Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/eXiF5NvVANqeqF26ZIwLrwgVEXU.roa
File:                     eXiF5NvVANqeqF26ZIwLrwgVEXU.roa (raw, json)
Hash identifier:          8GIw/Js/AhKAFTNB+JT9BrkhUEYkaxL/HQyTIOEaRb4=
Subject key identifier:   79:78:85:E4:DB:D5:00:DA:9E:A8:5D:BA:64:8C:0B:AF:08:15:11:75
Certificate issuer:       /CN=a8010ceb20f2e076a3f000271a5c375761bec2f5
Certificate serial:       018D468E2E39D188DBAF68F35FBDBD7DFA28
Authority key identifier: A8:01:0C:EB:20:F2:E0:76:A3:F0:00:27:1A:5C:37:57:61:BE:C2:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qAEM6yDy4Haj8AAnGlw3V2G-wvU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/eXiF5NvVANqeqF26ZIwLrwgVEXU.roa
Signing time:             Fri 26 Jan 2024 16:15:39 +0000
ROA not before:           Fri 26 Jan 2024 16:15:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     201935
IP address blocks:        213.175.133.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/qAEM6yDy4Haj8AAnGlw3V2G-wvU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/qAEM6yDy4Haj8AAnGlw3V2G-wvU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qAEM6yDy4Haj8AAnGlw3V2G-wvU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Jun 2024 14:33:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:46:8e:2e:39:d1:88:db:af:68:f3:5f:bd:bd:7d:fa:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a8010ceb20f2e076a3f000271a5c375761bec2f5
        Validity
            Not Before: Jan 26 16:15:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=797885e4dbd500da9ea85dba648c0baf08151175
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:15:b8:b0:5d:4d:8e:29:12:e6:40:ce:76:45:
                    c9:4b:8a:7f:14:b6:1e:28:47:54:8d:76:9c:d7:c6:
                    2a:ed:eb:b2:85:83:f7:54:21:ca:de:89:87:8d:84:
                    82:d6:06:90:8d:ed:34:64:6b:26:6a:c8:a6:e9:00:
                    b8:f1:1c:ee:f5:73:ba:a3:b8:ce:6d:3f:f4:8a:ce:
                    3f:bd:e1:64:e0:d9:af:f1:6d:0e:97:a8:11:f4:00:
                    3b:e5:8c:ce:43:17:e7:50:79:e9:3c:47:9c:db:15:
                    11:56:d1:17:db:80:f5:65:b9:e9:a9:3a:17:14:e0:
                    de:b6:50:f3:80:da:d2:28:26:2f:62:90:ac:19:a9:
                    c7:f0:ea:b5:0e:cd:79:b4:b1:cc:a6:c1:eb:65:f9:
                    37:6c:87:c4:b0:37:63:8f:af:f3:2d:8e:af:55:98:
                    37:2e:58:20:7b:dc:28:3b:f6:ab:29:38:8b:b3:04:
                    6b:56:51:c5:ee:15:b9:d4:a7:64:f0:3d:00:59:e5:
                    44:78:ec:61:8b:61:fe:a4:91:f9:9d:8c:80:6d:96:
                    ca:d5:e0:6d:e1:98:71:45:cd:c5:a4:41:f5:bd:9d:
                    8e:cd:db:e6:83:3c:2b:d1:e6:7f:aa:ab:fb:db:33:
                    a8:9c:9e:74:d0:a6:18:01:68:c6:39:e0:c6:7c:a6:
                    c8:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:78:85:E4:DB:D5:00:DA:9E:A8:5D:BA:64:8C:0B:AF:08:15:11:75
            X509v3 Authority Key Identifier:
