Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/544bda-a4ef-4254-ba19-3c14ad2b83d7/1/EjHUkJUYl7Qm6y35Ef6AtaDF2F4.roa
File:                     EjHUkJUYl7Qm6y35Ef6AtaDF2F4.roa (raw, json)
Hash identifier:          7VywfiJhdSL+n+w0CxdURbNH8BJpyo9gOU/p27SBkz8=
Subject key identifier:   12:31:D4:90:95:18:97:B4:26:EB:2D:F9:11:FE:80:B5:A0:C5:D8:5E
Certificate issuer:       /CN=479828bdc6d059e7551592de3ee29eb41bf7bda5
Certificate serial:       018CC64B12D40DC0EE9EC4882309F7E5E12E
Authority key identifier: 47:98:28:BD:C6:D0:59:E7:55:15:92:DE:3E:E2:9E:B4:1B:F7:BD:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R5govcbQWedVFZLePuKetBv3vaU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/544bda-a4ef-4254-ba19-3c14ad2b83d7/1/EjHUkJUYl7Qm6y35Ef6AtaDF2F4.roa
Signing time:             Mon 01 Jan 2024 18:30:57 +0000
ROA not before:           Mon 01 Jan 2024 18:30:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     196877
IP address blocks:        193.104.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/544bda-a4ef-4254-ba19-3c14ad2b83d7/1/R5govcbQWedVFZLePuKetBv3vaU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/544bda-a4ef-4254-ba19-3c14ad2b83d7/1/R5govcbQWedVFZLePuKetBv3vaU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R5govcbQWedVFZLePuKetBv3vaU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:4b:12:d4:0d:c0:ee:9e:c4:88:23:09:f7:e5:e1:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=479828bdc6d059e7551592de3ee29eb41bf7bda5
        Validity
            Not Before: Jan  1 18:30:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1231d490951897b426eb2df911fe80b5a0c5d85e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a8:4a:4d:36:0c:bf:ae:86:02:bb:82:41:6d:
                    d5:e3:1c:83:5c:63:cf:f8:c3:53:a7:70:a4:40:67:
                    82:20:70:6a:82:91:91:2b:32:37:f5:65:cc:41:03:
                    26:7a:11:80:b1:6a:6d:18:1c:ed:bc:e0:17:ef:d1:
                    bd:0e:0f:2f:70:32:fd:f5:fd:ba:f3:05:dd:b4:85:
                    c8:c2:6e:1a:13:28:f8:51:a7:b9:0c:63:d7:65:f2:
                    f1:e1:c6:34:65:38:e7:c8:55:6a:13:61:2b:79:de:
                    4e:6b:46:88:fb:9a:2d:ed:60:c7:f6:fd:45:e9:fc:
                    d2:c4:a1:f7:12:88:25:96:f6:1e:b1:d2:66:48:0f:
                    18:e1:33:7e:6b:a6:ba:c4:99:e9:26:b2:6b:91:28:
                    34:64:89:c9:63:c4:d6:de:0a:68:81:7f:2f:c3:5b:
                    42:bd:b7:9e:11:50:34:61:9c:d3:1a:91:45:32:66:
                    f6:4a:78:55:3f:3d:65:94:60:72:a2:b3:ba:8b:ae:
                    3f:45:ac:96:70:b4:46:c3:b5:d0:f5:33:4c:3e:be:
                    0e:52:02:29:eb:bd:6e:3c:41:8f:fa:65:bb:5c:57:
                    14:bf:a5:5f:21:18:f7:1a:ba:55:cb:33:02:d4:a1:
                    44:a2:cc:80:ec:2e:e7:ff:4e:40:e3:8f:ea:95:47:
                    fc:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:31:D4:90:95:18:97:B4:26:EB:2D:F9:11:FE:80:B5:A0:C5:D8:5E
            X509v3 Authority Key Identifier:
