Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/a59390-8048-43b9-82b5-761dab389b5b/1/EyCOee5R3OhNT_xrl_EiwrQK0DY.roa
File:                     EyCOee5R3OhNT_xrl_EiwrQK0DY.roa (raw, json)
Hash identifier:          crhcCwGJ1Or+g5eXBq6V+6t588apOi7kVSvRhnA6s+U=
Subject key identifier:   13:20:8E:79:EE:51:DC:E8:4D:4F:FC:6B:97:F1:22:C2:B4:0A:D0:36
Certificate issuer:       /CN=87107e3fd9b94b4b36e6a8f370e8650a7f57e6c3
Certificate serial:       018CC9BCEBBC9B15A487E55326B5239DE55D
Authority key identifier: 87:10:7E:3F:D9:B9:4B:4B:36:E6:A8:F3:70:E8:65:0A:7F:57:E6:C3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hxB-P9m5S0s25qjzcOhlCn9X5sM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/67/a59390-8048-43b9-82b5-761dab389b5b/1/EyCOee5R3OhNT_xrl_EiwrQK0DY.roa
Signing time:             Tue 02 Jan 2024 10:34:10 +0000
ROA not before:           Tue 02 Jan 2024 10:34:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30784
IP address blocks:        82.199.96.0/19 maxlen: 24
                          79.172.64.0/18 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/67/a59390-8048-43b9-82b5-761dab389b5b/1/hxB-P9m5S0s25qjzcOhlCn9X5sM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/67/a59390-8048-43b9-82b5-761dab389b5b/1/hxB-P9m5S0s25qjzcOhlCn9X5sM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hxB-P9m5S0s25qjzcOhlCn9X5sM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:eb:bc:9b:15:a4:87:e5:53:26:b5:23:9d:e5:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=87107e3fd9b94b4b36e6a8f370e8650a7f57e6c3
        Validity
            Not Before: Jan  2 10:34:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=13208e79ee51dce84d4ffc6b97f122c2b40ad036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:ea:e0:0b:a1:ce:32:52:49:e6:68:4f:8c:ce:
                    53:c5:0b:70:51:c1:5f:8e:ee:0b:c1:5b:2d:2e:da:
                    28:8d:a3:2f:0c:69:9c:0f:a6:82:84:7b:3b:da:4f:
                    01:41:1c:1a:eb:19:c0:4e:f6:39:cd:b5:86:3d:71:
                    a5:e5:aa:97:92:c9:5f:dd:ce:39:6f:cc:96:c2:c0:
                    1b:4b:96:f9:af:03:4a:9b:7c:10:58:20:46:06:ce:
                    24:50:86:ef:d1:91:80:79:c0:67:02:5b:21:79:5d:
                    97:1e:e0:1f:f3:dc:9b:34:68:76:73:dd:98:08:4c:
                    e6:07:0b:d8:5f:5c:73:d2:96:b5:36:37:7d:bd:4a:
                    53:3b:c1:e9:fd:e8:0f:f9:58:4b:89:36:e2:f9:6a:
                    52:b7:4f:2d:e9:53:93:6c:ca:18:aa:dd:ad:9f:bb:
                    55:8e:74:95:d4:c7:c4:aa:b8:ed:9e:85:8c:95:58:
                    94:23:47:b0:bf:28:5e:6e:6f:bb:f7:5d:2a:d7:c7:
                    3a:62:68:5a:d0:ea:db:3b:fa:f2:8f:e0:b3:1c:aa:
                    9d:eb:79:87:7c:d6:0d:15:e1:ec:05:42:79:74:97:
                    8b:97:07:d3:db:16:b2:e6:b4:7f:97:5a:92:02:a2:
                    97:06:b2:e7:c4:1e:0c:77:d6:6a:74:a2:97:b3:4e:
                    95:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:20:8E:79:EE:51:DC:E8:4D:4F:FC:6B:97:F1:22:C2:B4:0A:D0:36
            X509v3 Authority Key Identifier:
                keyid:87:10:7E:3F:D9:B9:4B:4B:36:E6:A8:F3:70:E8:65:0A:7F:57:E6:C3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hxB-P9m5S0s25qjzcOhlCn9X5sM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/a59390-8048-43b9-82b5-761dab389b5b/1/EyCOee5R3OhNT_xrl_EiwrQK0DY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/67/a59390-8048-43b9-82b5-761dab389b5b/1/hxB-P9m5S0s25qjzcOhlCn9X5sM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  79.172.64.0/18
                  82.199.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         5a:88:0d:77:1c:71:73:f7:63:ea:d6:ba:aa:58:74:89:76:14:
         51:b3:51:a3:90:af:a0:7c:15:3e:2d:ee:51:fa:d7:ed:fb:f3:
         ec:15:8c:46:55:82:c9:0b:7b:2d:b2:db:ea:b3:aa:54:d8:56:
         59:f8:8a:94:d7:0f:5d:3d:78:aa:aa:ca:35:36:ee:b3:77:5e:
         7a:97:f4:c4:21:f6:9b:fa:5b:9f:2b:9d:30:6e:65:a4:d3:60:
         25:41:3f:c2:77:7a:8b:5b:fc:26:c1:dc:36:8e:e9:c4:5d:97:
         90:46:c6:c3:66:c0:d2:09:ec:1c:20:ff:e3:95:50:34:57:75:
         18:96:05:ce:b0:63:37:2d:c4:b4:ef:07:fd:f1:0c:d2:45:e7:
         67:fe:a9:12:71:03:4c:13:b5:48:5f:fa:69:c5:61:5f:29:54:
         74:ba:10:56:f6:2b:1f:53:14:92:e6:2d:2c:00:06:ae:9d:7b:
         94:04:41:64:fc:22:2e:eb:be:60:f2:0b:1e:e3:55:f5:7c:48:
         3c:a7:09:14:ac:9e:4f:60:c4:f4:bb:5f:bc:5c:04:cb:ef:ad:
         53:98:2c:c9:dd:c4:ee:67:d8:a1:12:5b:5e:a5:53:9f:b4:70:
         93:2c:87:f5:ad:af:65:4a:07:65:69:12:87:2e:a5:58:32:35:
         62:d9:08:ff
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzJvOu8mxWkh+VTJrUjneVdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3MTA3ZTNmZDliOTRiNGIzNmU2YThmMzcwZTg2NTBhN2Y1
N2U2YzMwHhcNMjQwMTAyMTAzNDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzIwOGU3OWVlNTFkY2U4NGQ0ZmZjNmI5N2YxMjJjMmI0MGFkMDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjurgC6HOMlJJ5mhPjM5TxQtwUcFf
ju4LwVstLtoojaMvDGmcD6aChHs72k8BQRwa6xnATvY5zbWGPXGl5aqXkslf3c45
b8yWwsAbS5b5rwNKm3wQWCBGBs4kUIbv0ZGAecBnAlsheV2XHuAf89ybNGh2c92Y
CEzmBwvYX1xz0pa1Njd9vUpTO8Hp/egP+VhLiTbi+WpSt08t6VOTbMoYqt2tn7tV
jnSV1MfEqrjtnoWMlViUI0ewvyhebm+7910q18c6Ymha0OrbO/ryj+CzHKqd63mH
fNYNFeHsBUJ5dJeLlwfT2xay5rR/l1qSAqKXBrLnxB4Md9ZqdKKXs06VswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBMgjnnuUdzoTU/8a5fxIsK0CtA2MB8GA1UdIwQY
MBaAFIcQfj/ZuUtLNuao83DoZQp/V+bDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHhCLVA5bTVTMHMyNXFqemNPaGxDbjlYNXNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny9hNTkzOTAtODA0OC00M2I5LTgyYjUt
NzYxZGFiMzg5YjViLzEvRXlDT2VlNVIzT2hOVF94cmxfRWl3clFLMERZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny9hNTkzOTAtODA0OC00M2I5LTgyYjUtNzYxZGFiMzg5YjVi
LzEvaHhCLVA5bTVTMHMyNXFqemNPaGxDbjlYNXNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQGT6xAAwQF
UsdgMA0GCSqGSIb3DQEBCwUAA4IBAQBaiA13HHFz92Pq1rqqWHSJdhRRs1GjkK+g
fBU+Le5R+tft+/PsFYxGVYLJC3ststvqs6pU2FZZ+IqU1w9dPXiqqso1Nu6zd156
l/TEIfab+lufK50wbmWk02AlQT/Cd3qLW/wmwdw2junEXZeQRsbDZsDSCewcIP/j
lVA0V3UYlgXOsGM3LcS07wf98QzSRedn/qkScQNME7VIX/ppxWFfKVR0uhBW9isf
UxSS5i0sAAaunXuUBEFk/CIu675g8gse41X1fEg8pwkUrJ5PYMT0u1+8XATL761T
mCzJ3cTuZ9ihEltepVOftHCTLIf1ra9lSgdlaRKHLqVYMjVi2Qj/
-----END CERTIFICATE-----