Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/2d238e-b31c-4ea0-98cc-c4febc3d6e52/1/eolOD82romDYKf-u5K2mBsrtM6A.roa
File:                     eolOD82romDYKf-u5K2mBsrtM6A.roa (raw, json)
Hash identifier:          lLrmPPWKuIZu39XjZBEUEnSJsPHEyn/SShOI0bCltRE=
Subject key identifier:   7A:89:4E:0F:CD:AB:A2:60:D8:29:FF:AE:E4:AD:A6:06:CA:ED:33:A0
Certificate issuer:       /CN=2b0e6a7bdb11c4ffd77718081510c91431178cdb
Certificate serial:       018D5FC27641A0F8190895CF7AEF2DA62815
Authority key identifier: 2B:0E:6A:7B:DB:11:C4:FF:D7:77:18:08:15:10:C9:14:31:17:8C:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Kw5qe9sRxP_XdxgIFRDJFDEXjNs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/2d238e-b31c-4ea0-98cc-c4febc3d6e52/1/eolOD82romDYKf-u5K2mBsrtM6A.roa
Signing time:             Wed 31 Jan 2024 13:43:16 +0000
ROA not before:           Wed 31 Jan 2024 13:43:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8943
IP address blocks:        85.119.80.0/21 maxlen: 21
                          2a0a:1100::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/2d238e-b31c-4ea0-98cc-c4febc3d6e52/1/Kw5qe9sRxP_XdxgIFRDJFDEXjNs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/2d238e-b31c-4ea0-98cc-c4febc3d6e52/1/Kw5qe9sRxP_XdxgIFRDJFDEXjNs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Kw5qe9sRxP_XdxgIFRDJFDEXjNs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:5f:c2:76:41:a0:f8:19:08:95:cf:7a:ef:2d:a6:28:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2b0e6a7bdb11c4ffd77718081510c91431178cdb
        Validity
            Not Before: Jan 31 13:43:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a894e0fcdaba260d829ffaee4ada606caed33a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:fa:e6:19:28:e6:0e:d9:16:76:b8:77:83:ae:
                    58:8d:d3:0d:07:3e:82:32:9c:d2:45:2a:5c:11:83:
                    d4:dc:4b:d3:ab:2f:b6:4a:36:c2:9a:82:02:69:07:
                    0f:1d:b4:92:8f:4d:5d:f9:a5:19:a9:35:84:88:a0:
                    f6:02:de:9f:87:cb:11:17:e4:61:cf:1f:04:85:4c:
                    29:02:a6:ee:b4:e5:2c:6e:49:d2:f3:b7:a7:7b:3f:
                    6f:0c:a5:c4:39:ad:fe:ec:39:ec:df:09:db:0b:d0:
                    8e:ec:58:da:f8:28:46:df:4d:f4:0c:2e:db:21:8a:
                    33:a6:6f:bc:47:58:6a:b3:93:a1:b0:27:fd:e0:a8:
                    8b:ac:19:8c:9f:b1:b0:88:27:c3:70:ba:c1:68:98:
                    23:1c:9f:bd:ea:34:30:4f:4f:7f:5c:6d:5c:ca:4b:
                    8c:b8:8a:32:47:5f:97:3c:bc:7d:97:df:de:0c:14:
                    67:a6:07:25:d7:f9:7b:04:b0:99:3a:ad:70:bf:68:
                    0d:ea:db:98:80:8c:96:54:ce:45:d8:7e:e8:ec:6a:
                    f4:f5:91:51:07:a8:51:e1:72:b8:4d:5a:3d:22:ed:
                    8f:8a:ea:17:cf:0f:32:de:47:f0:2a:20:cc:1b:42:
                    95:22:2f:2c:6c:06:24:4e:32:91:51:49:93:9b:25:
                    8d:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:89:4E:0F:CD:AB:A2:60:D8:29:FF:AE:E4:AD:A6:06:CA:ED:33:A0
            X509v3 Authority Key Identifier:
                keyid:2B:0E:6A:7B:DB:11:C4:FF:D7:77:18:08:15:10:C9:14:31:17:8C:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Kw5qe9sRxP_XdxgIFRDJFDEXjNs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/2d238e-b31c-4ea0-98cc-c4febc3d6e52/1/eolOD82romDYKf-u5K2mBsrtM6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/2d238e-b31c-4ea0-98cc-c4febc3d6e52/1/Kw5qe9sRxP_XdxgIFRDJFDEXjNs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.119.80.0/21
                IPv6:
                  2a0a:1100::/32

    Signature Algorithm: sha256WithRSAEncryption
         79:94:ab:32:e2:b3:f3:7b:fa:41:57:5f:6a:18:2a:29:a3:7c:
         d3:6e:b0:d1:40:d7:d2:1c:cc:3b:99:25:3b:91:05:78:08:ff:
         60:a9:a9:66:f0:f4:b2:80:e7:cd:9a:2b:70:bd:c9:c5:d5:99:
         67:55:da:cf:d3:2e:a2:37:d2:b8:23:5c:c4:56:5d:84:c0:ce:
         c9:5e:30:45:ac:49:31:a7:34:3e:b6:4b:17:9e:d9:8e:77:3e:
         6c:7a:d1:34:48:5d:d5:3c:d2:39:48:a8:07:14:bd:61:c7:a7:
         85:b4:61:5d:3c:6a:9c:30:5e:b0:ad:31:35:e3:bf:a2:5a:a5:
         94:8b:17:85:4b:f4:a0:e5:cb:ba:8a:83:7a:25:6d:8d:72:e2:
         65:a7:3c:ac:b4:6d:b0:d1:52:1c:f5:fa:ba:4b:57:f2:a2:c9:
         bb:13:a9:7f:8f:4a:28:6c:09:4b:eb:5e:f6:ea:f2:80:88:35:
         cb:78:74:1c:9c:e8:18:cd:b2:7e:d3:d3:b3:e7:3e:55:c7:81:
         35:fb:60:9b:31:44:c7:c9:e8:a9:4e:d6:78:be:77:5a:fe:6c:
         1d:dd:87:06:4d:b9:19:8c:5a:61:04:6f:76:10:dd:8b:42:78:
         a8:28:bc:61:14:33:b8:ec:f5:53:62:d6:c9:75:94:30:22:bc:
         89:80:d4:b8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY1fwnZBoPgZCJXPeu8tpigVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJiMGU2YTdiZGIxMWM0ZmZkNzc3MTgwODE1MTBjOTE0MzEx
NzhjZGIwHhcNMjQwMTMxMTM0MzE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTg5NGUwZmNkYWJhMjYwZDgyOWZmYWVlNGFkYTYwNmNhZWQzM2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/rmGSjmDtkWdrh3g65YjdMNBz6C
MpzSRSpcEYPU3EvTqy+2SjbCmoICaQcPHbSSj01d+aUZqTWEiKD2At6fh8sRF+Rh
zx8EhUwpAqbutOUsbknS87enez9vDKXEOa3+7Dns3wnbC9CO7Fja+ChG3030DC7b
IYozpm+8R1hqs5OhsCf94KiLrBmMn7GwiCfDcLrBaJgjHJ+96jQwT09/XG1cykuM
uIoyR1+XPLx9l9/eDBRnpgcl1/l7BLCZOq1wv2gN6tuYgIyWVM5F2H7o7Gr09ZFR
B6hR4XK4TVo9Iu2PiuoXzw8y3kfwKiDMG0KVIi8sbAYkTjKRUUmTmyWNFwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHqJTg/Nq6Jg2Cn/ruStpgbK7TOgMB8GA1UdIwQY
MBaAFCsOanvbEcT/13cYCBUQyRQxF4zbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3c1cWU5c1J4UF9YZHhnSUZSREpGREVYak5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8yZDIzOGUtYjMxYy00ZWEwLTk4Y2Mt
YzRmZWJjM2Q2ZTUyLzEvZW9sT0Q4MnJvbURZS2YtdTVLMm1Cc3J0TTZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8yZDIzOGUtYjMxYy00ZWEwLTk4Y2MtYzRmZWJjM2Q2ZTUy
LzEvS3c1cWU5c1J4UF9YZHhnSUZSREpGREVYak5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDVXdQMA0E
AgACMAcDBQAqChEAMA0GCSqGSIb3DQEBCwUAA4IBAQB5lKsy4rPze/pBV19qGCop
o3zTbrDRQNfSHMw7mSU7kQV4CP9gqalm8PSygOfNmitwvcnF1ZlnVdrP0y6iN9K4
I1zEVl2EwM7JXjBFrEkxpzQ+tksXntmOdz5setE0SF3VPNI5SKgHFL1hx6eFtGFd
PGqcMF6wrTE147+iWqWUixeFS/Sg5cu6ioN6JW2NcuJlpzystG2w0VIc9fq6S1fy
osm7E6l/j0oobAlL61726vKAiDXLeHQcnOgYzbJ+09Oz5z5Vx4E1+2CbMUTHyeip
TtZ4vnda/mwd3YcGTbkZjFphBG92EN2LQnioKLxhFDO47PVTYtbJdZQwIryJgNS4
-----END CERTIFICATE-----