Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/7hGLcR22ZRWH30JAw1gxfhh8OhE.roa
File:                     7hGLcR22ZRWH30JAw1gxfhh8OhE.roa (raw, json)
Hash identifier:          YUMD1BjYdf6nQBcX4fgue8B+WoYYfk/5yKtIOgLrEp8=
Subject key identifier:   EE:11:8B:71:1D:B6:65:15:87:DF:42:40:C3:58:31:7E:18:7C:3A:11
Certificate issuer:       /CN=122a646bed4c417a6b4805f93d77a7a465e34b93
Certificate serial:       018CC726D51B37C220F844964BD41E948531
Authority key identifier: 12:2A:64:6B:ED:4C:41:7A:6B:48:05:F9:3D:77:A7:A4:65:E3:4B:93
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eipka-1MQXprSAX5PXenpGXjS5M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/7hGLcR22ZRWH30JAw1gxfhh8OhE.roa
Signing time:             Mon 01 Jan 2024 22:31:00 +0000
ROA not before:           Mon 01 Jan 2024 22:31:00 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49102
IP address blocks:        93.159.128.0/18 maxlen: 18
                          2a00:1578::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/Eipka-1MQXprSAX5PXenpGXjS5M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/Eipka-1MQXprSAX5PXenpGXjS5M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eipka-1MQXprSAX5PXenpGXjS5M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:d5:1b:37:c2:20:f8:44:96:4b:d4:1e:94:85:31
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=122a646bed4c417a6b4805f93d77a7a465e34b93
        Validity
            Not Before: Jan  1 22:31:00 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee118b711db6651587df4240c358317e187c3a11
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:2b:fc:4b:55:33:ac:bd:c1:eb:eb:9f:3c:13:
                    a5:05:93:ed:55:f1:70:1f:b3:dd:51:34:75:dc:e1:
                    bc:db:63:f7:31:ac:2b:6a:d7:d2:3e:87:39:7f:60:
                    2c:11:e4:d6:5d:3f:31:a1:98:e9:2b:71:fc:f0:dc:
                    ff:9e:8e:68:5d:51:20:64:b7:69:be:f0:eb:cc:9c:
                    74:60:5c:13:27:0c:fb:85:9e:c3:a7:52:01:11:ed:
                    e0:ca:79:3f:9b:0a:70:0a:63:6b:76:ac:c8:e2:c2:
                    ed:2a:e2:15:63:70:37:8f:cf:bd:aa:a4:77:6b:cd:
                    64:2e:40:ec:19:49:98:b3:d2:e5:69:b6:7c:34:1f:
                    b4:f0:c5:fe:13:0c:aa:ce:71:c2:0b:8f:e9:fa:4c:
                    d1:f2:5d:4b:cd:45:e2:c5:9a:b5:79:0e:23:46:75:
                    c5:a2:07:13:93:b6:c9:f9:2f:0c:41:87:2c:34:24:
                    59:58:a2:84:28:f2:3e:eb:53:64:f9:6b:ea:8d:1d:
                    26:8f:9e:b8:d8:15:0c:6d:18:e7:3c:c1:03:f1:62:
                    8a:72:6b:72:1f:eb:e2:26:6c:53:0d:22:8b:e2:f3:
                    fc:97:a9:0f:61:48:02:67:ad:5a:4a:71:ec:01:d3:
                    f7:33:b9:ad:fe:92:23:f3:1f:94:16:59:53:ec:c1:
                    63:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:11:8B:71:1D:B6:65:15:87:DF:42:40:C3:58:31:7E:18:7C:3A:11
            X509v3 Authority Key Identifier:
                keyid:12:2A:64:6B:ED:4C:41:7A:6B:48:05:F9:3D:77:A7:A4:65:E3:4B:93

