Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/d3e9bd-446b-4116-8453-d467cc6e7d8f/1/EshWBeI4IK0VVkf9m8hgKzj34xo.roa
File:                     EshWBeI4IK0VVkf9m8hgKzj34xo.roa (raw, json)
Hash identifier:          45yb6j6leyiQJS6c3HJBmf6oryhFYmgTdiQIXGPGlIw=
Subject key identifier:   12:C8:56:05:E2:38:20:AD:15:56:47:FD:9B:C8:60:2B:38:F7:E3:1A
Certificate issuer:       /CN=077a0fb99e52ae4fa1d66faad93f42e6d07886a6
Certificate serial:       01931CC4F605947E492F46BA84959A87070A
Authority key identifier: 07:7A:0F:B9:9E:52:AE:4F:A1:D6:6F:AA:D9:3F:42:E6:D0:78:86:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/B3oPuZ5Srk-h1m-q2T9C5tB4hqY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/d3e9bd-446b-4116-8453-d467cc6e7d8f/1/EshWBeI4IK0VVkf9m8hgKzj34xo.roa
Signing time:             Mon 11 Nov 2024 19:48:10 +0000
ROA not before:           Mon 11 Nov 2024 19:48:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59817
IP address blocks:        185.70.56.0/22 maxlen: 24
                          2a03:34a0::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/d3e9bd-446b-4116-8453-d467cc6e7d8f/1/B3oPuZ5Srk-h1m-q2T9C5tB4hqY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/d3e9bd-446b-4116-8453-d467cc6e7d8f/1/B3oPuZ5Srk-h1m-q2T9C5tB4hqY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/B3oPuZ5Srk-h1m-q2T9C5tB4hqY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1c:c4:f6:05:94:7e:49:2f:46:ba:84:95:9a:87:07:0a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=077a0fb99e52ae4fa1d66faad93f42e6d07886a6
        Validity
            Not Before: Nov 11 19:48:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12c85605e23820ad155647fd9bc8602b38f7e31a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:40:0d:b6:0e:32:47:9b:df:db:74:b5:7c:68:
                    7d:a7:f2:bd:f3:4f:bf:47:4e:7a:55:d2:88:bc:3c:
                    8e:5e:d6:85:fc:97:12:3d:5f:dc:99:67:3b:47:11:
                    f0:89:fa:fb:21:d8:dc:6c:02:37:9f:7f:77:f3:92:
                    3a:bf:bc:59:7a:a4:98:19:b9:f8:01:6b:0f:1a:ea:
                    b8:b0:8a:00:29:30:c0:7e:c5:5a:16:96:ed:85:d5:
                    2e:66:8b:01:60:21:23:5e:61:00:44:0a:12:7d:56:
                    ad:fc:88:e8:e0:3d:9d:16:81:7d:86:f6:b8:78:d0:
                    a7:95:9c:88:ec:17:5c:0c:7d:6d:34:e9:77:83:d1:
                    bf:07:45:82:20:6c:5d:f6:94:25:fd:91:36:b0:d9:
                    76:e7:2d:dd:7f:3b:c5:d0:69:88:10:a7:f5:8b:23:
                    e7:1a:b3:0a:ec:d9:50:c1:38:4c:b8:0b:8c:b3:4b:
                    cb:4a:98:29:a3:36:ce:a1:41:63:c0:75:64:68:f7:
                    84:c3:6b:ed:ab:b1:ad:64:da:48:e8:c5:49:a1:de:
                    39:29:40:a0:c1:6e:8a:05:34:b2:cd:79:bf:c9:a0:
                    79:ba:3b:73:fc:8c:cf:c1:42:4a:ea:a2:dd:53:db:
                    a0:82:08:87:1c:48:d3:93:31:39:fe:c5:46:5b:fb:
                    5b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:C8:56:05:E2:38:20:AD:15:56:47:FD:9B:C8:60:2B:38:F7:E3:1A
            X509v3 Authority Key Identifier:
