Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/32/94d49b-b0b8-4f0f-a188-94a1968bcadb/1/eZOpPpmf2U6UT76ZxC16aAn7UbQ.roa
File:                     eZOpPpmf2U6UT76ZxC16aAn7UbQ.roa (raw, json)
Hash identifier:          9piTehD5X97It+H48SVt1nRRNymuyJa93SOOlsU4UDE=
Subject key identifier:   79:93:A9:3E:99:9F:D9:4E:94:4F:BE:99:C4:2D:7A:68:09:FB:51:B4
Certificate issuer:       /CN=ab4f049b6d17602bf7b48d104d08daf01431dbc2
Certificate serial:       018CC500B59BC63C963C61A4EA4787EB120A
Authority key identifier: AB:4F:04:9B:6D:17:60:2B:F7:B4:8D:10:4D:08:DA:F0:14:31:DB:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/q08Em20XYCv3tI0QTQja8BQx28I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/32/94d49b-b0b8-4f0f-a188-94a1968bcadb/1/eZOpPpmf2U6UT76ZxC16aAn7UbQ.roa
Signing time:             Mon 01 Jan 2024 12:30:07 +0000
ROA not before:           Mon 01 Jan 2024 12:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203244
IP address blocks:        185.140.216.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/32/94d49b-b0b8-4f0f-a188-94a1968bcadb/1/q08Em20XYCv3tI0QTQja8BQx28I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/32/94d49b-b0b8-4f0f-a188-94a1968bcadb/1/q08Em20XYCv3tI0QTQja8BQx28I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/q08Em20XYCv3tI0QTQja8BQx28I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:b5:9b:c6:3c:96:3c:61:a4:ea:47:87:eb:12:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ab4f049b6d17602bf7b48d104d08daf01431dbc2
        Validity
            Not Before: Jan  1 12:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7993a93e999fd94e944fbe99c42d7a6809fb51b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:f3:8b:44:ec:d9:02:93:f1:ca:76:af:74:cd:
                    bd:56:0f:4c:c8:a7:da:60:7a:8e:92:cd:fe:90:9d:
                    c8:34:e6:b6:11:c5:9a:c2:54:e6:95:ea:fc:f4:7f:
                    ad:dc:05:30:c0:c2:25:80:3d:05:23:e3:d7:18:b3:
                    79:51:46:39:e0:bc:56:4e:fb:96:47:ba:0d:0e:4c:
                    b3:91:5d:9d:66:69:28:4b:a9:3a:26:c2:e6:65:bc:
                    95:6a:c0:4f:00:4f:3d:15:4b:09:bd:57:9c:d6:58:
                    ae:55:d9:27:f5:22:3f:bc:c3:e4:06:b8:66:74:4c:
                    5d:7c:a2:9f:cb:f6:a1:d1:6a:e9:b5:76:54:f6:c9:
                    e8:fe:47:a5:d0:14:e9:6c:bf:ba:6c:26:29:2f:e5:
                    ca:4f:b0:14:ea:5a:9c:e2:1b:08:21:12:ce:47:cc:
                    c2:e3:be:a6:eb:ce:c9:a5:26:bc:d2:33:6f:55:81:
                    7b:5d:c8:30:b0:2e:7c:c5:9d:83:84:4e:6d:86:46:
                    60:e0:c7:1f:26:bc:7f:67:6a:3c:3c:76:fd:37:0a:
                    87:3f:ec:80:f4:c6:0a:a8:29:98:a3:0f:59:b9:78:
                    5a:fb:f4:ce:43:3a:87:32:95:24:b7:9b:b7:cc:c4:
                    85:74:05:62:ae:cc:44:e2:2b:43:aa:9c:88:a4:28:
                    c6:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:93:A9:3E:99:9F:D9:4E:94:4F:BE:99:C4:2D:7A:68:09:FB:51:B4
            X509v3 Authority Key Identifier:
                keyid:AB:4F:04:9B:6D:17:60:2B:F7:B4:8D:10:4D:08:DA:F0:14:31:DB:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/q08Em20XYCv3tI0QTQja8BQx28I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/32/94d49b-b0b8-4f0f-a188-94a1968bcadb/1/eZOpPpmf2U6UT76ZxC16aAn7UbQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/32/94d49b-b0b8-4f0f-a188-94a1968bcadb/1/q08Em20XYCv3tI0QTQja8BQx28I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.140.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:5f:e5:69:6d:14:bd:27:57:e6:d1:d8:fe:ab:fc:86:96:f9:
         28:ca:5d:42:6e:36:4d:7c:ea:45:c6:47:e5:0b:6c:e3:b3:3d:
         ed:47:f1:bc:48:63:2a:96:db:40:23:f0:72:b5:3a:47:41:4d:
         c0:8e:9f:fe:24:b2:b8:3b:a2:25:0b:ec:b9:0e:ec:c4:c9:8d:
         7a:58:e6:f8:de:cf:f4:07:b0:66:52:bb:2f:a6:69:26:2c:de:
         bc:ab:d5:db:6e:ec:30:1c:fb:aa:79:6e:92:22:8f:a7:64:9d:
         26:aa:17:27:9b:c3:3d:41:f7:1c:83:c4:a3:77:35:1e:fd:37:
         4b:32:0d:c7:d4:dd:6a:8a:e4:df:c7:54:d3:f8:9a:d0:00:91:
         a2:a5:f2:b4:b9:fb:74:ee:af:58:84:cd:7e:26:65:d7:8a:55:
         21:07:1f:f1:78:c3:30:83:05:86:08:6d:89:ac:40:9a:11:3b:
         d3:37:70:9e:7d:a0:00:db:34:c0:f7:ad:b0:f0:16:29:5f:f5:
         9f:49:ad:6c:19:f4:09:32:4f:6b:58:be:a1:09:bf:e9:c5:84:
         fe:0d:d2:f8:a0:5a:5a:89:9a:df:f1:67:98:3b:ea:05:2c:14:
         cb:20:b3:e7:96:1f:f9:2c:b9:d9:7f:2b:f8:18:85:18:af:5d:
         8c:36:fa:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFALWbxjyWPGGk6keH6xIKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFiNGYwNDliNmQxNzYwMmJmN2I0OGQxMDRkMDhkYWYwMTQz
MWRiYzIwHhcNMjQwMTAxMTIzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTkzYTkzZTk5OWZkOTRlOTQ0ZmJlOTljNDJkN2E2ODA5ZmI1MWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj/OLROzZApPxynavdM29Vg9MyKfa
YHqOks3+kJ3INOa2EcWawlTmler89H+t3AUwwMIlgD0FI+PXGLN5UUY54LxWTvuW
R7oNDkyzkV2dZmkoS6k6JsLmZbyVasBPAE89FUsJvVec1liuVdkn9SI/vMPkBrhm
dExdfKKfy/ah0WrptXZU9sno/kel0BTpbL+6bCYpL+XKT7AU6lqc4hsIIRLOR8zC
476m687JpSa80jNvVYF7XcgwsC58xZ2DhE5thkZg4McfJrx/Z2o8PHb9NwqHP+yA
9MYKqCmYow9ZuXha+/TOQzqHMpUkt5u3zMSFdAVirsxE4itDqpyIpCjGRwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmTqT6Zn9lOlE++mcQtemgJ+1G0MB8GA1UdIwQY
MBaAFKtPBJttF2Ar97SNEE0I2vAUMdvCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcTA4RW0yMFhZQ3YzdEkwUVRRamE4QlF4MjhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMi85NGQ0OWItYjBiOC00ZjBmLWExODgt
OTRhMTk2OGJjYWRiLzEvZVpPcFBwbWYyVTZVVDc2WnhDMTZhQW43VWJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMi85NGQ0OWItYjBiOC00ZjBmLWExODgtOTRhMTk2OGJjYWRi
LzEvcTA4RW0yMFhZQ3YzdEkwUVRRamE4QlF4MjhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYzYMA0G
CSqGSIb3DQEBCwUAA4IBAQAuX+VpbRS9J1fm0dj+q/yGlvkoyl1CbjZNfOpFxkfl
C2zjsz3tR/G8SGMqlttAI/BytTpHQU3Ajp/+JLK4O6IlC+y5DuzEyY16WOb43s/0
B7BmUrsvpmkmLN68q9XbbuwwHPuqeW6SIo+nZJ0mqhcnm8M9Qfccg8SjdzUe/TdL
Mg3H1N1qiuTfx1TT+JrQAJGipfK0uft07q9YhM1+JmXXilUhBx/xeMMwgwWGCG2J
rECaETvTN3CefaAA2zTA962w8BYpX/WfSa1sGfQJMk9rWL6hCb/pxYT+DdL4oFpa
iZrf8WeYO+oFLBTLILPnlh/5LLnZfyv4GIUYr12MNvqW
-----END CERTIFICATE-----