Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9a/d3b542-6f21-4dc8-9e6f-4492d9f2f438/1/EyIQuzgu9jowyHXNsEbTGWe3xKw.roa
File:                     EyIQuzgu9jowyHXNsEbTGWe3xKw.roa (raw, json)
Hash identifier:          mfztXAQncAzzHSh5GXA0aBZBJkYGkBjO+bO2RFPzXFg=
Subject key identifier:   13:22:10:BB:38:2E:F6:3A:30:C8:75:CD:B0:46:D3:19:67:B7:C4:AC
Certificate issuer:       /CN=06a4d77dc2e19e6f9603274c0923a61a8addb496
Certificate serial:       018CC3B72BB4C8DDB475D0988E041B4696DE
Authority key identifier: 06:A4:D7:7D:C2:E1:9E:6F:96:03:27:4C:09:23:A6:1A:8A:DD:B4:96
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BqTXfcLhnm-WAydMCSOmGordtJY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9a/d3b542-6f21-4dc8-9e6f-4492d9f2f438/1/EyIQuzgu9jowyHXNsEbTGWe3xKw.roa
Signing time:             Mon 01 Jan 2024 06:30:10 +0000
ROA not before:           Mon 01 Jan 2024 06:30:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1342
IP address blocks:        193.163.4.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9a/d3b542-6f21-4dc8-9e6f-4492d9f2f438/1/BqTXfcLhnm-WAydMCSOmGordtJY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9a/d3b542-6f21-4dc8-9e6f-4492d9f2f438/1/BqTXfcLhnm-WAydMCSOmGordtJY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BqTXfcLhnm-WAydMCSOmGordtJY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 24 May 2024 17:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:b7:2b:b4:c8:dd:b4:75:d0:98:8e:04:1b:46:96:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06a4d77dc2e19e6f9603274c0923a61a8addb496
        Validity
            Not Before: Jan  1 06:30:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=132210bb382ef63a30c875cdb046d31967b7c4ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:b2:b9:49:50:b6:fa:ab:b3:97:5c:1f:ac:ef:
                    61:58:98:ba:1b:3d:c7:47:da:65:46:fa:ff:b5:77:
                    87:39:1d:3f:9f:49:05:9b:78:8d:76:99:ab:d6:4a:
                    b2:13:93:d4:b0:b2:d6:d8:33:c7:42:22:a7:51:47:
                    02:1f:a3:49:83:18:97:14:4a:f5:d6:f8:6c:33:80:
                    c4:59:22:23:ca:1f:fe:41:4a:31:49:ba:97:42:b3:
                    ff:19:68:6a:57:22:98:ac:07:11:37:80:b5:dd:ba:
                    73:6d:0c:08:17:90:ce:27:79:d3:5f:d6:a7:d4:c8:
                    9f:aa:f6:0f:9b:50:bb:0b:fb:c8:b1:9c:0a:ff:85:
                    cc:2b:0f:17:88:a2:e9:06:95:97:71:b0:ed:42:0e:
                    96:fb:d8:20:af:56:04:93:dd:34:fa:32:9d:5a:db:
                    4e:8a:03:a2:06:47:e1:45:38:fb:ac:4d:8f:5e:19:
                    de:00:3a:78:bf:2b:04:47:54:03:f5:2f:48:6a:6f:
                    c8:4d:31:72:78:0f:67:7a:44:c8:49:e0:e5:6e:ff:
                    0a:32:f9:18:31:4e:ce:20:3e:b0:eb:2a:ff:b8:bd:
                    7b:bb:59:18:20:ac:91:c3:73:85:37:2b:fd:9f:08:
                    90:96:56:76:f1:77:51:b5:d8:84:2b:92:88:5a:20:
                    c5:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:22:10:BB:38:2E:F6:3A:30:C8:75:CD:B0:46:D3:19:67:B7:C4:AC
            X509v3 Authority Key Identifier:
                keyid:06:A4:D7:7D:C2:E1:9E:6F:96:03:27:4C:09:23:A6:1A:8A:DD:B4:96

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BqTXfcLhnm-WAydMCSOmGordtJY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/d3b542-6f21-4dc8-9e6f-4492d9f2f438/1/EyIQuzgu9jowyHXNsEbTGWe3xKw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9a/d3b542-6f21-4dc8-9e6f-4492d9f2f438/1/BqTXfcLhnm-WAydMCSOmGordtJY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.163.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:c4:a0:a3:b7:03:d7:fd:43:fd:68:f7:ff:41:dd:13:e4:e8:
         05:85:c7:d4:25:ca:3e:90:59:60:7f:37:4d:6e:af:2a:5a:a2:
         09:fc:33:a1:f3:e9:ad:fe:1d:f4:9f:e4:db:4f:69:88:2b:ba:
         6d:ad:c6:6b:f7:c5:19:2e:4a:c9:c5:4d:89:b9:32:91:43:a1:
         86:79:46:e3:cc:fa:46:19:86:c4:33:64:a3:c8:f5:fc:51:a4:
         43:fb:9c:80:00:9e:f9:43:be:cf:16:5b:f2:d8:2e:aa:32:77:
         79:e7:3e:0f:10:cf:9c:71:5d:ab:f2:6e:58:d1:63:41:ae:55:
         e7:9f:b4:9d:17:c1:69:86:0f:45:8e:1a:19:d6:88:6f:54:79:
         1b:eb:20:e5:65:cf:48:7e:de:8c:cc:f7:3e:df:cf:10:af:78:
         bd:82:c2:4e:cf:c1:53:25:d5:71:30:dc:bf:b9:47:7a:2d:f6:
         51:8a:85:37:83:f8:0b:d1:66:e7:81:40:5f:30:0f:77:ff:04:
         a9:29:33:b5:d7:fa:be:c2:f1:a1:e2:1b:25:07:91:29:18:75:
         37:e3:8c:80:c9:fc:31:e9:d6:e9:63:b4:d9:6f:1b:de:55:9d:
         6f:5c:cd:9a:6a:fa:78:c9:1c:18:f8:6a:ae:08:c3:58:8f:c0:
         16:57:d5:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDtyu0yN20ddCYjgQbRpbeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YTRkNzdkYzJlMTllNmY5NjAzMjc0YzA5MjNhNjFhOGFk
ZGI0OTYwHhcNMjQwMTAxMDYzMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzIyMTBiYjM4MmVmNjNhMzBjODc1Y2RiMDQ2ZDMxOTY3YjdjNGFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLK5SVC2+quzl1wfrO9hWJi6Gz3H
R9plRvr/tXeHOR0/n0kFm3iNdpmr1kqyE5PUsLLW2DPHQiKnUUcCH6NJgxiXFEr1
1vhsM4DEWSIjyh/+QUoxSbqXQrP/GWhqVyKYrAcRN4C13bpzbQwIF5DOJ3nTX9an
1MifqvYPm1C7C/vIsZwK/4XMKw8XiKLpBpWXcbDtQg6W+9ggr1YEk900+jKdWttO
igOiBkfhRTj7rE2PXhneADp4vysER1QD9S9Iam/ITTFyeA9nekTISeDlbv8KMvkY
MU7OID6w6yr/uL17u1kYIKyRw3OFNyv9nwiQllZ28XdRtdiEK5KIWiDFdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBMiELs4LvY6MMh1zbBG0xlnt8SsMB8GA1UdIwQY
MBaAFAak133C4Z5vlgMnTAkjphqK3bSWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnFUWGZjTGhubS1XQXlkTUNTT21Hb3JkdEpZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85YS9kM2I1NDItNmYyMS00ZGM4LTllNmYt
NDQ5MmQ5ZjJmNDM4LzEvRXlJUXV6Z3U5am93eUhYTnNFYlRHV2UzeEt3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85YS9kM2I1NDItNmYyMS00ZGM4LTllNmYtNDQ5MmQ5ZjJmNDM4
LzEvQnFUWGZjTGhubS1XQXlkTUNTT21Hb3JkdEpZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwaMEMA0G
CSqGSIb3DQEBCwUAA4IBAQBxxKCjtwPX/UP9aPf/Qd0T5OgFhcfUJco+kFlgfzdN
bq8qWqIJ/DOh8+mt/h30n+TbT2mIK7ptrcZr98UZLkrJxU2JuTKRQ6GGeUbjzPpG
GYbEM2SjyPX8UaRD+5yAAJ75Q77PFlvy2C6qMnd55z4PEM+ccV2r8m5Y0WNBrlXn
n7SdF8Fphg9FjhoZ1ohvVHkb6yDlZc9Ift6MzPc+388Qr3i9gsJOz8FTJdVxMNy/
uUd6LfZRioU3g/gL0WbngUBfMA93/wSpKTO11/q+wvGh4hslB5EpGHU344yAyfwx
6dbpY7TZbxveVZ1vXM2aavp4yRwY+GquCMNYj8AWV9V1
-----END CERTIFICATE-----