Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/EroMs8AZgHBRlbJuf136uxGI9t0.roa
File:                     EroMs8AZgHBRlbJuf136uxGI9t0.roa (raw, json)
Hash identifier:          OKoQuncyBINBvBr64otCtHbvGE+0c1Blu3HVhyzNKh0=
Subject key identifier:   12:BA:0C:B3:C0:19:80:70:51:95:B2:6E:7F:5D:FA:BB:11:88:F6:DD
Certificate issuer:       /CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
Certificate serial:       018CCA2A54FCD5EAFEA1456EF99870BD7A82
Authority key identifier: B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/EroMs8AZgHBRlbJuf136uxGI9t0.roa
Signing time:             Tue 02 Jan 2024 12:33:41 +0000
ROA not before:           Tue 02 Jan 2024 12:33:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     206499
IP address blocks:        185.133.208.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 07 May 2024 20:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:54:fc:d5:ea:fe:a1:45:6e:f9:98:70:bd:7a:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b8074b419ead4cefea2f2ad2c259d978c5ed7954
        Validity
            Not Before: Jan  2 12:33:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12ba0cb3c01980705195b26e7f5dfabb1188f6dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:80:77:29:bb:07:e4:d8:14:e7:23:2b:e2:ba:0d:
                    8c:5b:99:b5:1f:3d:39:bb:a3:3b:5f:58:03:90:81:
                    d3:92:b3:4e:a3:49:a4:bb:dd:ff:d4:e0:09:24:11:
                    8a:e6:5f:fa:0d:c5:ad:4d:e6:43:92:86:77:14:27:
                    d8:81:2e:fe:95:93:db:6f:9a:2f:18:26:b5:52:66:
                    2c:1a:2a:9b:8b:d3:5a:92:2c:0a:e2:4b:98:3f:03:
                    2a:d1:3c:ab:a1:b5:b4:93:1b:0d:1a:b8:2c:a4:36:
                    ed:12:f4:94:43:0c:20:a0:b8:2b:1a:21:14:c3:be:
                    41:09:90:7c:ee:07:d8:da:f2:fb:d5:06:a6:e9:50:
                    e8:11:3c:40:a1:43:ac:23:ac:66:02:a5:be:e6:4e:
                    17:57:49:cc:8e:af:fa:75:26:37:e0:ed:f1:eb:06:
                    64:d1:3e:17:ce:cb:76:77:f3:92:3d:26:0a:d1:9f:
                    0f:77:6e:e7:c8:14:2c:1d:55:80:04:14:dc:5a:ff:
                    da:20:aa:19:55:38:31:01:1e:cb:5c:5c:2f:29:cb:
                    72:95:4b:93:55:80:8a:f4:83:f8:87:4f:b6:6a:a8:
                    4e:55:0a:9d:0d:b3:b8:65:cb:30:40:cb:09:65:4c:
                    e0:03:0a:eb:27:4a:43:c5:95:6f:07:ce:ea:bd:ab:
                    b7:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:BA:0C:B3:C0:19:80:70:51:95:B2:6E:7F:5D:FA:BB:11:88:F6:DD
            X509v3 Authority Key Identifier:
                keyid:B8:07:4B:41:9E:AD:4C:EF:EA:2F:2A:D2:C2:59:D9:78:C5:ED:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/EroMs8AZgHBRlbJuf136uxGI9t0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/1e43e4-d06e-4a55-bdb6-3d91ede5b2b1/1/uAdLQZ6tTO_qLyrSwlnZeMXteVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.133.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:51:d0:f5:c4:4a:24:87:d8:37:fd:82:78:8d:77:e9:73:36:
         db:9e:99:b7:b9:b9:a3:0f:4e:8e:24:22:aa:ec:9f:c7:c3:fc:
         69:9a:37:fc:a1:59:5e:8a:65:b0:09:ff:30:19:44:64:66:02:
         e0:21:42:01:3e:c6:e5:0e:b9:83:85:16:1c:24:6c:99:f2:f6:
         5f:cc:41:77:49:14:a9:95:39:76:d3:aa:8f:c4:7e:69:e7:0e:
         ee:6e:20:40:8a:f7:8b:43:fb:e8:59:c2:24:20:1f:0b:d2:f1:
         c3:1a:c5:c9:99:0b:c4:4a:5b:e8:39:86:78:f4:91:0f:51:6e:
         39:a4:38:4a:b1:35:04:5f:19:1e:6c:21:97:e8:c8:e4:69:49:
         4e:96:62:2b:ca:de:d6:31:af:de:a4:3e:80:e3:8d:f3:40:58:
         24:08:a3:f6:25:4f:17:af:ea:47:d5:dc:d3:a5:4e:81:70:77:
         08:cd:e6:ea:62:e0:d4:57:d8:47:a0:27:c9:dc:cb:25:87:e1:
         44:41:57:f8:f2:14:a8:bb:13:64:b1:86:1b:a3:1e:99:7d:5d:
         67:20:7c:3f:84:78:e0:4f:3c:1f:10:db:ca:e6:41:82:3c:f6:
         e4:9d:b4:94:5c:21:b6:58:de:ea:3c:69:0e:f0:4a:a4:7a:bb:
         b0:7f:40:51
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKlT81er+oUVu+ZhwvXqCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDc0YjQxOWVhZDRjZWZlYTJmMmFkMmMyNTlkOTc4YzVl
ZDc5NTQwHhcNMjQwMTAyMTIzMzQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmJhMGNiM2MwMTk4MDcwNTE5NWIyNmU3ZjVkZmFiYjExODhmNmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgHcpuwfk2BTnIyviug2MW5m1Hz05
u6M7X1gDkIHTkrNOo0mku93/1OAJJBGK5l/6DcWtTeZDkoZ3FCfYgS7+lZPbb5ov
GCa1UmYsGiqbi9NakiwK4kuYPwMq0TyrobW0kxsNGrgspDbtEvSUQwwgoLgrGiEU
w75BCZB87gfY2vL71Qam6VDoETxAoUOsI6xmAqW+5k4XV0nMjq/6dSY34O3x6wZk
0T4Xzst2d/OSPSYK0Z8Pd27nyBQsHVWABBTcWv/aIKoZVTgxAR7LXFwvKctylUuT
VYCK9IP4h0+2aqhOVQqdDbO4ZcswQMsJZUzgAwrrJ0pDxZVvB87qvau3oQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBK6DLPAGYBwUZWybn9d+rsRiPbdMB8GA1UdIwQY
MBaAFLgHS0GerUzv6i8q0sJZ2XjF7XlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYt
M2Q5MWVkZTViMmIxLzEvRXJvTXM4QVpnSEJSbGJKdWYxMzZ1eEdJOXQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi8xZTQzZTQtZDA2ZS00YTU1LWJkYjYtM2Q5MWVkZTViMmIx
LzEvdUFkTFFaNnRUT19xTHlyU3dsblplTVh0ZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuYXQMA0G
CSqGSIb3DQEBCwUAA4IBAQBcUdD1xEokh9g3/YJ4jXfpczbbnpm3ubmjD06OJCKq
7J/Hw/xpmjf8oVleimWwCf8wGURkZgLgIUIBPsblDrmDhRYcJGyZ8vZfzEF3SRSp
lTl206qPxH5p5w7ubiBAiveLQ/voWcIkIB8L0vHDGsXJmQvESlvoOYZ49JEPUW45
pDhKsTUEXxkebCGX6MjkaUlOlmIryt7WMa/epD6A443zQFgkCKP2JU8Xr+pH1dzT
pU6BcHcIzebqYuDUV9hHoCfJ3Mslh+FEQVf48hSouxNksYYbox6ZfV1nIHw/hHjg
TzwfENvK5kGCPPbknbSUXCG2WN7qPGkO8Eqkeruwf0BR
-----END CERTIFICATE-----