                keyid:47:98:28:BD:C6:D0:59:E7:55:15:92:DE:3E:E2:9E:B4:1B:F7:BD:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R5govcbQWedVFZLePuKetBv3vaU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/544bda-a4ef-4254-ba19-3c14ad2b83d7/1/EjHUkJUYl7Qm6y35Ef6AtaDF2F4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/544bda-a4ef-4254-ba19-3c14ad2b83d7/1/R5govcbQWedVFZLePuKetBv3vaU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.104.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:1f:19:e3:6e:f4:86:f0:d0:df:bf:9c:ed:93:34:b6:97:bd:
         75:7c:64:80:61:c8:77:14:70:8d:28:70:f1:b4:05:55:a5:e4:
         0f:07:45:34:5d:82:0e:c1:74:3a:99:eb:94:80:87:c4:13:e3:
         2e:e0:d5:87:68:c8:7e:bd:8f:fd:70:87:b5:61:a4:2c:a2:82:
         88:7c:f0:6d:44:61:7b:5f:4f:6e:f1:5f:3d:47:45:fe:26:19:
         71:ef:34:84:fa:97:58:25:2b:3b:4b:71:5c:f4:3c:24:a8:9e:
         f7:99:35:b1:10:9c:6a:f1:76:a1:66:55:ff:82:ff:dc:d6:7e:
         94:43:95:35:45:d4:8e:0a:b6:ad:11:db:18:71:20:c2:44:a4:
         53:97:4c:27:03:c6:51:25:0e:cd:d0:1a:8d:79:04:a2:38:7b:
         c8:f6:e1:1d:15:99:5d:53:84:10:60:43:57:07:2a:ff:ca:eb:
         88:c4:14:eb:57:77:2a:b9:c7:7e:be:fa:1d:2c:26:e6:ca:47:
         4f:2c:fb:fa:4d:a8:82:bf:fd:99:ff:ec:e2:66:1c:2f:e3:aa:
         fa:f5:55:43:a6:52:42:a5:4b:40:b6:4e:7c:16:64:a2:c0:34:
         4f:51:68:f3:95:0f:cb:2c:20:f1:9a:2b:5b:fc:66:2d:1a:d8:
         cd:18:5c:2e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGSxLUDcDunsSIIwn35eEuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3OTgyOGJkYzZkMDU5ZTc1NTE1OTJkZTNlZTI5ZWI0MWJm
N2JkYTUwHhcNMjQwMTAxMTgzMDU3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjMxZDQ5MDk1MTg5N2I0MjZlYjJkZjkxMWZlODBiNWEwYzVkODVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvahKTTYMv66GAruCQW3V4xyDXGPP
+MNTp3CkQGeCIHBqgpGRKzI39WXMQQMmehGAsWptGBztvOAX79G9Dg8vcDL99f26
8wXdtIXIwm4aEyj4Uae5DGPXZfLx4cY0ZTjnyFVqE2Ered5Oa0aI+5ot7WDH9v1F
6fzSxKH3EogllvYesdJmSA8Y4TN+a6a6xJnpJrJrkSg0ZInJY8TW3gpogX8vw1tC
vbeeEVA0YZzTGpFFMmb2SnhVPz1llGByorO6i64/RayWcLRGw7XQ9TNMPr4OUgIp
671uPEGP+mW7XFcUv6VfIRj3GrpVyzMC1KFEosyA7C7n/05A44/qlUf8wwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBIx1JCVGJe0Just+RH+gLWgxdheMB8GA1UdIwQY
MBaAFEeYKL3G0FnnVRWS3j7inrQb972lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjVnb3ZjYlFXZWRWRlpMZVB1S2V0QnYzdmFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni81NDRiZGEtYTRlZi00MjU0LWJhMTkt
M2MxNGFkMmI4M2Q3LzEvRWpIVWtKVVlsN1FtNnkzNUVmNkF0YURGMkY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni81NDRiZGEtYTRlZi00MjU0LWJhMTktM2MxNGFkMmI4M2Q3
LzEvUjVnb3ZjYlFXZWRWRlpMZVB1S2V0QnYzdmFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWjSMA0G
CSqGSIb3DQEBCwUAA4IBAQBEHxnjbvSG8NDfv5ztkzS2l711fGSAYch3FHCNKHDx
tAVVpeQPB0U0XYIOwXQ6meuUgIfEE+Mu4NWHaMh+vY/9cIe1YaQsooKIfPBtRGF7
X09u8V89R0X+Jhlx7zSE+pdYJSs7S3Fc9DwkqJ73mTWxEJxq8XahZlX/gv/c1n6U
Q5U1RdSOCratEdsYcSDCRKRTl0wnA8ZRJQ7N0BqNeQSiOHvI9uEdFZldU4QQYENX
Byr/yuuIxBTrV3cqucd+vvodLCbmykdPLPv6TaiCv/2Z/+ziZhwv46r69VVDplJC
pUtAtk58FmSiwDRPUWjzlQ/LLCDxmitb/GYtGtjNGFwu
-----END CERTIFICATE-----