Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/ezsTZJU_Ao2w2ZfgsEVvJmyUskU.roa
File:                     ezsTZJU_Ao2w2ZfgsEVvJmyUskU.roa (raw, json)
Hash identifier:          /KKFnugMBviQyzI1UYW74Zy4zTXGvKYVmWfWoO95oOs=
Subject key identifier:   7B:3B:13:64:95:3F:02:8D:B0:D9:97:E0:B0:45:6F:26:6C:94:B2:45
Certificate issuer:       /CN=3eb1788fe220e46434692d1cc437072d792d7888
Certificate serial:       018CC26D10EEF7DF4D3BA483BD9FEC96F49F
Authority key identifier: 3E:B1:78:8F:E2:20:E4:64:34:69:2D:1C:C4:37:07:2D:79:2D:78:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/ezsTZJU_Ao2w2ZfgsEVvJmyUskU.roa
Signing time:             Mon 01 Jan 2024 00:29:36 +0000
ROA not before:           Mon 01 Jan 2024 00:29:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     204680
IP address blocks:        2a00:139b:ffff::/48 maxlen: 48
                          2a00:139b::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c2:6d:10:ee:f7:df:4d:3b:a4:83:bd:9f:ec:96:f4:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3eb1788fe220e46434692d1cc437072d792d7888
        Validity
            Not Before: Jan  1 00:29:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b3b1364953f028db0d997e0b0456f266c94b245
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:57:35:2d:dd:8e:21:53:c6:56:02:e9:a0:df:
                    14:53:f3:fd:22:6e:32:21:46:97:90:74:f8:16:da:
                    9d:f3:cf:fc:be:d4:a7:e8:75:bd:1a:46:e1:64:e1:
                    f3:99:5c:3e:e3:1d:49:da:05:71:48:d7:34:54:8b:
                    e9:2e:f5:a8:65:6a:d6:a3:b0:a5:94:07:42:5d:15:
                    2a:98:35:37:3f:21:67:53:07:99:62:69:b5:48:d8:
                    ff:51:fc:e6:61:e6:38:f7:76:3c:3e:b9:73:92:72:
                    c2:37:5d:75:bf:d3:a6:8a:51:d0:03:e2:ec:ad:de:
                    0b:b2:f4:c2:4f:d2:f2:c3:60:f1:ac:31:f5:6e:e1:
                    80:7a:99:a6:e2:91:38:26:9a:e6:b6:ac:3c:71:9c:
                    df:e8:89:b3:20:29:e8:7f:83:67:26:58:c9:5b:4d:
                    ab:18:ad:c2:c8:a7:e2:12:dc:1d:df:bd:49:52:47:
                    0a:00:4e:35:e4:2d:44:03:af:00:a4:8c:f0:ba:13:
                    03:5e:29:67:37:29:b4:85:8f:42:1c:98:3d:ed:b3:
                    c2:73:e0:d4:43:00:0d:a0:2f:07:b2:d8:23:09:e9:
                    d8:b0:5c:ae:57:e4:10:ef:fd:cf:35:ea:bb:4b:6e:
                    f3:54:2f:62:9a:61:cf:88:31:1d:b0:c5:ae:d0:bd:
                    ce:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:3B:13:64:95:3F:02:8D:B0:D9:97:E0:B0:45:6F:26:6C:94:B2:45
            X509v3 Authority Key Identifier:
                keyid:3E:B1:78:8F:E2:20:E4:64:34:69:2D:1C:C4:37:07:2D:79:2D:78:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/ezsTZJU_Ao2w2ZfgsEVvJmyUskU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/22f570-0b26-4004-8ed0-d9509473072c/1/PrF4j-Ig5GQ0aS0cxDcHLXkteIg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:139b::/32

