Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/eJSyrOnQblzzuh2KP6SywwlSlu8.roa
File:                     eJSyrOnQblzzuh2KP6SywwlSlu8.roa (raw, json)
Hash identifier:          vc6GFfwBld9Kv0xjooytJJOZl+lStKCLjNSwIeT1OAQ=
Subject key identifier:   78:94:B2:AC:E9:D0:6E:5C:F3:BA:1D:8A:3F:A4:B2:C3:09:52:96:EF
Certificate issuer:       /CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
Certificate serial:       018CC795664CC5D7101BAA9014A11F630912
Authority key identifier: F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/eJSyrOnQblzzuh2KP6SywwlSlu8.roa
Signing time:             Tue 02 Jan 2024 00:31:46 +0000
ROA not before:           Tue 02 Jan 2024 00:31:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62448
IP address blocks:        188.212.131.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 22:01:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:66:4c:c5:d7:10:1b:aa:90:14:a1:1f:63:09:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8e62634e1bd5133a9de4512ae98cad1b2219b59
        Validity
            Not Before: Jan  2 00:31:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7894b2ace9d06e5cf3ba1d8a3fa4b2c3095296ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:74:f5:79:d5:34:b0:e2:64:76:55:35:c4:a0:
                    60:b0:69:e5:b0:42:4b:a5:34:25:a6:34:e9:7a:40:
                    92:aa:1e:08:2b:7f:8a:e3:08:65:45:65:0f:10:f1:
                    57:2c:53:51:e2:b2:28:9c:8f:bc:95:6e:e1:68:d5:
                    e5:e8:c0:4c:d4:75:fa:b1:a3:39:ac:96:c6:b4:a8:
                    df:64:00:8a:b2:8c:72:85:7c:90:1c:b4:50:70:03:
                    d5:11:ad:9b:ef:26:87:08:11:ef:bc:b9:5f:cd:ca:
                    08:68:e0:27:60:f0:52:26:f5:34:39:4a:aa:33:67:
                    6a:44:22:27:1b:4d:47:9e:b0:f0:ea:20:ec:e6:d1:
                    c5:b5:32:75:04:c3:85:6b:5c:94:7f:f5:2a:7a:33:
                    3b:79:35:c0:7a:59:a3:94:b9:ba:9e:f5:61:4b:56:
                    16:3c:a3:85:8f:ab:e0:36:a7:bc:1f:ab:9a:6d:19:
                    a9:9c:1f:81:fa:69:2f:51:18:42:5e:c2:e3:d8:fa:
                    7a:57:11:b9:06:a1:30:12:94:16:b5:b2:f9:8b:b3:
                    e8:46:a7:cf:fc:e6:77:18:43:d8:ec:a4:2a:2f:89:
                    69:df:27:dd:c7:b0:a1:86:26:c6:86:67:c2:ed:9a:
                    7c:74:73:ce:ca:1f:36:60:8b:d4:51:eb:eb:bc:45:
                    98:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:94:B2:AC:E9:D0:6E:5C:F3:BA:1D:8A:3F:A4:B2:C3:09:52:96:EF
            X509v3 Authority Key Identifier:
                keyid:F8:E6:26:34:E1:BD:51:33:A9:DE:45:12:AE:98:CA:D1:B2:21:9B:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/eJSyrOnQblzzuh2KP6SywwlSlu8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/da3398-6698-45f2-baae-92e25fe16331/1/1-OYmNOG9UTOp3kUSrpjK0bIhm1k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.212.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:2c:5e:b4:ed:91:49:56:eb:4c:bd:37:10:a1:7d:b9:61:92:
         4b:58:cc:a0:09:4b:48:f7:b4:43:29:4e:f8:55:6b:80:bf:ab:
         19:14:49:5a:53:b3:28:32:e6:91:f4:bd:9e:a2:c6:55:07:2f:
         68:f7:f8:19:8b:31:4e:94:54:f4:f2:64:fa:88:08:62:9c:7e:
         d0:41:2b:fa:39:39:5f:d5:78:47:9c:ba:5b:5a:76:78:3e:a2:
         37:b7:05:27:1f:a8:aa:02:60:46:40:1b:b6:09:95:1b:ab:be:
         59:cb:61:b6:6f:81:9a:ee:94:a8:8f:85:b5:00:04:1d:31:bc:
         50:bb:fd:04:f3:1d:5a:eb:bd:3f:dd:58:b5:1c:c9:d3:27:3c:
         15:f3:87:1d:34:ba:20:48:19:a9:b5:96:e5:ee:0c:54:80:c6:
         0f:73:7c:32:5f:96:49:f0:18:67:9b:e0:82:f4:73:2e:7b:4d:
         d9:0f:45:99:0a:5f:26:66:4c:3c:e0:14:a4:6f:3a:78:45:d2:
         07:04:46:14:d2:7c:a9:a6:52:c4:35:e2:24:2c:4c:3e:87:36:
         af:6e:3b:29:07:11:c2:1b:70:de:1d:7a:26:d6:7b:a1:b9:81:
         cc:db:67:94:ec:40:79:e2:92:f7:f2:31:de:76:82:e4:50:98:
         b1:41:80:28
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAYzHlWZMxdcQG6qQFKEfYwkSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4ZTYyNjM0ZTFiZDUxMzNhOWRlNDUxMmFlOThjYWQxYjIy
MTliNTkwHhcNMjQwMTAyMDAzMTQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODk0YjJhY2U5ZDA2ZTVjZjNiYTFkOGEzZmE0YjJjMzA5NTI5NmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApnT1edU0sOJkdlU1xKBgsGnlsEJL
pTQlpjTpekCSqh4IK3+K4whlRWUPEPFXLFNR4rIonI+8lW7haNXl6MBM1HX6saM5
rJbGtKjfZACKsoxyhXyQHLRQcAPVEa2b7yaHCBHvvLlfzcoIaOAnYPBSJvU0OUqq
M2dqRCInG01HnrDw6iDs5tHFtTJ1BMOFa1yUf/UqejM7eTXAelmjlLm6nvVhS1YW
PKOFj6vgNqe8H6uabRmpnB+B+mkvURhCXsLj2Pp6VxG5BqEwEpQWtbL5i7PoRqfP
/OZ3GEPY7KQqL4lp3yfdx7ChhibGhmfC7Zp8dHPOyh82YIvUUevrvEWYiQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFHiUsqzp0G5c87odij+kssMJUpbvMB8GA1UdIwQY
MBaAFPjmJjThvVEzqd5FEq6YytGyIZtZMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1PWW1OT0c5VVRPcDNrVVNycGpLMGJJaG0xay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFl
LTkyZTI1ZmUxNjMzMS8xL2VKU3lyT25RYmx6enVoMktQNlN5d3dsU2x1OC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNzgvZGEzMzk4LTY2OTgtNDVmMi1iYWFlLTkyZTI1ZmUxNjMz
MS8xLzEtT1ltTk9HOVVUT3Aza1VTcnBqSzBiSWhtMWsuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC81IMw
DQYJKoZIhvcNAQELBQADggEBALgsXrTtkUlW60y9NxChfblhkktYzKAJS0j3tEMp
TvhVa4C/qxkUSVpTsygy5pH0vZ6ixlUHL2j3+BmLMU6UVPTyZPqICGKcftBBK/o5
OV/VeEecultadng+oje3BScfqKoCYEZAG7YJlRurvlnLYbZvgZrulKiPhbUABB0x
vFC7/QTzHVrrvT/dWLUcydMnPBXzhx00uiBIGam1luXuDFSAxg9zfDJflknwGGeb
4IL0cy57TdkPRZkKXyZmTDzgFKRvOnhF0gcERhTSfKmmUsQ14iQsTD6HNq9uOykH
EcIbcN4deibWe6G5gczbZ5TsQHnikvfyMd52guRQmLFBgCg=
-----END CERTIFICATE-----