Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/19c09a-d79a-4de4-8a86-4a685962f3e8/1/EBfFyVHc2LeXelG8meaotHeGJRE.roa
File:                     EBfFyVHc2LeXelG8meaotHeGJRE.roa (raw, json)
Hash identifier:          5ZMA8i7KVfG8mdRvhsU/EIMv+Eq9byxD9f8hG7UaE8A=
Subject key identifier:   10:17:C5:C9:51:DC:D8:B7:97:7A:51:BC:99:E6:A8:B4:77:86:25:11
Certificate issuer:       /CN=eb500c9002321f03964583710b7baa4597341213
Certificate serial:       018CC8DF7DCA458F26D39B948034814A3F27
Authority key identifier: EB:50:0C:90:02:32:1F:03:96:45:83:71:0B:7B:AA:45:97:34:12:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/61AMkAIyHwOWRYNxC3uqRZc0EhM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/19c09a-d79a-4de4-8a86-4a685962f3e8/1/EBfFyVHc2LeXelG8meaotHeGJRE.roa
Signing time:             Tue 02 Jan 2024 06:32:19 +0000
ROA not before:           Tue 02 Jan 2024 06:32:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35374
IP address blocks:        86.110.208.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/19c09a-d79a-4de4-8a86-4a685962f3e8/1/61AMkAIyHwOWRYNxC3uqRZc0EhM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/19c09a-d79a-4de4-8a86-4a685962f3e8/1/61AMkAIyHwOWRYNxC3uqRZc0EhM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/61AMkAIyHwOWRYNxC3uqRZc0EhM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:7d:ca:45:8f:26:d3:9b:94:80:34:81:4a:3f:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb500c9002321f03964583710b7baa4597341213
        Validity
            Not Before: Jan  2 06:32:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1017c5c951dcd8b7977a51bc99e6a8b477862511
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:28:8d:9f:ac:f1:5e:77:38:e2:d6:cd:a0:89:
                    c2:c2:03:8f:bf:e6:eb:37:31:06:9a:2a:11:d4:54:
                    cb:01:aa:b7:e1:4e:7a:f5:dc:5c:51:5b:fb:d1:05:
                    e3:d3:56:d4:0e:3d:bb:90:87:1d:bc:bc:e5:86:a9:
                    5d:fd:c2:07:f7:d3:4b:2b:63:7b:41:30:bb:5c:14:
                    e0:d5:12:be:05:5d:08:5a:f5:b4:16:61:59:a1:5c:
                    01:48:cb:af:12:d2:11:09:d4:cc:a9:67:22:b9:9f:
                    1b:c3:59:4a:18:b3:6f:4e:cb:eb:4d:f3:e2:cc:35:
                    26:46:a8:08:de:1c:6b:b1:f3:99:cb:47:18:97:42:
                    fa:16:bf:4e:e2:cf:4c:9e:63:7b:20:46:52:03:b7:
                    04:38:60:b8:55:81:49:2f:5c:9c:10:ba:b1:c2:73:
                    2d:b0:53:1c:a9:1a:34:e2:41:18:f4:39:3c:db:2a:
                    6e:99:97:cb:7c:b8:f4:20:e7:d1:54:e9:8f:31:9a:
                    67:14:6d:07:54:17:5f:ab:9f:46:ed:90:7c:5f:b9:
                    80:5d:e0:14:48:40:8f:e6:25:ab:f5:2c:65:01:54:
                    91:be:75:aa:76:f5:f0:b7:f4:b4:43:35:dd:33:5b:
                    d4:2e:45:9b:06:8c:8c:6a:bd:7d:b7:38:86:0e:43:
                    07:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:17:C5:C9:51:DC:D8:B7:97:7A:51:BC:99:E6:A8:B4:77:86:25:11
            X509v3 Authority Key Identifier:
                keyid:EB:50:0C:90:02:32:1F:03:96:45:83:71:0B:7B:AA:45:97:34:12:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/61AMkAIyHwOWRYNxC3uqRZc0EhM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/19c09a-d79a-4de4-8a86-4a685962f3e8/1/EBfFyVHc2LeXelG8meaotHeGJRE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/19c09a-d79a-4de4-8a86-4a685962f3e8/1/61AMkAIyHwOWRYNxC3uqRZc0EhM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.208.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3f:99:ac:37:0b:0e:5d:e7:3b:db:16:cc:7d:5e:1d:f1:51:8c:
         57:9b:9a:fb:ae:c6:52:16:5a:a3:c1:d9:c0:a0:2d:ce:9d:5e:
         1f:77:59:bc:8c:7b:f3:7d:21:fe:06:24:a2:15:d7:4b:af:76:
         66:d9:f4:21:2f:6e:da:40:15:b8:ad:ff:8f:1f:e0:42:36:8a:
         db:44:fb:04:b7:ea:02:0a:fa:32:27:17:3b:06:97:13:bd:c5:
         ea:fc:90:bc:1b:86:de:ea:47:61:30:33:5f:8b:d2:a9:cd:3b:
         ff:70:35:fd:89:8d:05:1e:c6:bc:67:44:00:71:01:e3:45:35:
         bb:1a:c8:4d:09:74:88:2f:2f:b4:ee:dc:8b:fd:b5:a5:ba:eb:
         20:74:81:e6:f2:7b:b3:b9:39:5f:b8:db:39:7d:a5:00:ab:26:
         3f:19:ec:2c:bc:7d:7a:22:83:a5:03:e8:ec:10:8e:33:1e:8c:
         20:52:16:e3:1e:2c:8d:a4:d0:69:4b:46:85:f3:ba:41:b6:3b:
         77:ca:a5:44:b1:d9:9c:90:ec:84:9a:69:d8:1c:fa:4f:cc:f9:
         a8:34:f0:ef:dc:80:0a:a7:0a:05:6a:63:f5:11:44:8d:fb:b8:
         4f:3b:c3:59:08:d0:8c:3a:af:1f:cf:a2:fc:f9:c7:26:72:aa:
         ff:77:b6:cf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI333KRY8m05uUgDSBSj8nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViNTAwYzkwMDIzMjFmMDM5NjQ1ODM3MTBiN2JhYTQ1OTcz
NDEyMTMwHhcNMjQwMTAyMDYzMjE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDE3YzVjOTUxZGNkOGI3OTc3YTUxYmM5OWU2YThiNDc3ODYyNTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CiNn6zxXnc44tbNoInCwgOPv+br
NzEGmioR1FTLAaq34U569dxcUVv70QXj01bUDj27kIcdvLzlhqld/cIH99NLK2N7
QTC7XBTg1RK+BV0IWvW0FmFZoVwBSMuvEtIRCdTMqWciuZ8bw1lKGLNvTsvrTfPi
zDUmRqgI3hxrsfOZy0cYl0L6Fr9O4s9MnmN7IEZSA7cEOGC4VYFJL1ycELqxwnMt
sFMcqRo04kEY9Dk82ypumZfLfLj0IOfRVOmPMZpnFG0HVBdfq59G7ZB8X7mAXeAU
SECP5iWr9SxlAVSRvnWqdvXwt/S0QzXdM1vULkWbBoyMar19tziGDkMHzQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBAXxclR3Ni3l3pRvJnmqLR3hiURMB8GA1UdIwQY
MBaAFOtQDJACMh8DlkWDcQt7qkWXNBITMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjFBTWtBSXlId09XUllOeEMzdXFSWmMwRWhNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS8xOWMwOWEtZDc5YS00ZGU0LThhODYt
NGE2ODU5NjJmM2U4LzEvRUJmRnlWSGMyTGVYZWxHOG1lYW90SGVHSlJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS8xOWMwOWEtZDc5YS00ZGU0LThhODYtNGE2ODU5NjJmM2U4
LzEvNjFBTWtBSXlId09XUllOeEMzdXFSWmMwRWhNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBVm7QMA0G
CSqGSIb3DQEBCwUAA4IBAQA/maw3Cw5d5zvbFsx9Xh3xUYxXm5r7rsZSFlqjwdnA
oC3OnV4fd1m8jHvzfSH+BiSiFddLr3Zm2fQhL27aQBW4rf+PH+BCNorbRPsEt+oC
CvoyJxc7BpcTvcXq/JC8G4be6kdhMDNfi9KpzTv/cDX9iY0FHsa8Z0QAcQHjRTW7
GshNCXSILy+07tyL/bWluusgdIHm8nuzuTlfuNs5faUAqyY/GewsvH16IoOlA+js
EI4zHowgUhbjHiyNpNBpS0aF87pBtjt3yqVEsdmckOyEmmnYHPpPzPmoNPDv3IAK
pwoFamP1EUSN+7hPO8NZCNCMOq8fz6L8+ccmcqr/d7bP
-----END CERTIFICATE-----