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eipka-1MQXprSAX5PXenpGXjS5M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/7hGLcR22ZRWH30JAw1gxfhh8OhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/a596e2-29d2-48c6-9bab-5cbd1f3ff39a/1/Eipka-1MQXprSAX5PXenpGXjS5M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.159.128.0/18
                IPv6:
                  2a00:1578::/29

    Signature Algorithm: sha256WithRSAEncryption
         62:5f:81:c5:b6:90:ae:58:7a:a0:36:70:4f:a2:6b:d9:6b:d1:
         86:b0:d2:db:8e:c2:ef:df:e7:ac:e8:b4:de:02:d1:f9:a6:10:
         83:61:90:f6:59:f4:06:17:5f:9d:67:f1:12:b2:06:4d:c5:e5:
         22:d0:de:f5:d0:c2:d1:cb:38:6a:bc:c1:84:9e:68:da:94:be:
         3a:d2:fb:a9:06:b9:22:cc:c0:86:e8:22:d7:69:32:d5:29:80:
         bb:9d:7d:4e:c3:6c:3e:8f:4c:24:af:3d:0b:42:42:69:c8:b6:
         5e:4d:b2:9f:56:c7:24:80:c0:9a:04:a4:ff:6d:25:9d:34:14:
         5b:48:4d:ae:50:cc:27:54:ac:be:a8:a6:4d:cf:be:d4:dc:ab:
         04:90:53:9d:78:81:0a:41:af:6a:ac:2c:c7:a0:33:0e:76:22:
         1a:bf:87:75:55:90:ba:f2:24:30:80:a2:43:71:23:68:1b:3b:
         a4:82:a4:04:15:9d:71:35:f3:20:de:99:87:4b:c9:5d:24:42:
         ef:a3:d5:66:65:9f:e1:fb:21:e6:b6:df:98:ac:63:27:d6:55:
         03:d0:da:d9:6c:eb:0b:34:ce:2f:f6:ce:f6:ab:2d:76:77:12:
         67:db:11:cb:f6:30:96:71:87:29:eb:99:4c:8d:d7:2b:bf:b7:
         ba:c1:77:82
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzHJtUbN8Ig+ESWS9QelIUxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyMmE2NDZiZWQ0YzQxN2E2YjQ4MDVmOTNkNzdhN2E0NjVl
MzRiOTMwHhcNMjQwMTAxMjIzMTAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTExOGI3MTFkYjY2NTE1ODdkZjQyNDBjMzU4MzE3ZTE4N2MzYTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4iv8S1UzrL3B6+ufPBOlBZPtVfFw
H7PdUTR13OG822P3MawratfSPoc5f2AsEeTWXT8xoZjpK3H88Nz/no5oXVEgZLdp
vvDrzJx0YFwTJwz7hZ7Dp1IBEe3gynk/mwpwCmNrdqzI4sLtKuIVY3A3j8+9qqR3
a81kLkDsGUmYs9LlabZ8NB+08MX+EwyqznHCC4/p+kzR8l1LzUXixZq1eQ4jRnXF
ogcTk7bJ+S8MQYcsNCRZWKKEKPI+61Nk+WvqjR0mj5642BUMbRjnPMED8WKKcmty
H+viJmxTDSKL4vP8l6kPYUgCZ61aSnHsAdP3M7mt/pIj8x+UFllT7MFjaQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO4Ri3EdtmUVh99CQMNYMX4YfDoRMB8GA1UdIwQY
MBaAFBIqZGvtTEF6a0gF+T13p6Rl40uTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRWlwa2EtMU1RWHByU0FYNVBYZW5wR1hqUzVNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9hNTk2ZTItMjlkMi00OGM2LTliYWIt
NWNiZDFmM2ZmMzlhLzEvN2hHTGNSMjJaUldIMzBKQXcxZ3hmaGg4T2hFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9hNTk2ZTItMjlkMi00OGM2LTliYWItNWNiZDFmM2ZmMzlh
LzEvRWlwa2EtMU1RWHByU0FYNVBYZW5wR1hqUzVNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQGXZ+AMA0E
AgACMAcDBQMqABV4MA0GCSqGSIb3DQEBCwUAA4IBAQBiX4HFtpCuWHqgNnBPomvZ
a9GGsNLbjsLv3+es6LTeAtH5phCDYZD2WfQGF1+dZ/ESsgZNxeUi0N710MLRyzhq
vMGEnmjalL460vupBrkizMCG6CLXaTLVKYC7nX1Ow2w+j0wkrz0LQkJpyLZeTbKf
VsckgMCaBKT/bSWdNBRbSE2uUMwnVKy+qKZNz77U3KsEkFOdeIEKQa9qrCzHoDMO
diIav4d1VZC68iQwgKJDcSNoGzukgqQEFZ1xNfMg3pmHS8ldJELvo9VmZZ/h+yHm
tt+YrGMn1lUD0NrZbOsLNM4v9s72qy12dxJn2xHL9jCWcYcp65lMjdcrv7e6wXeC
-----END CERTIFICATE-----