Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/SKEazOGjemu1hh5OYwsMHCwKrzA.roa
File:                     SKEazOGjemu1hh5OYwsMHCwKrzA.roa (raw, json)
Hash identifier:          aP8vHN4J83z89uZdd/4mFjI+k+MJSZJEYCP5LFdGl2c=
Subject key identifier:   48:A1:1A:CC:E1:A3:7A:6B:B5:86:1E:4E:63:0B:0C:1C:2C:0A:AF:30
Certificate issuer:       /CN=ba9d30e6035be8b8386061f271481c707e04ce2b
Certificate serial:       018CC56E90782593F7EAF12497BE9867EA1D
Authority key identifier: BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/SKEazOGjemu1hh5OYwsMHCwKrzA.roa
Signing time:             Mon 01 Jan 2024 14:30:06 +0000
ROA not before:           Mon 01 Jan 2024 14:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42193
IP address blocks:        213.153.129.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 23 Jun 2024 20:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:90:78:25:93:f7:ea:f1:24:97:be:98:67:ea:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba9d30e6035be8b8386061f271481c707e04ce2b
        Validity
            Not Before: Jan  1 14:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=48a11acce1a37a6bb5861e4e630b0c1c2c0aaf30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:bd:3f:23:48:cd:29:16:89:b6:ba:ea:f3:47:
                    09:89:61:b7:b4:81:6d:d9:5e:c3:a1:eb:da:39:58:
                    c6:fa:b4:3e:06:49:bf:f9:67:80:94:4e:e4:66:ea:
                    3e:de:d4:e9:62:53:d4:a9:10:36:18:d4:5c:bc:59:
                    4e:d2:84:25:cf:e8:8f:af:98:8f:a4:d3:9a:39:ed:
                    d7:10:a1:ba:5e:50:3b:3b:30:2c:77:90:9c:31:92:
                    ec:ed:2f:29:1d:36:d2:c8:79:b3:4f:0a:8e:96:5b:
                    b4:51:3f:88:66:49:79:5d:6b:92:2f:e2:e5:4d:3a:
                    4d:3c:3a:f9:67:63:f5:02:e2:15:b4:c6:38:42:cf:
                    bd:77:91:e2:3f:c0:13:d9:cd:dc:38:33:bd:1f:5f:
                    b0:14:12:78:f1:3a:af:f8:1d:91:3e:97:4c:d4:6d:
                    01:83:cb:a1:dc:fb:53:fb:f2:e8:0a:a3:d1:4c:19:
                    a2:e4:17:0a:a0:9c:e0:4f:6e:1a:2c:d2:1c:22:c9:
                    90:c0:60:c2:3f:3a:71:f4:48:75:53:83:d9:31:4a:
                    cc:6f:ae:b2:fa:ef:4d:54:5f:cc:a6:65:11:fc:b3:
                    ba:6e:cf:2f:57:3d:bd:af:54:08:c3:5e:32:b2:73:
                    55:5b:43:1f:d7:6e:1e:35:2f:9c:c0:9b:c6:78:69:
                    59:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:A1:1A:CC:E1:A3:7A:6B:B5:86:1E:4E:63:0B:0C:1C:2C:0A:AF:30
            X509v3 Authority Key Identifier:
                keyid:BA:9D:30:E6:03:5B:E8:B8:38:60:61:F2:71:48:1C:70:7E:04:CE:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/up0w5gNb6Lg4YGHycUgccH4Ezis.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/SKEazOGjemu1hh5OYwsMHCwKrzA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/ac9c32-7dbc-4d6c-bc08-5d584fbc5d27/1/up0w5gNb6Lg4YGHycUgccH4Ezis.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.153.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:97:55:67:39:5d:f4:b6:b4:a1:33:7f:f6:87:d0:7e:c8:6a:
         16:23:33:b6:25:72:2e:6a:3f:62:0c:bf:18:72:0a:bb:21:33:
         db:93:fd:80:ea:fe:77:66:8b:4c:1b:f7:4d:e9:65:13:d7:00:
         b1:ec:34:5e:c9:a6:ae:40:5f:fb:42:51:c5:39:24:8a:bd:a6:
         b6:54:c0:3e:de:49:71:c9:59:4d:42:27:0c:6a:61:c6:5c:d8:
         bc:e4:91:a1:d5:a6:c9:ca:94:9e:42:cb:e0:e6:f5:f8:96:b3:
         33:b4:a7:65:b6:a7:a0:e3:2b:bb:58:33:60:7d:c4:8e:ae:bc:
         dc:17:1b:82:50:88:ea:a9:3a:4e:3d:7d:41:b8:1b:8a:87:00:
         f5:f5:6a:1f:2a:86:05:b5:21:d7:29:7d:6f:66:ea:27:97:0f:
         08:15:41:49:79:67:da:1b:ac:bf:90:e4:c2:da:f1:20:ee:cd:
         21:5b:8b:3f:7a:73:2a:4e:16:79:62:57:31:5b:29:8e:65:df:
         b1:f4:46:c8:1d:27:a6:67:7d:d9:bc:9d:5b:3b:26:79:a7:b0:
         91:41:b8:d3:e1:48:1f:ba:cc:35:6e:99:aa:fc:b2:01:d2:1d:
         6a:a7:1c:28:5f:0c:dc:98:0a:dd:35:8b:eb:7e:4c:81:2c:8e:
         e8:7f:c2:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbpB4JZP36vEkl76YZ+odMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhOWQzMGU2MDM1YmU4YjgzODYwNjFmMjcxNDgxYzcwN2Uw
NGNlMmIwHhcNMjQwMTAxMTQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGExMWFjY2UxYTM3YTZiYjU4NjFlNGU2MzBiMGMxYzJjMGFhZjMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzL0/I0jNKRaJtrrq80cJiWG3tIFt
2V7DoevaOVjG+rQ+Bkm/+WeAlE7kZuo+3tTpYlPUqRA2GNRcvFlO0oQlz+iPr5iP
pNOaOe3XEKG6XlA7OzAsd5CcMZLs7S8pHTbSyHmzTwqOllu0UT+IZkl5XWuSL+Ll
TTpNPDr5Z2P1AuIVtMY4Qs+9d5HiP8AT2c3cODO9H1+wFBJ48Tqv+B2RPpdM1G0B
g8uh3PtT+/LoCqPRTBmi5BcKoJzgT24aLNIcIsmQwGDCPzpx9Eh1U4PZMUrMb66y
+u9NVF/MpmUR/LO6bs8vVz29r1QIw14ysnNVW0Mf124eNS+cwJvGeGlZJQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEihGszho3prtYYeTmMLDBwsCq8wMB8GA1UdIwQY
MBaAFLqdMOYDW+i4OGBh8nFIHHB+BM4rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgt
NWQ1ODRmYmM1ZDI3LzEvU0tFYXpPR2plbXUxaGg1T1l3c01IQ3dLcnpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hYzljMzItN2RiYy00ZDZjLWJjMDgtNWQ1ODRmYmM1ZDI3
LzEvdXAwdzVnTmI2TGc0WUdIeWNVZ2NjSDRFemlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1ZmBMA0G
CSqGSIb3DQEBCwUAA4IBAQBwl1VnOV30trShM3/2h9B+yGoWIzO2JXIuaj9iDL8Y
cgq7ITPbk/2A6v53ZotMG/dN6WUT1wCx7DReyaauQF/7QlHFOSSKvaa2VMA+3klx
yVlNQicMamHGXNi85JGh1abJypSeQsvg5vX4lrMztKdltqeg4yu7WDNgfcSOrrzc
FxuCUIjqqTpOPX1BuBuKhwD19WofKoYFtSHXKX1vZuonlw8IFUFJeWfaG6y/kOTC
2vEg7s0hW4s/enMqThZ5YlcxWymOZd+x9EbIHSemZ33ZvJ1bOyZ5p7CRQbjT4Ugf
usw1bpmq/LIB0h1qpxwoXwzcmArdNYvrfkyBLI7of8J/
-----END CERTIFICATE-----