    Signature Algorithm: sha256WithRSAEncryption
         43:db:22:46:4f:ec:78:5b:0c:3b:93:26:a2:d8:d4:fb:11:16:
         68:6f:fd:9b:22:b3:59:c9:88:d3:86:16:2b:6a:8e:17:07:27:
         bb:d9:c2:2e:b3:41:45:64:73:74:33:65:91:e0:d6:d8:f4:c7:
         8a:d9:5e:c3:57:8d:bc:18:0a:20:c0:94:64:4f:32:b1:75:49:
         a6:6b:b5:0e:4f:61:7e:b9:6c:9a:34:07:ad:6b:d6:fd:86:17:
         1b:fa:06:1a:e1:71:57:b4:0c:77:7c:b2:c4:b8:38:af:44:11:
         39:27:2b:4e:3c:15:28:73:ba:75:d5:6c:3a:80:61:a4:b1:59:
         ca:b0:fc:06:76:52:cd:2f:b4:66:d5:83:36:9b:37:dd:bd:b0:
         67:82:95:7c:90:e4:37:d4:06:32:50:14:04:06:2a:a2:e8:3a:
         1a:29:f0:66:5d:33:72:3c:8a:d1:2c:41:ca:1f:63:4a:68:33:
         d2:7c:03:57:61:d5:8c:af:4e:ae:39:d8:e7:02:7e:82:d4:32:
         c5:2a:7f:63:43:0d:7c:9a:d3:12:5f:13:67:bb:53:3c:9f:32:
         1f:29:ee:d1:e1:3b:1c:ea:85:aa:e6:3a:c1:d9:fe:e4:0a:1c:
         03:d2:4a:8d:aa:b2:79:b3:c6:e9:70:f5:01:8a:ae:ad:d0:41:
         6a:1b:6c:2d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzCbRDu999NO6SDvZ/slvSfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlYjE3ODhmZTIyMGU0NjQzNDY5MmQxY2M0MzcwNzJkNzky
ZDc4ODgwHhcNMjQwMTAxMDAyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjNiMTM2NDk1M2YwMjhkYjBkOTk3ZTBiMDQ1NmYyNjZjOTRiMjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqFc1Ld2OIVPGVgLpoN8UU/P9Im4y
IUaXkHT4Ftqd88/8vtSn6HW9GkbhZOHzmVw+4x1J2gVxSNc0VIvpLvWoZWrWo7Cl
lAdCXRUqmDU3PyFnUweZYmm1SNj/UfzmYeY493Y8PrlzknLCN111v9OmilHQA+Ls
rd4LsvTCT9Lyw2DxrDH1buGAepmm4pE4Jprmtqw8cZzf6ImzICnof4NnJljJW02r
GK3CyKfiEtwd371JUkcKAE415C1EA68ApIzwuhMDXilnNym0hY9CHJg97bPCc+DU
QwANoC8HstgjCenYsFyuV+QQ7/3PNeq7S27zVC9immHPiDEdsMWu0L3OowIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHs7E2SVPwKNsNmX4LBFbyZslLJFMB8GA1UdIwQY
MBaAFD6xeI/iIORkNGktHMQ3By15LXiIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHJGNGotSWc1R1EwYVMwY3hEY0hMWGt0ZUlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8yMmY1NzAtMGIyNi00MDA0LThlZDAt
ZDk1MDk0NzMwNzJjLzEvZXpzVFpKVV9BbzJ3MlpmZ3NFVnZKbXlVc2tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8yMmY1NzAtMGIyNi00MDA0LThlZDAtZDk1MDk0NzMwNzJj
LzEvUHJGNGotSWc1R1EwYVMwY3hEY0hMWGt0ZUlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgATmzAN
BgkqhkiG9w0BAQsFAAOCAQEAQ9siRk/seFsMO5MmotjU+xEWaG/9myKzWcmI04YW
K2qOFwcnu9nCLrNBRWRzdDNlkeDW2PTHitlew1eNvBgKIMCUZE8ysXVJpmu1Dk9h
frlsmjQHrWvW/YYXG/oGGuFxV7QMd3yyxLg4r0QROScrTjwVKHO6ddVsOoBhpLFZ
yrD8BnZSzS+0ZtWDNps33b2wZ4KVfJDkN9QGMlAUBAYqoug6GinwZl0zcjyK0SxB
yh9jSmgz0nwDV2HVjK9OrjnY5wJ+gtQyxSp/Y0MNfJrTEl8TZ7tTPJ8yHynu0eE7
HOqFquY6wdn+5AocA9JKjaqyebPG6XD1AYqurdBBahtsLQ==
-----END CERTIFICATE-----