Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/eAV-d8BbWJ1sJQuFdRvhLNIzJUA.roa
File:                     eAV-d8BbWJ1sJQuFdRvhLNIzJUA.roa (raw, json)
Hash identifier:          T3JT9dws49hGRBqX3Lqw/F5GMKuYnFZbEjUfdpuIhGs=
Subject key identifier:   78:05:7E:77:C0:5B:58:9D:6C:25:0B:85:75:1B:E1:2C:D2:33:25:40
Certificate issuer:       /CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
Certificate serial:       01942826FCF308299B4BB61397841C5DDA0B
Authority key identifier: E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/eAV-d8BbWJ1sJQuFdRvhLNIzJUA.roa
Signing time:             Thu 02 Jan 2025 17:53:51 +0000
ROA not before:           Thu 02 Jan 2025 17:53:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     764
IP address blocks:        194.211.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:fc:f3:08:29:9b:4b:b6:13:97:84:1c:5d:da:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0dee1b06ba24a676213f976a4b50c129dcb2b73
        Validity
            Not Before: Jan  2 17:53:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78057e77c05b589d6c250b85751be12cd2332540
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:84:8b:68:72:8a:ab:63:6d:68:ed:1f:d2:fa:
                    43:86:5e:10:37:fb:5c:20:69:67:67:c6:e8:68:d5:
                    97:29:aa:48:68:ff:d9:a5:33:0b:84:3c:0c:50:3a:
                    f9:d8:de:e5:be:95:5b:d9:88:3d:3d:8c:19:66:0d:
                    dc:8c:80:c4:5d:2e:a3:4d:07:ef:9d:13:17:c5:47:
                    7c:ee:d2:1c:74:a4:4a:8b:d1:62:39:31:47:de:39:
                    42:8d:a1:69:ab:ec:13:f8:17:f4:14:b6:02:1c:f3:
                    58:54:4c:67:c3:1e:46:2d:16:35:fa:8e:55:dc:ee:
                    46:c1:37:e1:fb:7d:26:73:eb:89:68:de:3c:bc:c8:
                    f6:12:80:48:28:11:61:dd:88:ce:59:d3:7b:8e:f2:
                    78:2e:86:57:7c:ff:38:86:43:51:fa:28:cd:a5:db:
                    0a:6f:f8:cd:29:42:33:6d:f4:3b:43:7e:fa:61:fe:
                    3d:3f:36:c9:83:26:e5:1b:33:86:4a:77:b3:cd:a8:
                    2f:3c:61:d5:0a:74:9f:55:3a:f0:5a:44:ad:36:53:
                    dc:21:2f:43:7c:9c:c0:10:39:4e:fc:6d:22:bd:ee:
                    75:21:30:4e:98:dd:02:47:9f:47:55:2f:eb:46:41:
                    5c:d4:db:34:cf:c1:c1:0b:55:04:c1:ab:c9:e9:c1:
                    b8:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:05:7E:77:C0:5B:58:9D:6C:25:0B:85:75:1B:E1:2C:D2:33:25:40
            X509v3 Authority Key Identifier:
                keyid:E0:DE:E1:B0:6B:A2:4A:67:62:13:F9:76:A4:B5:0C:12:9D:CB:2B:73

