Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/89/e1b34a-f388-4ddd-92cd-e1c0a4d04917/1/Eq175GJkFo7xOXeeC5HB7QD7v4U.roa
File:                     Eq175GJkFo7xOXeeC5HB7QD7v4U.roa (raw, json)
Hash identifier:          jzAPEneavZOXgVRZwyhSgPx82yjCe1ah372bjOubK2w=
Subject key identifier:   12:AD:7B:E4:62:64:16:8E:F1:39:77:9E:0B:91:C1:ED:00:FB:BF:85
Certificate issuer:       /CN=7ebb888f2b99de9972e2446eba058ab8e2cd7b3f
Certificate serial:       018FF34886E9972D1878C6E50DCCC7201567
Authority key identifier: 7E:BB:88:8F:2B:99:DE:99:72:E2:44:6E:BA:05:8A:B8:E2:CD:7B:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fruIjyuZ3ply4kRuugWKuOLNez8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/89/e1b34a-f388-4ddd-92cd-e1c0a4d04917/1/Eq175GJkFo7xOXeeC5HB7QD7v4U.roa
Signing time:             Fri 07 Jun 2024 15:19:27 +0000
ROA not before:           Fri 07 Jun 2024 15:19:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216018
IP address blocks:        185.77.88.0/24 maxlen: 24
                          185.77.91.0/24 maxlen: 24
                          2a05:60c0:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/89/e1b34a-f388-4ddd-92cd-e1c0a4d04917/1/fruIjyuZ3ply4kRuugWKuOLNez8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/89/e1b34a-f388-4ddd-92cd-e1c0a4d04917/1/fruIjyuZ3ply4kRuugWKuOLNez8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fruIjyuZ3ply4kRuugWKuOLNez8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 07:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f3:48:86:e9:97:2d:18:78:c6:e5:0d:cc:c7:20:15:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ebb888f2b99de9972e2446eba058ab8e2cd7b3f
        Validity
            Not Before: Jun  7 15:19:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12ad7be46264168ef139779e0b91c1ed00fbbf85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ec:ea:ed:a4:1f:7a:81:41:13:ea:2a:85:e6:
                    00:6f:c7:73:1b:be:28:6e:6b:db:10:f7:57:55:45:
                    71:6e:69:c3:a8:c3:2d:bd:76:28:4f:5c:e6:4a:19:
                    38:eb:64:01:a2:3c:87:ba:23:02:ef:43:6c:ea:a5:
                    11:cf:6d:00:59:ec:fd:df:69:bf:26:f0:c2:39:2c:
                    d4:6f:30:40:a0:b9:e9:0f:9a:e8:5d:bf:f1:5d:e3:
                    64:7f:4d:d0:b9:2d:b9:3d:34:e5:78:42:07:ad:15:
                    be:c8:c0:37:b7:c0:6d:6a:02:5f:16:06:ef:9f:f4:
                    29:b4:ad:4e:3a:92:9f:13:47:ac:8e:53:8e:c8:1c:
                    30:cd:47:00:51:02:ac:6a:8d:1d:c3:21:1f:2c:1b:
                    10:f8:dd:e8:5d:71:14:a9:9d:88:c6:c0:9b:17:7b:
                    cd:9e:0f:d2:f8:b6:94:03:5d:b3:f9:11:3b:05:b2:
                    1d:19:21:65:42:f6:a8:ff:31:d5:8a:59:93:51:6e:
                    23:00:83:3d:d1:39:fc:55:5f:c1:7b:ee:d8:7c:53:
                    0e:cf:06:8c:56:a7:1d:3f:c4:3e:cf:b6:d1:7c:bf:
                    46:c9:fd:e0:cd:de:5a:ab:a1:c3:7b:00:de:7c:cf:
                    fb:7e:84:d4:91:a3:5e:09:a5:93:e1:ea:b8:a4:b5:
                    65:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:AD:7B:E4:62:64:16:8E:F1:39:77:9E:0B:91:C1:ED:00:FB:BF:85
            X509v3 Authority Key Identifier:
                keyid:7E:BB:88:8F:2B:99:DE:99:72:E2:44:6E:BA:05:8A:B8:E2:CD:7B:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fruIjyuZ3ply4kRuugWKuOLNez8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/89/e1b34a-f388-4ddd-92cd-e1c0a4d04917/1/Eq175GJkFo7xOXeeC5HB7QD7v4U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/89/e1b34a-f388-4ddd-92cd-e1c0a4d04917/1/fruIjyuZ3ply4kRuugWKuOLNez8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.77.88.0/24
                  185.77.91.0/24
                IPv6:
                  2a05:60c0:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         0a:f3:7e:b0:6c:ce:4c:52:b2:29:a9:4b:bc:b0:b5:c3:85:aa:
         d8:b9:c7:2b:fc:a3:08:c5:2d:dc:4c:4b:20:45:7c:23:26:af:
         f9:f7:0d:55:7e:b9:a3:d9:0c:02:e5:05:4b:b0:82:fe:a5:32:
         47:68:38:bc:58:03:af:66:7a:92:f1:41:7f:a4:97:cc:e1:e6:
         13:74:90:5c:2f:b5:6a:f9:e8:a7:1a:75:13:73:02:a9:81:15:
         f7:a3:fc:ed:0e:59:db:47:ba:10:ef:39:e8:13:3e:41:fe:78:
         dc:cd:b7:57:5a:ed:d1:82:bb:a1:f9:ee:ac:5e:90:31:86:74:
         dd:ea:ce:c4:98:4a:c0:34:67:25:3c:14:b2:1b:50:4a:a2:9b:
         bc:be:69:88:4f:a3:c6:1f:ab:67:8e:37:92:24:11:63:7f:7e:
         93:1d:b6:21:89:35:31:85:a5:4e:f4:7a:8d:89:a8:b6:8e:f3:
         8f:a9:43:03:b3:a8:65:1f:90:9d:71:a2:81:14:30:62:a6:e9:
         a6:d5:7f:85:e8:7c:7f:41:ce:3d:f9:7b:45:bf:f0:0c:54:80:
         4a:d5:51:d4:65:3f:f3:89:38:49:01:6a:13:9b:92:ff:ca:80:
         d6:0a:94:50:19:2a:2d:45:f2:73:2c:79:8e:84:ba:66:a6:db:
         72:fb:29:fa
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAY/zSIbply0YeMblDczHIBVnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlYmI4ODhmMmI5OWRlOTk3MmUyNDQ2ZWJhMDU4YWI4ZTJj
ZDdiM2YwHhcNMjQwNjA3MTUxOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmFkN2JlNDYyNjQxNjhlZjEzOTc3OWUwYjkxYzFlZDAwZmJiZjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvOzq7aQfeoFBE+oqheYAb8dzG74o
bmvbEPdXVUVxbmnDqMMtvXYoT1zmShk462QBojyHuiMC70Ns6qURz20AWez932m/
JvDCOSzUbzBAoLnpD5roXb/xXeNkf03QuS25PTTleEIHrRW+yMA3t8BtagJfFgbv
n/QptK1OOpKfE0esjlOOyBwwzUcAUQKsao0dwyEfLBsQ+N3oXXEUqZ2IxsCbF3vN
ng/S+LaUA12z+RE7BbIdGSFlQvao/zHVilmTUW4jAIM90Tn8VV/Be+7YfFMOzwaM
VqcdP8Q+z7bRfL9Gyf3gzd5aq6HDewDefM/7foTUkaNeCaWT4eq4pLVlawIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFBKte+RiZBaO8Tl3nguRwe0A+7+FMB8GA1UdIwQY
MBaAFH67iI8rmd6ZcuJEbroFirjizXs/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZnJ1SWp5dVozcGx5NGtSdXVnV0t1T0xOZXo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84OS9lMWIzNGEtZjM4OC00ZGRkLTkyY2Qt
ZTFjMGE0ZDA0OTE3LzEvRXExNzVHSmtGbzd4T1hlZUM1SEI3UUQ3djRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84OS9lMWIzNGEtZjM4OC00ZGRkLTkyY2QtZTFjMGE0ZDA0OTE3
LzEvZnJ1SWp5dVozcGx5NGtSdXVnV0t1T0xOZXo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAuU1YAwQA
uU1bMA8EAgACMAkDBwAqBWDAAAIwDQYJKoZIhvcNAQELBQADggEBAArzfrBszkxS
simpS7ywtcOFqti5xyv8owjFLdxMSyBFfCMmr/n3DVV+uaPZDALlBUuwgv6lMkdo
OLxYA69mepLxQX+kl8zh5hN0kFwvtWr56KcadRNzAqmBFfej/O0OWdtHuhDvOegT
PkH+eNzNt1da7dGCu6H57qxekDGGdN3qzsSYSsA0ZyU8FLIbUEqim7y+aYhPo8Yf
q2eON5IkEWN/fpMdtiGJNTGFpU70eo2JqLaO84+pQwOzqGUfkJ1xooEUMGKm6abV
f4XofH9Bzj35e0W/8AxUgErVUdRlP/OJOEkBahObkv/KgNYKlFAZKi1F8nMseY6E
umam23L7Kfo=
-----END CERTIFICATE-----