                keyid:07:7A:0F:B9:9E:52:AE:4F:A1:D6:6F:AA:D9:3F:42:E6:D0:78:86:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/B3oPuZ5Srk-h1m-q2T9C5tB4hqY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/d3e9bd-446b-4116-8453-d467cc6e7d8f/1/EshWBeI4IK0VVkf9m8hgKzj34xo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/d3e9bd-446b-4116-8453-d467cc6e7d8f/1/B3oPuZ5Srk-h1m-q2T9C5tB4hqY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.56.0/22
                IPv6:
                  2a03:34a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         a2:29:6b:37:22:d2:3e:46:1a:c1:6c:cc:75:bd:5d:c3:e4:50:
         08:49:a6:3b:16:03:80:e9:d6:8e:03:a5:bb:4c:b0:0b:dc:0d:
         c6:b0:47:b6:29:be:b3:ab:3f:8c:5b:b6:ef:d4:83:39:ac:5e:
         e2:8a:ef:91:b0:d0:a0:dc:41:f7:3f:59:a6:fb:f5:fd:2c:b7:
         cf:ad:a2:a8:24:35:1d:f4:0b:7e:d7:b9:3f:eb:a1:84:8b:56:
         f7:94:c9:3e:ad:4a:41:ef:b2:15:84:59:8c:f3:f2:ee:00:39:
         07:8f:50:87:bb:4e:22:a2:ee:75:24:cf:fd:c4:1b:08:6f:f5:
         96:39:da:c3:5e:3c:b8:81:5d:a6:d5:97:89:66:6c:21:6d:f3:
         f5:fd:99:fc:69:bc:69:c7:b2:93:2b:74:b8:79:70:20:97:11:
         98:63:26:92:e9:34:10:ec:c4:67:e9:42:bf:e9:59:f5:80:1b:
         4b:32:5f:3c:71:41:fb:a5:08:f0:a6:72:01:9c:2a:70:d8:e2:
         6e:16:44:4f:ed:6e:29:a5:84:be:67:66:f2:12:0d:e0:26:99:
         eb:ac:6f:e4:f0:1f:58:1f:1b:ad:31:b0:5a:8e:40:7c:a1:f4:
         8b:73:1f:cf:ba:61:f7:b3:1e:12:61:d5:f8:14:bf:a5:bd:44:
         9c:f3:61:0b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZMcxPYFlH5JL0a6hJWahwcKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA3N2EwZmI5OWU1MmFlNGZhMWQ2NmZhYWQ5M2Y0MmU2ZDA3
ODg2YTYwHhcNMjQxMTExMTk0ODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmM4NTYwNWUyMzgyMGFkMTU1NjQ3ZmQ5YmM4NjAyYjM4ZjdlMzFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtUANtg4yR5vf23S1fGh9p/K980+/
R056VdKIvDyOXtaF/JcSPV/cmWc7RxHwifr7IdjcbAI3n39385I6v7xZeqSYGbn4
AWsPGuq4sIoAKTDAfsVaFpbthdUuZosBYCEjXmEARAoSfVat/Ijo4D2dFoF9hva4
eNCnlZyI7BdcDH1tNOl3g9G/B0WCIGxd9pQl/ZE2sNl25y3dfzvF0GmIEKf1iyPn
GrMK7NlQwThMuAuMs0vLSpgpozbOoUFjwHVkaPeEw2vtq7GtZNpI6MVJod45KUCg
wW6KBTSyzXm/yaB5ujtz/IzPwUJK6qLdU9ugggiHHEjTkzE5/sVGW/tb8wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBLIVgXiOCCtFVZH/ZvIYCs49+MaMB8GA1UdIwQY
MBaAFAd6D7meUq5PodZvqtk/QubQeIamMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQjNvUHVaNVNyay1oMW0tcTJUOUM1dEI0aHFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi9kM2U5YmQtNDQ2Yi00MTE2LTg0NTMt
ZDQ2N2NjNmU3ZDhmLzEvRXNoV0JlSTRJSzBWVmtmOW04aGdLemozNHhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi9kM2U5YmQtNDQ2Yi00MTE2LTg0NTMtZDQ2N2NjNmU3ZDhm
LzEvQjNvUHVaNVNyay1oMW0tcTJUOUM1dEI0aHFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuUY4MA0E
AgACMAcDBQAqAzSgMA0GCSqGSIb3DQEBCwUAA4IBAQCiKWs3ItI+RhrBbMx1vV3D
5FAISaY7FgOA6daOA6W7TLAL3A3GsEe2Kb6zqz+MW7bv1IM5rF7iiu+RsNCg3EH3
P1mm+/X9LLfPraKoJDUd9At+17k/66GEi1b3lMk+rUpB77IVhFmM8/LuADkHj1CH
u04iou51JM/9xBsIb/WWOdrDXjy4gV2m1ZeJZmwhbfP1/Zn8abxpx7KTK3S4eXAg
lxGYYyaS6TQQ7MRn6UK/6Vn1gBtLMl88cUH7pQjwpnIBnCpw2OJuFkRP7W4ppYS+
Z2byEg3gJpnrrG/k8B9YHxutMbBajkB8ofSLcx/PumH3sx4SYdX4FL+lvUSc82EL
-----END CERTIFICATE-----