Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/eVzUY6Ubr2U9z8tyhBBF6DnYc9E.roa
File:                     eVzUY6Ubr2U9z8tyhBBF6DnYc9E.roa (raw, json)
Hash identifier:          7K7m+Xp52Rz/VeRcveDpW2C3XyxRJkMcq9uHhjiA9hA=
Subject key identifier:   79:5C:D4:63:A5:1B:AF:65:3D:CF:CB:72:84:10:45:E8:39:D8:73:D1
Certificate issuer:       /CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
Certificate serial:       018CC26CF7ED424428EE7BF590A7E2AFBC98
Authority key identifier: 17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/eVzUY6Ubr2U9z8tyhBBF6DnYc9E.roa
Signing time:             Mon 01 Jan 2024 00:29:30 +0000
ROA not before:           Mon 01 Jan 2024 00:29:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203685
IP address blocks:        88.199.37.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 28 May 2024 14:15:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6c:f7:ed:42:44:28:ee:7b:f5:90:a7:e2:af:bc:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=179301dcc7fae4f7ce01e4987a77cb82a336abff
        Validity
            Not Before: Jan  1 00:29:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=795cd463a51baf653dcfcb72841045e839d873d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:88:e1:57:b8:df:21:c5:70:85:0d:74:9b:fb:
                    27:72:85:c4:45:96:05:17:c1:bf:d5:cf:93:ef:a6:
                    c7:bd:a6:06:14:6c:82:53:d3:15:f1:ab:34:1a:e3:
                    d8:e2:ad:92:c4:39:8e:82:99:5a:00:b3:d6:57:b5:
                    c5:fa:a4:2e:bd:e5:33:96:b9:16:25:24:b8:df:2e:
                    06:5a:09:fa:13:cf:73:8f:a6:dd:7d:c7:23:db:39:
                    a4:c1:cc:66:79:ff:65:a8:50:31:9b:5c:a4:84:b2:
                    70:af:99:b4:be:e1:d0:ee:a5:85:fd:eb:e8:be:8c:
                    dd:d4:40:0a:10:d0:d0:5b:94:63:bf:eb:a4:86:09:
                    e9:6d:b6:fa:8e:51:d7:4e:1d:62:7f:b3:f5:5d:52:
                    e3:71:09:8a:f2:86:24:61:59:a1:36:07:ef:bd:d1:
                    51:2c:94:f5:c2:d7:30:48:b8:48:d6:db:71:b0:d7:
                    d0:18:ec:92:cb:f2:06:8e:a2:55:73:06:3e:9f:8c:
                    59:0f:77:65:a7:2c:a0:12:7c:b3:d1:92:08:a8:9f:
                    1c:ef:90:7b:ba:b3:53:e3:f4:e5:a9:81:f4:b4:92:
                    56:da:02:d5:3b:2a:44:55:a6:84:73:86:b2:ca:14:
                    f5:e3:ca:6f:41:5b:20:85:c0:59:3c:e6:7c:ac:2a:
                    d9:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:5C:D4:63:A5:1B:AF:65:3D:CF:CB:72:84:10:45:E8:39:D8:73:D1
            X509v3 Authority Key Identifier:
                keyid:17:93:01:DC:C7:FA:E4:F7:CE:01:E4:98:7A:77:CB:82:A3:36:AB:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F5MB3Mf65PfOAeSYenfLgqM2q_8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/eVzUY6Ubr2U9z8tyhBBF6DnYc9E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/ed7963-72ea-4c1d-addd-aff92c16d8e3/1/F5MB3Mf65PfOAeSYenfLgqM2q_8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  88.199.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         10:ec:ae:a3:ef:93:21:e2:9d:1d:8b:f9:3e:c2:30:3f:70:e6:
         d0:04:93:fa:eb:4e:91:f5:53:31:82:40:88:11:ae:1e:44:97:
         23:78:db:3d:3b:ab:2f:f9:60:f1:46:10:d4:60:c7:45:45:cf:
         0d:f4:b8:a6:11:10:7e:eb:f0:86:18:b7:f1:67:c3:01:69:fb:
         cf:36:c5:9c:ea:78:49:ea:41:45:9a:73:8c:a8:0b:19:61:a0:
         e6:4e:74:11:52:5f:5d:32:ed:e3:2f:42:c7:88:fa:69:54:be:
         36:6d:b6:12:7b:2d:40:50:b2:7f:27:24:c5:2f:a8:b8:00:9c:
         d1:22:cb:eb:bf:c2:ee:e2:5a:da:2d:07:c4:cf:fe:c6:37:0f:
         ca:d2:cf:7b:15:26:7f:90:e9:25:be:52:77:46:14:dc:7d:25:
         14:f5:c2:cf:23:59:81:43:77:bf:e5:1d:8a:eb:e7:0d:23:27:
         ff:cc:ff:57:64:5e:f9:1e:07:0b:7b:63:68:13:33:bc:07:6b:
         22:e2:df:23:01:bc:b5:af:42:1e:4d:d5:90:d1:2a:79:81:fc:
         18:83:50:9f:57:4f:6c:c3:34:10:20:33:bf:1b:a1:e8:80:2a:
         b9:fb:b2:2e:be:3d:9f:f6:69:2e:fb:8b:58:1e:d8:eb:18:fe:
         a9:2f:8f:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzCbPftQkQo7nv1kKfir7yYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3OTMwMWRjYzdmYWU0ZjdjZTAxZTQ5ODdhNzdjYjgyYTMz
NmFiZmYwHhcNMjQwMTAxMDAyOTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTVjZDQ2M2E1MWJhZjY1M2RjZmNiNzI4NDEwNDVlODM5ZDg3M2QxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi4jhV7jfIcVwhQ10m/sncoXERZYF
F8G/1c+T76bHvaYGFGyCU9MV8as0GuPY4q2SxDmOgplaALPWV7XF+qQuveUzlrkW
JSS43y4GWgn6E89zj6bdfccj2zmkwcxmef9lqFAxm1ykhLJwr5m0vuHQ7qWF/evo
vozd1EAKENDQW5Rjv+ukhgnpbbb6jlHXTh1if7P1XVLjcQmK8oYkYVmhNgfvvdFR
LJT1wtcwSLhI1ttxsNfQGOySy/IGjqJVcwY+n4xZD3dlpyygEnyz0ZIIqJ8c75B7
urNT4/TlqYH0tJJW2gLVOypEVaaEc4ayyhT148pvQVsghcBZPOZ8rCrZGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHlc1GOlG69lPc/LcoQQReg52HPRMB8GA1UdIwQY
MBaAFBeTAdzH+uT3zgHkmHp3y4KjNqv/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQt
YWZmOTJjMTZkOGUzLzEvZVZ6VVk2VWJyMlU5ejh0eWhCQkY2RG5ZYzlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9lZDc5NjMtNzJlYS00YzFkLWFkZGQtYWZmOTJjMTZkOGUz
LzEvRjVNQjNNZjY1UGZPQWVTWWVuZkxncU0ycV84LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWMclMA0G
CSqGSIb3DQEBCwUAA4IBAQAQ7K6j75Mh4p0di/k+wjA/cObQBJP6606R9VMxgkCI
Ea4eRJcjeNs9O6sv+WDxRhDUYMdFRc8N9LimERB+6/CGGLfxZ8MBafvPNsWc6nhJ
6kFFmnOMqAsZYaDmTnQRUl9dMu3jL0LHiPppVL42bbYSey1AULJ/JyTFL6i4AJzR
Isvrv8Lu4lraLQfEz/7GNw/K0s97FSZ/kOklvlJ3RhTcfSUU9cLPI1mBQ3e/5R2K
6+cNIyf/zP9XZF75HgcLe2NoEzO8B2si4t8jAby1r0IeTdWQ0Sp5gfwYg1CfV09s
wzQQIDO/G6HogCq5+7Iuvj2f9mku+4tYHtjrGP6pL4/M
-----END CERTIFICATE-----