Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/E8Ju3Bb9u5EDfT3ykuLg7xl5-cM.roa
File:                     E8Ju3Bb9u5EDfT3ykuLg7xl5-cM.roa (raw, json)
Hash identifier:          terXpp2S/PD4sXwMF5WOv1e+vECb1xf7v2ojfEDNDqs=
Subject key identifier:   13:C2:6E:DC:16:FD:BB:91:03:7D:3D:F2:92:E2:E0:EF:19:79:F9:C3
Certificate issuer:       /CN=e2d5bb401180e55f5c165d47908dff4fe29a0d86
Certificate serial:       018CC8DCE11B334B3204CB93E933BFC0EADE
Authority key identifier: E2:D5:BB:40:11:80:E5:5F:5C:16:5D:47:90:8D:FF:4F:E2:9A:0D:86
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/E8Ju3Bb9u5EDfT3ykuLg7xl5-cM.roa
Signing time:             Tue 02 Jan 2024 06:29:27 +0000
ROA not before:           Tue 02 Jan 2024 06:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212719
IP address blocks:        94.188.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:e1:1b:33:4b:32:04:cb:93:e9:33:bf:c0:ea:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2d5bb401180e55f5c165d47908dff4fe29a0d86
        Validity
            Not Before: Jan  2 06:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13c26edc16fdbb91037d3df292e2e0ef1979f9c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e6:b6:7a:aa:b7:c3:18:b6:ee:18:42:74:8e:
                    a8:17:97:ce:4f:0e:18:ae:9c:70:39:81:5e:5b:35:
                    3d:97:d4:e3:5f:21:ab:fd:5e:bb:57:52:0d:77:ae:
                    59:b7:dc:d7:17:79:02:9f:e0:04:f6:bd:e3:2d:c6:
                    fb:0c:ec:d3:72:39:26:c5:af:db:9a:bf:1d:b6:b2:
                    04:e9:51:48:25:b8:85:85:b5:3e:4f:dc:e8:41:d8:
                    e4:42:c9:76:86:73:c3:88:6d:50:47:98:26:10:54:
                    eb:ac:a7:b5:42:63:db:a3:c3:77:27:a7:6d:38:ca:
                    64:69:7a:24:7d:e7:13:25:42:de:24:af:df:1a:71:
                    7c:2f:97:60:3f:8c:71:f7:23:80:44:99:a8:bc:18:
                    dc:95:f3:25:2b:c7:76:0f:f1:7a:01:7b:80:2e:6e:
                    09:3a:fe:00:6f:34:48:36:33:bc:0b:44:d0:2a:9d:
                    52:9e:3b:64:80:69:80:12:6c:40:b5:9a:b7:63:00:
                    02:0a:f8:26:d2:ef:ac:2e:cb:1e:9b:a6:15:83:96:
                    c7:37:9c:1e:0d:9e:64:2d:6a:47:9b:5f:8d:a3:0d:
                    92:3b:98:ef:2e:a9:2b:3f:a7:d7:00:25:bb:9d:08:
                    a2:18:43:bc:6d:05:15:58:27:37:e6:61:6b:f3:c8:
                    bd:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:C2:6E:DC:16:FD:BB:91:03:7D:3D:F2:92:E2:E0:EF:19:79:F9:C3
            X509v3 Authority Key Identifier:
                keyid:E2:D5:BB:40:11:80:E5:5F:5C:16:5D:47:90:8D:FF:4F:E2:9A:0D:86

