Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/476383-f6da-4e0e-8e12-d2dcf05d3376/1/cEbgtkscBMYbVRSBWNeTlYA8qUk.roa
File:                     cEbgtkscBMYbVRSBWNeTlYA8qUk.roa (raw, json)
Hash identifier:          cwRkcI4Y/amLpzb2rT1edaMbA5X1M3Z0Lk/sluftp8o=
Subject key identifier:   70:46:E0:B6:4B:1C:04:C6:1B:55:14:81:58:D7:93:95:80:3C:A9:49
Certificate issuer:       /CN=e706fc9729034bfb0464dd4c985f14ba210e81e3
Certificate serial:       018CC26D57BE54B1B0074AE67E47D5278641
Authority key identifier: E7:06:FC:97:29:03:4B:FB:04:64:DD:4C:98:5F:14:BA:21:0E:81:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5wb8lykDS_sEZN1MmF8UuiEOgeM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/476383-f6da-4e0e-8e12-d2dcf05d3376/1/cEbgtkscBMYbVRSBWNeTlYA8qUk.roa
Signing time:             Mon 01 Jan 2024 00:29:54 +0000
ROA not before:           Mon 01 Jan 2024 00:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48391
IP address blocks:        193.200.148.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/476383-f6da-4e0e-8e12-d2dcf05d3376/1/5wb8lykDS_sEZN1MmF8UuiEOgeM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/476383-f6da-4e0e-8e12-d2dcf05d3376/1/5wb8lykDS_sEZN1MmF8UuiEOgeM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5wb8lykDS_sEZN1MmF8UuiEOgeM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 18 May 2024 07:01:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:57:be:54:b1:b0:07:4a:e6:7e:47:d5:27:86:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e706fc9729034bfb0464dd4c985f14ba210e81e3
        Validity
            Not Before: Jan  1 00:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7046e0b64b1c04c61b55148158d79395803ca949
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:e1:89:81:f5:b7:1c:9d:bf:b7:2b:5b:1f:e2:
                    b5:15:8a:cf:36:45:fe:7c:40:21:65:1c:98:5a:23:
                    b2:d3:8a:41:fe:e5:f2:e4:5f:5b:8c:f7:b3:17:9a:
                    4d:21:b8:3f:ca:08:3b:9c:84:eb:85:b9:75:b5:31:
                    65:d5:9d:db:0e:bc:7c:4a:35:0d:03:9e:dd:ba:48:
                    fa:27:c5:1c:eb:35:51:3a:78:a3:e4:f9:e4:97:c0:
                    6c:c4:34:d6:8f:18:78:4b:1c:4b:13:46:a3:f7:27:
                    14:43:5a:2a:47:92:8a:64:f6:30:f3:4a:31:60:76:
                    5d:be:a8:df:e2:a9:af:b2:0a:6e:ac:a0:28:3d:d4:
                    bd:4d:94:49:92:ae:af:44:8f:27:a5:03:08:b1:e2:
                    d4:40:d3:57:0e:90:06:16:0c:de:6b:3f:99:67:1e:
                    2c:a2:81:ed:03:72:52:e5:ef:bc:c9:bc:ea:c4:14:
                    68:ab:6e:e5:b6:49:38:7b:88:71:f2:21:ea:5c:d4:
                    71:2e:9a:c2:27:11:20:21:1d:cc:ce:ec:1e:d0:57:
                    ab:81:b9:3c:db:be:34:3d:02:15:ca:cb:a1:dd:71:
                    65:52:0b:92:a8:81:5b:f6:43:34:6e:be:25:24:6b:
                    cd:d5:0d:ab:c3:1d:70:47:0c:a7:eb:95:46:41:4c:
                    d8:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:46:E0:B6:4B:1C:04:C6:1B:55:14:81:58:D7:93:95:80:3C:A9:49
            X509v3 Authority Key Identifier:
                keyid:E7:06:FC:97:29:03:4B:FB:04:64:DD:4C:98:5F:14:BA:21:0E:81:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5wb8lykDS_sEZN1MmF8UuiEOgeM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/476383-f6da-4e0e-8e12-d2dcf05d3376/1/cEbgtkscBMYbVRSBWNeTlYA8qUk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/476383-f6da-4e0e-8e12-d2dcf05d3376/1/5wb8lykDS_sEZN1MmF8UuiEOgeM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.148.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:17:2c:6a:c1:9c:45:c9:28:de:e7:3d:bb:fb:30:1e:51:7d:
         57:4c:38:62:cd:ee:90:96:47:98:e2:b2:ef:73:17:09:b6:7a:
         85:00:ac:1c:73:5c:70:7d:b4:b7:f7:48:09:19:2f:f1:d5:b9:
         1c:9f:21:18:18:ba:3b:ef:04:cc:a2:5a:cb:15:2e:d1:83:c7:
         fc:c2:76:b0:55:ab:8e:51:9b:9a:e9:a8:07:ae:ff:e7:ab:fe:
         f4:21:32:f9:51:ea:b0:63:f1:10:34:f5:7b:80:c3:df:38:d0:
         0c:58:c0:1b:41:27:51:5a:26:cc:f7:e8:3e:a8:c9:ab:d8:a2:
         da:9c:f3:96:3e:8b:9c:bf:0d:41:b7:35:ce:ca:ac:7f:10:35:
         59:f9:8c:80:c7:8b:f9:6d:fe:fb:1d:85:cd:93:2d:54:01:1e:
         e7:82:c0:6d:01:6f:71:22:b7:ea:2d:2c:4f:c0:a9:9e:26:da:
         00:e3:30:fe:99:da:a7:1d:f9:08:f2:a1:be:ff:57:8c:3c:45:
         5f:ab:b7:bb:a8:e4:7f:d4:6f:2e:4c:b8:0b:1a:ed:89:d0:6e:
         a6:21:65:b8:8f:13:69:5e:9a:ce:75:73:c9:fa:43:5c:06:b9:
         2f:3b:c9:25:9e:df:23:b6:6e:53:17:a7:47:f6:3a:fd:1b:34:
         18:1e:4d:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbVe+VLGwB0rmfkfVJ4ZBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MDZmYzk3MjkwMzRiZmIwNDY0ZGQ0Yzk4NWYxNGJhMjEw
ZTgxZTMwHhcNMjQwMTAxMDAyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDQ2ZTBiNjRiMWMwNGM2MWI1NTE0ODE1OGQ3OTM5NTgwM2NhOTQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAguGJgfW3HJ2/tytbH+K1FYrPNkX+
fEAhZRyYWiOy04pB/uXy5F9bjPezF5pNIbg/ygg7nITrhbl1tTFl1Z3bDrx8SjUN
A57dukj6J8Uc6zVROnij5Pnkl8BsxDTWjxh4SxxLE0aj9ycUQ1oqR5KKZPYw80ox
YHZdvqjf4qmvsgpurKAoPdS9TZRJkq6vRI8npQMIseLUQNNXDpAGFgzeaz+ZZx4s
ooHtA3JS5e+8ybzqxBRoq27ltkk4e4hx8iHqXNRxLprCJxEgIR3Mzuwe0Fergbk8
2740PQIVysuh3XFlUguSqIFb9kM0br4lJGvN1Q2rwx1wRwyn65VGQUzYLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHBG4LZLHATGG1UUgVjXk5WAPKlJMB8GA1UdIwQY
MBaAFOcG/JcpA0v7BGTdTJhfFLohDoHjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXdiOGx5a0RTX3NFWk4xTW1GOFV1aUVPZ2VNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC80NzYzODMtZjZkYS00ZTBlLThlMTIt
ZDJkY2YwNWQzMzc2LzEvY0ViZ3Rrc2NCTVliVlJTQldOZVRsWUE4cVVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC80NzYzODMtZjZkYS00ZTBlLThlMTItZDJkY2YwNWQzMzc2
LzEvNXdiOGx5a0RTX3NFWk4xTW1GOFV1aUVPZ2VNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwciUMA0G
CSqGSIb3DQEBCwUAA4IBAQBqFyxqwZxFySje5z27+zAeUX1XTDhize6QlkeY4rLv
cxcJtnqFAKwcc1xwfbS390gJGS/x1bkcnyEYGLo77wTMolrLFS7Rg8f8wnawVauO
UZua6agHrv/nq/70ITL5UeqwY/EQNPV7gMPfONAMWMAbQSdRWibM9+g+qMmr2KLa
nPOWPoucvw1BtzXOyqx/EDVZ+YyAx4v5bf77HYXNky1UAR7ngsBtAW9xIrfqLSxP
wKmeJtoA4zD+mdqnHfkI8qG+/1eMPEVfq7e7qOR/1G8uTLgLGu2J0G6mIWW4jxNp
XprOdXPJ+kNcBrkvO8klnt8jtm5TF6dH9jr9GzQYHk1F
-----END CERTIFICATE-----