Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/eopGswgy9S7acYRvgPpGI2Cyb14.roa
File:                     eopGswgy9S7acYRvgPpGI2Cyb14.roa (raw, json)
Hash identifier:          8YEKhU3xD/vAcsoM0rWvEOUN3ymxDJTvzC+gS8OLr6w=
Subject key identifier:   7A:8A:46:B3:08:32:F5:2E:DA:71:84:6F:80:FA:46:23:60:B2:6F:5E
Certificate issuer:       /CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
Certificate serial:       0191A2EDDBE94B2E8D3FD13AFBE9E5AA6F6B
Authority key identifier: 11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/eopGswgy9S7acYRvgPpGI2Cyb14.roa
Signing time:             Fri 30 Aug 2024 10:56:22 +0000
ROA not before:           Fri 30 Aug 2024 10:56:22 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216127
IP address blocks:        94.228.161.0/24 maxlen: 24
                          178.236.253.0/24 maxlen: 24
                          178.236.254.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:a2:ed:db:e9:4b:2e:8d:3f:d1:3a:fb:e9:e5:aa:6f:6b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=117f9d55826b42486dfc84d35c1a63a5ce87507c
        Validity
            Not Before: Aug 30 10:56:22 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a8a46b30832f52eda71846f80fa462360b26f5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d9:b9:e5:d6:a8:d5:4c:4e:3b:db:df:a1:1c:
                    44:7c:53:25:14:23:6c:5e:f7:d1:88:b1:b3:1a:07:
                    11:09:dd:5b:24:c8:05:69:f3:7c:b4:f9:72:04:42:
                    0e:bf:4a:be:e7:38:e1:55:b3:5c:00:bb:98:b0:b9:
                    8c:43:d3:64:b5:ca:eb:7e:20:85:32:c7:ca:d0:e6:
                    a2:2c:c8:05:0b:81:2f:e3:db:2e:43:a0:08:d1:91:
                    68:60:8d:a8:a5:07:5b:bc:69:13:43:1d:f6:c5:76:
                    72:5c:7c:b1:ed:ac:44:7d:8b:d6:71:7a:ca:7e:19:
                    23:8a:89:76:4c:b8:5c:55:3e:b3:f4:0e:c3:be:5f:
                    66:7c:bb:7f:91:1f:24:5b:b0:04:6f:33:9b:e3:29:
                    bd:a4:17:e7:c2:c6:16:c1:6f:56:9f:80:26:6c:04:
                    8f:23:cd:fe:6d:31:5e:e6:0a:ec:40:fb:bc:05:58:
                    78:76:78:cd:b5:e2:8d:f2:41:6a:a6:26:4d:7b:fa:
                    b2:69:2c:09:5b:d9:5e:52:78:ba:b8:ba:c0:04:7b:
                    6e:c0:55:74:98:39:de:53:fa:ca:87:e5:ed:d1:be:
                    db:55:51:02:42:35:51:94:a1:19:65:3b:a0:ab:5b:
                    c4:fa:2e:9d:57:12:f2:0e:40:3d:c9:63:a1:5d:e2:
                    2e:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:8A:46:B3:08:32:F5:2E:DA:71:84:6F:80:FA:46:23:60:B2:6F:5E
            X509v3 Authority Key Identifier:
                keyid:11:7F:9D:55:82:6B:42:48:6D:FC:84:D3:5C:1A:63:A5:CE:87:50:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EX-dVYJrQkht_ITTXBpjpc6HUHw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/eopGswgy9S7acYRvgPpGI2Cyb14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/eafc41-c358-4b51-9b1c-3fbbba9249cd/1/EX-dVYJrQkht_ITTXBpjpc6HUHw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.228.161.0/24
