Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/EHxfnIkj6YlKU-R2-WBUbEKWbDA.roa
File:                     EHxfnIkj6YlKU-R2-WBUbEKWbDA.roa (raw, json)
Hash identifier:          5Jx//5o99K0BHxHI0qe6yJbIuIMuUmHNaKWbcDqxLVQ=
Subject key identifier:   10:7C:5F:9C:89:23:E9:89:4A:53:E4:76:F9:60:54:6C:42:96:6C:30
Certificate issuer:       /CN=76f311ef1581a00e437cd704b6281ac8621afc56
Certificate serial:       018CC4931DF84F2EB3A052B6A407161D71A6
Authority key identifier: 76:F3:11:EF:15:81:A0:0E:43:7C:D7:04:B6:28:1A:C8:62:1A:FC:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dvMR7xWBoA5DfNcEtigayGIa_FY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/EHxfnIkj6YlKU-R2-WBUbEKWbDA.roa
Signing time:             Mon 01 Jan 2024 10:30:24 +0000
ROA not before:           Mon 01 Jan 2024 10:30:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49544
IP address blocks:        212.104.206.0/23 maxlen: 24
                          2a04:7141::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/dvMR7xWBoA5DfNcEtigayGIa_FY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/dvMR7xWBoA5DfNcEtigayGIa_FY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dvMR7xWBoA5DfNcEtigayGIa_FY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:1d:f8:4f:2e:b3:a0:52:b6:a4:07:16:1d:71:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76f311ef1581a00e437cd704b6281ac8621afc56
        Validity
            Not Before: Jan  1 10:30:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=107c5f9c8923e9894a53e476f960546c42966c30
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:de:8c:44:d1:9b:a0:5c:2e:88:1b:30:cc:8d:
                    0d:d4:51:51:9d:9c:b1:c9:41:66:61:30:24:36:fe:
                    ba:65:5a:00:cb:8f:6c:58:ab:e3:aa:48:2e:7b:21:
                    8d:f3:61:4d:7d:b4:ed:6a:41:42:d1:63:cd:86:cb:
                    94:1d:6c:19:1f:dc:39:81:bd:cc:66:98:08:04:d6:
                    60:81:9a:fa:54:f7:a6:68:65:ba:11:af:0a:d1:db:
                    5e:7e:0a:d8:87:9f:6d:c7:24:41:78:17:9d:05:b0:
                    24:4e:86:11:dd:1d:c8:7f:df:b3:8d:4d:11:d7:60:
                    1f:5d:5e:82:28:8b:ba:8b:b3:d6:6f:a7:f0:59:18:
                    ef:5b:c4:86:6f:8d:e6:af:1f:7a:c5:fd:ed:13:86:
                    c5:83:fc:72:51:4a:16:42:74:7c:8c:de:75:3a:10:
                    2d:be:82:0e:c8:a5:48:b5:1e:6f:76:c9:e4:02:d7:
                    a0:fa:7f:75:08:5e:c2:17:e3:be:87:a4:0e:6d:eb:
                    36:57:26:07:79:b0:16:c3:18:02:5b:a4:49:e9:76:
                    43:03:a8:fc:1a:7f:d2:51:2e:7f:1e:d2:ea:e5:0a:
                    73:51:19:d6:e3:35:7b:7d:e7:36:69:de:ef:f4:5e:
                    b1:48:8a:c2:48:18:fd:a3:21:81:76:f5:9d:12:be:
                    ee:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:7C:5F:9C:89:23:E9:89:4A:53:E4:76:F9:60:54:6C:42:96:6C:30
            X509v3 Authority Key Identifier:
