Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/eBmjzWIRmA1zUdsgfRB37e-hqok.roa
File:                     eBmjzWIRmA1zUdsgfRB37e-hqok.roa (raw, json)
Hash identifier:          pOMbGcnbc+lty6YDzP40O9muv0hiG8Mkr9M+6azooM4=
Subject key identifier:   78:19:A3:CD:62:11:98:0D:73:51:DB:20:7D:10:77:ED:EF:A1:AA:89
Certificate issuer:       /CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
Certificate serial:       019251B7BD22BE47F777377E82E0A73E954E
Authority key identifier: 8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/eBmjzWIRmA1zUdsgfRB37e-hqok.roa
Signing time:             Thu 03 Oct 2024 09:30:48 +0000
ROA not before:           Thu 03 Oct 2024 09:30:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16276
IP address blocks:        193.3.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:51:b7:bd:22:be:47:f7:77:37:7e:82:e0:a7:3e:95:4e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d1ac83ee3a3f968d66ad2fdf4616e7bb1e4d1d7
        Validity
            Not Before: Oct  3 09:30:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7819a3cd6211980d7351db207d1077edefa1aa89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:b5:10:1b:76:f4:d3:07:5c:7e:ad:91:8f:c7:
                    92:88:f5:e9:78:3b:4b:50:67:68:17:f6:ae:54:b7:
                    43:7c:0b:7d:ca:8e:1a:fe:ec:fd:bd:bf:ef:8e:b5:
                    41:31:02:23:92:44:39:e0:bc:2e:d9:8b:42:79:6a:
                    ad:37:d2:30:f9:cb:6c:c0:c3:f1:b5:38:66:76:d2:
                    f7:58:60:4d:06:ce:1e:48:bc:78:c6:a2:fc:8e:c8:
                    71:fa:cd:c7:91:c6:88:5c:e5:ef:34:65:97:04:d0:
                    17:56:3d:6b:0c:3b:b0:9b:a8:dc:84:63:6c:3e:fc:
                    80:e9:e2:d5:e7:1f:67:22:24:ad:d2:08:42:fc:72:
                    7d:d8:02:d1:fb:7e:65:46:8b:26:c7:f5:b2:4a:4f:
                    fc:3e:4d:2b:48:8e:44:4a:80:df:e8:58:36:ee:1e:
                    d7:30:96:d5:c9:24:d8:50:f8:81:b9:cd:e4:3e:2d:
                    7f:7b:01:8e:67:4e:05:62:21:eb:78:04:80:56:51:
                    09:75:6d:d4:5a:1b:e6:ca:27:87:d8:c3:4f:82:ca:
                    72:0c:18:b7:8a:6d:8f:e1:de:bf:eb:66:4f:a9:d6:
                    c1:0a:ba:a8:14:28:a3:98:c7:5d:ee:df:54:e4:df:
                    0c:0b:86:7c:b5:47:80:ac:17:77:3a:0b:e4:2a:93:
                    fa:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:19:A3:CD:62:11:98:0D:73:51:DB:20:7D:10:77:ED:EF:A1:AA:89
            X509v3 Authority Key Identifier:
                keyid:8D:1A:C8:3E:E3:A3:F9:68:D6:6A:D2:FD:F4:61:6E:7B:B1:E4:D1:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jRrIPuOj-WjWatL99GFue7Hk0dc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/eBmjzWIRmA1zUdsgfRB37e-hqok.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/4abf3f-158f-4f62-a9eb-ddf567eded03/1/jRrIPuOj-WjWatL99GFue7Hk0dc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.3.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:48:ca:d2:5d:53:69:f6:f0:6d:4d:b5:93:d8:e7:95:1e:32:
         cd:72:81:44:af:6e:74:cf:1b:30:c2:76:1a:c0:52:06:48:5b:
         d0:b9:70:d4:3e:cf:8e:b8:8a:01:3f:5a:e8:1b:42:bc:21:96:
         6b:4d:a1:49:cb:15:99:ca:33:94:71:45:25:9f:f5:16:5f:20:
         99:b3:ee:4e:55:13:5c:ef:ab:6a:c2:52:df:79:34:91:b1:85:
         3e:02:50:df:3f:1f:b8:18:b4:60:03:68:68:cd:6f:f0:78:75:
         a0:6d:4a:35:37:fc:cd:52:b4:10:42:a8:0a:35:91:dd:23:36:
         e5:4e:db:b0:22:57:17:c7:3e:22:68:a9:6c:50:c9:3e:7b:ee:
         82:52:3b:23:ed:cb:5e:84:21:63:e0:b7:d0:11:13:04:6c:5a:
         5c:dc:7d:0f:21:75:e8:c7:60:d4:35:56:d6:a8:93:6c:7e:fb:
         e9:74:7f:da:38:46:9d:52:62:32:65:0a:6f:3e:9b:59:fd:72:
         73:b5:ba:ac:11:99:da:fa:14:90:6b:d6:7f:8a:0f:46:3c:4e:
         6a:d9:6b:b6:2f:12:d5:56:fd:40:57:99:41:7c:ea:6d:e8:4c:
         f1:77:f4:c0:9d:04:1a:68:d6:f6:c4:59:62:99:3d:f9:1c:4b:
         c2:97:a9:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZJRt70ivkf3dzd+guCnPpVOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkMWFjODNlZTNhM2Y5NjhkNjZhZDJmZGY0NjE2ZTdiYjFl
NGQxZDcwHhcNMjQxMDAzMDkzMDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODE5YTNjZDYyMTE5ODBkNzM1MWRiMjA3ZDEwNzdlZGVmYTFhYTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA57UQG3b00wdcfq2Rj8eSiPXpeDtL
UGdoF/auVLdDfAt9yo4a/uz9vb/vjrVBMQIjkkQ54Lwu2YtCeWqtN9Iw+ctswMPx
tThmdtL3WGBNBs4eSLx4xqL8jshx+s3HkcaIXOXvNGWXBNAXVj1rDDuwm6jchGNs
PvyA6eLV5x9nIiSt0ghC/HJ92ALR+35lRosmx/WySk/8Pk0rSI5ESoDf6Fg27h7X
MJbVySTYUPiBuc3kPi1/ewGOZ04FYiHreASAVlEJdW3UWhvmyieH2MNPgspyDBi3
im2P4d6/62ZPqdbBCrqoFCijmMdd7t9U5N8MC4Z8tUeArBd3OgvkKpP6/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHgZo81iEZgNc1HbIH0Qd+3voaqJMB8GA1UdIwQY
MBaAFI0ayD7jo/lo1mrS/fRhbnux5NHXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWIt
ZGRmNTY3ZWRlZDAzLzEvZUJtanpXSVJtQTF6VWRzZ2ZSQjM3ZS1ocW9rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi80YWJmM2YtMTU4Zi00ZjYyLWE5ZWItZGRmNTY3ZWRlZDAz
LzEvalJySVB1T2otV2pXYXRMOTlHRnVlN0hrMGRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwQMUMA0G
CSqGSIb3DQEBCwUAA4IBAQCBSMrSXVNp9vBtTbWT2OeVHjLNcoFEr250zxswwnYa
wFIGSFvQuXDUPs+OuIoBP1roG0K8IZZrTaFJyxWZyjOUcUUln/UWXyCZs+5OVRNc
76tqwlLfeTSRsYU+AlDfPx+4GLRgA2hozW/weHWgbUo1N/zNUrQQQqgKNZHdIzbl
TtuwIlcXxz4iaKlsUMk+e+6CUjsj7ctehCFj4LfQERMEbFpc3H0PIXXox2DUNVbW
qJNsfvvpdH/aOEadUmIyZQpvPptZ/XJztbqsEZna+hSQa9Z/ig9GPE5q2Wu2LxLV
Vv1AV5lBfOpt6Ezxd/TAnQQaaNb2xFlimT35HEvCl6m/
-----END CERTIFICATE-----