Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/eemHFeAzxqgE156Kc25OsoclIek.roa
File:                     eemHFeAzxqgE156Kc25OsoclIek.roa (raw, json)
Hash identifier:          XM2eDuy4pEZe/vFQTnWc2ybeGlyVD5kraC6+lXGBoYg=
Subject key identifier:   79:E9:87:15:E0:33:C6:A8:04:D7:9E:8A:73:6E:4E:B2:87:25:21:E9
Certificate issuer:       /CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
Certificate serial:       018CC56E912047F157FB87388FE51FE2479B
Authority key identifier: 1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/eemHFeAzxqgE156Kc25OsoclIek.roa
Signing time:             Mon 01 Jan 2024 14:30:06 +0000
ROA not before:           Mon 01 Jan 2024 14:30:06 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200946
IP address blocks:        84.207.232.0/24 maxlen: 24
                          84.207.246.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:91:20:47:f1:57:fb:87:38:8f:e5:1f:e2:47:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1fe90fde9784a91d93a7a2af59d4d043f1171fba
        Validity
            Not Before: Jan  1 14:30:06 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=79e98715e033c6a804d79e8a736e4eb2872521e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:f5:ef:c1:ad:8b:72:4b:27:2d:a0:a9:a3:77:
                    5f:f3:ab:45:a6:f9:ce:c5:c0:3f:9a:fa:9b:71:5a:
                    94:8d:86:a4:8e:e1:fb:0d:7b:7e:87:14:8c:f9:e8:
                    44:c9:dd:1c:96:22:ca:6b:a0:3e:07:29:cc:e1:77:
                    bc:93:ac:a6:6d:06:d5:ae:f9:e6:68:81:a1:a9:ae:
                    cd:20:7e:bb:d8:e7:df:e2:10:03:49:35:a3:be:2b:
                    d8:b5:5d:b3:72:ce:a2:aa:17:fd:e8:e0:b7:86:17:
                    16:d8:87:a5:b3:01:a1:28:01:a3:39:98:89:f1:84:
                    6c:9d:74:dc:ce:fe:4e:53:90:1a:cb:13:d2:eb:af:
                    38:77:00:a2:4d:8c:13:b7:7c:3b:30:b7:9e:6a:de:
                    c4:0c:4c:e6:92:89:21:93:54:2c:f2:22:75:4b:d7:
                    cc:ec:a9:af:dd:87:dc:c5:a7:74:5f:02:b5:bf:79:
                    40:43:bf:f8:57:91:22:71:a8:e6:f4:f3:57:fe:78:
                    c8:ae:da:a4:5f:60:79:21:c1:a3:7d:9f:f3:f4:93:
                    3e:fc:a7:ba:4b:60:42:db:56:b5:2a:3e:a6:cf:93:
                    09:54:fa:cc:61:8a:33:44:4a:22:a5:69:ff:30:97:
                    2e:a9:36:14:fc:3c:b6:a3:26:10:21:22:d9:3a:71:
                    90:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:E9:87:15:E0:33:C6:A8:04:D7:9E:8A:73:6E:4E:B2:87:25:21:E9
            X509v3 Authority Key Identifier:
                keyid:1F:E9:0F:DE:97:84:A9:1D:93:A7:A2:AF:59:D4:D0:43:F1:17:1F:BA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/eemHFeAzxqgE156Kc25OsoclIek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/a945f7-53b3-4db5-ae04-23772e7f92e3/1/H-kP3peEqR2Tp6KvWdTQQ_EXH7o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.207.232.0/24
