Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/e32a9a-83e0-4fb9-ac71-4d4b16144d68/1/8EzU7uXsVYYAfWT-cw2E26nSgls.roa
File:                     8EzU7uXsVYYAfWT-cw2E26nSgls.roa (raw, json)
Hash identifier:          HQO6THTE6kN45kcG5piCkDUCb9wLCd2DZPke1rfXx84=
Subject key identifier:   F0:4C:D4:EE:E5:EC:55:86:00:7D:64:FE:73:0D:84:DB:A9:D2:82:5B
Certificate issuer:       /CN=dd97c7ca05bcc3d6a2ad1ba235bed8feab694550
Certificate serial:       01904F8F11CD483C65A5E8A1F9F0574740C9
Authority key identifier: DD:97:C7:CA:05:BC:C3:D6:A2:AD:1B:A2:35:BE:D8:FE:AB:69:45:50
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3ZfHygW8w9airRuiNb7Y_qtpRVA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/75/e32a9a-83e0-4fb9-ac71-4d4b16144d68/1/8EzU7uXsVYYAfWT-cw2E26nSgls.roa
Signing time:             Tue 25 Jun 2024 13:21:34 +0000
ROA not before:           Tue 25 Jun 2024 13:21:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        46.253.80.0/21 maxlen: 21

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/75/e32a9a-83e0-4fb9-ac71-4d4b16144d68/1/3ZfHygW8w9airRuiNb7Y_qtpRVA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/75/e32a9a-83e0-4fb9-ac71-4d4b16144d68/1/3ZfHygW8w9airRuiNb7Y_qtpRVA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3ZfHygW8w9airRuiNb7Y_qtpRVA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Sep 2024 14:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:4f:8f:11:cd:48:3c:65:a5:e8:a1:f9:f0:57:47:40:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dd97c7ca05bcc3d6a2ad1ba235bed8feab694550
        Validity
            Not Before: Jun 25 13:21:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f04cd4eee5ec5586007d64fe730d84dba9d2825b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:bc:5e:6a:b9:6b:5d:3c:d9:f9:97:27:f9:86:
                    b7:c9:a5:be:a8:c8:a8:ca:d4:2e:08:a0:84:80:2a:
                    ad:58:92:07:01:05:2c:10:ea:c6:44:8a:2e:4c:52:
                    9f:15:93:d7:6e:76:a0:b4:14:82:71:7f:c2:99:6b:
                    70:86:56:19:78:b7:e4:b6:a8:80:89:65:f1:48:6f:
                    ed:b6:e1:c9:0f:9e:77:33:8a:31:b8:23:ed:3b:01:
                    f3:58:14:98:41:e3:a8:e9:14:db:d8:4e:8b:09:5e:
                    ae:ce:b9:b8:ac:93:ac:d2:c7:dd:94:95:44:38:66:
                    01:51:0e:09:49:38:9a:54:4c:48:e2:1f:7d:43:46:
                    05:61:ef:73:7a:9a:20:08:e4:c6:0c:6b:55:31:9c:
                    53:32:be:92:8a:4a:d3:dd:1e:25:88:81:53:83:c2:
                    2c:9f:8a:2e:45:20:e1:b4:65:93:03:3d:d4:68:aa:
                    48:56:de:22:ae:62:a3:44:d3:86:8d:cb:3d:42:e8:
                    e2:a1:e4:92:2a:c5:d1:8f:a5:23:a4:22:10:b4:6d:
                    c7:c6:77:89:57:1c:c9:f0:ff:35:90:73:4f:50:c9:
                    b6:29:ab:15:1a:39:ec:33:06:c1:e0:5c:8c:78:26:
                    8d:af:a6:da:95:54:1c:b4:82:00:6d:84:51:f6:7b:
                    57:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:4C:D4:EE:E5:EC:55:86:00:7D:64:FE:73:0D:84:DB:A9:D2:82:5B
            X509v3 Authority Key Identifier:
                keyid:DD:97:C7:CA:05:BC:C3:D6:A2:AD:1B:A2:35:BE:D8:FE:AB:69:45:50

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3ZfHygW8w9airRuiNb7Y_qtpRVA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/e32a9a-83e0-4fb9-ac71-4d4b16144d68/1/8EzU7uXsVYYAfWT-cw2E26nSgls.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/75/e32a9a-83e0-4fb9-ac71-4d4b16144d68/1/3ZfHygW8w9airRuiNb7Y_qtpRVA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.80.0/21

