Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/39dacc-1c57-4deb-a225-b6207f755267/1/EuqAODfaKXAzUZs6x4fhx0qMesQ.roa
File:                     EuqAODfaKXAzUZs6x4fhx0qMesQ.roa (raw, json)
Hash identifier:          OqFRphaN82aKJwYAtTbzY1gFVaZxxQa7hmyG29KwNNc=
Subject key identifier:   12:EA:80:38:37:DA:29:70:33:51:9B:3A:C7:87:E1:C7:4A:8C:7A:C4
Certificate issuer:       /CN=689c68a45661f90a4059bd8c29a3c967bf92e855
Certificate serial:       018D9D125925D2F07E515C4273F1A91B1BA0
Authority key identifier: 68:9C:68:A4:56:61:F9:0A:40:59:BD:8C:29:A3:C9:67:BF:92:E8:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aJxopFZh-QpAWb2MKaPJZ7-S6FU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8d/39dacc-1c57-4deb-a225-b6207f755267/1/EuqAODfaKXAzUZs6x4fhx0qMesQ.roa
Signing time:             Mon 12 Feb 2024 11:27:21 +0000
ROA not before:           Mon 12 Feb 2024 11:27:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211839
IP address blocks:        193.163.71.0/24 maxlen: 24
                          2a10:89c0::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8d/39dacc-1c57-4deb-a225-b6207f755267/1/aJxopFZh-QpAWb2MKaPJZ7-S6FU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8d/39dacc-1c57-4deb-a225-b6207f755267/1/aJxopFZh-QpAWb2MKaPJZ7-S6FU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aJxopFZh-QpAWb2MKaPJZ7-S6FU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Jun 2024 22:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:9d:12:59:25:d2:f0:7e:51:5c:42:73:f1:a9:1b:1b:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=689c68a45661f90a4059bd8c29a3c967bf92e855
        Validity
            Not Before: Feb 12 11:27:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12ea803837da297033519b3ac787e1c74a8c7ac4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:1c:57:14:1c:8e:b5:77:51:25:93:c8:fd:63:
                    cb:0e:26:7c:79:ce:a7:c9:85:86:4c:a6:39:e4:89:
                    0d:8f:57:8e:9e:e2:a0:2e:a5:c3:49:9c:88:72:d2:
                    32:82:a3:31:d0:d2:76:27:74:bb:fc:60:8b:5a:e7:
                    02:79:ee:d0:e5:64:b3:56:33:da:29:a9:99:c0:d3:
                    dc:40:d5:12:c3:3b:4f:ff:66:c4:e2:e3:7d:bc:f5:
                    0c:75:95:24:1e:55:b8:0d:71:2a:f7:b3:cc:cc:20:
                    28:70:55:98:1d:6e:c6:4c:a7:bd:78:3b:f3:f3:10:
                    70:20:8f:c9:7d:62:e3:1a:e7:01:3f:bd:d2:24:fc:
                    ab:87:49:3b:3a:e8:6d:2a:36:92:7e:67:81:6a:52:
                    9f:b3:e4:f5:65:e9:d4:d8:57:32:a9:e6:02:b7:28:
                    1c:92:bd:79:e4:4c:ed:aa:24:dd:e8:fa:71:38:26:
                    31:c5:b6:fc:b4:83:d4:03:3c:aa:e3:b6:7d:38:1e:
                    b9:38:3b:c6:ac:c4:68:cf:e0:9e:65:ea:df:f1:ce:
                    0a:d3:53:08:b4:9a:ec:6c:41:fb:63:84:f6:17:03:
                    e3:b9:d1:2b:06:27:f3:bd:16:eb:9e:42:1c:53:a4:
                    61:f7:71:ef:bd:41:b5:45:82:fd:25:79:8c:e5:2a:
                    7a:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:EA:80:38:37:DA:29:70:33:51:9B:3A:C7:87:E1:C7:4A:8C:7A:C4
            X509v3 Authority Key Identifier:
                keyid:68:9C:68:A4:56:61:F9:0A:40:59:BD:8C:29:A3:C9:67:BF:92:E8:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aJxopFZh-QpAWb2MKaPJZ7-S6FU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/39dacc-1c57-4deb-a225-b6207f755267/1/EuqAODfaKXAzUZs6x4fhx0qMesQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/39dacc-1c57-4deb-a225-b6207f755267/1/aJxopFZh-QpAWb2MKaPJZ7-S6FU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.71.0/24
                IPv6:
                  2a10:89c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         6e:ac:e5:dc:64:01:85:42:5e:2b:9f:b8:70:8c:bc:2c:15:41:
         06:02:b8:a3:93:30:cd:db:8c:9a:1f:48:59:22:a6:67:f1:46:
         78:aa:a5:6f:ea:0a:0d:49:ce:81:1f:7d:94:aa:72:40:d0:63:
         24:75:93:b2:35:f0:da:c4:6e:32:53:45:e5:80:63:07:c3:51:
         32:4a:43:44:17:77:0f:05:43:8d:a3:02:3b:c3:ba:36:78:1c:
         11:aa:dc:42:9b:0f:15:35:c9:e2:7c:93:5c:87:1f:90:6d:ac:
         6e:c2:af:3c:97:e1:a9:84:d2:ed:04:81:2c:05:22:00:3a:4a:
         30:9e:c8:bd:5c:a7:3f:0c:fb:95:76:51:49:03:dd:40:c7:ef:
         eb:59:93:84:9e:62:c8:71:80:77:d4:6f:de:b4:a6:fd:9a:ac:
         95:67:b7:12:db:ad:f4:91:3b:2f:64:e3:d0:14:3a:86:4e:a7:
         e5:14:b7:c8:a2:3b:b5:71:7c:ad:64:65:d8:36:4b:35:86:ac:
         5d:17:ab:dd:f9:18:65:76:24:7e:1a:c9:bf:79:8a:b5:71:39:
         dd:f4:e7:3d:ba:56:28:a9:ab:71:86:cf:6e:1c:00:4c:f3:6a:
         fb:5d:ae:30:9b:43:52:5c:97:cf:ba:4c:2e:af:08:d8:b9:1a:
         d4:6e:d2:9b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY2dElkl0vB+UVxCc/GpGxugMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4OWM2OGE0NTY2MWY5MGE0MDU5YmQ4YzI5YTNjOTY3YmY5
MmU4NTUwHhcNMjQwMjEyMTEyNzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmVhODAzODM3ZGEyOTcwMzM1MTliM2FjNzg3ZTFjNzRhOGM3YWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxxXFByOtXdRJZPI/WPLDiZ8ec6n
yYWGTKY55IkNj1eOnuKgLqXDSZyIctIygqMx0NJ2J3S7/GCLWucCee7Q5WSzVjPa
KamZwNPcQNUSwztP/2bE4uN9vPUMdZUkHlW4DXEq97PMzCAocFWYHW7GTKe9eDvz
8xBwII/JfWLjGucBP73SJPyrh0k7OuhtKjaSfmeBalKfs+T1ZenU2FcyqeYCtygc
kr155EztqiTd6PpxOCYxxbb8tIPUAzyq47Z9OB65ODvGrMRoz+CeZerf8c4K01MI
tJrsbEH7Y4T2FwPjudErBifzvRbrnkIcU6Rh93HvvUG1RYL9JXmM5Sp6kQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBLqgDg32ilwM1GbOseH4cdKjHrEMB8GA1UdIwQY
MBaAFGicaKRWYfkKQFm9jCmjyWe/kuhVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUp4b3BGWmgtUXBBV2IyTUthUEpaNy1TNkZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZC8zOWRhY2MtMWM1Ny00ZGViLWEyMjUt
YjYyMDdmNzU1MjY3LzEvRXVxQU9EZmFLWEF6VVpzNng0Zmh4MHFNZXNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZC8zOWRhY2MtMWM1Ny00ZGViLWEyMjUtYjYyMDdmNzU1MjY3
LzEvYUp4b3BGWmgtUXBBV2IyTUthUEpaNy1TNkZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwaNHMA0E
AgACMAcDBQMqEInAMA0GCSqGSIb3DQEBCwUAA4IBAQBurOXcZAGFQl4rn7hwjLws
FUEGArijkzDN24yaH0hZIqZn8UZ4qqVv6goNSc6BH32UqnJA0GMkdZOyNfDaxG4y
U0XlgGMHw1EySkNEF3cPBUONowI7w7o2eBwRqtxCmw8VNcnifJNchx+Qbaxuwq88
l+GphNLtBIEsBSIAOkownsi9XKc/DPuVdlFJA91Ax+/rWZOEnmLIcYB31G/etKb9
mqyVZ7cS2630kTsvZOPQFDqGTqflFLfIoju1cXytZGXYNks1hqxdF6vd+RhldiR+
Gsm/eYq1cTnd9Oc9ulYoqatxhs9uHABM82r7Xa4wm0NSXJfPukwurwjYuRrUbtKb
-----END CERTIFICATE-----