                  84.207.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2c:59:be:62:f4:3f:45:9c:17:51:b9:fa:60:aa:7b:c3:34:c9:
         63:e8:a3:cb:73:b0:1f:de:06:a8:d5:b5:44:3b:5d:de:4d:35:
         6f:6a:b2:d3:9c:b5:57:d6:82:f3:4a:88:bf:b1:94:9a:8e:69:
         d7:cb:07:a2:34:9e:9a:9a:54:6a:95:61:a4:18:3c:c0:cd:2c:
         8b:b8:60:a4:8e:34:3d:5f:43:3b:c1:ed:fe:75:68:97:71:90:
         92:0c:8f:4c:d2:d6:88:f8:ab:f0:be:9b:7b:d2:d9:46:b4:c2:
         44:fa:19:d9:02:c8:f5:af:1a:ae:f0:5d:b3:21:29:d9:ab:6b:
         50:7a:cc:d9:a0:14:11:89:37:4b:55:5f:7a:0b:4b:db:8b:a3:
         06:41:98:34:8e:ee:e0:c2:e3:68:b9:96:a6:34:a6:bf:4d:b2:
         27:6d:79:6f:8f:42:9b:e9:c3:bb:cc:53:16:90:27:17:61:d4:
         ce:48:0d:84:7e:aa:58:1a:15:4d:08:db:e4:dd:66:84:c4:de:
         3c:12:ff:0d:19:36:23:1f:24:67:1b:b2:2f:8b:7d:2e:f6:f0:
         32:e3:2d:d8:f7:77:ed:cb:96:97:0a:42:b1:06:bd:fd:06:6e:
         3d:a4:71:67:71:9c:4f:9f:2c:a9:28:64:e2:f3:e2:4e:16:bb:
         a2:a7:52:2e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFbpEgR/FX+4c4j+Uf4kebMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZTkwZmRlOTc4NGE5MWQ5M2E3YTJhZjU5ZDRkMDQzZjEx
NzFmYmEwHhcNMjQwMTAxMTQzMDA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWU5ODcxNWUwMzNjNmE4MDRkNzllOGE3MzZlNGViMjg3MjUyMWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/Xvwa2LcksnLaCpo3df86tFpvnO
xcA/mvqbcVqUjYakjuH7DXt+hxSM+ehEyd0cliLKa6A+BynM4Xe8k6ymbQbVrvnm
aIGhqa7NIH672Off4hADSTWjvivYtV2zcs6iqhf96OC3hhcW2IelswGhKAGjOZiJ
8YRsnXTczv5OU5AayxPS6684dwCiTYwTt3w7MLeeat7EDEzmkokhk1Qs8iJ1S9fM
7Kmv3Yfcxad0XwK1v3lAQ7/4V5Eicajm9PNX/njIrtqkX2B5IcGjfZ/z9JM+/Ke6
S2BC21a1Kj6mz5MJVPrMYYozREoipWn/MJcuqTYU/Dy2oyYQISLZOnGQ7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHnphxXgM8aoBNeeinNuTrKHJSHpMB8GA1UdIwQY
MBaAFB/pD96XhKkdk6eir1nU0EPxFx+6MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQt
MjM3NzJlN2Y5MmUzLzEvZWVtSEZlQXp4cWdFMTU2S2MyNU9zb2NsSWVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi9hOTQ1ZjctNTNiMy00ZGI1LWFlMDQtMjM3NzJlN2Y5MmUz
LzEvSC1rUDNwZUVxUjJUcDZLdldkVFFRX0VYSDdvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAVM/oAwQA
VM/2MA0GCSqGSIb3DQEBCwUAA4IBAQAsWb5i9D9FnBdRufpgqnvDNMlj6KPLc7Af
3gao1bVEO13eTTVvarLTnLVX1oLzSoi/sZSajmnXyweiNJ6amlRqlWGkGDzAzSyL
uGCkjjQ9X0M7we3+dWiXcZCSDI9M0taI+Kvwvpt70tlGtMJE+hnZAsj1rxqu8F2z
ISnZq2tQeszZoBQRiTdLVV96C0vbi6MGQZg0ju7gwuNouZamNKa/TbInbXlvj0Kb
6cO7zFMWkCcXYdTOSA2EfqpYGhVNCNvk3WaExN48Ev8NGTYjHyRnG7Ivi30u9vAy
4y3Y93fty5aXCkKxBr39Bm49pHFncZxPnyypKGTi8+JOFruip1Iu
-----END CERTIFICATE-----