                keyid:76:F3:11:EF:15:81:A0:0E:43:7C:D7:04:B6:28:1A:C8:62:1A:FC:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dvMR7xWBoA5DfNcEtigayGIa_FY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/EHxfnIkj6YlKU-R2-WBUbEKWbDA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/525224-78ea-49e4-9749-169431296c59/1/dvMR7xWBoA5DfNcEtigayGIa_FY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.104.206.0/23
                IPv6:
                  2a04:7141::/36

    Signature Algorithm: sha256WithRSAEncryption
         99:48:47:ed:12:80:c4:01:8b:ac:ab:53:e5:0b:20:b5:7d:3b:
         52:2a:42:b6:b0:2e:64:c3:64:88:1f:bd:c7:19:54:4a:17:e8:
         90:b1:ab:c5:63:3a:bf:9f:35:fb:df:22:e9:42:33:b7:94:96:
         4a:cb:56:a5:58:37:10:31:d7:19:b5:d4:da:9c:69:ee:35:fc:
         79:57:0a:5c:b3:18:7f:66:24:38:cd:16:16:7e:bf:d7:c5:52:
         2a:99:ee:27:cf:20:c3:c6:d3:4c:9d:85:cb:9e:a6:61:de:c4:
         0a:b0:fc:63:df:1b:18:ee:de:a8:7a:e3:75:3f:f8:3b:e7:b5:
         0b:c8:c0:91:22:ce:84:a5:98:e1:8e:3a:38:6e:5f:13:18:d7:
         c9:d8:82:d6:6a:e5:ab:52:4f:c7:9e:26:3e:f3:2e:f1:69:6e:
         a5:4e:7f:ea:e2:a4:79:2c:e6:bd:3d:2f:93:bd:af:cd:e0:86:
         92:39:5f:a9:b8:7d:6a:29:01:ec:4c:42:44:ed:2c:1b:1b:c2:
         d7:98:dc:72:9c:ff:ab:b3:72:07:6d:03:26:37:84:45:06:14:
         5b:0c:5c:5a:c1:4e:57:f5:d5:63:6f:f8:65:8e:1d:d2:92:6b:
         f5:cc:e0:f1:5b:2e:bd:26:97:10:d6:c2:33:97:73:d2:0e:22:
         52:ad:3b:cc
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzEkx34Ty6zoFK2pAcWHXGmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZjMxMWVmMTU4MWEwMGU0MzdjZDcwNGI2MjgxYWM4NjIx
YWZjNTYwHhcNMjQwMTAxMTAzMDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDdjNWY5Yzg5MjNlOTg5NGE1M2U0NzZmOTYwNTQ2YzQyOTY2YzMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjt6MRNGboFwuiBswzI0N1FFRnZyx
yUFmYTAkNv66ZVoAy49sWKvjqkgueyGN82FNfbTtakFC0WPNhsuUHWwZH9w5gb3M
ZpgIBNZggZr6VPemaGW6Ea8K0dtefgrYh59txyRBeBedBbAkToYR3R3If9+zjU0R
12AfXV6CKIu6i7PWb6fwWRjvW8SGb43mrx96xf3tE4bFg/xyUUoWQnR8jN51OhAt
voIOyKVItR5vdsnkAteg+n91CF7CF+O+h6QObes2VyYHebAWwxgCW6RJ6XZDA6j8
Gn/SUS5/HtLq5QpzURnW4zV7fec2ad7v9F6xSIrCSBj9oyGBdvWdEr7ulwIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFBB8X5yJI+mJSlPkdvlgVGxClmwwMB8GA1UdIwQY
MBaAFHbzEe8VgaAOQ3zXBLYoGshiGvxWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHZNUjd4V0JvQTVEZk5jRXRpZ2F5R0lhX0ZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81MjUyMjQtNzhlYS00OWU0LTk3NDkt
MTY5NDMxMjk2YzU5LzEvRUh4Zm5Ja2o2WWxLVS1SMi1XQlViRUtXYkRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81MjUyMjQtNzhlYS00OWU0LTk3NDktMTY5NDMxMjk2YzU5
LzEvZHZNUjd4V0JvQTVEZk5jRXRpZ2F5R0lhX0ZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQB1GjOMA4E
AgACMAgDBgQqBHFBADANBgkqhkiG9w0BAQsFAAOCAQEAmUhH7RKAxAGLrKtT5Qsg
tX07UipCtrAuZMNkiB+9xxlUShfokLGrxWM6v581+98i6UIzt5SWSstWpVg3EDHX
GbXU2pxp7jX8eVcKXLMYf2YkOM0WFn6/18VSKpnuJ88gw8bTTJ2Fy56mYd7ECrD8
Y98bGO7eqHrjdT/4O+e1C8jAkSLOhKWY4Y46OG5fExjXydiC1mrlq1JPx54mPvMu
8WlupU5/6uKkeSzmvT0vk72vzeCGkjlfqbh9aikB7ExCRO0sGxvC15jccpz/q7Ny
B20DJjeERQYUWwxcWsFOV/XVY2/4ZY4d0pJr9czg8VsuvSaXENbCM5dz0g4iUq07
zA==
-----END CERTIFICATE-----