Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4c/358253-41e8-4c13-bfaa-cb3cd0404ab5/1/EFR-ShFgH2f_XaI8pf2tnUMmpMY.roa
File:                     EFR-ShFgH2f_XaI8pf2tnUMmpMY.roa (raw, json)
Hash identifier:          msoBShYkdFZNTKd2g8e4rJ5ZOrWTsgABKLDnEqw1TK0=
Subject key identifier:   10:54:7E:4A:11:60:1F:67:FF:5D:A2:3C:A5:FD:AD:9D:43:26:A4:C6
Certificate issuer:       /CN=15ddd4c9dc23fac35574fce2b4294398add8521c
Certificate serial:       018CC64A97876F649BB4796EA2D57D3A04F1
Authority key identifier: 15:DD:D4:C9:DC:23:FA:C3:55:74:FC:E2:B4:29:43:98:AD:D8:52:1C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Fd3Uydwj-sNVdPzitClDmK3YUhw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4c/358253-41e8-4c13-bfaa-cb3cd0404ab5/1/EFR-ShFgH2f_XaI8pf2tnUMmpMY.roa
Signing time:             Mon 01 Jan 2024 18:30:26 +0000
ROA not before:           Mon 01 Jan 2024 18:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     18345
IP address blocks:        185.164.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4c/358253-41e8-4c13-bfaa-cb3cd0404ab5/1/Fd3Uydwj-sNVdPzitClDmK3YUhw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4c/358253-41e8-4c13-bfaa-cb3cd0404ab5/1/Fd3Uydwj-sNVdPzitClDmK3YUhw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Fd3Uydwj-sNVdPzitClDmK3YUhw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4a:97:87:6f:64:9b:b4:79:6e:a2:d5:7d:3a:04:f1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=15ddd4c9dc23fac35574fce2b4294398add8521c
        Validity
            Not Before: Jan  1 18:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10547e4a11601f67ff5da23ca5fdad9d4326a4c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:b8:c8:f0:bf:4c:53:3b:a4:f1:64:6a:9d:a7:
                    85:aa:2c:83:84:dc:25:67:33:e0:fb:76:29:c5:b2:
                    5d:95:c3:a2:9f:4a:e8:d7:db:a3:dc:d8:83:1f:56:
                    6c:49:01:c9:2a:5e:2a:b0:e3:63:f9:2b:ab:6f:77:
                    97:a0:c8:bd:d7:04:62:de:df:df:cb:a9:6b:52:7c:
                    57:a7:01:b6:9f:b6:3f:d7:89:8f:5b:0d:a1:9a:06:
                    25:d8:7b:29:11:0d:0f:15:14:13:9f:5c:a7:a4:3c:
                    1e:44:62:31:90:cc:ba:b3:b4:77:60:52:35:97:1f:
                    8d:7c:79:de:a8:d5:13:fa:eb:cf:e4:b2:b8:83:ce:
                    7b:6d:0e:3d:18:26:7c:02:2e:23:ba:1e:21:0f:37:
                    81:39:c0:ff:a0:16:07:a6:b0:7d:eb:dd:69:81:7f:
                    3c:09:f1:9a:8a:02:7f:5c:21:d0:d5:4a:6f:43:ff:
                    40:e5:89:f6:77:25:c3:1e:cb:1c:b0:be:e2:52:66:
                    e4:8c:12:63:bb:41:77:ad:65:7a:3b:4a:43:55:fe:
                    34:9d:74:ef:6e:e0:f4:74:4e:8f:6f:27:63:c1:98:
                    2e:87:42:82:c2:44:ff:a2:d6:f0:e8:d5:c2:be:f4:
                    22:45:6d:8d:98:c1:92:f2:c7:8c:26:ae:b2:1f:df:
                    f5:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:54:7E:4A:11:60:1F:67:FF:5D:A2:3C:A5:FD:AD:9D:43:26:A4:C6
            X509v3 Authority Key Identifier:
