Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/eEphrrq_SWbTHQZEglpjykQv4Qo.roa
File:                     eEphrrq_SWbTHQZEglpjykQv4Qo.roa (raw, json)
Hash identifier:          T/9366RoPEOeXWZW+d95Urmtc7CVmtPsbS48Qdr703E=
Subject key identifier:   78:4A:61:AE:BA:BF:49:66:D3:1D:06:44:82:5A:63:CA:44:2F:E1:0A
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0194228D9868E7D608088F688D30238D8407
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/eEphrrq_SWbTHQZEglpjykQv4Qo.roa
Signing time:             Wed 01 Jan 2025 15:48:12 +0000
ROA not before:           Wed 01 Jan 2025 15:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24667
IP address blocks:        176.235.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:98:68:e7:d6:08:08:8f:68:8d:30:23:8d:84:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  1 15:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=784a61aebabf4966d31d0644825a63ca442fe10a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:05:ac:8a:c5:6f:db:db:0d:9d:20:2e:2d:81:
                    05:7b:40:82:e6:2c:c2:45:6b:12:e1:dc:63:0b:1a:
                    37:1a:1a:52:a9:35:41:bd:99:5c:c2:6f:f0:cd:f3:
                    63:bd:33:ea:eb:d7:ca:97:3d:c3:69:4d:d2:6e:4a:
                    45:c4:ca:2b:aa:20:19:76:b7:3e:cd:8c:f1:27:d7:
                    9e:13:3f:2d:10:7c:83:e5:d7:f8:26:b6:22:43:18:
                    91:6d:7d:0a:7f:d5:c5:16:46:c8:02:5e:82:e7:9d:
                    f5:14:dc:b1:4c:72:a9:01:a5:3e:0d:61:a4:c4:73:
                    73:c6:66:be:fd:22:3c:d2:74:58:f7:7b:12:91:07:
                    45:38:60:68:6d:2c:9e:5e:60:2f:5d:4a:0c:bd:ba:
                    49:68:04:a1:37:0d:33:f5:4a:78:e1:08:0f:0d:e1:
                    42:f4:e5:22:06:1b:7a:9e:c7:c6:36:6d:21:cf:8b:
                    e0:89:5a:ec:ba:0e:f5:cf:3c:48:61:51:85:5b:dd:
                    ea:32:4b:f2:39:21:f3:5d:82:7a:53:d9:d3:a4:0f:
                    ed:23:b5:15:c6:bb:23:62:6f:0d:af:c7:43:8a:9f:
                    49:28:97:13:e4:d4:ef:e8:ee:b0:12:c1:66:bc:0a:
                    ad:d2:12:02:74:f4:41:a2:98:08:18:25:ee:86:c3:
                    20:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:4A:61:AE:BA:BF:49:66:D3:1D:06:44:82:5A:63:CA:44:2F:E1:0A
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/eEphrrq_SWbTHQZEglpjykQv4Qo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.235.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:0b:a4:f6:15:05:51:44:92:96:c4:12:66:58:72:15:26:00:
         b5:3f:0c:fb:96:8e:fe:9b:e0:10:00:8f:ea:40:79:5d:d6:70:
         22:cb:da:ac:ed:73:56:7e:de:e4:b5:96:f2:53:c9:d3:7f:6c:
         f9:b0:2e:39:27:fc:c4:89:6d:e6:26:bd:b8:25:0f:af:b0:c3:
         97:93:3c:0f:dc:40:30:dd:c5:28:59:c1:2c:92:6f:77:e4:08:
         ba:78:88:b8:cd:e3:55:3c:55:c3:66:3c:51:76:77:cf:2a:66:
         30:51:bd:8f:3f:c8:ea:16:49:88:91:e1:ac:34:f8:65:63:e7:
         65:38:ea:51:9c:06:db:d7:75:83:ca:09:c0:70:25:62:e2:8b:
         cf:c8:51:4d:36:c8:14:ec:e0:c8:f7:9a:80:b2:c3:b8:da:75:
         b1:20:83:54:fc:5f:fd:35:02:3d:4e:ef:14:80:14:fe:2e:56:
         35:ef:ce:76:6e:fe:ac:78:41:24:3f:97:ff:3c:ce:9d:4f:79:
         c8:8a:c5:ca:53:f9:b0:2f:09:f0:5f:7d:cf:5c:37:5b:c3:84:
         cf:ea:2d:af:cb:76:ce:1a:41:bc:62:2c:47:88:4c:bb:e0:4a:
         47:83:5c:4a:e1:22:56:d5:86:55:8c:7e:9b:9d:7a:19:b8:2c:
         9c:ee:40:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijZho59YICI9ojTAjjYQHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODRhNjFhZWJhYmY0OTY2ZDMxZDA2NDQ4MjVhNjNjYTQ0MmZlMTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzgWsisVv29sNnSAuLYEFe0CC5izC
RWsS4dxjCxo3GhpSqTVBvZlcwm/wzfNjvTPq69fKlz3DaU3SbkpFxMorqiAZdrc+
zYzxJ9eeEz8tEHyD5df4JrYiQxiRbX0Kf9XFFkbIAl6C5531FNyxTHKpAaU+DWGk
xHNzxma+/SI80nRY93sSkQdFOGBobSyeXmAvXUoMvbpJaAShNw0z9Up44QgPDeFC
9OUiBht6nsfGNm0hz4vgiVrsug71zzxIYVGFW93qMkvyOSHzXYJ6U9nTpA/tI7UV
xrsjYm8Nr8dDip9JKJcT5NTv6O6wEsFmvAqt0hICdPRBopgIGCXuhsMgnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhKYa66v0lm0x0GRIJaY8pEL+EKMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvZUVwaHJycV9TV2JUSFFaRWdscGp5a1F2NFFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsOt6MA0G
CSqGSIb3DQEBCwUAA4IBAQAlC6T2FQVRRJKWxBJmWHIVJgC1Pwz7lo7+m+AQAI/q
QHld1nAiy9qs7XNWft7ktZbyU8nTf2z5sC45J/zEiW3mJr24JQ+vsMOXkzwP3EAw
3cUoWcEskm935Ai6eIi4zeNVPFXDZjxRdnfPKmYwUb2PP8jqFkmIkeGsNPhlY+dl
OOpRnAbb13WDygnAcCVi4ovPyFFNNsgU7ODI95qAssO42nWxIINU/F/9NQI9Tu8U
gBT+LlY17852bv6seEEkP5f/PM6dT3nIisXKU/mwLwnwX33PXDdbw4TP6i2vy3bO
GkG8YixHiEy74EpHg1xK4SJW1YZVjH6bnXoZuCyc7kA4
-----END CERTIFICATE-----