Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/60277c-d037-485c-a4b0-db3993cc5125/1/eCN_wa7eBPZdAGW5cKcr0UKMxiY.roa
File:                     eCN_wa7eBPZdAGW5cKcr0UKMxiY.roa (raw, json)
Hash identifier:          rGL36hdoNsVD1X+kyFfdFxLEZCHIINFlPce75JVUWRI=
Subject key identifier:   78:23:7F:C1:AE:DE:04:F6:5D:00:65:B9:70:A7:2B:D1:42:8C:C6:26
Certificate issuer:       /CN=bcfee2ff686de889c3f58df1d9f5e2b78d641de4
Certificate serial:       018EDBEF87C3AEA5AD4E749D89861B38CBB0
Authority key identifier: BC:FE:E2:FF:68:6D:E8:89:C3:F5:8D:F1:D9:F5:E2:B7:8D:64:1D:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP7i_2ht6InD9Y3x2fXit41kHeQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/60277c-d037-485c-a4b0-db3993cc5125/1/eCN_wa7eBPZdAGW5cKcr0UKMxiY.roa
Signing time:             Sun 14 Apr 2024 09:28:11 +0000
ROA not before:           Sun 14 Apr 2024 09:28:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51428
IP address blocks:        31.134.32.0/20 maxlen: 20
                          178.212.176.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/60277c-d037-485c-a4b0-db3993cc5125/1/vP7i_2ht6InD9Y3x2fXit41kHeQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/60277c-d037-485c-a4b0-db3993cc5125/1/vP7i_2ht6InD9Y3x2fXit41kHeQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP7i_2ht6InD9Y3x2fXit41kHeQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 03:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:db:ef:87:c3:ae:a5:ad:4e:74:9d:89:86:1b:38:cb:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfee2ff686de889c3f58df1d9f5e2b78d641de4
        Validity
            Not Before: Apr 14 09:28:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78237fc1aede04f65d0065b970a72bd1428cc626
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:07:fb:3c:d8:84:ae:b0:cf:b6:bf:bd:8c:6c:
                    71:60:e4:c4:ac:98:1a:43:63:a0:fc:8a:f8:c0:da:
                    09:02:17:50:8a:e3:a8:b5:19:56:c5:0f:4c:be:a8:
                    0d:3e:83:31:b8:e6:08:82:34:2b:ca:34:8b:f4:22:
                    05:8e:6f:46:e6:10:9d:23:f8:d1:1f:b1:a9:37:f9:
                    b1:2a:6a:43:e0:7d:4c:a6:68:1d:c3:89:88:f3:5d:
                    39:ee:a4:47:ae:31:fa:c7:80:23:cf:b7:b4:5f:f7:
                    5c:d8:7d:16:1f:c4:0a:83:07:1b:cc:fd:01:cd:13:
                    81:a0:90:8d:6b:76:f1:69:41:65:3f:e9:ad:7c:a4:
                    87:50:9c:5b:14:67:e6:15:c1:ac:c4:be:bc:63:57:
                    58:2e:b7:93:a6:c2:37:1d:1a:e8:4e:63:a6:f2:2a:
                    bc:95:5a:b4:a3:1a:2c:d8:50:fb:18:40:b2:f9:35:
                    51:83:69:cc:e3:5e:48:73:39:48:4e:72:f5:64:7c:
                    68:07:28:d4:6e:87:63:a6:86:34:2c:1f:d7:87:59:
                    f0:fa:3f:9f:7f:ef:c8:89:77:c9:03:cd:f7:86:95:
                    39:37:b9:d6:15:4a:45:d9:29:72:82:4a:ac:8b:9e:
                    b5:de:0c:a2:b7:ab:cc:c4:3a:80:a2:44:04:ab:56:
                    b1:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:23:7F:C1:AE:DE:04:F6:5D:00:65:B9:70:A7:2B:D1:42:8C:C6:26
            X509v3 Authority Key Identifier:
                keyid:BC:FE:E2:FF:68:6D:E8:89:C3:F5:8D:F1:D9:F5:E2:B7:8D:64:1D:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP7i_2ht6InD9Y3x2fXit41kHeQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/60277c-d037-485c-a4b0-db3993cc5125/1/eCN_wa7eBPZdAGW5cKcr0UKMxiY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/60277c-d037-485c-a4b0-db3993cc5125/1/vP7i_2ht6InD9Y3x2fXit41kHeQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.134.32.0/20
                  178.212.176.0/21

    Signature Algorithm: sha256WithRSAEncryption
         9e:9d:26:69:eb:8a:d7:51:a0:1b:57:9e:df:ac:55:07:1c:27:
         2c:5a:59:d5:0e:30:c4:c8:26:47:56:09:62:31:2f:3f:80:e4:
         01:ed:1c:1f:6f:9f:59:80:4e:51:93:6d:1a:fa:20:27:0f:b1:
         fc:31:b9:8e:0a:e1:77:00:e8:50:89:96:a3:18:2a:82:00:dc:
         22:03:de:4c:26:23:80:38:d7:32:aa:b4:e4:cc:5b:2b:fd:da:
         45:11:fd:5d:cf:71:1e:3c:52:f4:5e:c6:8c:6e:a3:1e:87:db:
         3b:ac:c2:f7:74:be:88:8d:2a:c3:47:44:0a:e9:06:d7:4d:36:
         7e:4b:48:4a:06:ba:2f:02:02:05:71:dc:6e:71:74:cc:d5:3d:
         99:c3:45:d5:1f:cf:b4:20:44:d2:24:81:ba:69:b6:45:db:7d:
         d0:03:67:11:13:ef:89:8e:d5:55:6b:c8:4c:f1:92:d2:50:26:
         40:1d:54:3d:77:f9:38:22:81:11:dc:93:8b:9e:86:39:b1:f7:
         f2:9c:f7:d3:de:81:7c:72:1e:86:db:65:e6:e6:95:7e:d5:4f:
         b9:00:f5:29:3b:c6:3a:f8:90:fd:4c:b2:31:0e:07:14:15:17:
         78:5f:b0:db:87:00:3c:91:2a:fd:ce:cb:a6:7c:a4:3f:2b:70:
         25:a5:0f:1a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7b74fDrqWtTnSdiYYbOMuwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmVlMmZmNjg2ZGU4ODljM2Y1OGRmMWQ5ZjVlMmI3OGQ2
NDFkZTQwHhcNMjQwNDE0MDkyODExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODIzN2ZjMWFlZGUwNGY2NWQwMDY1Yjk3MGE3MmJkMTQyOGNjNjI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhgf7PNiErrDPtr+9jGxxYOTErJga
Q2Og/Ir4wNoJAhdQiuOotRlWxQ9MvqgNPoMxuOYIgjQryjSL9CIFjm9G5hCdI/jR
H7GpN/mxKmpD4H1Mpmgdw4mI81057qRHrjH6x4Ajz7e0X/dc2H0WH8QKgwcbzP0B
zROBoJCNa3bxaUFlP+mtfKSHUJxbFGfmFcGsxL68Y1dYLreTpsI3HRroTmOm8iq8
lVq0oxos2FD7GECy+TVRg2nM415IczlITnL1ZHxoByjUbodjpoY0LB/Xh1nw+j+f
f+/IiXfJA833hpU5N7nWFUpF2Slygkqsi5613gyit6vMxDqAokQEq1axkwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHgjf8Gu3gT2XQBluXCnK9FCjMYmMB8GA1UdIwQY
MBaAFLz+4v9obeiJw/WN8dn14reNZB3kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlA3aV8yaHQ2SW5EOVkzeDJmWGl0NDFrSGVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi82MDI3N2MtZDAzNy00ODVjLWE0YjAt
ZGIzOTkzY2M1MTI1LzEvZUNOX3dhN2VCUFpkQUdXNWNLY3IwVUtNeGlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi82MDI3N2MtZDAzNy00ODVjLWE0YjAtZGIzOTkzY2M1MTI1
LzEvdlA3aV8yaHQ2SW5EOVkzeDJmWGl0NDFrSGVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEH4YgAwQD
stSwMA0GCSqGSIb3DQEBCwUAA4IBAQCenSZp64rXUaAbV57frFUHHCcsWlnVDjDE
yCZHVgliMS8/gOQB7Rwfb59ZgE5Rk20a+iAnD7H8MbmOCuF3AOhQiZajGCqCANwi
A95MJiOAONcyqrTkzFsr/dpFEf1dz3EePFL0XsaMbqMeh9s7rML3dL6IjSrDR0QK
6QbXTTZ+S0hKBrovAgIFcdxucXTM1T2Zw0XVH8+0IETSJIG6abZF233QA2cRE++J
jtVVa8hM8ZLSUCZAHVQ9d/k4IoER3JOLnoY5sffynPfT3oF8ch6G22Xm5pV+1U+5
APUpO8Y6+JD9TLIxDgcUFRd4X7DbhwA8kSr9zsumfKQ/K3AlpQ8a
-----END CERTIFICATE-----