                  178.236.253.0-178.236.254.255

    Signature Algorithm: sha256WithRSAEncryption
         50:76:74:87:bc:28:f5:67:0c:32:ae:ea:d1:80:b7:e4:7b:cc:
         4b:c1:ae:d1:2f:6d:96:1f:ce:bc:18:cc:9b:a5:4f:ef:ad:e7:
         54:66:b4:b3:a9:bc:23:90:c4:57:6c:38:32:84:49:8d:b5:ab:
         ad:44:34:0a:78:8d:fa:28:b0:df:a9:05:f5:e9:8e:76:15:54:
         55:a8:91:5a:f0:a3:b7:40:f0:91:dd:79:29:c0:f2:fb:4a:c0:
         4e:11:4a:6e:39:3b:48:50:57:56:aa:78:8c:bc:69:59:c1:31:
         c3:1b:6a:63:30:94:ae:f8:9c:f9:80:02:a4:d3:a3:9f:31:7c:
         10:b4:8c:51:4a:de:a2:92:32:df:e0:e0:b4:ce:5b:92:4f:68:
         b2:82:17:35:8d:7b:38:a6:b4:1c:15:ac:b1:59:43:fa:3a:78:
         f2:24:c5:61:48:7d:57:10:5e:94:27:4b:d9:47:f8:9f:70:95:
         aa:57:c9:ba:f9:a7:87:18:f4:27:e5:88:7b:3b:4b:d3:d5:23:
         fa:7c:40:b7:96:7b:5b:ab:9a:38:c1:ce:a0:92:6a:06:22:cb:
         fb:17:e7:b0:64:a0:a6:3d:88:c6:6e:61:f1:fd:0c:f9:85:70:
         a8:39:04:7e:e4:85:eb:d1:c9:12:3b:24:0a:dc:d2:5d:f8:39:
         94:0d:cc:8f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZGi7dvpSy6NP9E6++nlqm9rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExN2Y5ZDU1ODI2YjQyNDg2ZGZjODRkMzVjMWE2M2E1Y2U4
NzUwN2MwHhcNMjQwODMwMTA1NjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YThhNDZiMzA4MzJmNTJlZGE3MTg0NmY4MGZhNDYyMzYwYjI2ZjVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttm55dao1UxOO9vfoRxEfFMlFCNs
XvfRiLGzGgcRCd1bJMgFafN8tPlyBEIOv0q+5zjhVbNcALuYsLmMQ9NktcrrfiCF
MsfK0OaiLMgFC4Ev49suQ6AI0ZFoYI2opQdbvGkTQx32xXZyXHyx7axEfYvWcXrK
fhkjiol2TLhcVT6z9A7Dvl9mfLt/kR8kW7AEbzOb4ym9pBfnwsYWwW9Wn4AmbASP
I83+bTFe5grsQPu8BVh4dnjNteKN8kFqpiZNe/qyaSwJW9leUni6uLrABHtuwFV0
mDneU/rKh+Xt0b7bVVECQjVRlKEZZTugq1vE+i6dVxLyDkA9yWOhXeIuJQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFHqKRrMIMvUu2nGEb4D6RiNgsm9eMB8GA1UdIwQY
MBaAFBF/nVWCa0JIbfyE01waY6XOh1B8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMt
M2ZiYmJhOTI0OWNkLzEvZW9wR3N3Z3k5UzdhY1lSdmdQcEdJMkN5YjE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9lYWZjNDEtYzM1OC00YjUxLTliMWMtM2ZiYmJhOTI0OWNk
LzEvRVgtZFZZSnJRa2h0X0lUVFhCcGpwYzZIVUh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQAXuShMAwD
BACy7P0DBACy7P4wDQYJKoZIhvcNAQELBQADggEBAFB2dIe8KPVnDDKu6tGAt+R7
zEvBrtEvbZYfzrwYzJulT++t51RmtLOpvCOQxFdsODKESY21q61ENAp4jfoosN+p
BfXpjnYVVFWokVrwo7dA8JHdeSnA8vtKwE4RSm45O0hQV1aqeIy8aVnBMcMbamMw
lK74nPmAAqTTo58xfBC0jFFK3qKSMt/g4LTOW5JPaLKCFzWNezimtBwVrLFZQ/o6
ePIkxWFIfVcQXpQnS9lH+J9wlapXybr5p4cY9CfliHs7S9PVI/p8QLeWe1urmjjB
zqCSagYiy/sX57BkoKY9iMZuYfH9DPmFcKg5BH7khevRyRI7JArc0l34OZQNzI8=
-----END CERTIFICATE-----