    Signature Algorithm: sha256WithRSAEncryption
         4a:b7:b6:76:cc:ea:d0:77:30:8a:17:eb:e7:14:ee:08:1d:41:
         8c:e7:a5:04:d8:bf:94:82:75:28:9f:22:45:a1:29:01:15:f2:
         47:5d:f5:c9:c2:74:35:e4:80:f6:25:6a:cf:56:f0:70:f5:0a:
         bb:f6:d2:06:0a:b1:56:ff:c1:91:5b:be:12:b0:9a:3c:7e:be:
         bd:d7:2f:2c:4d:4e:57:d4:0f:f1:9f:c3:80:0c:78:fd:bf:36:
         06:9f:91:2e:f9:a3:02:30:3e:62:1a:29:e1:bc:40:ed:26:2b:
         e2:34:6d:b9:59:82:00:31:1b:b3:74:12:76:a7:b1:cc:c6:4f:
         49:94:52:b1:00:90:47:16:1f:a4:d0:12:4f:53:4c:6b:3d:ac:
         46:b9:62:07:c8:d8:03:00:29:bb:2c:fe:6e:19:ca:f5:80:22:
         b0:89:f9:7a:8a:d5:b7:d3:7c:91:ba:c7:db:7d:f1:94:af:c2:
         fe:86:50:a0:e6:98:5d:c5:05:67:6d:86:a0:90:1a:3e:11:02:
         96:51:63:1e:1f:6a:b6:89:ae:4f:a4:57:ad:bf:79:1a:16:b6:
         19:6e:07:e7:43:c5:37:ac:82:85:e2:14:64:d1:82:e3:8b:f3:
         75:72:84:97:d3:4b:5b:28:94:dd:4e:02:ce:29:52:15:ca:c5:
         10:ee:1b:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZBPjxHNSDxlpeih+fBXR0DJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkOTdjN2NhMDViY2MzZDZhMmFkMWJhMjM1YmVkOGZlYWI2
OTQ1NTAwHhcNMjQwNjI1MTMyMTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDRjZDRlZWU1ZWM1NTg2MDA3ZDY0ZmU3MzBkODRkYmE5ZDI4MjViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtrxearlrXTzZ+Zcn+Ya3yaW+qMio
ytQuCKCEgCqtWJIHAQUsEOrGRIouTFKfFZPXbnagtBSCcX/CmWtwhlYZeLfktqiA
iWXxSG/ttuHJD553M4oxuCPtOwHzWBSYQeOo6RTb2E6LCV6uzrm4rJOs0sfdlJVE
OGYBUQ4JSTiaVExI4h99Q0YFYe9zepogCOTGDGtVMZxTMr6SikrT3R4liIFTg8Is
n4ouRSDhtGWTAz3UaKpIVt4irmKjRNOGjcs9QujioeSSKsXRj6UjpCIQtG3HxneJ
VxzJ8P81kHNPUMm2KasVGjnsMwbB4FyMeCaNr6balVQctIIAbYRR9ntXcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBM1O7l7FWGAH1k/nMNhNup0oJbMB8GA1UdIwQY
MBaAFN2Xx8oFvMPWoq0bojW+2P6raUVQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM1pmSHlnVzh3OWFpclJ1aU5iN1lfcXRwUlZBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9lMzJhOWEtODNlMC00ZmI5LWFjNzEt
NGQ0YjE2MTQ0ZDY4LzEvOEV6VTd1WHNWWVlBZldULWN3MkUyNm5TZ2xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9lMzJhOWEtODNlMC00ZmI5LWFjNzEtNGQ0YjE2MTQ0ZDY4
LzEvM1pmSHlnVzh3OWFpclJ1aU5iN1lfcXRwUlZBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDLv1QMA0G
CSqGSIb3DQEBCwUAA4IBAQBKt7Z2zOrQdzCKF+vnFO4IHUGM56UE2L+UgnUonyJF
oSkBFfJHXfXJwnQ15ID2JWrPVvBw9Qq79tIGCrFW/8GRW74SsJo8fr691y8sTU5X
1A/xn8OADHj9vzYGn5Eu+aMCMD5iGinhvEDtJiviNG25WYIAMRuzdBJ2p7HMxk9J
lFKxAJBHFh+k0BJPU0xrPaxGuWIHyNgDACm7LP5uGcr1gCKwifl6itW303yRusfb
ffGUr8L+hlCg5phdxQVnbYagkBo+EQKWUWMeH2q2ia5PpFetv3kaFrYZbgfnQ8U3
rIKF4hRk0YLji/N1coSX00tbKJTdTgLOKVIVysUQ7hvq
-----END CERTIFICATE-----