                keyid:15:DD:D4:C9:DC:23:FA:C3:55:74:FC:E2:B4:29:43:98:AD:D8:52:1C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Fd3Uydwj-sNVdPzitClDmK3YUhw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/358253-41e8-4c13-bfaa-cb3cd0404ab5/1/EFR-ShFgH2f_XaI8pf2tnUMmpMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4c/358253-41e8-4c13-bfaa-cb3cd0404ab5/1/Fd3Uydwj-sNVdPzitClDmK3YUhw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.164.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:fd:71:6b:3a:d4:53:1f:77:04:cf:cc:1c:f2:e0:1d:69:95:
         fe:db:5d:52:28:14:a1:2d:00:db:62:d2:a9:d0:68:8a:b6:47:
         92:b4:76:58:53:03:07:77:6c:87:74:2a:36:f4:3f:ed:c4:0c:
         6d:42:e4:12:5c:42:4d:c9:5c:97:57:4a:b8:2f:08:c8:b1:b9:
         aa:79:7e:5a:fe:3c:2e:42:97:b7:b4:22:6a:4e:30:e5:d8:31:
         ad:43:0e:a2:62:2d:41:ad:51:a8:73:48:fe:66:5d:1b:36:b0:
         90:a4:1e:fe:1b:c6:76:fb:74:42:65:71:94:66:dc:b8:e5:f5:
         76:6b:bc:39:7a:07:58:55:6a:bc:3e:10:50:d5:60:be:c0:3d:
         2b:23:38:96:14:ed:cc:f3:83:a2:06:55:2c:52:12:50:4f:f6:
         3a:27:79:f7:60:5b:a9:7c:84:73:52:28:79:74:a8:5f:d1:b1:
         be:8b:8c:7c:b3:77:a6:bb:dc:31:60:dc:e9:e6:b5:f5:1f:ca:
         5e:2c:9b:6a:45:75:ed:cf:33:5a:64:7d:4a:71:1b:36:f0:d4:
         c8:fd:c3:56:b4:de:18:4a:19:41:8d:79:94:86:4c:f0:b0:d7:
         57:7d:a4:3b:63:56:44:35:09:9c:15:b8:e7:90:2d:e3:8c:dd:
         50:2d:9e:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSpeHb2SbtHluotV9OgTxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1ZGRkNGM5ZGMyM2ZhYzM1NTc0ZmNlMmI0Mjk0Mzk4YWRk
ODUyMWMwHhcNMjQwMTAxMTgzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDU0N2U0YTExNjAxZjY3ZmY1ZGEyM2NhNWZkYWQ5ZDQzMjZhNGM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLjI8L9MUzuk8WRqnaeFqiyDhNwl
ZzPg+3YpxbJdlcOin0ro19uj3NiDH1ZsSQHJKl4qsONj+Surb3eXoMi91wRi3t/f
y6lrUnxXpwG2n7Y/14mPWw2hmgYl2HspEQ0PFRQTn1ynpDweRGIxkMy6s7R3YFI1
lx+NfHneqNUT+uvP5LK4g857bQ49GCZ8Ai4juh4hDzeBOcD/oBYHprB9691pgX88
CfGaigJ/XCHQ1UpvQ/9A5Yn2dyXDHsscsL7iUmbkjBJju0F3rWV6O0pDVf40nXTv
buD0dE6PbydjwZguh0KCwkT/otbw6NXCvvQiRW2NmMGS8seMJq6yH9/1gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBBUfkoRYB9n/12iPKX9rZ1DJqTGMB8GA1UdIwQY
MBaAFBXd1MncI/rDVXT84rQpQ5it2FIcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRmQzVXlkd2otc05WZFB6aXRDbERtSzNZVWh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yy8zNTgyNTMtNDFlOC00YzEzLWJmYWEt
Y2IzY2QwNDA0YWI1LzEvRUZSLVNoRmdIMmZfWGFJOHBmMnRuVU1tcE1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yy8zNTgyNTMtNDFlOC00YzEzLWJmYWEtY2IzY2QwNDA0YWI1
LzEvRmQzVXlkd2otc05WZFB6aXRDbERtSzNZVWh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaR7MA0G
CSqGSIb3DQEBCwUAA4IBAQAO/XFrOtRTH3cEz8wc8uAdaZX+211SKBShLQDbYtKp
0GiKtkeStHZYUwMHd2yHdCo29D/txAxtQuQSXEJNyVyXV0q4LwjIsbmqeX5a/jwu
Qpe3tCJqTjDl2DGtQw6iYi1BrVGoc0j+Zl0bNrCQpB7+G8Z2+3RCZXGUZty45fV2
a7w5egdYVWq8PhBQ1WC+wD0rIziWFO3M84OiBlUsUhJQT/Y6J3n3YFupfIRzUih5
dKhf0bG+i4x8s3emu9wxYNzp5rX1H8peLJtqRXXtzzNaZH1KcRs28NTI/cNWtN4Y
ShlBjXmUhkzwsNdXfaQ7Y1ZENQmcFbjnkC3jjN1QLZ51
-----END CERTIFICATE-----