Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/Ea6G-eyIhEcbKmxyk8VRdGzmas4.roa
File:                     Ea6G-eyIhEcbKmxyk8VRdGzmas4.roa (raw, json)
Hash identifier:          jcxtWAcbYPZCmnYReMbR+idxBTxflnlz2e6fG5LJ0Do=
Subject key identifier:   11:AE:86:F9:EC:88:84:47:1B:2A:6C:72:93:C5:51:74:6C:E6:6A:CE
Certificate issuer:       /CN=1a9154e1c5578b0fef8abb779f8117e64e884d18
Certificate serial:       018CC6B900C85712A82BB568D19D5B940627
Authority key identifier: 1A:91:54:E1:C5:57:8B:0F:EF:8A:BB:77:9F:81:17:E6:4E:88:4D:18
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GpFU4cVXiw_virt3n4EX5k6ITRg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/Ea6G-eyIhEcbKmxyk8VRdGzmas4.roa
Signing time:             Mon 01 Jan 2024 20:31:02 +0000
ROA not before:           Mon 01 Jan 2024 20:31:02 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7029
IP address blocks:        193.176.98.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/GpFU4cVXiw_virt3n4EX5k6ITRg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/GpFU4cVXiw_virt3n4EX5k6ITRg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GpFU4cVXiw_virt3n4EX5k6ITRg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c6:b9:00:c8:57:12:a8:2b:b5:68:d1:9d:5b:94:06:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a9154e1c5578b0fef8abb779f8117e64e884d18
        Validity
            Not Before: Jan  1 20:31:02 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11ae86f9ec8884471b2a6c7293c551746ce66ace
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:82:fb:d5:72:f4:92:91:61:d7:08:35:7c:83:17:
                    5f:24:4e:b9:1f:f8:2c:f0:bc:0a:4a:72:9c:c6:c0:
                    5e:e9:e5:1f:37:a1:54:1f:30:fe:bd:d5:5d:13:64:
                    e8:d5:29:90:e3:a5:cd:e4:52:37:6c:c1:46:b2:11:
                    71:20:f4:35:d8:ce:c2:36:bf:d1:13:2f:a8:c2:8b:
                    46:aa:cf:30:ed:be:a3:97:13:10:90:2a:02:df:39:
                    c1:e8:54:ea:e2:c9:8a:6b:b3:ee:ec:2e:c9:30:7d:
                    4b:94:75:58:d8:12:92:8c:76:69:29:01:c6:23:c0:
                    2d:11:e1:0b:a9:88:88:32:8e:06:7f:7e:7f:ed:76:
                    8b:8d:5f:17:7c:1a:c0:6e:6f:bb:ab:61:54:c4:28:
                    ed:f4:30:ae:33:b7:0a:d6:ba:ad:c6:83:60:4f:ff:
                    4f:0a:51:2c:4a:4c:93:01:1c:ab:4e:0d:47:53:87:
                    ac:b9:79:e7:b4:a6:67:e9:d5:5e:93:00:ec:04:86:
                    62:79:4e:3d:0c:b0:4d:4e:93:93:3a:df:d2:7e:43:
                    a8:31:8e:03:77:fd:9f:c4:b6:29:b9:9f:d1:38:b6:
                    a8:37:84:de:e5:10:b1:a7:8f:6f:0f:86:80:99:b8:
                    b7:3b:84:15:1c:21:f9:4c:37:1d:78:9c:00:95:2f:
                    e8:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:AE:86:F9:EC:88:84:47:1B:2A:6C:72:93:C5:51:74:6C:E6:6A:CE
            X509v3 Authority Key Identifier:
                keyid:1A:91:54:E1:C5:57:8B:0F:EF:8A:BB:77:9F:81:17:E6:4E:88:4D:18

