Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/eQbVcvtLFPztKgkjc4I8Q1i53tg.roa
File:                     eQbVcvtLFPztKgkjc4I8Q1i53tg.roa (raw, json)
Hash identifier:          kvWOQI9nj/TI+pYpNN6/2BHm9m5RfbDFTzfUl0pLg2Q=
Subject key identifier:   79:06:D5:72:FB:4B:14:FC:ED:2A:09:23:73:82:3C:43:58:B9:DE:D8
Certificate issuer:       /CN=19426325acb8ce609a686fa655b058968809b346
Certificate serial:       018CC94D41E990F84082E00C9A07EC0D10D7
Authority key identifier: 19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/eQbVcvtLFPztKgkjc4I8Q1i53tg.roa
Signing time:             Tue 02 Jan 2024 08:32:12 +0000
ROA not before:           Tue 02 Jan 2024 08:32:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203757
IP address blocks:        212.111.200.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:41:e9:90:f8:40:82:e0:0c:9a:07:ec:0d:10:d7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=19426325acb8ce609a686fa655b058968809b346
        Validity
            Not Before: Jan  2 08:32:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7906d572fb4b14fced2a092373823c4358b9ded8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:47:bc:a6:b9:c3:c0:00:00:fd:eb:b4:a6:79:
                    a0:50:51:7c:8b:6d:99:85:39:72:87:c1:aa:59:6c:
                    50:e8:21:aa:df:86:8f:6b:d4:5f:ef:95:f4:12:e4:
                    11:cd:0e:24:d6:6d:91:14:d1:3d:9b:8a:2f:07:b4:
                    8a:06:ff:70:db:c7:29:16:9e:28:b9:fe:9f:b8:a4:
                    60:c2:25:eb:3c:d6:75:5d:06:6b:09:b6:a1:07:82:
                    90:05:c6:9b:fb:7c:dc:c4:e2:e2:61:e9:9f:c2:e8:
                    87:45:51:88:11:37:51:0e:d7:f3:9a:60:0c:00:18:
                    41:f9:ba:55:1f:2a:ca:ce:67:f5:58:3f:32:e6:78:
                    3e:0c:5b:cf:c1:21:97:6b:4f:e4:9b:08:9d:60:c0:
                    69:74:db:68:fe:85:cd:36:14:b3:3d:fd:e8:12:47:
                    fe:d6:20:2d:10:8d:83:c2:d9:74:50:25:5f:42:b8:
                    1b:ac:60:14:0f:92:9f:3b:81:b8:21:a6:34:36:d6:
                    48:bd:22:e7:b2:38:01:7a:ba:2c:df:29:d9:48:e7:
                    82:bf:f8:19:87:9f:09:e1:bd:20:cd:a7:28:6e:54:
                    4a:3c:ce:b3:d4:bd:85:fa:61:54:ea:01:02:e0:e4:
                    8f:48:28:a3:2d:ad:4d:5e:2a:c5:21:13:37:06:ec:
                    c5:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:06:D5:72:FB:4B:14:FC:ED:2A:09:23:73:82:3C:43:58:B9:DE:D8
            X509v3 Authority Key Identifier:
                keyid:19:42:63:25:AC:B8:CE:60:9A:68:6F:A6:55:B0:58:96:88:09:B3:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GUJjJay4zmCaaG-mVbBYlogJs0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/eQbVcvtLFPztKgkjc4I8Q1i53tg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/8b6fb0-a875-4947-8ae4-03f4c7113c34/1/GUJjJay4zmCaaG-mVbBYlogJs0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.111.200.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:2b:37:fc:31:ab:0e:94:d7:65:ac:1d:76:66:ab:4d:f9:06:
         1b:d1:f4:47:5a:c4:53:4c:62:2b:e9:67:90:1b:a3:b0:46:df:
         c7:b4:e4:fb:ff:24:3d:5f:1d:09:17:68:48:d4:68:e6:cc:48:
         97:68:7e:3e:26:91:df:db:2d:b3:8b:af:bc:9e:b2:7c:b8:4f:
         94:88:8e:21:68:62:7d:a9:7b:62:5f:7c:fe:3e:dd:96:1a:be:
         27:8b:40:c3:a6:ea:49:74:37:02:9c:9e:cf:f4:cc:7c:6a:d5:
         d6:2c:3a:7e:82:49:1f:07:0d:d3:1d:de:11:9c:4e:c8:d2:ec:
         1e:5b:2c:75:38:0a:b0:d2:b3:82:8f:d5:fb:c4:f7:a7:bd:15:
         4c:3b:a3:9f:33:2d:28:27:37:4a:17:74:57:99:70:76:d3:1b:
         8a:9b:77:88:d3:9e:61:f3:f1:07:52:c2:6e:ff:1f:9c:ab:3e:
         5e:ae:57:90:dd:1a:5e:73:35:4b:f7:3c:4b:a5:de:e7:08:85:
         3f:df:f7:bf:2a:71:6d:b6:10:84:b4:3a:f0:eb:b7:00:59:fc:
         6f:33:5a:e5:ab:2e:7c:54:52:6c:2e:2f:c6:07:e2:c1:21:c9:
         8b:3c:ba:ea:a5:87:33:af:ed:d0:5e:68:21:42:de:72:a5:60:
         e3:01:c5:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTUHpkPhAguAMmgfsDRDXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE5NDI2MzI1YWNiOGNlNjA5YTY4NmZhNjU1YjA1ODk2ODgw
OWIzNDYwHhcNMjQwMTAyMDgzMjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTA2ZDU3MmZiNGIxNGZjZWQyYTA5MjM3MzgyM2M0MzU4YjlkZWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgke8prnDwAAA/eu0pnmgUFF8i22Z
hTlyh8GqWWxQ6CGq34aPa9Rf75X0EuQRzQ4k1m2RFNE9m4ovB7SKBv9w28cpFp4o
uf6fuKRgwiXrPNZ1XQZrCbahB4KQBcab+3zcxOLiYemfwuiHRVGIETdRDtfzmmAM
ABhB+bpVHyrKzmf1WD8y5ng+DFvPwSGXa0/kmwidYMBpdNto/oXNNhSzPf3oEkf+
1iAtEI2Dwtl0UCVfQrgbrGAUD5KfO4G4IaY0NtZIvSLnsjgBeros3ynZSOeCv/gZ
h58J4b0gzacoblRKPM6z1L2F+mFU6gEC4OSPSCijLa1NXirFIRM3BuzFrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHkG1XL7SxT87SoJI3OCPENYud7YMB8GA1UdIwQY
MBaAFBlCYyWsuM5gmmhvplWwWJaICbNGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQt
MDNmNGM3MTEzYzM0LzEvZVFiVmN2dExGUHp0S2dramM0SThRMWk1M3RnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS84YjZmYjAtYTg3NS00OTQ3LThhZTQtMDNmNGM3MTEzYzM0
LzEvR1VKakpheTR6bUNhYUctbVZiQllsb2dKczBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1G/IMA0G
CSqGSIb3DQEBCwUAA4IBAQCMKzf8MasOlNdlrB12ZqtN+QYb0fRHWsRTTGIr6WeQ
G6OwRt/HtOT7/yQ9Xx0JF2hI1GjmzEiXaH4+JpHf2y2zi6+8nrJ8uE+UiI4haGJ9
qXtiX3z+Pt2WGr4ni0DDpupJdDcCnJ7P9Mx8atXWLDp+gkkfBw3THd4RnE7I0uwe
Wyx1OAqw0rOCj9X7xPenvRVMO6OfMy0oJzdKF3RXmXB20xuKm3eI055h8/EHUsJu
/x+cqz5erleQ3RpeczVL9zxLpd7nCIU/3/e/KnFtthCEtDrw67cAWfxvM1rlqy58
VFJsLi/GB+LBIcmLPLrqpYczr+3QXmghQt5ypWDjAcUh
-----END CERTIFICATE-----