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4tW7QBGA5V9cFl1HkI3_T-KaDYY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/E8Ju3Bb9u5EDfT3ykuLg7xl5-cM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/86297a-d219-4567-9171-421e6bc7e2e8/1/4tW7QBGA5V9cFl1HkI3_T-KaDYY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.188.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:f0:4d:36:28:12:fd:e8:df:6d:c6:5d:e8:52:d4:cd:75:26:
         92:86:24:a6:93:9e:c7:b9:df:29:0b:f9:3d:16:10:d1:18:58:
         2b:5b:99:84:4a:2b:73:e7:06:0d:f6:ba:eb:13:39:b3:9a:b1:
         41:3f:b7:fa:fd:29:d1:63:83:83:15:65:36:40:75:74:27:ba:
         70:d7:a3:0c:6f:1d:fb:ca:7f:49:cd:5f:b3:16:80:f5:8e:27:
         c7:2a:1c:92:03:3f:0e:48:08:a9:6e:01:75:8a:f7:8c:8a:6a:
         83:fd:7c:ec:2f:80:c8:60:30:6e:30:a8:73:9b:fd:d0:a6:5c:
         7f:91:19:59:da:70:3b:64:77:ee:1d:11:11:03:e5:7f:d2:f2:
         0c:3a:83:20:47:a2:73:25:df:20:06:78:9a:51:6b:c6:01:ac:
         b6:1a:a2:f3:c7:ef:35:ef:38:3e:e1:1e:81:f6:9c:b2:7a:b0:
         2d:15:d6:77:78:a0:d7:f6:cb:74:4a:1c:ca:ec:b0:27:99:be:
         e1:46:35:50:f4:cd:ce:10:8f:f7:62:e8:9b:c7:56:7f:2c:f9:
         43:c9:ff:3a:00:f8:21:9b:d0:82:8f:89:31:a7:90:6d:9e:92:
         73:64:8c:82:74:fe:48:8b:d5:cf:18:d3:0e:ed:15:e5:88:27:
         37:04:9b:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3OEbM0syBMuT6TO/wOreMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyZDViYjQwMTE4MGU1NWY1YzE2NWQ0NzkwOGRmZjRmZTI5
YTBkODYwHhcNMjQwMTAyMDYyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2MyNmVkYzE2ZmRiYjkxMDM3ZDNkZjI5MmUyZTBlZjE5NzlmOWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+a2eqq3wxi27hhCdI6oF5fOTw4Y
rpxwOYFeWzU9l9TjXyGr/V67V1INd65Zt9zXF3kCn+AE9r3jLcb7DOzTcjkmxa/b
mr8dtrIE6VFIJbiFhbU+T9zoQdjkQsl2hnPDiG1QR5gmEFTrrKe1QmPbo8N3J6dt
OMpkaXokfecTJULeJK/fGnF8L5dgP4xx9yOARJmovBjclfMlK8d2D/F6AXuALm4J
Ov4AbzRINjO8C0TQKp1SnjtkgGmAEmxAtZq3YwACCvgm0u+sLssem6YVg5bHN5we
DZ5kLWpHm1+Now2SO5jvLqkrP6fXACW7nQiiGEO8bQUVWCc35mFr88i92QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBPCbtwW/buRA3098pLi4O8ZefnDMB8GA1UdIwQY
MBaAFOLVu0ARgOVfXBZdR5CN/0/img2GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHRXN1FCR0E1VjljRmwxSGtJM19ULUthRFlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS84NjI5N2EtZDIxOS00NTY3LTkxNzEt
NDIxZTZiYzdlMmU4LzEvRThKdTNCYjl1NUVEZlQzeWt1TGc3eGw1LWNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS84NjI5N2EtZDIxOS00NTY3LTkxNzEtNDIxZTZiYzdlMmU4
LzEvNHRXN1FCR0E1VjljRmwxSGtJM19ULUthRFlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXrz6MA0G
CSqGSIb3DQEBCwUAA4IBAQB98E02KBL96N9txl3oUtTNdSaShiSmk57Hud8pC/k9
FhDRGFgrW5mESitz5wYN9rrrEzmzmrFBP7f6/SnRY4ODFWU2QHV0J7pw16MMbx37
yn9JzV+zFoD1jifHKhySAz8OSAipbgF1iveMimqD/XzsL4DIYDBuMKhzm/3Qplx/
kRlZ2nA7ZHfuHRERA+V/0vIMOoMgR6JzJd8gBniaUWvGAay2GqLzx+817zg+4R6B
9pyyerAtFdZ3eKDX9st0ShzK7LAnmb7hRjVQ9M3OEI/3Yuibx1Z/LPlDyf86APgh
m9CCj4kxp5BtnpJzZIyCdP5Ii9XPGNMO7RXliCc3BJsG
-----END CERTIFICATE-----