Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/da46ee-f8d9-44da-9982-03f5eb148688/1/eUO5ySVwcP9_G0v6iAlEgACbaIE.roa
File:                     eUO5ySVwcP9_G0v6iAlEgACbaIE.roa (raw, json)
Hash identifier:          iPv7iNvhmBCQA31XIl1TxzIvDTe0R7e3zG8RhS2DPPs=
Subject key identifier:   79:43:B9:C9:25:70:70:FF:7F:1B:4B:FA:88:09:44:80:00:9B:68:81
Certificate issuer:       /CN=93a959c25dbbc367caa89825e8bff5b4b4f11c9b
Certificate serial:       019420D5E052382FDA4B2C37AF9DC1D674BA
Authority key identifier: 93:A9:59:C2:5D:BB:C3:67:CA:A8:98:25:E8:BF:F5:B4:B4:F1:1C:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k6lZwl27w2fKqJgl6L_1tLTxHJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/da46ee-f8d9-44da-9982-03f5eb148688/1/eUO5ySVwcP9_G0v6iAlEgACbaIE.roa
Signing time:             Wed 01 Jan 2025 07:47:54 +0000
ROA not before:           Wed 01 Jan 2025 07:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200603
IP address blocks:        80.244.3.0/24 maxlen: 24
                          185.79.125.0/24 maxlen: 24
                          2a13:5740::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/da46ee-f8d9-44da-9982-03f5eb148688/1/k6lZwl27w2fKqJgl6L_1tLTxHJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/da46ee-f8d9-44da-9982-03f5eb148688/1/k6lZwl27w2fKqJgl6L_1tLTxHJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k6lZwl27w2fKqJgl6L_1tLTxHJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:e0:52:38:2f:da:4b:2c:37:af:9d:c1:d6:74:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93a959c25dbbc367caa89825e8bff5b4b4f11c9b
        Validity
            Not Before: Jan  1 07:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7943b9c9257070ff7f1b4bfa88094480009b6881
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c6:c2:b2:dd:b5:26:8f:f3:13:3b:b9:e6:bb:
                    c9:94:73:23:b8:aa:25:8b:37:4a:4a:6b:cd:6d:b4:
                    ed:7f:36:04:a0:a1:89:a4:f3:2f:e8:7f:fc:94:b6:
                    15:00:49:ab:ca:80:ff:0c:09:98:46:71:f9:c4:74:
                    b4:93:e0:6e:51:56:30:f2:ee:1f:5d:12:43:d3:6e:
                    10:48:89:4c:4e:01:92:34:30:c0:c0:36:42:90:19:
                    d9:98:99:93:b4:d4:1f:f0:83:d7:da:d5:02:e0:b6:
                    2f:75:20:a4:7d:38:dc:e7:1c:06:30:97:56:06:04:
                    0d:ed:11:29:70:74:a6:5f:e2:75:77:62:f8:21:d0:
                    d3:e5:fe:a2:06:8e:67:13:ad:50:19:1f:20:3a:51:
                    43:29:60:4a:93:f2:e5:9b:d5:d1:92:89:a9:ae:bc:
                    49:5a:2b:2e:1f:d0:48:f1:80:ea:04:77:d7:b9:95:
                    66:99:e4:1e:38:9b:20:84:07:77:ad:fa:09:76:8e:
                    e7:ac:46:5b:d1:cf:ef:b8:c9:13:3d:7e:4a:a4:34:
                    80:db:5e:94:10:35:0c:00:69:b4:68:29:6e:34:44:
                    b5:44:9b:c5:0b:db:f8:ed:71:3d:9e:ae:04:d9:d2:
                    99:9a:7b:40:7c:8d:24:60:b9:6f:08:1d:b3:9c:2d:
                    3c:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:43:B9:C9:25:70:70:FF:7F:1B:4B:FA:88:09:44:80:00:9B:68:81
            X509v3 Authority Key Identifier:
                keyid:93:A9:59:C2:5D:BB:C3:67:CA:A8:98:25:E8:BF:F5:B4:B4:F1:1C:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k6lZwl27w2fKqJgl6L_1tLTxHJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/da46ee-f8d9-44da-9982-03f5eb148688/1/eUO5ySVwcP9_G0v6iAlEgACbaIE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/da46ee-f8d9-44da-9982-03f5eb148688/1/k6lZwl27w2fKqJgl6L_1tLTxHJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.244.3.0/24
                  185.79.125.0/24
                IPv6:
                  2a13:5740::/29

    Signature Algorithm: sha256WithRSAEncryption
         45:ac:5f:35:94:7b:bf:c4:8e:ca:4e:b0:17:26:f0:7b:97:27:
         cf:ad:73:34:65:c4:21:70:49:50:c6:5d:f0:e7:2d:ea:04:26:
         65:2f:34:31:56:4d:4a:4c:3a:2e:a0:a0:a6:dc:ed:92:c1:33:
         41:f2:c4:0a:a9:61:52:f8:40:7a:a3:2b:4b:c4:3e:67:1c:ec:
         26:8b:0f:65:bd:40:f9:70:3f:d7:67:21:2a:0b:fe:3b:59:1f:
         36:28:ef:2d:3a:c8:4c:4a:fb:cf:f2:44:ed:2c:6c:cd:44:4b:
         ec:c4:e9:32:b6:22:ca:f8:a2:58:ae:bb:3b:38:cf:26:c8:e5:
         fa:d2:86:10:57:48:91:fe:cd:dc:0c:8b:e3:d1:5a:f2:0d:4f:
         16:28:df:93:73:4f:bf:d0:3c:3b:bb:a1:f0:39:ff:7c:28:b3:
         18:2d:93:7a:ba:91:da:e4:40:b7:0f:46:11:a6:22:21:6d:03:
         8b:e8:61:80:1c:e1:33:ac:16:44:36:a6:50:3d:ac:57:94:2c:
         37:98:6e:28:07:bb:a1:68:b5:a8:dd:62:57:e4:e6:0f:ce:8f:
         0e:0c:79:ef:64:07:38:33:ce:62:e8:26:1d:25:c3:57:84:95:
         c0:f4:c3:cb:b9:97:11:85:dd:94:1c:b6:eb:72:29:50:31:c1:
         14:d4:b1:68
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQg1eBSOC/aSyw3r53B1nS6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYTk1OWMyNWRiYmMzNjdjYWE4OTgyNWU4YmZmNWI0YjRm
MTFjOWIwHhcNMjUwMTAxMDc0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTQzYjljOTI1NzA3MGZmN2YxYjRiZmE4ODA5NDQ4MDAwOWI2ODgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwcbCst21Jo/zEzu55rvJlHMjuKol
izdKSmvNbbTtfzYEoKGJpPMv6H/8lLYVAEmryoD/DAmYRnH5xHS0k+BuUVYw8u4f
XRJD024QSIlMTgGSNDDAwDZCkBnZmJmTtNQf8IPX2tUC4LYvdSCkfTjc5xwGMJdW
BgQN7REpcHSmX+J1d2L4IdDT5f6iBo5nE61QGR8gOlFDKWBKk/Llm9XRkomprrxJ
WisuH9BI8YDqBHfXuZVmmeQeOJsghAd3rfoJdo7nrEZb0c/vuMkTPX5KpDSA216U
EDUMAGm0aCluNES1RJvFC9v47XE9nq4E2dKZmntAfI0kYLlvCB2znC08qQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHlDucklcHD/fxtL+ogJRIAAm2iBMB8GA1UdIwQY
MBaAFJOpWcJdu8NnyqiYJei/9bS08RybMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazZsWndsMjd3MmZLcUpnbDZMXzF0TFR4SEpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC9kYTQ2ZWUtZjhkOS00NGRhLTk5ODIt
MDNmNWViMTQ4Njg4LzEvZVVPNXlTVndjUDlfRzB2NmlBbEVnQUNiYUlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC9kYTQ2ZWUtZjhkOS00NGRhLTk5ODItMDNmNWViMTQ4Njg4
LzEvazZsWndsMjd3MmZLcUpnbDZMXzF0TFR4SEpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAUPQDAwQA
uU99MA0EAgACMAcDBQMqE1dAMA0GCSqGSIb3DQEBCwUAA4IBAQBFrF81lHu/xI7K
TrAXJvB7lyfPrXM0ZcQhcElQxl3w5y3qBCZlLzQxVk1KTDouoKCm3O2SwTNB8sQK
qWFS+EB6oytLxD5nHOwmiw9lvUD5cD/XZyEqC/47WR82KO8tOshMSvvP8kTtLGzN
REvsxOkytiLK+KJYrrs7OM8myOX60oYQV0iR/s3cDIvj0VryDU8WKN+Tc0+/0Dw7
u6HwOf98KLMYLZN6upHa5EC3D0YRpiIhbQOL6GGAHOEzrBZENqZQPaxXlCw3mG4o
B7uhaLWo3WJX5OYPzo8ODHnvZAc4M85i6CYdJcNXhJXA9MPLuZcRhd2UHLbrcilQ
McEU1LFo
-----END CERTIFICATE-----