                keyid:A8:01:0C:EB:20:F2:E0:76:A3:F0:00:27:1A:5C:37:57:61:BE:C2:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qAEM6yDy4Haj8AAnGlw3V2G-wvU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/eXiF5NvVANqeqF26ZIwLrwgVEXU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/55/f444aa-ae8c-4d14-a3a3-49f65c6a48bf/1/qAEM6yDy4Haj8AAnGlw3V2G-wvU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.175.133.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:6a:c8:ae:7a:77:a6:8f:aa:01:b0:19:bf:e5:35:ee:2f:b4:
         c8:69:87:6b:65:ff:e0:48:e5:6c:cc:16:31:16:ba:7d:0b:f8:
         e5:ea:fb:33:86:33:be:1d:87:ea:ba:4e:14:32:25:ec:21:ea:
         e6:06:5e:c6:60:d1:06:ca:0d:ba:43:91:54:27:d1:49:8a:78:
         81:45:22:25:4a:db:aa:61:0c:d8:9e:d1:a2:fd:b4:97:d8:9b:
         6b:1d:3a:59:33:0e:d5:58:94:41:93:d4:7e:32:69:05:51:70:
         37:59:5e:27:52:e3:3f:16:77:20:ae:83:00:fc:3f:a7:c4:82:
         94:5e:ed:e7:9e:7f:11:7e:7a:f2:70:06:63:0a:06:7a:52:d8:
         f5:0d:54:28:d6:57:b8:39:74:e0:c4:37:3a:1f:9a:5d:a0:2d:
         52:46:12:a1:d5:17:39:ea:74:e4:1f:db:83:c7:9f:fd:37:59:
         90:bf:ca:e6:05:bb:4a:e2:1b:88:76:1b:61:1e:8c:b1:40:b1:
         2e:39:5d:49:31:a2:ce:ad:d4:10:0a:dd:1d:2c:40:50:24:aa:
         f8:18:ab:da:85:1f:4d:07:d7:fd:24:6e:3c:cf:cd:09:9b:f7:
         32:3f:30:48:37:2f:cb:fa:78:96:9f:a0:d5:4f:5e:bb:c8:c5:
         4d:cd:5b:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY1Gji450Yjbr2jzX729ffooMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4MDEwY2ViMjBmMmUwNzZhM2YwMDAyNzFhNWMzNzU3NjFi
ZWMyZjUwHhcNMjQwMTI2MTYxNTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTc4ODVlNGRiZDUwMGRhOWVhODVkYmE2NDhjMGJhZjA4MTUxMTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6xW4sF1NjikS5kDOdkXJS4p/FLYe
KEdUjXac18Yq7euyhYP3VCHK3omHjYSC1gaQje00ZGsmasim6QC48Rzu9XO6o7jO
bT/0is4/veFk4Nmv8W0Ol6gR9AA75YzOQxfnUHnpPEec2xURVtEX24D1ZbnpqToX
FODetlDzgNrSKCYvYpCsGanH8Oq1Ds15tLHMpsHrZfk3bIfEsDdjj6/zLY6vVZg3
Llgge9woO/arKTiLswRrVlHF7hW51Kdk8D0AWeVEeOxhi2H+pJH5nYyAbZbK1eBt
4ZhxRc3FpEH1vZ2Ozdvmgzwr0eZ/qqv72zOonJ500KYYAWjGOeDGfKbIiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHl4heTb1QDanqhdumSMC68IFRF1MB8GA1UdIwQY
MBaAFKgBDOsg8uB2o/AAJxpcN1dhvsL1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUFFTTZ5RHk0SGFqOEFBbkdsdzNWMkctd3ZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9mNDQ0YWEtYWU4Yy00ZDE0LWEzYTMt
NDlmNjVjNmE0OGJmLzEvZVhpRjVOdlZBTnFlcUYyNlpJd0xyd2dWRVhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9mNDQ0YWEtYWU4Yy00ZDE0LWEzYTMtNDlmNjVjNmE0OGJm
LzEvcUFFTTZ5RHk0SGFqOEFBbkdsdzNWMkctd3ZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1a+FMA0G
CSqGSIb3DQEBCwUAA4IBAQA1asiuenemj6oBsBm/5TXuL7TIaYdrZf/gSOVszBYx
Frp9C/jl6vszhjO+HYfquk4UMiXsIermBl7GYNEGyg26Q5FUJ9FJiniBRSIlStuq
YQzYntGi/bSX2JtrHTpZMw7VWJRBk9R+MmkFUXA3WV4nUuM/FncgroMA/D+nxIKU
Xu3nnn8RfnrycAZjCgZ6Utj1DVQo1le4OXTgxDc6H5pdoC1SRhKh1Rc56nTkH9uD
x5/9N1mQv8rmBbtK4huIdhthHoyxQLEuOV1JMaLOrdQQCt0dLEBQJKr4GKvahR9N
B9f9JG48z80Jm/cyPzBINy/L+niWn6DVT167yMVNzVs7
-----END CERTIFICATE-----