Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f9ae1a-8e52-48d3-a58d-a250da13d68a/1/eQcBeBuDV5Qa22aMVuDwy0R8v0s.roa
File:                     eQcBeBuDV5Qa22aMVuDwy0R8v0s.roa (raw, json)
Hash identifier:          uT40BzU6dj65KM7sRZRDydRYzs/KvifVNYjMgJyOg70=
Subject key identifier:   79:07:01:78:1B:83:57:94:1A:DB:66:8C:56:E0:F0:CB:44:7C:BF:4B
Certificate issuer:       /CN=1375b40938d87cd332726aaa481aa71ae6e98717
Certificate serial:       018CC726BECEAE40AB4B6DF45EB3B8C31C3A
Authority key identifier: 13:75:B4:09:38:D8:7C:D3:32:72:6A:AA:48:1A:A7:1A:E6:E9:87:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/E3W0CTjYfNMycmqqSBqnGubphxc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/50/f9ae1a-8e52-48d3-a58d-a250da13d68a/1/eQcBeBuDV5Qa22aMVuDwy0R8v0s.roa
Signing time:             Mon 01 Jan 2024 22:30:54 +0000
ROA not before:           Mon 01 Jan 2024 22:30:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     209031
IP address blocks:        194.113.62.0/23 maxlen: 24
                          194.113.68.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/50/f9ae1a-8e52-48d3-a58d-a250da13d68a/1/E3W0CTjYfNMycmqqSBqnGubphxc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/50/f9ae1a-8e52-48d3-a58d-a250da13d68a/1/E3W0CTjYfNMycmqqSBqnGubphxc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/E3W0CTjYfNMycmqqSBqnGubphxc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 02:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:be:ce:ae:40:ab:4b:6d:f4:5e:b3:b8:c3:1c:3a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1375b40938d87cd332726aaa481aa71ae6e98717
        Validity
            Not Before: Jan  1 22:30:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=790701781b8357941adb668c56e0f0cb447cbf4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:10:52:40:74:79:4e:85:56:f7:25:a7:2e:87:
                    ed:11:2a:1e:f5:4f:e1:ac:c6:1c:ed:f6:39:bf:d9:
                    d3:07:b1:d4:03:34:a7:ce:fd:da:20:25:4f:2e:eb:
                    00:98:9d:b7:f9:48:0a:f3:69:6b:a9:17:ff:6c:1a:
                    c7:62:95:c0:a5:75:2d:a3:dd:18:25:2b:56:07:66:
                    2f:ce:41:88:96:c7:23:5b:4d:53:b0:66:8b:48:3f:
                    75:79:40:96:1e:13:c7:1c:c7:c8:f9:f2:a8:7b:f8:
                    74:3e:c9:d4:17:a8:62:c4:8b:84:a1:fd:f0:f7:94:
                    54:89:20:01:d0:5d:47:9a:e1:90:9f:48:68:43:09:
                    ce:49:e4:70:1f:9e:51:99:5a:f0:d0:c5:f5:aa:e4:
                    de:f5:93:c1:de:6b:12:db:f4:d0:96:00:34:91:4e:
                    67:f9:3f:01:92:90:c6:27:1e:2c:53:d8:15:06:7b:
                    e1:5d:30:1e:38:7b:f6:6c:cd:65:54:81:57:bb:68:
                    ae:e4:d0:bc:b2:f5:75:23:f9:fa:ae:20:54:55:f7:
                    df:2a:b0:c8:12:13:c0:77:a5:38:c4:69:92:fa:05:
                    7e:49:c9:2c:79:41:7c:7c:6a:02:e1:99:fa:fd:ef:
                    78:cf:b9:60:61:09:84:54:2c:76:db:35:21:54:ec:
                    37:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:07:01:78:1B:83:57:94:1A:DB:66:8C:56:E0:F0:CB:44:7C:BF:4B
            X509v3 Authority Key Identifier:
                keyid:13:75:B4:09:38:D8:7C:D3:32:72:6A:AA:48:1A:A7:1A:E6:E9:87:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E3W0CTjYfNMycmqqSBqnGubphxc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f9ae1a-8e52-48d3-a58d-a250da13d68a/1/eQcBeBuDV5Qa22aMVuDwy0R8v0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f9ae1a-8e52-48d3-a58d-a250da13d68a/1/E3W0CTjYfNMycmqqSBqnGubphxc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.62.0/23
                  194.113.68.0/23

    Signature Algorithm: sha256WithRSAEncryption
         02:d8:a3:2a:1c:52:11:29:f0:15:d5:41:08:58:15:bb:93:16:
         40:dc:8e:32:5b:65:39:f4:28:28:3e:0e:2c:22:b7:6e:38:a8:
         d9:f6:9b:84:26:99:88:c1:c8:aa:79:bf:73:04:de:d5:a1:9a:
         d1:b3:09:e3:c3:78:fd:5a:21:0d:56:2d:1c:9e:1c:07:8a:48:
         18:a8:89:cc:07:b3:44:6f:2d:99:a7:29:c7:ff:4e:d4:4c:25:
         90:ba:75:89:a9:1e:02:55:64:2d:57:77:67:fb:ab:fc:3b:ed:
         e3:a4:de:d5:e7:ce:fd:c4:1a:97:e9:b9:47:6a:a0:00:ea:1d:
         ca:7d:3e:3c:cc:94:f3:6e:e9:8b:85:08:53:c5:7b:3b:d6:9a:
         d0:69:ec:1c:7e:42:7c:3d:d9:82:76:3b:b3:27:8c:8b:ff:c7:
         4b:36:84:5f:b9:9b:ea:a8:5f:fd:f0:07:85:f3:be:b2:2b:fd:
         c1:ba:d8:17:c4:af:a3:96:95:76:99:33:3a:00:a4:cd:c0:13:
         4f:cd:51:1d:cf:04:d2:2f:81:95:7d:b4:19:a8:83:18:00:83:
         5b:bf:64:5e:c4:47:c9:73:ad:2e:11:0f:02:bc:08:bd:2f:79:
         43:45:99:be:99:74:f2:0d:82:23:b6:7d:ea:2e:a0:96:f9:c4:
         cb:c1:22:5b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzHJr7OrkCrS230XrO4wxw6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzNzViNDA5MzhkODdjZDMzMjcyNmFhYTQ4MWFhNzFhZTZl
OTg3MTcwHhcNMjQwMTAxMjIzMDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTA3MDE3ODFiODM1Nzk0MWFkYjY2OGM1NmUwZjBjYjQ0N2NiZjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmRBSQHR5ToVW9yWnLoftESoe9U/h
rMYc7fY5v9nTB7HUAzSnzv3aICVPLusAmJ23+UgK82lrqRf/bBrHYpXApXUto90Y
JStWB2YvzkGIlscjW01TsGaLSD91eUCWHhPHHMfI+fKoe/h0PsnUF6hixIuEof3w
95RUiSAB0F1HmuGQn0hoQwnOSeRwH55RmVrw0MX1quTe9ZPB3msS2/TQlgA0kU5n
+T8BkpDGJx4sU9gVBnvhXTAeOHv2bM1lVIFXu2iu5NC8svV1I/n6riBUVfffKrDI
EhPAd6U4xGmS+gV+SckseUF8fGoC4Zn6/e94z7lgYQmEVCx22zUhVOw3HQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHkHAXgbg1eUGttmjFbg8MtEfL9LMB8GA1UdIwQY
MBaAFBN1tAk42HzTMnJqqkgapxrm6YcXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTNXMENUallmTk15Y21xcVNCcW5HdWJwaHhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mOWFlMWEtOGU1Mi00OGQzLWE1OGQt
YTI1MGRhMTNkNjhhLzEvZVFjQmVCdURWNVFhMjJhTVZ1RHd5MFI4djBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mOWFlMWEtOGU1Mi00OGQzLWE1OGQtYTI1MGRhMTNkNjhh
LzEvRTNXMENUallmTk15Y21xcVNCcW5HdWJwaHhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBwnE+AwQB
wnFEMA0GCSqGSIb3DQEBCwUAA4IBAQAC2KMqHFIRKfAV1UEIWBW7kxZA3I4yW2U5
9CgoPg4sIrduOKjZ9puEJpmIwciqeb9zBN7VoZrRswnjw3j9WiENVi0cnhwHikgY
qInMB7NEby2ZpynH/07UTCWQunWJqR4CVWQtV3dn+6v8O+3jpN7V5879xBqX6blH
aqAA6h3KfT48zJTzbumLhQhTxXs71prQaewcfkJ8PdmCdjuzJ4yL/8dLNoRfuZvq
qF/98AeF876yK/3ButgXxK+jlpV2mTM6AKTNwBNPzVEdzwTSL4GVfbQZqIMYAINb
v2RexEfJc60uEQ8CvAi9L3lDRZm+mXTyDYIjtn3qLqCW+cTLwSJb
-----END CERTIFICATE-----