Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/eA_M3UHw_XAlf4Nil-NmPnV0dEY.roa
File:                     eA_M3UHw_XAlf4Nil-NmPnV0dEY.roa (raw, json)
Hash identifier:          QDWy2GZBFSMUd9t42TYxk4D+1hQWJGDn9iiJxCgplnc=
Subject key identifier:   78:0F:CC:DD:41:F0:FD:70:25:7F:83:62:97:E3:66:3E:75:74:74:46
Certificate issuer:       /CN=253a3b5f51808168c212c094a2baaff38e16464a
Certificate serial:       018CC5DC3FAB356F440C3783AB86E3410366
Authority key identifier: 25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/eA_M3UHw_XAlf4Nil-NmPnV0dEY.roa
Signing time:             Mon 01 Jan 2024 16:29:54 +0000
ROA not before:           Mon 01 Jan 2024 16:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     5547
IP address blocks:        195.208.8.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 11:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:3f:ab:35:6f:44:0c:37:83:ab:86:e3:41:03:66
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=253a3b5f51808168c212c094a2baaff38e16464a
        Validity
            Not Before: Jan  1 16:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=780fccdd41f0fd70257f836297e3663e75747446
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:f4:d7:8c:b7:4a:90:b0:26:94:ae:0a:df:cb:
                    30:d7:27:66:38:70:83:8e:85:2f:e9:2c:b5:ca:7b:
                    72:05:4b:56:77:43:9c:c3:d7:02:86:3d:74:6f:d0:
                    32:cc:48:4b:f7:ca:5f:86:69:da:b6:aa:e3:06:ae:
                    f4:fc:9e:bd:c0:11:92:af:ec:9b:b7:f2:9d:7d:3f:
                    88:38:4f:0c:8d:0a:ba:85:71:68:3e:b8:61:e6:95:
                    0b:ab:f6:1c:d0:3e:ce:80:d7:08:65:d6:33:b2:1e:
                    71:44:5e:6e:c9:ab:c6:83:9b:bf:26:de:6e:86:51:
                    69:0d:78:38:6a:09:22:b5:99:ca:2b:8d:f9:7e:22:
                    9d:22:23:0d:cf:52:38:5c:22:ba:be:fc:6b:bf:84:
                    2f:83:5b:49:66:de:a8:90:7f:fe:6e:70:45:e0:ec:
                    7d:1b:8b:88:5e:53:41:d6:6c:06:04:17:2c:27:30:
                    9b:d3:16:0c:76:d8:36:e1:07:96:ce:c8:24:e6:73:
                    e7:e7:ce:42:7e:7c:14:24:da:dd:f0:b8:48:8c:f1:
                    d3:28:42:6c:af:5b:31:3a:b2:b6:f3:dd:24:50:41:
                    b8:c7:f8:0c:3b:39:8f:fc:0e:1b:98:2a:0a:0d:fd:
                    02:3b:3a:55:94:92:91:f1:fa:69:fa:3b:26:11:16:
                    98:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:0F:CC:DD:41:F0:FD:70:25:7F:83:62:97:E3:66:3E:75:74:74:46
            X509v3 Authority Key Identifier:
                keyid:25:3A:3B:5F:51:80:81:68:C2:12:C0:94:A2:BA:AF:F3:8E:16:46:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JTo7X1GAgWjCEsCUorqv844WRko.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/eA_M3UHw_XAlf4Nil-NmPnV0dEY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/97474c-1dc2-462c-aadd-9e9a1e03738e/1/JTo7X1GAgWjCEsCUorqv844WRko.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.208.8.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6b:7b:d4:4e:e3:85:5e:a1:6c:4f:cf:53:be:ec:d8:62:59:c6:
         ac:45:28:78:b5:b0:83:cd:78:3e:c1:81:9b:03:74:97:4a:b9:
         5a:59:62:2d:ff:02:c4:08:0c:aa:96:61:9f:a7:05:89:26:92:
         5f:d2:b4:65:30:39:c8:f9:d8:32:21:ce:55:d0:57:84:51:6f:
         ab:d2:89:1f:e2:d1:e3:2b:cd:7d:9a:e9:05:80:56:7e:fc:40:
         5f:33:91:42:8c:d7:48:8d:ca:c1:d1:79:a7:f9:76:b2:a2:69:
         4e:71:12:35:f7:6e:3a:a8:47:bf:62:e4:5c:16:6a:96:a3:f7:
         cd:ff:94:a3:22:1a:5c:1a:ff:c5:97:b8:c2:8f:51:b7:a9:4b:
         60:1d:35:09:c7:e4:ca:ed:dd:fe:a0:6e:e7:2f:88:c2:64:8c:
         a3:5f:d2:f8:ff:fe:4b:0e:bf:55:26:aa:0e:2d:e0:ea:37:11:
         c9:0f:c5:5d:00:91:00:b5:51:44:6c:c0:a1:97:db:eb:2a:f9:
         e8:2f:f5:e6:cc:7b:93:df:17:da:31:e0:5b:0a:ee:b9:06:7a:
         5d:6c:8f:bb:e2:95:01:e2:8b:23:75:e1:15:fe:a5:0b:16:b9:
         1b:7b:2f:0e:82:d9:31:66:5b:84:27:34:4b:bd:90:7f:e8:10:
         57:25:e4:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzF3D+rNW9EDDeDq4bjQQNmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1M2EzYjVmNTE4MDgxNjhjMjEyYzA5NGEyYmFhZmYzOGUx
NjQ2NGEwHhcNMjQwMTAxMTYyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODBmY2NkZDQxZjBmZDcwMjU3ZjgzNjI5N2UzNjYzZTc1NzQ3NDQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmPTXjLdKkLAmlK4K38sw1ydmOHCD
joUv6Sy1yntyBUtWd0Ocw9cChj10b9AyzEhL98pfhmnatqrjBq70/J69wBGSr+yb
t/KdfT+IOE8MjQq6hXFoPrhh5pULq/Yc0D7OgNcIZdYzsh5xRF5uyavGg5u/Jt5u
hlFpDXg4agkitZnKK435fiKdIiMNz1I4XCK6vvxrv4Qvg1tJZt6okH/+bnBF4Ox9
G4uIXlNB1mwGBBcsJzCb0xYMdtg24QeWzsgk5nPn585CfnwUJNrd8LhIjPHTKEJs
r1sxOrK2890kUEG4x/gMOzmP/A4bmCoKDf0COzpVlJKR8fpp+jsmERaYbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHgPzN1B8P1wJX+DYpfjZj51dHRGMB8GA1UdIwQY
MBaAFCU6O19RgIFowhLAlKK6r/OOFkZKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQt
OWU5YTFlMDM3MzhlLzEvZUFfTTNVSHdfWEFsZjROaWwtTm1QblYwZEVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS85NzQ3NGMtMWRjMi00NjJjLWFhZGQtOWU5YTFlMDM3Mzhl
LzEvSlRvN1gxR0FnV2pDRXNDVW9ycXY4NDRXUmtvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDw9AIMA0G
CSqGSIb3DQEBCwUAA4IBAQBre9RO44VeoWxPz1O+7NhiWcasRSh4tbCDzXg+wYGb
A3SXSrlaWWIt/wLECAyqlmGfpwWJJpJf0rRlMDnI+dgyIc5V0FeEUW+r0okf4tHj
K819mukFgFZ+/EBfM5FCjNdIjcrB0Xmn+XayomlOcRI19246qEe/YuRcFmqWo/fN
/5SjIhpcGv/Fl7jCj1G3qUtgHTUJx+TK7d3+oG7nL4jCZIyjX9L4//5LDr9VJqoO
LeDqNxHJD8VdAJEAtVFEbMChl9vrKvnoL/XmzHuT3xfaMeBbCu65BnpdbI+74pUB
4osjdeEV/qULFrkbey8OgtkxZluEJzRLvZB/6BBXJeSN
-----END CERTIFICATE-----