Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/80f91f-1e4b-49e6-8d13-7cd146500b2d/1/EZxM7IKZEycfmsqUIG7fCrLJg1Y.roa
File:                     EZxM7IKZEycfmsqUIG7fCrLJg1Y.roa (raw, json)
Hash identifier:          WpD9LcLJ4fzq4ZXnCn29TaPIrkKKW3p5kV/1tXe9cNY=
Subject key identifier:   11:9C:4C:EC:82:99:13:27:1F:9A:CA:94:20:6E:DF:0A:B2:C9:83:56
Certificate issuer:       /CN=b1693f1be657fb8c71bcbb9c77be54a9372db045
Certificate serial:       018CC7276A8A57C1AF2156AF7ACF4FF4DD6D
Authority key identifier: B1:69:3F:1B:E6:57:FB:8C:71:BC:BB:9C:77:BE:54:A9:37:2D:B0:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sWk_G-ZX-4xxvLucd75UqTctsEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/80f91f-1e4b-49e6-8d13-7cd146500b2d/1/EZxM7IKZEycfmsqUIG7fCrLJg1Y.roa
Signing time:             Mon 01 Jan 2024 22:31:38 +0000
ROA not before:           Mon 01 Jan 2024 22:31:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9159
IP address blocks:        193.110.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/80f91f-1e4b-49e6-8d13-7cd146500b2d/1/sWk_G-ZX-4xxvLucd75UqTctsEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/80f91f-1e4b-49e6-8d13-7cd146500b2d/1/sWk_G-ZX-4xxvLucd75UqTctsEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sWk_G-ZX-4xxvLucd75UqTctsEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 16:12:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:6a:8a:57:c1:af:21:56:af:7a:cf:4f:f4:dd:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b1693f1be657fb8c71bcbb9c77be54a9372db045
        Validity
            Not Before: Jan  1 22:31:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=119c4cec829913271f9aca94206edf0ab2c98356
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:01:c0:8e:82:9a:0c:5f:cf:b1:25:d8:71:4f:
                    f7:4f:97:57:de:bc:a3:f5:b6:59:7e:4c:91:b7:ad:
                    71:20:86:dc:b4:43:ed:8e:bd:51:ce:40:4d:48:a4:
                    a4:31:ca:31:4b:17:8d:ca:4f:d1:25:0a:ff:18:7a:
                    83:a1:83:0d:bd:4f:b6:e1:bd:15:7c:69:fe:7a:ae:
                    71:9b:58:41:4c:ae:68:90:d1:29:64:21:5f:ac:8e:
                    58:24:a4:c0:c4:14:dc:00:5a:26:3b:a7:41:61:c2:
                    25:10:83:17:79:1c:8e:f7:de:07:1e:2e:3b:64:df:
                    34:2c:b6:ea:5a:5c:d0:e9:ec:96:0f:54:c4:b2:72:
                    a2:c4:ba:3e:d6:79:e1:6f:c0:46:08:39:d4:b7:7a:
                    07:33:c0:09:d4:2b:0a:ef:70:e2:52:e3:d2:cd:c7:
                    2f:44:f2:4e:7d:f1:0d:17:a6:c7:d9:69:7b:c9:56:
                    0e:ab:a3:9e:bf:0f:78:c7:1f:86:b8:9d:21:e6:97:
                    46:08:0b:7a:25:7f:77:f8:a8:bf:be:13:f5:30:d0:
                    54:fa:89:1c:5f:8e:b6:45:6c:c7:53:f7:f6:5c:03:
                    a2:23:77:55:4d:5a:4d:90:61:2d:a9:59:02:d6:3a:
                    12:d7:e8:05:ba:21:9a:b6:ed:a1:35:91:7c:e6:b8:
                    a1:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:9C:4C:EC:82:99:13:27:1F:9A:CA:94:20:6E:DF:0A:B2:C9:83:56
            X509v3 Authority Key Identifier:
                keyid:B1:69:3F:1B:E6:57:FB:8C:71:BC:BB:9C:77:BE:54:A9:37:2D:B0:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sWk_G-ZX-4xxvLucd75UqTctsEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/80f91f-1e4b-49e6-8d13-7cd146500b2d/1/EZxM7IKZEycfmsqUIG7fCrLJg1Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/80f91f-1e4b-49e6-8d13-7cd146500b2d/1/sWk_G-ZX-4xxvLucd75UqTctsEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:2b:85:bd:ed:4c:c0:2c:61:53:07:81:09:8e:e8:9b:93:db:
         55:6f:b1:7c:ba:09:ad:92:04:bd:08:8c:db:c7:c9:cd:56:0e:
         38:be:0b:12:a8:76:d5:82:83:4b:f7:01:d5:4a:ff:ab:78:45:
         a8:ce:75:8e:f5:f0:15:39:08:1f:98:ae:a4:3f:5a:5b:81:75:
         f5:14:df:b5:b1:49:3a:0d:e5:1a:c0:ae:71:3c:85:b4:17:e8:
         05:c3:86:25:38:62:80:c7:2c:32:78:a5:da:3a:78:5a:07:9a:
         f1:89:22:b8:8c:05:e1:40:cf:f3:65:14:a6:7f:50:ae:ab:00:
         fa:f5:25:a1:02:51:97:ff:95:e6:dd:3f:c3:fb:b8:34:db:de:
         97:4f:6f:fd:10:58:72:8e:c4:bc:9a:bf:6b:4e:4a:b0:6b:a6:
         ac:40:55:29:87:0c:9c:b8:87:b9:8d:1d:e8:50:17:d1:8d:ca:
         09:a3:ae:08:dd:b3:99:98:30:5f:56:73:33:46:80:34:ad:5c:
         6e:eb:12:66:fd:44:8a:62:cc:54:c0:71:32:11:1b:69:68:b0:
         2b:12:99:bf:7c:87:57:87:b7:4a:3c:9a:19:1e:25:82:bf:65:
         7f:e3:4e:74:c8:b5:b2:9b:4e:ed:2b:26:4d:0e:38:95:f6:dc:
         80:96:1b:6a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2qKV8GvIVaves9P9N1tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxNjkzZjFiZTY1N2ZiOGM3MWJjYmI5Yzc3YmU1NGE5Mzcy
ZGIwNDUwHhcNMjQwMTAxMjIzMTM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTljNGNlYzgyOTkxMzI3MWY5YWNhOTQyMDZlZGYwYWIyYzk4MzU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQHAjoKaDF/PsSXYcU/3T5dX3ryj
9bZZfkyRt61xIIbctEPtjr1RzkBNSKSkMcoxSxeNyk/RJQr/GHqDoYMNvU+24b0V
fGn+eq5xm1hBTK5okNEpZCFfrI5YJKTAxBTcAFomO6dBYcIlEIMXeRyO994HHi47
ZN80LLbqWlzQ6eyWD1TEsnKixLo+1nnhb8BGCDnUt3oHM8AJ1CsK73DiUuPSzccv
RPJOffENF6bH2Wl7yVYOq6Oevw94xx+GuJ0h5pdGCAt6JX93+Ki/vhP1MNBU+okc
X462RWzHU/f2XAOiI3dVTVpNkGEtqVkC1joS1+gFuiGatu2hNZF85rih+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGcTOyCmRMnH5rKlCBu3wqyyYNWMB8GA1UdIwQY
MBaAFLFpPxvmV/uMcby7nHe+VKk3LbBFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1drX0ctWlgtNHh4dkx1Y2Q3NVVxVGN0c0VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC84MGY5MWYtMWU0Yi00OWU2LThkMTMt
N2NkMTQ2NTAwYjJkLzEvRVp4TTdJS1pFeWNmbXNxVUlHN2ZDckxKZzFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC84MGY5MWYtMWU0Yi00OWU2LThkMTMtN2NkMTQ2NTAwYjJk
LzEvc1drX0ctWlgtNHh4dkx1Y2Q3NVVxVGN0c0VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwW6YMA0G
CSqGSIb3DQEBCwUAA4IBAQB3K4W97UzALGFTB4EJjuibk9tVb7F8ugmtkgS9CIzb
x8nNVg44vgsSqHbVgoNL9wHVSv+reEWoznWO9fAVOQgfmK6kP1pbgXX1FN+1sUk6
DeUawK5xPIW0F+gFw4YlOGKAxywyeKXaOnhaB5rxiSK4jAXhQM/zZRSmf1CuqwD6
9SWhAlGX/5Xm3T/D+7g0296XT2/9EFhyjsS8mr9rTkqwa6asQFUphwycuIe5jR3o
UBfRjcoJo64I3bOZmDBfVnMzRoA0rVxu6xJm/USKYsxUwHEyERtpaLArEpm/fIdX
h7dKPJoZHiWCv2V/4050yLWym07tKyZNDjiV9tyAlhtq
-----END CERTIFICATE-----