Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/EaVm-815146B0JfE87lsUZX5_QA.roa
File:                     EaVm-815146B0JfE87lsUZX5_QA.roa (raw, json)
Hash identifier:          OAA1xcbVOuYQEEru10RAdhyPlXBmSial6bqjqnQ1Dsg=
Subject key identifier:   11:A5:66:FB:CD:79:D7:8E:81:D0:97:C4:F3:B9:6C:51:95:F9:FD:00
Certificate issuer:       /CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
Certificate serial:       018DD18D33CD1F769C8C4D5FBFCCF6903021
Authority key identifier: 49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/EaVm-815146B0JfE87lsUZX5_QA.roa
Signing time:             Thu 22 Feb 2024 16:01:48 +0000
ROA not before:           Thu 22 Feb 2024 16:01:48 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5511
IP address blocks:        80.71.234.0/24 maxlen: 24
                          80.71.237.0/24 maxlen: 24
                          80.71.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 02:00:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:d1:8d:33:cd:1f:76:9c:8c:4d:5f:bf:cc:f6:90:30:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49e51694c4d46b4fcc02fae71e5db942a7108e47
        Validity
            Not Before: Feb 22 16:01:48 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11a566fbcd79d78e81d097c4f3b96c5195f9fd00
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:8b:86:bf:17:6f:81:f1:1e:c9:0f:fe:ce:7c:
                    81:b0:bc:21:ee:be:15:58:1f:8d:25:20:ac:da:00:
                    e2:90:b6:c5:66:c9:f5:2c:6a:d8:95:2b:c2:c9:43:
                    0a:6d:79:55:43:19:50:48:70:7c:85:46:3f:5a:2d:
                    b8:4d:4e:4d:7a:8a:6c:eb:b6:92:d8:83:c6:bb:51:
                    c9:35:3a:e3:46:ae:5e:42:a3:c8:20:bd:bf:f2:4a:
                    9b:a5:24:12:a3:7f:26:bc:ec:48:b1:bf:09:86:ac:
                    3d:c8:9d:42:c9:b2:73:a0:e4:ad:a8:d0:59:81:02:
                    32:a6:2e:c7:c8:63:aa:3b:c7:3e:93:7c:83:ab:08:
                    63:45:93:f3:cc:4b:35:da:85:1a:44:ce:f0:8c:cb:
                    07:c5:ba:74:da:09:59:5c:80:e3:ab:2b:99:d1:aa:
                    44:e6:43:89:a2:f5:4d:32:97:6b:6e:38:15:6e:9c:
                    4f:fc:76:66:34:32:4f:9c:70:41:53:23:ca:84:a1:
                    61:7a:97:93:a4:f9:e4:44:c2:61:96:24:c4:92:85:
                    cb:39:75:eb:ff:4e:61:82:f3:9b:cf:c1:31:69:3c:
                    a4:5c:56:b4:a9:ea:1c:e4:4a:cf:c5:94:36:5d:a0:
                    d6:e9:a7:8b:ed:85:d9:23:22:16:c9:91:d9:9e:e8:
                    86:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:A5:66:FB:CD:79:D7:8E:81:D0:97:C4:F3:B9:6C:51:95:F9:FD:00
            X509v3 Authority Key Identifier:
                keyid:49:E5:16:94:C4:D4:6B:4F:CC:02:FA:E7:1E:5D:B9:42:A7:10:8E:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SeUWlMTUa0_MAvrnHl25QqcQjkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/EaVm-815146B0JfE87lsUZX5_QA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/86/9db525-1059-4c07-a5ad-19189b3c9c7d/1/SeUWlMTUa0_MAvrnHl25QqcQjkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.71.234.0/24
                  80.71.237.0/24
                  80.71.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3b:1b:da:2f:f0:2e:03:71:35:96:68:bd:44:1d:c1:71:10:c7:
         cb:70:57:fc:0e:68:27:87:c5:70:5a:6e:d6:3d:b8:99:f5:67:
         a6:07:4e:31:60:5d:a4:f2:49:88:c7:a6:5f:01:85:d3:55:ea:
         c3:56:df:9f:40:87:60:4a:59:00:c0:25:cb:97:74:d1:63:f1:
         2e:de:38:5a:16:71:50:bf:d0:29:29:8e:f1:54:52:2e:8f:2e:
         db:dc:6a:26:21:1f:75:ca:9d:42:1a:16:29:e8:fa:69:74:12:
         36:57:ad:37:93:27:70:bc:72:99:8b:82:d1:ff:a9:fc:f8:ba:
         3e:fc:a2:d4:e6:88:43:55:78:63:4a:52:8b:02:c8:95:da:a1:
         b6:6c:2c:e1:e3:fb:a7:0c:36:63:4d:21:e3:e0:fb:7f:79:62:
         54:75:35:66:5d:13:18:3f:93:5b:13:b5:97:d1:69:e1:3a:99:
         1a:88:8f:d9:e4:6f:e4:9e:c5:53:77:57:f7:b9:35:47:5b:12:
         7a:55:6c:c7:25:06:70:c4:43:9f:f7:08:24:38:eb:ac:0b:6b:
         6d:be:5d:dc:f3:ce:59:7c:7a:06:2d:d3:ab:9b:e9:39:bf:b4:
         83:c5:23:e0:e2:78:b9:18:74:83:47:57:d1:e0:17:a3:66:c8:
         85:84:cd:41
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY3RjTPNH3acjE1fv8z2kDAhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZTUxNjk0YzRkNDZiNGZjYzAyZmFlNzFlNWRiOTQyYTcx
MDhlNDcwHhcNMjQwMjIyMTYwMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWE1NjZmYmNkNzlkNzhlODFkMDk3YzRmM2I5NmM1MTk1ZjlmZDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhIuGvxdvgfEeyQ/+znyBsLwh7r4V
WB+NJSCs2gDikLbFZsn1LGrYlSvCyUMKbXlVQxlQSHB8hUY/Wi24TU5Neops67aS
2IPGu1HJNTrjRq5eQqPIIL2/8kqbpSQSo38mvOxIsb8Jhqw9yJ1CybJzoOStqNBZ
gQIypi7HyGOqO8c+k3yDqwhjRZPzzEs12oUaRM7wjMsHxbp02glZXIDjqyuZ0apE
5kOJovVNMpdrbjgVbpxP/HZmNDJPnHBBUyPKhKFhepeTpPnkRMJhliTEkoXLOXXr
/05hgvObz8ExaTykXFa0qeoc5ErPxZQ2XaDW6aeL7YXZIyIWyZHZnuiGsQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBGlZvvNedeOgdCXxPO5bFGV+f0AMB8GA1UdIwQY
MBaAFEnlFpTE1GtPzAL65x5duUKnEI5HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQt
MTkxODliM2M5YzdkLzEvRWFWbS04MTUxNDZCMEpmRTg3bHNVWlg1X1FBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ni85ZGI1MjUtMTA1OS00YzA3LWE1YWQtMTkxODliM2M5Yzdk
LzEvU2VVV2xNVFVhMF9NQXZybkhsMjVRcWNRamtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAUEfqAwQA
UEftAwQAUEfvMA0GCSqGSIb3DQEBCwUAA4IBAQA7G9ov8C4DcTWWaL1EHcFxEMfL
cFf8Dmgnh8VwWm7WPbiZ9WemB04xYF2k8kmIx6ZfAYXTVerDVt+fQIdgSlkAwCXL
l3TRY/Eu3jhaFnFQv9ApKY7xVFIujy7b3GomIR91yp1CGhYp6PppdBI2V603kydw
vHKZi4LR/6n8+Lo+/KLU5ohDVXhjSlKLAsiV2qG2bCzh4/unDDZjTSHj4Pt/eWJU
dTVmXRMYP5NbE7WX0WnhOpkaiI/Z5G/knsVTd1f3uTVHWxJ6VWzHJQZwxEOf9wgk
OOusC2ttvl3c885ZfHoGLdOrm+k5v7SDxSPg4ni5GHSDR1fR4BejZsiFhM1B
-----END CERTIFICATE-----