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4N7hsGuiSmdiE_l2pLUMEp3LK3M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/eAV-d8BbWJ1sJQuFdRvhLNIzJUA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/c22dc9-c7ba-4156-a79c-15e90bf87fab/1/4N7hsGuiSmdiE_l2pLUMEp3LK3M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.211.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:c0:00:08:bf:bb:c5:9e:f4:3d:27:a6:4e:53:23:46:fa:5b:
         41:fc:b9:2f:d0:39:7a:6f:8e:74:d7:03:68:d6:7b:e8:7f:a2:
         4b:d9:10:41:46:3e:0e:fc:23:c4:e5:59:0e:33:58:ae:b3:f1:
         f2:3c:0b:23:70:92:08:71:ef:d3:61:69:ce:ae:f0:c9:95:06:
         26:92:c8:3d:7d:cf:ed:e1:e0:e8:fc:0b:76:6e:d2:f9:d5:26:
         82:31:31:c3:cf:d3:54:d1:0f:d5:ba:e1:96:03:ce:a7:19:a0:
         54:74:7c:f4:77:1a:92:4f:b1:bf:43:c8:b9:c2:98:46:a5:44:
         d0:c3:14:d2:82:df:a9:17:ee:be:36:ed:d1:95:3b:27:1a:d2:
         c5:79:9b:4e:71:4a:14:93:dd:99:9c:74:82:af:bb:47:8a:5f:
         50:d6:88:12:98:83:be:8a:0b:ca:37:db:5f:d0:0e:0f:fa:54:
         83:c8:93:00:95:98:b8:80:4d:d4:11:8a:fc:66:95:55:39:f2:
         6b:5b:17:01:96:75:bf:22:be:0e:16:86:dc:46:c0:7a:48:a9:
         51:98:c0:96:50:28:0f:be:e0:f8:6a:b3:bc:2b:8b:84:9a:05:
         67:77:41:ce:16:bf:0a:d7:ce:3c:31:59:2b:78:ed:e0:1c:31:
         24:0c:05:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJvzzCCmbS7YTl4QcXdoLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwZGVlMWIwNmJhMjRhNjc2MjEzZjk3NmE0YjUwYzEyOWRj
YjJiNzMwHhcNMjUwMTAyMTc1MzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODA1N2U3N2MwNWI1ODlkNmMyNTBiODU3NTFiZTEyY2QyMzMyNTQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4SLaHKKq2NtaO0f0vpDhl4QN/tc
IGlnZ8boaNWXKapIaP/ZpTMLhDwMUDr52N7lvpVb2Yg9PYwZZg3cjIDEXS6jTQfv
nRMXxUd87tIcdKRKi9FiOTFH3jlCjaFpq+wT+Bf0FLYCHPNYVExnwx5GLRY1+o5V
3O5GwTfh+30mc+uJaN48vMj2EoBIKBFh3YjOWdN7jvJ4LoZXfP84hkNR+ijNpdsK
b/jNKUIzbfQ7Q376Yf49PzbJgyblGzOGSnezzagvPGHVCnSfVTrwWkStNlPcIS9D
fJzAEDlO/G0ive51ITBOmN0CR59HVS/rRkFc1Ns0z8HBC1UEwavJ6cG4MwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHgFfnfAW1idbCULhXUb4SzSMyVAMB8GA1UdIwQY
MBaAFODe4bBrokpnYhP5dqS1DBKdyytzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMt
MTVlOTBiZjg3ZmFiLzEvZUFWLWQ4QmJXSjFzSlF1RmRSdmhMTkl6SlVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9jMjJkYzktYzdiYS00MTU2LWE3OWMtMTVlOTBiZjg3ZmFi
LzEvNE43aHNHdWlTbWRpRV9sMnBMVU1FcDNMSzNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtPnMA0G
CSqGSIb3DQEBCwUAA4IBAQAKwAAIv7vFnvQ9J6ZOUyNG+ltB/Lkv0Dl6b4501wNo
1nvof6JL2RBBRj4O/CPE5VkOM1ius/HyPAsjcJIIce/TYWnOrvDJlQYmksg9fc/t
4eDo/At2btL51SaCMTHDz9NU0Q/VuuGWA86nGaBUdHz0dxqST7G/Q8i5wphGpUTQ
wxTSgt+pF+6+Nu3RlTsnGtLFeZtOcUoUk92ZnHSCr7tHil9Q1ogSmIO+igvKN9tf
0A4P+lSDyJMAlZi4gE3UEYr8ZpVVOfJrWxcBlnW/Ir4OFobcRsB6SKlRmMCWUCgP
vuD4arO8K4uEmgVnd0HOFr8K1848MVkreO3gHDEkDAUa
-----END CERTIFICATE-----