Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/ER5Q58oCHqo7sYIVgh7h5xtDYkA.roa
File:                     ER5Q58oCHqo7sYIVgh7h5xtDYkA.roa (raw, json)
Hash identifier:          WfArmwqyYM2uoy/mmCpwUFmUQKxaggg39UjUN0nkXfI=
Subject key identifier:   11:1E:50:E7:CA:02:1E:AA:3B:B1:82:15:82:1E:E1:E7:1B:43:62:40
Certificate issuer:       /CN=9aee15c33de358938d6900a1b3c14480a389e85b
Certificate serial:       018CCA29D4B2761869B26804C9A9C4E9ACC9
Authority key identifier: 9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/ER5Q58oCHqo7sYIVgh7h5xtDYkA.roa
Signing time:             Tue 02 Jan 2024 12:33:08 +0000
ROA not before:           Tue 02 Jan 2024 12:33:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200081
IP address blocks:        185.75.134.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:d4:b2:76:18:69:b2:68:04:c9:a9:c4:e9:ac:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9aee15c33de358938d6900a1b3c14480a389e85b
        Validity
            Not Before: Jan  2 12:33:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=111e50e7ca021eaa3bb18215821ee1e71b436240
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:2d:8c:bb:ea:ce:ed:68:46:1e:19:8f:56:dc:
                    7f:59:a9:fe:0f:1f:ae:c4:bc:f1:6f:f2:a6:53:02:
                    da:70:02:4a:65:12:b8:0d:c5:b3:40:6a:99:1c:6f:
                    2e:bc:52:29:c5:94:8b:5f:47:2f:ce:a6:55:27:60:
                    b0:9b:90:40:35:db:6e:0f:50:50:a3:8a:9b:0b:ee:
                    6e:b5:d9:ae:0a:66:9a:93:0b:cc:cd:31:e9:01:d7:
                    8c:e8:ac:f5:74:73:ac:59:2e:20:df:5e:d1:4e:a6:
                    54:08:2e:ea:0c:e4:8a:1f:81:c2:65:6f:f7:81:63:
                    c8:da:39:e9:d5:b4:ef:f5:03:e5:d6:1e:1f:67:2f:
                    98:3d:85:c2:ca:5d:4a:e5:b7:ff:2c:a9:ea:6e:2f:
                    20:cd:cf:1a:c4:a8:77:c0:7c:aa:09:da:e5:76:81:
                    6c:09:18:e1:1f:8b:fb:62:4d:bf:d3:b4:2b:2e:dc:
                    b3:1a:5b:83:3a:cb:6d:56:52:46:bd:31:c1:cc:31:
                    ef:de:31:d5:aa:f2:79:1d:ab:5b:b1:f5:93:8d:e1:
                    e7:85:c8:ef:e9:58:3f:34:7d:55:54:aa:7f:7f:63:
                    1d:bf:55:c8:66:c6:2e:8a:a9:a3:f3:c5:92:b6:13:
                    d7:0d:9a:c1:75:d5:f3:cc:ad:96:66:3b:f1:51:00:
                    f8:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:1E:50:E7:CA:02:1E:AA:3B:B1:82:15:82:1E:E1:E7:1B:43:62:40
            X509v3 Authority Key Identifier:
                keyid:9A:EE:15:C3:3D:E3:58:93:8D:69:00:A1:B3:C1:44:80:A3:89:E8:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/ER5Q58oCHqo7sYIVgh7h5xtDYkA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/72f77f-76ab-4e79-a062-6ee534d92e52/1/mu4Vwz3jWJONaQChs8FEgKOJ6Fs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:86:a6:6d:1b:7a:44:2e:17:0d:ae:c4:f8:bf:03:c7:2d:84:
         9b:57:81:30:48:25:90:20:36:07:53:9e:c3:81:3f:f0:ea:0d:
         85:23:03:da:f4:88:43:7c:aa:04:d8:dd:05:63:a5:cb:42:65:
         94:09:19:66:e1:e8:ba:ab:02:98:5b:ba:c8:8c:66:0d:0c:66:
         f2:d7:bf:e9:5d:f0:6a:17:98:3c:7c:b4:bf:61:0c:92:d6:b0:
         9b:b2:ad:43:7a:dc:a2:dd:ed:ec:a5:b1:16:84:72:32:e6:38:
         60:06:b8:55:bf:3b:c8:e1:61:65:37:bd:eb:d5:5e:d7:94:5f:
         fb:fa:5e:2d:2d:2d:a0:a2:1b:e4:26:39:01:d8:2b:a3:5f:eb:
         f2:ca:f6:85:77:74:5c:60:11:bd:cb:f3:7a:d0:c0:6e:1b:00:
         ef:d7:84:34:7c:e2:d1:c9:82:b0:97:4a:e8:72:49:21:73:55:
         95:85:26:24:9b:c2:8b:66:bf:d6:fe:e1:72:a3:9c:20:1a:49:
         3a:31:e8:9c:5c:81:7b:32:ce:89:ab:4b:db:e2:ff:32:39:41:
         f1:77:bc:f6:71:3b:f9:b4:be:e8:bb:c7:64:e4:f2:b3:41:39:
         ac:13:db:bd:7f:ba:6c:b7:2c:24:b5:48:54:94:51:8e:ca:80:
         91:b7:eb:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKdSydhhpsmgEyanE6azJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhZWUxNWMzM2RlMzU4OTM4ZDY5MDBhMWIzYzE0NDgwYTM4
OWU4NWIwHhcNMjQwMTAyMTIzMzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTFlNTBlN2NhMDIxZWFhM2JiMTgyMTU4MjFlZTFlNzFiNDM2MjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqC2Mu+rO7WhGHhmPVtx/Wan+Dx+u
xLzxb/KmUwLacAJKZRK4DcWzQGqZHG8uvFIpxZSLX0cvzqZVJ2Cwm5BANdtuD1BQ
o4qbC+5utdmuCmaakwvMzTHpAdeM6Kz1dHOsWS4g317RTqZUCC7qDOSKH4HCZW/3
gWPI2jnp1bTv9QPl1h4fZy+YPYXCyl1K5bf/LKnqbi8gzc8axKh3wHyqCdrldoFs
CRjhH4v7Yk2/07QrLtyzGluDOsttVlJGvTHBzDHv3jHVqvJ5HatbsfWTjeHnhcjv
6Vg/NH1VVKp/f2Mdv1XIZsYuiqmj88WSthPXDZrBddXzzK2WZjvxUQD48QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBEeUOfKAh6qO7GCFYIe4ecbQ2JAMB8GA1UdIwQY
MBaAFJruFcM941iTjWkAobPBRICjiehbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjIt
NmVlNTM0ZDkyZTUyLzEvRVI1UTU4b0NIcW83c1lJVmdoN2g1eHREWWtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83MmY3N2YtNzZhYi00ZTc5LWEwNjItNmVlNTM0ZDkyZTUy
LzEvbXU0Vnd6M2pXSk9OYVFDaHM4RkVnS09KNkZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUuGMA0G
CSqGSIb3DQEBCwUAA4IBAQAYhqZtG3pELhcNrsT4vwPHLYSbV4EwSCWQIDYHU57D
gT/w6g2FIwPa9IhDfKoE2N0FY6XLQmWUCRlm4ei6qwKYW7rIjGYNDGby17/pXfBq
F5g8fLS/YQyS1rCbsq1Detyi3e3spbEWhHIy5jhgBrhVvzvI4WFlN73r1V7XlF/7
+l4tLS2gohvkJjkB2CujX+vyyvaFd3RcYBG9y/N60MBuGwDv14Q0fOLRyYKwl0ro
ckkhc1WVhSYkm8KLZr/W/uFyo5wgGkk6MeicXIF7Ms6Jq0vb4v8yOUHxd7z2cTv5
tL7ou8dk5PKzQTmsE9u9f7pstywktUhUlFGOyoCRt+tp
-----END CERTIFICATE-----