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GpFU4cVXiw_virt3n4EX5k6ITRg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/Ea6G-eyIhEcbKmxyk8VRdGzmas4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/54bac8-bf50-44d2-ad42-388d8ad2a5bb/1/GpFU4cVXiw_virt3n4EX5k6ITRg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:c9:56:06:c9:9a:83:0e:5a:03:b6:2d:b8:1f:8a:8e:41:bb:
         f0:ef:eb:e3:5f:83:6c:c8:d9:3b:8b:cd:c3:a6:90:08:21:a4:
         90:89:a8:78:9d:7b:73:36:d0:bd:07:57:83:d0:7d:ea:9a:e0:
         db:8c:1f:c2:58:0b:c7:f4:aa:07:7b:59:f7:e8:b8:d7:26:b2:
         e3:fe:5c:65:08:e3:05:3e:65:c6:45:34:38:d1:3a:6a:02:af:
         20:ba:3f:2c:85:74:5b:c1:ac:c3:b2:3d:47:f4:e6:15:64:c1:
         76:4a:db:b0:49:23:10:64:de:91:81:1c:fa:94:d1:48:d5:a5:
         7a:3b:80:96:31:92:4e:5c:80:3a:2e:34:29:ba:44:06:67:20:
         40:e6:da:57:85:13:7f:db:12:c1:a3:1a:0a:f6:7c:83:be:f9:
         a7:7d:68:05:78:20:58:72:f5:d3:2b:62:8e:f9:47:ce:a8:38:
         1c:e1:1c:a9:df:43:e0:7c:0b:16:9e:c2:58:71:2a:5e:78:30:
         dd:37:c1:7e:4a:4b:9c:fd:86:6a:6a:75:db:de:ef:18:a9:8e:
         da:e2:02:18:1a:db:f1:76:fa:59:34:67:eb:63:02:f0:fa:c9:
         ed:30:59:57:02:bc:63:b2:42:c8:6e:2b:a5:a0:d9:ca:8f:2a:
         cd:5d:86:55
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzGuQDIVxKoK7Vo0Z1blAYnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhOTE1NGUxYzU1NzhiMGZlZjhhYmI3NzlmODExN2U2NGU4
ODRkMTgwHhcNMjQwMTAxMjAzMTAyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWFlODZmOWVjODg4NDQ3MWIyYTZjNzI5M2M1NTE3NDZjZTY2YWNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgvvVcvSSkWHXCDV8gxdfJE65H/gs
8LwKSnKcxsBe6eUfN6FUHzD+vdVdE2To1SmQ46XN5FI3bMFGshFxIPQ12M7CNr/R
Ey+owotGqs8w7b6jlxMQkCoC3znB6FTq4smKa7Pu7C7JMH1LlHVY2BKSjHZpKQHG
I8AtEeELqYiIMo4Gf35/7XaLjV8XfBrAbm+7q2FUxCjt9DCuM7cK1rqtxoNgT/9P
ClEsSkyTARyrTg1HU4esuXnntKZn6dVekwDsBIZieU49DLBNTpOTOt/SfkOoMY4D
d/2fxLYpuZ/ROLaoN4Te5RCxp49vD4aAmbi3O4QVHCH5TDcdeJwAlS/orwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGuhvnsiIRHGypscpPFUXRs5mrOMB8GA1UdIwQY
MBaAFBqRVOHFV4sP74q7d5+BF+ZOiE0YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3BGVTRjVlhpd192aXJ0M240RVg1azZJVFJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS81NGJhYzgtYmY1MC00NGQyLWFkNDIt
Mzg4ZDhhZDJhNWJiLzEvRWE2Ry1leUloRWNiS214eWs4VlJkR3ptYXM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS81NGJhYzgtYmY1MC00NGQyLWFkNDItMzg4ZDhhZDJhNWJi
LzEvR3BGVTRjVlhpd192aXJ0M240RVg1azZJVFJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwbBiMA0G
CSqGSIb3DQEBCwUAA4IBAQB8yVYGyZqDDloDti24H4qOQbvw7+vjX4NsyNk7i83D
ppAIIaSQiah4nXtzNtC9B1eD0H3qmuDbjB/CWAvH9KoHe1n36LjXJrLj/lxlCOMF
PmXGRTQ40TpqAq8guj8shXRbwazDsj1H9OYVZMF2StuwSSMQZN6RgRz6lNFI1aV6
O4CWMZJOXIA6LjQpukQGZyBA5tpXhRN/2xLBoxoK9nyDvvmnfWgFeCBYcvXTK2KO
+UfOqDgc4Ryp30PgfAsWnsJYcSpeeDDdN8F+Skuc/YZqanXb3u8YqY7a4gIYGtvx
dvpZNGfrYwLw+sntMFlXArxjskLIbiuloNnKjyrNXYZV
-----END CERTIFICATE-----