Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/EY_8UK58CLC_MHOLKQN29XR3SsU.roa
File:                     EY_8UK58CLC_MHOLKQN29XR3SsU.roa (raw, json)
Hash identifier:          TXLjuUxdVne2hKBZkmT0lLvPS9KvfYEaAuj3zIfKYEM=
Subject key identifier:   11:8F:FC:50:AE:7C:08:B0:BF:30:73:8B:29:03:76:F5:74:77:4A:C5
Certificate issuer:       /CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
Certificate serial:       018D3B5A53C86E5773BCD042707AF0C42E1C
Authority key identifier: DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/EY_8UK58CLC_MHOLKQN29XR3SsU.roa
Signing time:             Wed 24 Jan 2024 12:03:11 +0000
ROA not before:           Wed 24 Jan 2024 12:03:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204741
IP address blocks:        84.232.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:3b:5a:53:c8:6e:57:73:bc:d0:42:70:7a:f0:c4:2e:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=daaf17b0015dbb7cd992f26cdff01c4e2620b73e
        Validity
            Not Before: Jan 24 12:03:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=118ffc50ae7c08b0bf30738b290376f574774ac5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:ef:10:b9:02:a7:22:04:c3:00:e3:9c:bb:d5:
                    71:af:c7:33:d2:1b:f1:ca:14:c8:e8:f5:35:55:07:
                    61:b8:9b:4e:40:a5:e2:9e:43:95:ea:cd:70:7b:03:
                    5e:04:a2:f2:4c:81:ff:9c:17:ef:59:14:08:5b:a6:
                    5f:38:54:13:71:04:63:a1:c7:e3:cf:73:d0:23:55:
                    b0:aa:3a:0a:ca:53:b6:0a:8d:cf:f1:07:b7:88:71:
                    45:94:95:40:10:27:9c:5d:de:58:d1:3f:32:39:3c:
                    3a:fa:d8:c6:4e:a9:a9:95:cd:ae:e1:e6:f8:ae:06:
                    e6:d3:06:6f:c9:09:ed:8f:42:78:35:da:31:63:6a:
                    d2:f5:71:01:bc:a4:a9:5d:d8:8f:2f:6b:b8:22:93:
                    03:5e:03:f1:29:5e:fb:52:60:c4:f7:f2:92:c7:9f:
                    c0:2b:53:3d:4d:72:e6:dd:a7:ce:31:ab:63:f1:b0:
                    db:94:11:67:71:75:66:79:6c:f5:77:69:56:ce:c2:
                    fc:97:9b:d6:4f:7d:78:4f:59:9a:4a:d6:00:d1:a9:
                    22:7d:5c:88:e9:6e:31:da:dc:cd:69:24:b2:c6:8a:
                    42:2b:fb:d9:80:bc:ab:d4:cd:60:2e:87:90:fd:b8:
                    33:5a:44:22:65:26:d0:ce:69:1e:1a:d7:4b:50:58:
                    ed:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:8F:FC:50:AE:7C:08:B0:BF:30:73:8B:29:03:76:F5:74:77:4A:C5
            X509v3 Authority Key Identifier:
                keyid:DA:AF:17:B0:01:5D:BB:7C:D9:92:F2:6C:DF:F0:1C:4E:26:20:B7:3E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2q8XsAFdu3zZkvJs3_AcTiYgtz4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/EY_8UK58CLC_MHOLKQN29XR3SsU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/c8973c-3cfa-4604-8110-cf06d1983ba1/1/2q8XsAFdu3zZkvJs3_AcTiYgtz4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.232.49.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:59:4a:e2:63:74:fc:c0:b8:c5:e6:96:f8:c1:8c:f1:61:33:
         bc:13:89:2f:a4:c7:9e:0d:96:e3:fc:40:45:ca:10:08:71:cc:
         67:57:21:ec:1a:22:58:31:b8:0d:b0:04:dc:aa:a7:cf:71:de:
         0c:c3:06:87:0b:95:ef:74:44:85:0e:09:f1:4f:5d:d5:d1:c2:
         6e:ea:24:c3:04:13:3d:6b:40:4f:6f:ff:bc:a7:06:6c:be:46:
         f2:d2:6c:8e:f6:93:0d:d4:79:1d:0c:ba:07:bf:9b:f0:89:94:
         ba:ae:08:e9:d1:b4:ec:34:f9:c4:8a:34:b9:28:4f:5b:ce:35:
         44:6b:28:2a:fc:43:e9:aa:ff:28:92:d3:9b:90:02:10:63:b1:
         49:61:84:9c:ea:f6:4a:fb:e5:24:e7:06:e2:8e:1c:58:19:a2:
         b0:51:fe:d1:ac:00:56:81:f3:ea:84:28:b7:10:21:de:83:c0:
         38:30:51:29:c7:fa:90:53:65:51:ac:8d:bf:dd:80:af:f8:b1:
         ef:69:3b:b8:01:5e:91:8a:4f:e2:6c:62:0d:10:05:71:41:54:
         68:4f:79:c7:9b:c6:63:5c:f2:27:df:64:c6:25:ee:c1:60:bb:
         c2:f4:30:bd:ab:b8:3d:5f:e3:f8:d1:84:9f:44:e3:ce:73:1c:
         ed:7b:db:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY07WlPIbldzvNBCcHrwxC4cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhYWYxN2IwMDE1ZGJiN2NkOTkyZjI2Y2RmZjAxYzRlMjYy
MGI3M2UwHhcNMjQwMTI0MTIwMzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMThmZmM1MGFlN2MwOGIwYmYzMDczOGIyOTAzNzZmNTc0Nzc0YWM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAre8QuQKnIgTDAOOcu9Vxr8cz0hvx
yhTI6PU1VQdhuJtOQKXinkOV6s1wewNeBKLyTIH/nBfvWRQIW6ZfOFQTcQRjocfj
z3PQI1WwqjoKylO2Co3P8Qe3iHFFlJVAECecXd5Y0T8yOTw6+tjGTqmplc2u4eb4
rgbm0wZvyQntj0J4NdoxY2rS9XEBvKSpXdiPL2u4IpMDXgPxKV77UmDE9/KSx5/A
K1M9TXLm3afOMatj8bDblBFncXVmeWz1d2lWzsL8l5vWT314T1maStYA0akifVyI
6W4x2tzNaSSyxopCK/vZgLyr1M1gLoeQ/bgzWkQiZSbQzmkeGtdLUFjtnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGP/FCufAiwvzBziykDdvV0d0rFMB8GA1UdIwQY
MBaAFNqvF7ABXbt82ZLybN/wHE4mILc+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAt
Y2YwNmQxOTgzYmExLzEvRVlfOFVLNThDTENfTUhPTEtRTjI5WFIzU3NVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS9jODk3M2MtM2NmYS00NjA0LTgxMTAtY2YwNmQxOTgzYmEx
LzEvMnE4WHNBRmR1M3paa3ZKczNfQWNUaVlndHo0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVOgxMA0G
CSqGSIb3DQEBCwUAA4IBAQAGWUriY3T8wLjF5pb4wYzxYTO8E4kvpMeeDZbj/EBF
yhAIccxnVyHsGiJYMbgNsATcqqfPcd4MwwaHC5XvdESFDgnxT13V0cJu6iTDBBM9
a0BPb/+8pwZsvkby0myO9pMN1HkdDLoHv5vwiZS6rgjp0bTsNPnEijS5KE9bzjVE
aygq/EPpqv8oktObkAIQY7FJYYSc6vZK++Uk5wbijhxYGaKwUf7RrABWgfPqhCi3
ECHeg8A4MFEpx/qQU2VRrI2/3YCv+LHvaTu4AV6Rik/ibGINEAVxQVRoT3nHm8Zj
XPIn32TGJe7BYLvC9DC9q7g9X+P40YSfROPOcxzte9tX
-----END CERTIFICATE-----