Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/EEeZiGY6H475RBNl2FEwTuYp5_Q.roa
File:                     EEeZiGY6H475RBNl2FEwTuYp5_Q.roa (raw, json)
Hash identifier:          IMfKiUr96ueMJ5qmt7dZrJwwIuZaJVf3i/Jha7s0VyI=
Subject key identifier:   10:47:99:88:66:3A:1F:8E:F9:44:13:65:D8:51:30:4E:E6:29:E7:F4
Certificate issuer:       /CN=8d3f356a02d9679ce890b5d51e0dec2f3f363361
Certificate serial:       018CC56EF8A50F1CF45ACFC1EBEC8E00870A
Authority key identifier: 8D:3F:35:6A:02:D9:67:9C:E8:90:B5:D5:1E:0D:EC:2F:3F:36:33:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jT81agLZZ5zokLXVHg3sLz82M2E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/EEeZiGY6H475RBNl2FEwTuYp5_Q.roa
Signing time:             Mon 01 Jan 2024 14:30:33 +0000
ROA not before:           Mon 01 Jan 2024 14:30:33 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208565
IP address blocks:        193.163.70.0/24 maxlen: 24
                          2a11:4e00::/29 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/jT81agLZZ5zokLXVHg3sLz82M2E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/jT81agLZZ5zokLXVHg3sLz82M2E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jT81agLZZ5zokLXVHg3sLz82M2E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:f8:a5:0f:1c:f4:5a:cf:c1:eb:ec:8e:00:87:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d3f356a02d9679ce890b5d51e0dec2f3f363361
        Validity
            Not Before: Jan  1 14:30:33 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10479988663a1f8ef9441365d851304ee629e7f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:49:ed:c1:22:c7:30:2a:00:45:83:29:7c:6b:
                    c3:ef:fa:81:5a:7b:c1:ac:d1:da:5c:cf:f4:0f:09:
                    fc:a2:7d:7e:2f:fa:0e:67:6c:c6:64:32:4d:5b:00:
                    37:5d:c8:5b:94:05:e2:1e:8d:b6:e0:14:83:64:8e:
                    d6:eb:e0:1d:9e:66:40:fe:f2:88:de:51:82:92:e8:
                    90:90:f8:7c:5e:9d:63:40:d1:0e:8b:17:cf:c1:47:
                    69:dd:05:43:03:6c:72:05:95:38:2b:71:76:57:bd:
                    b3:64:c3:76:5e:6f:20:88:49:42:ba:b2:be:23:20:
                    e1:8d:f5:e3:d9:a8:bf:7b:43:ea:1a:b6:47:38:7f:
                    b4:a5:9b:32:d2:66:37:4d:a3:88:ed:12:63:cc:41:
                    c7:02:ca:75:96:45:c1:d3:ae:5d:00:f2:18:d6:5d:
                    5c:3e:d6:be:bd:5c:98:83:02:b7:f5:d5:30:43:bb:
                    15:00:4f:03:5a:6e:ee:3d:d3:5e:22:3b:bf:b7:e5:
                    a8:58:09:29:cd:0b:cb:7a:71:cb:c0:e6:92:84:13:
                    ee:78:5c:8f:d3:a9:bd:ab:c8:37:f9:f9:bb:d5:0d:
                    68:ab:63:cb:88:18:d9:88:c5:a6:59:be:93:bc:20:
                    13:2b:1d:96:9d:c9:73:0d:09:af:b8:fd:cc:e6:a2:
                    1e:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:47:99:88:66:3A:1F:8E:F9:44:13:65:D8:51:30:4E:E6:29:E7:F4
            X509v3 Authority Key Identifier:
                keyid:8D:3F:35:6A:02:D9:67:9C:E8:90:B5:D5:1E:0D:EC:2F:3F:36:33:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jT81agLZZ5zokLXVHg3sLz82M2E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/EEeZiGY6H475RBNl2FEwTuYp5_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/566cb1-7915-4ffd-8570-6b93af613d7d/1/jT81agLZZ5zokLXVHg3sLz82M2E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.70.0/24
                IPv6:
                  2a11:4e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         ba:e5:37:70:de:b5:b0:b2:e5:2d:40:d4:df:61:33:13:fc:62:
         ac:b0:12:b4:3b:c4:40:12:63:71:32:19:74:b9:12:b3:59:c4:
         3d:1c:e0:c3:91:8a:b9:c8:1d:c8:71:ed:45:9c:5a:79:a5:f0:
         96:f2:fc:85:c2:79:70:f9:39:da:73:0c:fe:c4:4c:ae:72:fa:
         06:f0:d5:e5:17:f7:eb:b3:cb:a7:fe:6c:8f:5b:2f:d4:c3:70:
         15:46:df:05:e4:45:e9:1b:5a:ef:b1:bd:ab:d4:a5:72:41:09:
         1a:24:d6:45:23:35:c2:01:40:4d:95:c2:f0:0e:01:97:27:14:
         a7:cb:0c:b3:f4:69:4a:a8:51:59:e1:23:ef:83:d5:07:69:82:
         bf:5e:d3:e4:5f:ac:fa:05:89:ba:8f:38:e8:8b:d9:04:1a:16:
         23:2a:d7:77:91:70:21:0c:fe:62:d5:23:53:8b:44:00:f0:d0:
         da:3a:7f:be:34:a6:ff:c4:9a:48:92:7f:6d:3d:51:e7:15:ee:
         f9:c8:35:6b:6b:fc:cd:85:76:dd:e9:d7:c4:44:52:d0:6b:7e:
         25:bc:29:2d:43:c2:b5:6e:fa:b1:9e:aa:92:18:01:88:46:62:
         e3:65:f2:1c:47:58:83:30:07:bf:5d:4f:1b:b9:d5:ce:48:b3:
         d3:cc:0f:80
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFbvilDxz0Ws/B6+yOAIcKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkM2YzNTZhMDJkOTY3OWNlODkwYjVkNTFlMGRlYzJmM2Yz
NjMzNjEwHhcNMjQwMTAxMTQzMDMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDQ3OTk4ODY2M2ExZjhlZjk0NDEzNjVkODUxMzA0ZWU2MjllN2Y0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjEntwSLHMCoARYMpfGvD7/qBWnvB
rNHaXM/0Dwn8on1+L/oOZ2zGZDJNWwA3XchblAXiHo224BSDZI7W6+AdnmZA/vKI
3lGCkuiQkPh8Xp1jQNEOixfPwUdp3QVDA2xyBZU4K3F2V72zZMN2Xm8giElCurK+
IyDhjfXj2ai/e0PqGrZHOH+0pZsy0mY3TaOI7RJjzEHHAsp1lkXB065dAPIY1l1c
Pta+vVyYgwK39dUwQ7sVAE8DWm7uPdNeIju/t+WoWAkpzQvLenHLwOaShBPueFyP
06m9q8g3+fm71Q1oq2PLiBjZiMWmWb6TvCATKx2WnclzDQmvuP3M5qIezQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBBHmYhmOh+O+UQTZdhRME7mKef0MB8GA1UdIwQY
MBaAFI0/NWoC2Wec6JC11R4N7C8/NjNhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalQ4MWFnTFpaNXpva0xYVkhnM3NMejgyTTJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny81NjZjYjEtNzkxNS00ZmZkLTg1NzAt
NmI5M2FmNjEzZDdkLzEvRUVlWmlHWTZINDc1UkJObDJGRXdUdVlwNV9RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny81NjZjYjEtNzkxNS00ZmZkLTg1NzAtNmI5M2FmNjEzZDdk
LzEvalQ4MWFnTFpaNXpva0xYVkhnM3NMejgyTTJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwaNGMA0E
AgACMAcDBQMqEU4AMA0GCSqGSIb3DQEBCwUAA4IBAQC65Tdw3rWwsuUtQNTfYTMT
/GKssBK0O8RAEmNxMhl0uRKzWcQ9HODDkYq5yB3Ice1FnFp5pfCW8vyFwnlw+Tna
cwz+xEyucvoG8NXlF/frs8un/myPWy/Uw3AVRt8F5EXpG1rvsb2r1KVyQQkaJNZF
IzXCAUBNlcLwDgGXJxSnywyz9GlKqFFZ4SPvg9UHaYK/XtPkX6z6BYm6jzjoi9kE
GhYjKtd3kXAhDP5i1SNTi0QA8NDaOn++NKb/xJpIkn9tPVHnFe75yDVra/zNhXbd
6dfERFLQa34lvCktQ8K1bvqxnqqSGAGIRmLjZfIcR1iDMAe/XU8budXOSLPTzA+A
-----END CERTIFICATE-----