Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/EI9KQviZrpBEfLAcZxWZpNpKjjQ.roa
File:                     EI9KQviZrpBEfLAcZxWZpNpKjjQ.roa (raw, json)
Hash identifier:          hke1+LegshL0jLfdX4gvekjSmb0gC5KNK/nDmWKZq5U=
Subject key identifier:   10:8F:4A:42:F8:99:AE:90:44:7C:B0:1C:67:15:99:A4:DA:4A:8E:34
Certificate issuer:       /CN=7d149f62447853689c12fb288afeb6b681cfebc1
Certificate serial:       018F0A53B37547921A4CBA24270B598B8396
Authority key identifier: 7D:14:9F:62:44:78:53:68:9C:12:FB:28:8A:FE:B6:B6:81:CF:EB:C1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fRSfYkR4U2icEvsoiv62toHP68E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/EI9KQviZrpBEfLAcZxWZpNpKjjQ.roa
Signing time:             Tue 23 Apr 2024 09:40:08 +0000
ROA not before:           Tue 23 Apr 2024 09:40:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     51276
IP address blocks:        93.125.70.0/24 maxlen: 24
                          213.184.247.0/24 maxlen: 24
                          217.21.50.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/fRSfYkR4U2icEvsoiv62toHP68E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/fRSfYkR4U2icEvsoiv62toHP68E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fRSfYkR4U2icEvsoiv62toHP68E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:0a:53:b3:75:47:92:1a:4c:ba:24:27:0b:59:8b:83:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7d149f62447853689c12fb288afeb6b681cfebc1
        Validity
            Not Before: Apr 23 09:40:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=108f4a42f899ae90447cb01c671599a4da4a8e34
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:3f:c3:34:d6:0c:71:1b:6b:69:16:b8:f5:70:
                    2b:e2:d3:18:6e:2c:8f:82:29:95:b5:2b:77:39:24:
                    ac:f2:bb:af:29:f7:4d:90:0d:7e:39:6f:56:b7:a6:
                    b6:0f:bd:64:14:a6:bc:fe:b1:6e:90:ae:78:5d:32:
                    dd:b5:8b:7f:57:fb:1f:a4:01:26:5c:8e:b9:14:9b:
                    f7:f7:04:eb:28:1f:47:35:f2:5a:ee:81:81:f1:49:
                    c4:55:57:90:ad:d5:72:34:bb:94:2a:6b:ae:e5:b2:
                    61:bf:0b:7f:0d:8e:f9:db:3e:00:c1:ec:b8:8c:c9:
                    67:5e:41:0c:a8:fc:86:54:f1:5c:9a:e3:a0:82:b1:
                    83:59:c8:2f:b6:91:2a:8e:65:69:16:9f:71:ff:6d:
                    9a:95:22:fe:a5:70:be:a7:40:ae:da:af:ae:98:33:
                    01:c8:7d:4c:46:95:9e:ab:19:17:89:5d:33:8e:98:
                    8a:0e:c5:57:99:c6:84:3a:24:e1:cf:be:95:ee:fa:
                    c0:d9:4f:e9:56:f3:52:f0:0d:d7:3d:ca:00:20:f9:
                    51:18:25:ae:86:07:4a:33:ae:8a:c5:28:45:4f:12:
                    2d:2f:6e:6a:5d:51:84:24:34:50:ac:c6:ac:bd:0c:
                    0a:b5:5d:29:eb:27:ae:f4:dd:1e:74:a5:1a:ed:c5:
                    3a:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:8F:4A:42:F8:99:AE:90:44:7C:B0:1C:67:15:99:A4:DA:4A:8E:34
            X509v3 Authority Key Identifier:
                keyid:7D:14:9F:62:44:78:53:68:9C:12:FB:28:8A:FE:B6:B6:81:CF:EB:C1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fRSfYkR4U2icEvsoiv62toHP68E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/EI9KQviZrpBEfLAcZxWZpNpKjjQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/6a54bf-f00f-467a-bf57-aab0e414cc63/1/fRSfYkR4U2icEvsoiv62toHP68E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.125.70.0/24
                  213.184.247.0/24
                  217.21.50.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:03:8f:05:81:d8:a3:08:06:44:e5:d8:fe:11:34:1f:d2:7f:
         7b:25:26:95:5c:4e:c3:67:47:4d:49:6a:64:05:3a:1a:8e:2a:
         9d:0a:cb:33:dd:8b:73:43:b1:c6:06:1b:47:16:6b:7e:1e:26:
         1d:28:1d:85:ef:6b:b1:8c:80:5d:b7:0f:3d:ee:3a:c3:d1:2d:
         9f:ce:ce:f1:df:68:06:e1:9f:6f:ba:e7:98:70:3c:e7:e5:5d:
         d2:83:04:70:ae:2b:43:db:9f:c1:e9:5d:94:de:c5:ec:ed:07:
         6e:b9:05:59:37:db:ce:5e:f1:e8:42:16:1b:2b:92:0e:c6:9a:
         17:49:83:80:c8:a4:47:0d:78:5d:24:ee:14:f3:7d:3e:0e:25:
         c2:47:bf:05:c3:b8:f4:69:7e:8a:d2:71:17:46:a7:27:6a:2f:
         5d:4d:d8:6f:ec:52:b1:3f:05:1b:7e:0b:7c:e9:f6:f9:6e:eb:
         05:2b:e1:80:bc:e1:37:ef:92:0f:d1:3b:6f:fa:66:3c:8a:12:
         b2:eb:2f:0f:6e:fc:47:77:84:f5:07:45:76:df:21:3f:a1:30:
         71:4a:30:d4:3b:7a:d1:57:cd:0a:bc:18:e4:a2:38:72:ce:54:
         75:c3:ad:f8:55:69:4d:38:0c:fc:a6:3e:42:8f:76:f6:66:42:
         99:78:5d:60
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY8KU7N1R5IaTLokJwtZi4OWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkMTQ5ZjYyNDQ3ODUzNjg5YzEyZmIyODhhZmViNmI2ODFj
ZmViYzEwHhcNMjQwNDIzMDk0MDA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDhmNGE0MmY4OTlhZTkwNDQ3Y2IwMWM2NzE1OTlhNGRhNGE4ZTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtz/DNNYMcRtraRa49XAr4tMYbiyP
gimVtSt3OSSs8ruvKfdNkA1+OW9Wt6a2D71kFKa8/rFukK54XTLdtYt/V/sfpAEm
XI65FJv39wTrKB9HNfJa7oGB8UnEVVeQrdVyNLuUKmuu5bJhvwt/DY752z4Awey4
jMlnXkEMqPyGVPFcmuOggrGDWcgvtpEqjmVpFp9x/22alSL+pXC+p0Cu2q+umDMB
yH1MRpWeqxkXiV0zjpiKDsVXmcaEOiThz76V7vrA2U/pVvNS8A3XPcoAIPlRGCWu
hgdKM66KxShFTxItL25qXVGEJDRQrMasvQwKtV0p6yeu9N0edKUa7cU67QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBCPSkL4ma6QRHywHGcVmaTaSo40MB8GA1UdIwQY
MBaAFH0Un2JEeFNonBL7KIr+traBz+vBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlJTZllrUjRVMmljRXZzb2l2NjJ0b0hQNjhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC82YTU0YmYtZjAwZi00NjdhLWJmNTct
YWFiMGU0MTRjYzYzLzEvRUk5S1F2aVpycEJFZkxBY1p4V1pwTnBLampRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC82YTU0YmYtZjAwZi00NjdhLWJmNTctYWFiMGU0MTRjYzYz
LzEvZlJTZllrUjRVMmljRXZzb2l2NjJ0b0hQNjhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXX1GAwQA
1bj3AwQA2RUyMA0GCSqGSIb3DQEBCwUAA4IBAQBUA48FgdijCAZE5dj+ETQf0n97
JSaVXE7DZ0dNSWpkBToajiqdCssz3YtzQ7HGBhtHFmt+HiYdKB2F72uxjIBdtw89
7jrD0S2fzs7x32gG4Z9vuueYcDzn5V3SgwRwritD25/B6V2U3sXs7QduuQVZN9vO
XvHoQhYbK5IOxpoXSYOAyKRHDXhdJO4U830+DiXCR78Fw7j0aX6K0nEXRqcnai9d
Tdhv7FKxPwUbfgt86fb5busFK+GAvOE375IP0Ttv+mY8ihKy6y8PbvxHd4T1B0V2
3yE/oTBxSjDUO3rRV80KvBjkojhyzlR1w634VWlNOAz8pj5Cj3b2ZkKZeF1g
-----END CERTIFICATE-----