Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/9db4d3-f78d-4430-87c0-6cbd581d317c/1/eZ8arxnGDWk7xkVHJ1bRXWZ355M.roa
File:                     eZ8arxnGDWk7xkVHJ1bRXWZ355M.roa (raw, json)
Hash identifier:          AeIoI4f85DUeWbFvZ4SxFOX1IxHcOJjIFceKESNKiJo=
Subject key identifier:   79:9F:1A:AF:19:C6:0D:69:3B:C6:45:47:27:56:D1:5D:66:77:E7:93
Certificate issuer:       /CN=81bb78be41e48337997c8fe91d8e2f24f7b49eaf
Certificate serial:       0194228D74C18F666F882B162A4A16FBA1F5
Authority key identifier: 81:BB:78:BE:41:E4:83:37:99:7C:8F:E9:1D:8E:2F:24:F7:B4:9E:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gbt4vkHkgzeZfI_pHY4vJPe0nq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4d/9db4d3-f78d-4430-87c0-6cbd581d317c/1/eZ8arxnGDWk7xkVHJ1bRXWZ355M.roa
Signing time:             Wed 01 Jan 2025 15:48:03 +0000
ROA not before:           Wed 01 Jan 2025 15:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44431
IP address blocks:        92.43.224.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4d/9db4d3-f78d-4430-87c0-6cbd581d317c/1/gbt4vkHkgzeZfI_pHY4vJPe0nq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4d/9db4d3-f78d-4430-87c0-6cbd581d317c/1/gbt4vkHkgzeZfI_pHY4vJPe0nq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gbt4vkHkgzeZfI_pHY4vJPe0nq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:74:c1:8f:66:6f:88:2b:16:2a:4a:16:fb:a1:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=81bb78be41e48337997c8fe91d8e2f24f7b49eaf
        Validity
            Not Before: Jan  1 15:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=799f1aaf19c60d693bc645472756d15d6677e793
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:9e:61:c2:ef:0a:e7:62:a5:55:38:7a:ba:9f:
                    65:e5:67:91:28:4f:09:25:f8:e9:23:12:1e:a1:f4:
                    32:fb:45:be:cb:17:b9:80:d7:16:08:c6:2f:a1:57:
                    1d:e9:3e:64:eb:41:a0:d7:1c:dc:ff:55:7f:4e:c4:
                    07:0f:0d:9a:39:b0:d1:b3:98:0d:af:ed:f4:bb:24:
                    9d:a5:c2:f4:73:cc:e6:70:d3:e0:a6:6d:18:c2:a2:
                    d4:6f:e1:43:cc:d8:0e:62:db:a2:63:8d:3d:5e:96:
                    ba:89:c9:42:00:aa:91:98:1e:e5:38:69:5e:21:91:
                    56:21:f4:8b:10:0f:fc:71:4c:43:72:71:2b:fa:b8:
                    2c:03:64:54:d2:6c:11:23:ef:ec:16:25:22:5d:3f:
                    eb:95:19:ae:26:33:8b:5d:2f:d8:26:21:b6:a4:99:
                    f8:b7:8f:8a:e2:33:4f:60:9f:b4:c6:f3:34:b0:18:
                    6d:93:e4:dd:58:09:d4:36:6c:ca:56:ce:f2:d7:54:
                    be:f9:3f:01:75:e4:95:4f:1a:0e:e4:2e:8b:15:6c:
                    42:25:b1:32:7c:08:30:cc:55:5f:18:e2:18:f6:61:
                    73:4f:64:df:f9:d6:5c:50:bf:eb:97:d5:3a:86:3a:
                    38:19:43:5f:cc:0b:78:1e:3c:ea:60:af:08:9f:0a:
                    6d:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:9F:1A:AF:19:C6:0D:69:3B:C6:45:47:27:56:D1:5D:66:77:E7:93
            X509v3 Authority Key Identifier:
                keyid:81:BB:78:BE:41:E4:83:37:99:7C:8F:E9:1D:8E:2F:24:F7:B4:9E:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gbt4vkHkgzeZfI_pHY4vJPe0nq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/9db4d3-f78d-4430-87c0-6cbd581d317c/1/eZ8arxnGDWk7xkVHJ1bRXWZ355M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/9db4d3-f78d-4430-87c0-6cbd581d317c/1/gbt4vkHkgzeZfI_pHY4vJPe0nq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.43.224.0/21

    Signature Algorithm: sha256WithRSAEncryption
         b3:d1:ca:ef:dc:05:03:c3:f2:d2:d4:cd:6b:35:8b:79:c1:75:
         4e:22:92:c2:a4:05:9d:91:91:de:e5:80:95:21:5c:0e:51:b4:
         60:22:28:8a:82:c5:8d:30:b7:ba:b8:e5:04:a1:d0:b8:0d:ed:
         b6:17:15:46:6e:55:0d:c3:e4:ef:cc:50:51:26:76:75:9f:41:
         d8:98:e9:b8:5c:7f:bc:8e:e4:d2:be:c8:d5:cd:45:98:4d:82:
         c6:78:49:9a:d7:cc:7c:b0:6e:a3:4d:cf:d5:c5:fe:40:f5:64:
         00:43:a2:1f:6e:36:a6:7e:b2:fd:33:6b:a8:9c:a2:00:a0:1e:
         77:d0:cb:e0:b5:9c:52:74:d8:15:f7:40:4d:43:06:1d:48:92:
         b3:07:27:59:f3:ef:7d:af:79:be:30:54:cd:49:55:f6:c8:d3:
         6d:da:ff:e1:ba:6e:b4:bc:08:93:63:9f:c4:4a:48:f5:aa:63:
         98:1a:b1:86:dc:cd:8c:a9:3e:5e:9b:66:2a:31:e5:f4:1d:bb:
         17:00:ed:11:74:13:8d:d4:f0:1f:d5:7f:62:4a:16:2b:54:f6:
         c9:e9:39:c5:23:da:e1:63:80:54:1d:44:9f:af:4e:45:f7:7d:
         03:68:12:e5:c5:83:39:b5:81:7c:e6:65:6c:58:10:77:1a:f6:
         5b:a4:33:fb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijXTBj2ZviCsWKkoW+6H1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYmI3OGJlNDFlNDgzMzc5OTdjOGZlOTFkOGUyZjI0Zjdi
NDllYWYwHhcNMjUwMTAxMTU0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTlmMWFhZjE5YzYwZDY5M2JjNjQ1NDcyNzU2ZDE1ZDY2NzdlNzkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4p5hwu8K52KlVTh6up9l5WeRKE8J
JfjpIxIeofQy+0W+yxe5gNcWCMYvoVcd6T5k60Gg1xzc/1V/TsQHDw2aObDRs5gN
r+30uySdpcL0c8zmcNPgpm0YwqLUb+FDzNgOYtuiY409Xpa6iclCAKqRmB7lOGle
IZFWIfSLEA/8cUxDcnEr+rgsA2RU0mwRI+/sFiUiXT/rlRmuJjOLXS/YJiG2pJn4
t4+K4jNPYJ+0xvM0sBhtk+TdWAnUNmzKVs7y11S++T8BdeSVTxoO5C6LFWxCJbEy
fAgwzFVfGOIY9mFzT2Tf+dZcUL/rl9U6hjo4GUNfzAt4HjzqYK8InwptkQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmfGq8Zxg1pO8ZFRydW0V1md+eTMB8GA1UdIwQY
MBaAFIG7eL5B5IM3mXyP6R2OLyT3tJ6vMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2J0NHZrSGtnemVaZklfcEhZNHZKUGUwbnE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC85ZGI0ZDMtZjc4ZC00NDMwLTg3YzAt
NmNiZDU4MWQzMTdjLzEvZVo4YXJ4bkdEV2s3eGtWSEoxYlJYV1ozNTVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC85ZGI0ZDMtZjc4ZC00NDMwLTg3YzAtNmNiZDU4MWQzMTdj
LzEvZ2J0NHZrSGtnemVaZklfcEhZNHZKUGUwbnE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDXCvgMA0G
CSqGSIb3DQEBCwUAA4IBAQCz0crv3AUDw/LS1M1rNYt5wXVOIpLCpAWdkZHe5YCV
IVwOUbRgIiiKgsWNMLe6uOUEodC4De22FxVGblUNw+TvzFBRJnZ1n0HYmOm4XH+8
juTSvsjVzUWYTYLGeEma18x8sG6jTc/Vxf5A9WQAQ6IfbjamfrL9M2uonKIAoB53
0MvgtZxSdNgV90BNQwYdSJKzBydZ8+99r3m+MFTNSVX2yNNt2v/hum60vAiTY5/E
Skj1qmOYGrGG3M2MqT5em2YqMeX0HbsXAO0RdBON1PAf1X9iShYrVPbJ6TnFI9rh
Y4BUHUSfr05F930DaBLlxYM5tYF85mVsWBB3GvZbpDP7
-----END CERTIFICATE-----