Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/EaHXRB3GfEJUfNYYu_6fnt0AKkg.roa
File:                     EaHXRB3GfEJUfNYYu_6fnt0AKkg.roa (raw, json)
Hash identifier:          z8zGX9qNOgKwdDU2HYHIvtBCYLqT1jOVVBcR7C0MzWc=
Subject key identifier:   11:A1:D7:44:1D:C6:7C:42:54:7C:D6:18:BB:FE:9F:9E:DD:00:2A:48
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01903595325C95A4F5DC1CA1CE6E969B2A45
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/EaHXRB3GfEJUfNYYu_6fnt0AKkg.roa
Signing time:             Thu 20 Jun 2024 12:18:08 +0000
ROA not before:           Thu 20 Jun 2024 12:18:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60647
IP address blocks:        86.105.4.0/24 maxlen: 24
                          94.177.147.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 10:20:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:35:95:32:5c:95:a4:f5:dc:1c:a1:ce:6e:96:9b:2a:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jun 20 12:18:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11a1d7441dc67c42547cd618bbfe9f9edd002a48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:20:c0:04:b8:21:c7:75:13:57:40:56:6c:27:
                    12:4d:e3:14:d1:ac:45:fa:5b:31:1e:8e:d0:06:c8:
                    53:b5:76:a8:e3:2b:2a:90:22:77:93:fc:22:5a:22:
                    4a:d7:4c:48:81:3c:62:8f:fe:d3:07:37:3a:f1:6d:
                    49:0c:56:8e:f6:b1:01:87:09:24:21:3f:34:1e:68:
                    b5:f1:6e:93:94:8b:59:de:69:77:fd:8d:f0:ec:46:
                    0c:07:6e:1e:ad:8c:5b:85:66:a5:9f:06:41:bf:97:
                    7f:1e:d6:a3:90:0f:6e:21:01:94:05:ab:d9:df:79:
                    72:e0:34:c6:a2:89:cc:f0:f2:c2:d3:a8:8d:0d:d1:
                    59:82:7b:88:74:9f:8d:26:d8:d0:e7:ee:2e:eb:85:
                    38:3f:6c:f8:2f:95:c5:06:35:89:cd:13:b6:4b:c5:
                    33:f4:b0:46:bc:f9:13:41:65:e5:75:d9:0a:68:56:
                    29:1d:06:03:24:3c:fb:fa:bf:e9:f8:86:65:51:bb:
                    7e:4d:e0:29:93:74:73:b7:8b:7f:37:40:ac:d5:61:
                    a6:d9:2f:ef:f9:ed:7a:62:5a:15:b8:1d:26:f8:cd:
                    e9:01:f0:a7:12:9e:d5:1d:39:a5:50:c1:40:fd:1c:
                    71:71:d8:67:68:01:d0:33:99:f6:6d:8f:6e:c7:1c:
                    91:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:A1:D7:44:1D:C6:7C:42:54:7C:D6:18:BB:FE:9F:9E:DD:00:2A:48
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/EaHXRB3GfEJUfNYYu_6fnt0AKkg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.105.4.0/24
                  94.177.147.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:f6:7f:95:da:ef:b7:4d:75:1c:c1:ce:b0:e4:8f:de:cb:8b:
         61:ec:98:49:6c:8b:99:93:e6:e6:a4:d4:6b:a0:be:2b:6c:37:
         e1:a2:22:5e:34:80:37:5c:b2:b0:b0:e3:e9:86:fa:0e:ee:2e:
         da:51:c2:4d:b1:b5:6d:45:1b:9c:f5:4e:b9:b7:b5:93:e2:98:
         28:b8:3e:02:7a:e7:d7:53:b0:ef:54:48:7a:a7:8f:35:40:02:
         81:ac:59:ad:26:1a:c6:50:53:df:de:b1:3c:fe:db:3b:5f:0d:
         9e:0b:8f:af:47:70:40:e6:c4:cc:f6:7a:44:b7:4c:6d:4a:7c:
         1b:08:40:79:be:04:e6:2e:74:18:0b:29:3d:7c:84:20:86:27:
         b7:d4:ab:be:35:bb:85:cf:b0:6e:3d:cc:d1:e7:07:0b:c6:b9:
         5e:12:29:ec:aa:8f:a7:a7:fb:e3:4a:e8:81:43:69:54:64:4b:
         23:ab:72:ee:06:84:6f:7d:ff:4a:4f:0f:9e:f3:32:20:26:d1:
         49:b6:75:10:f2:24:26:4f:ea:53:d3:3d:4c:6b:2e:3e:3d:61:
         4e:21:32:35:33:1c:40:ff:31:6b:15:b3:e5:3a:0d:9b:a0:dd:
         5d:be:e7:54:75:60:ba:d2:8b:29:86:9f:94:d9:39:9d:6b:94:
         ad:7c:c3:20
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZA1lTJclaT13Byhzm6WmypFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjQwNjIwMTIxODA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWExZDc0NDFkYzY3YzQyNTQ3Y2Q2MThiYmZlOWY5ZWRkMDAyYTQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwSDABLghx3UTV0BWbCcSTeMU0axF
+lsxHo7QBshTtXao4ysqkCJ3k/wiWiJK10xIgTxij/7TBzc68W1JDFaO9rEBhwkk
IT80Hmi18W6TlItZ3ml3/Y3w7EYMB24erYxbhWalnwZBv5d/HtajkA9uIQGUBavZ
33ly4DTGoonM8PLC06iNDdFZgnuIdJ+NJtjQ5+4u64U4P2z4L5XFBjWJzRO2S8Uz
9LBGvPkTQWXlddkKaFYpHQYDJDz7+r/p+IZlUbt+TeApk3Rzt4t/N0Cs1WGm2S/v
+e16YloVuB0m+M3pAfCnEp7VHTmlUMFA/RxxcdhnaAHQM5n2bY9uxxyR+QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBGh10QdxnxCVHzWGLv+n57dACpIMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvRWFIWFJCM0dmRUpVZk5ZWXVfNmZudDBBS2tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVmkEAwQA
XrGTMA0GCSqGSIb3DQEBCwUAA4IBAQA09n+V2u+3TXUcwc6w5I/ey4th7JhJbIuZ
k+bmpNRroL4rbDfhoiJeNIA3XLKwsOPphvoO7i7aUcJNsbVtRRuc9U65t7WT4pgo
uD4CeufXU7DvVEh6p481QAKBrFmtJhrGUFPf3rE8/ts7Xw2eC4+vR3BA5sTM9npE
t0xtSnwbCEB5vgTmLnQYCyk9fIQghie31Ku+NbuFz7BuPczR5wcLxrleEinsqo+n
p/vjSuiBQ2lUZEsjq3LuBoRvff9KTw+e8zIgJtFJtnUQ8iQmT+pT0z1May4+PWFO
ITI1MxxA/zFrFbPlOg2boN1dvudUdWC60osphp+U2Tmda5StfMMg
-----END CERTIFICATE-----