Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/EKSHjsIN4Zne4gJT5_o_zMlnmu0.roa
File:                     EKSHjsIN4Zne4gJT5_o_zMlnmu0.roa (raw, json)
Hash identifier:          KFjZk5tIDRwiJFWxHdumzcBOJhVM7Y0ZQLmqGbNfBYM=
Subject key identifier:   10:A4:87:8E:C2:0D:E1:99:DE:E2:02:53:E7:FA:3F:CC:C9:67:9A:ED
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       018CC56E94B05621DC347B715517CBB75F32
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/EKSHjsIN4Zne4gJT5_o_zMlnmu0.roa
Signing time:             Mon 01 Jan 2024 14:30:07 +0000
ROA not before:           Mon 01 Jan 2024 14:30:07 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60027
IP address blocks:        195.214.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:94:b0:56:21:dc:34:7b:71:55:17:cb:b7:5f:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 14:30:07 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10a4878ec20de199dee20253e7fa3fccc9679aed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:6c:1b:5c:75:75:56:45:a4:31:a0:cd:85:fb:
                    d1:5a:2a:65:b3:fe:29:ed:8f:00:fd:d7:b4:9a:d4:
                    03:37:a3:25:11:08:71:1b:2d:2f:f3:88:87:23:c3:
                    bd:8a:2a:38:e6:cd:c8:55:8a:fd:33:ff:ac:8f:c3:
                    63:ea:ae:27:73:72:54:ff:df:25:46:ee:90:a6:93:
                    b9:ca:4d:90:d7:23:c9:15:eb:ea:b9:66:f9:07:f9:
                    ab:5b:91:cf:09:d1:d4:75:07:6f:8f:a7:74:44:c6:
                    03:2a:9d:5e:c7:e1:e7:dd:81:c4:e1:ce:cb:88:10:
                    46:22:99:66:34:c3:f9:e1:cc:e9:3d:cd:a9:35:89:
                    2d:e7:74:21:6d:2e:56:a1:ec:f9:35:c0:4d:00:1c:
                    ba:03:e4:d2:4b:78:0a:af:ac:e7:f1:23:4d:36:70:
                    27:ba:c8:37:52:3d:e0:df:1d:c1:fa:b8:9f:39:ef:
                    82:6f:d6:35:bf:ee:e0:6a:e3:b9:7d:03:63:e8:42:
                    0f:55:a5:22:9c:6f:ef:c7:83:ce:16:14:8e:c0:e1:
                    43:3d:58:2b:e3:47:9e:3a:76:fc:14:fc:97:63:a2:
                    ac:7a:ab:7b:c8:44:ac:22:1a:2e:ca:41:d6:da:63:
                    8e:bd:13:aa:3d:80:49:22:ef:b9:87:13:db:fd:60:
                    0f:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:A4:87:8E:C2:0D:E1:99:DE:E2:02:53:E7:FA:3F:CC:C9:67:9A:ED
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/EKSHjsIN4Zne4gJT5_o_zMlnmu0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.214.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:f5:b1:fa:90:11:f1:1f:82:bb:10:e8:94:d3:81:e1:78:1e:
         03:55:20:e7:48:6a:59:c9:1f:97:3a:b1:85:ae:a7:e4:87:1a:
         93:26:e4:4e:53:73:fb:04:ad:7a:7c:51:26:f6:a5:98:1c:ec:
         a2:e9:85:c7:44:83:9d:6a:2a:24:02:51:0c:c9:89:b5:39:1d:
         e2:15:4a:53:5d:52:ca:7c:5b:09:36:ca:93:6f:64:8c:4a:ca:
         b6:ce:9d:bc:25:1b:26:0f:d6:09:12:05:61:f1:b9:2a:3d:00:
         a8:87:f8:81:61:75:1d:5a:a3:e8:36:6a:e1:05:ec:e5:13:f0:
         9a:7a:16:dc:d9:b8:7a:ac:5a:b4:1b:8b:1b:cb:7c:c9:64:92:
         f8:dd:70:f2:8e:6e:ab:d5:07:ef:04:cc:e5:64:71:cc:45:48:
         56:60:f9:5f:2a:9a:23:17:4d:73:c9:81:53:3c:e9:d7:25:11:
         ca:cd:06:71:02:3a:2f:e3:b6:ab:0a:84:43:c7:32:30:31:ab:
         c1:a9:ac:86:b8:a3:65:14:a1:a9:d9:9e:bd:4f:27:13:76:07:
         1e:92:e3:be:e9:4a:86:5f:4e:74:08:5f:6c:45:92:c7:4b:b7:
         34:c0:7f:be:fe:fc:25:a9:bd:c3:c3:d5:68:bc:4a:81:3c:86:
         ee:51:c4:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbpSwViHcNHtxVRfLt18yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjQwMTAxMTQzMDA3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGE0ODc4ZWMyMGRlMTk5ZGVlMjAyNTNlN2ZhM2ZjY2M5Njc5YWVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz2wbXHV1VkWkMaDNhfvRWipls/4p
7Y8A/de0mtQDN6MlEQhxGy0v84iHI8O9iio45s3IVYr9M/+sj8Nj6q4nc3JU/98l
Ru6QppO5yk2Q1yPJFevquWb5B/mrW5HPCdHUdQdvj6d0RMYDKp1ex+Hn3YHE4c7L
iBBGIplmNMP54czpPc2pNYkt53QhbS5Woez5NcBNABy6A+TSS3gKr6zn8SNNNnAn
usg3Uj3g3x3B+rifOe+Cb9Y1v+7gauO5fQNj6EIPVaUinG/vx4POFhSOwOFDPVgr
40eeOnb8FPyXY6Kseqt7yESsIhouykHW2mOOvROqPYBJIu+5hxPb/WAPjwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBCkh47CDeGZ3uICU+f6P8zJZ5rtMB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvRUtTSGpzSU40Wm5lNGdKVDVfb196TWxubXUwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw9aaMA0G
CSqGSIb3DQEBCwUAA4IBAQBj9bH6kBHxH4K7EOiU04HheB4DVSDnSGpZyR+XOrGF
rqfkhxqTJuROU3P7BK16fFEm9qWYHOyi6YXHRIOdaiokAlEMyYm1OR3iFUpTXVLK
fFsJNsqTb2SMSsq2zp28JRsmD9YJEgVh8bkqPQCoh/iBYXUdWqPoNmrhBezlE/Ca
ehbc2bh6rFq0G4sby3zJZJL43XDyjm6r1QfvBMzlZHHMRUhWYPlfKpojF01zyYFT
POnXJRHKzQZxAjov47arCoRDxzIwMavBqayGuKNlFKGp2Z69TycTdgcekuO+6UqG
X050CF9sRZLHS7c0wH++/vwlqb3Dw9VovEqBPIbuUcS+
-----END CERTIFICATE-----