db:6e:80:29:bc:02:
         3e:bf:d4:47
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJThXEwC681acKTKuANxvZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk2OTk0OGQwZmU0ZDdmOTlkNTRiYThiZmZjZDk5YTFhNjA4
YWUwZDMwHhcNMjQwMTAyMDgzMzA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODE1ZTRkNzU2M2ExNjk5ZTA5MjU1YThiOGZhYWFiNTI1YWEzMmI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiedPE0zBcJiuu3QPq5z4KMde2iF4
dj5yrD0ZdWCaviKIYO0vuA6QzLozcNXe3GzJBoN8YnolzytOUsx9qGpsm+andA7y
q2r2jUGI5s8A1xAKK4GpFPv1rQvIGvmpxpUl0BN3GI196yDQM3tGYe7tAsDvU+1D
GVF5fVq0TQ4izhXzKZtr/JMeUCwwACFa41ntwC+vkqZRUHEhs6+QyJT0DzOPk4DN
UDAUboskYaRE8pMg/m3UkFbMTDRhLVRod77jU40NGd6lkwTUcuTVb5ZBTiQU25mc
E8gJFup4dAqjKcSl32lJ74pLDFJw1NppG6lWDsdFh2d/R0xmwEvAk9NSUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHgV5NdWOhaZ4JJVqLj6qrUlqjK3MB8GA1UdIwQY
MBaAFJaZSND+TX+Z1Uuov/zZmhpgiuDTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHBsSTBQNU5mNW5WUzZpX19ObWFHbUNLNE5NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZi8xYTJmYTItZWViMy00MzEyLTkxMzAt
NTNjYzVkYWY1MmNmLzEvZUJYazExWTZGcG5na2xXb3VQcXF0U1dxTXJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZi8xYTJmYTItZWViMy00MzEyLTkxMzAtNTNjYzVkYWY1MmNm
LzEvbHBsSTBQNU5mNW5WUzZpX19ObWFHbUNLNE5NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAhmESMA0G
CSqGSIb3DQEBCwUAA4IBAQAQx/nqyosHMNl3e4x4J4L0vcMgu8+Uk9Hn7b/GnztI
cyKNFRem3a3dkpEjwOM01rX7mFkSGRztUnG8nSUpfdbyb+KiTSQ8ISk0AGx8epKc
4v9anWyaK+YxwNAeFFV8t4B8rNwXiFcsDupeJ9x3bBwh5BDzpWBfjr5tyqvoleFM
fSeBz/wl/AjrFE9P3dHyti1FDzJaL2/3Hui7UTqUqpHclTKLHZHnkcFdOxPoLw0o
UcPOzRJfGaeB+Lcvv3u3rWCL4bRcZJIrsMUbxQ3GR4r5sTIDhXpHp5lnH+ZVxSRE
YFJr1d1amQE8/Empn2GFZCO+lgX4LZLbboApvAI+v9RH
-----END CERTIFICATE-----