Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/EjGKMtnNPB4Rrz66YBZ0g2TpFUM.roa
File:                     EjGKMtnNPB4Rrz66YBZ0g2TpFUM.roa (raw, json)
Hash identifier:          L3dtK3PWgpZaSpuHLGE1ymQEeh0O+USIflsxxbkY+MM=
Subject key identifier:   12:31:8A:32:D9:CD:3C:1E:11:AF:3E:BA:60:16:74:83:64:E9:15:43
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       019305FDD5732FB472850DBF3186C001DE15
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/EjGKMtnNPB4Rrz66YBZ0g2TpFUM.roa
Signing time:             Thu 07 Nov 2024 09:39:01 +0000
ROA not before:           Thu 07 Nov 2024 09:39:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213918
IP address blocks:        104.238.31.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:05:fd:d5:73:2f:b4:72:85:0d:bf:31:86:c0:01:de:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: Nov  7 09:39:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12318a32d9cd3c1e11af3eba6016748364e91543
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:c4:b8:af:35:d1:fe:c8:b6:24:05:8c:1e:7d:
                    da:4e:17:24:71:dd:b1:a9:f7:5e:62:4c:4d:25:13:
                    68:d1:fe:5a:c1:ce:bd:ef:5a:f0:33:40:f2:9b:b8:
                    09:e7:79:7c:25:91:1a:58:6f:c8:5a:4f:b6:f2:28:
                    7d:22:fb:9d:dd:e6:76:a4:67:a7:bb:c5:a2:ed:14:
                    7c:c6:b8:8c:87:44:91:dd:be:e9:e4:b2:2d:de:78:
                    37:ed:5b:c2:03:bb:55:fb:90:2e:e2:ca:41:ee:ac:
                    f4:36:a7:50:0f:93:a7:09:e9:ef:38:54:26:ba:07:
                    2e:c3:63:72:64:63:c1:7a:2b:26:b2:d8:a2:63:c8:
                    b7:8e:b1:9e:5c:b5:d5:20:de:f1:30:8d:8b:13:70:
                    19:b1:c1:0e:b0:9a:a9:d2:65:c0:a5:0b:8b:24:01:
                    c6:65:b5:8d:54:4d:a3:a9:3f:a4:ac:9d:bd:e4:7e:
                    31:0b:a9:84:6c:25:4c:3f:74:e6:41:df:77:55:7e:
                    56:01:07:19:a2:98:e1:6a:52:4f:5d:6d:03:5f:a6:
                    3b:78:9d:ac:69:0d:9f:9d:18:ff:f1:c4:19:cf:29:
                    39:f6:91:00:5e:74:b8:5f:d4:36:fc:8b:5e:d0:6f:
                    71:27:54:2d:2d:d3:4d:c6:cc:a7:67:98:e2:6a:b7:
                    e2:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:31:8A:32:D9:CD:3C:1E:11:AF:3E:BA:60:16:74:83:64:E9:15:43
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/EjGKMtnNPB4Rrz66YBZ0g2TpFUM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.238.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:9c:58:e2:48:64:9b:20:fa:40:da:29:8e:ff:4b:8a:95:13:
         a8:b2:36:ae:3c:59:45:4c:39:85:49:b9:81:eb:ab:cd:6a:cc:
         f2:c6:b7:4b:c4:31:cf:b3:5f:e5:15:65:45:0e:fc:4d:55:55:
         06:74:12:ee:8f:da:ca:09:e2:70:72:22:0e:3e:9e:c4:66:d2:
         24:a7:5a:cb:f7:ea:a6:6e:43:c0:c9:d7:7f:b3:6a:33:d4:70:
         d7:52:2a:20:21:05:9b:8d:60:7a:55:11:61:72:99:28:b3:36:
         75:55:7a:29:89:99:4f:06:4b:66:76:74:29:06:45:68:11:1a:
         3b:ae:b6:6a:4d:6c:46:14:4c:cb:87:9d:84:ce:99:f4:5e:e4:
         43:eb:88:eb:b5:90:49:2b:3a:a6:3a:e0:79:30:5c:a7:a0:24:
         e1:14:7a:9a:88:b4:e0:8c:c2:28:e8:22:e1:0c:15:2a:04:db:
         ef:8b:ef:99:79:f7:bc:82:09:86:51:ad:97:f7:af:ff:36:93:
         d3:f7:e9:c7:4a:0b:4b:4c:14:6d:5a:58:7d:7d:80:9a:d7:16:
         90:a5:71:af:61:6e:09:a6:56:9f:86:8a:b1:1f:78:d0:d0:24:
         ab:d1:99:7c:ab:d3:ce:78:db:02:90:27:a5:e8:91:b2:55:aa:
         4b:73:38:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMF/dVzL7RyhQ2/MYbAAd4VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjQxMTA3MDkzOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjMxOGEzMmQ5Y2QzYzFlMTFhZjNlYmE2MDE2NzQ4MzY0ZTkxNTQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8S4rzXR/si2JAWMHn3aThckcd2x
qfdeYkxNJRNo0f5awc6971rwM0Dym7gJ53l8JZEaWG/IWk+28ih9Ivud3eZ2pGen
u8Wi7RR8xriMh0SR3b7p5LIt3ng37VvCA7tV+5Au4spB7qz0NqdQD5OnCenvOFQm
ugcuw2NyZGPBeismstiiY8i3jrGeXLXVIN7xMI2LE3AZscEOsJqp0mXApQuLJAHG
ZbWNVE2jqT+krJ295H4xC6mEbCVMP3TmQd93VX5WAQcZopjhalJPXW0DX6Y7eJ2s
aQ2fnRj/8cQZzyk59pEAXnS4X9Q2/Ite0G9xJ1QtLdNNxsynZ5jiarfiCQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBIxijLZzTweEa8+umAWdINk6RVDMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvRWpHS010bk5QQjRScno2NllCWjBnMlRwRlVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAaO4fMA0G
CSqGSIb3DQEBCwUAA4IBAQA1nFjiSGSbIPpA2imO/0uKlROosjauPFlFTDmFSbmB
66vNaszyxrdLxDHPs1/lFWVFDvxNVVUGdBLuj9rKCeJwciIOPp7EZtIkp1rL9+qm
bkPAydd/s2oz1HDXUiogIQWbjWB6VRFhcpkoszZ1VXopiZlPBktmdnQpBkVoERo7
rrZqTWxGFEzLh52Ezpn0XuRD64jrtZBJKzqmOuB5MFynoCThFHqaiLTgjMIo6CLh
DBUqBNvvi++Zefe8ggmGUa2X96//NpPT9+nHSgtLTBRtWlh9fYCa1xaQpXGvYW4J
plafhoqxH3jQ0CSr0Zl8q9POeNsCkCel6JGyVapLczia
-----END CERTIFICATE-----