Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/6c4532-07d8-4db3-9b55-fee1d02f1303/1/EOL9yLRfvUjRcTNIWa63z5nJR1s.roa
File:                     EOL9yLRfvUjRcTNIWa63z5nJR1s.roa (raw, json)
Hash identifier:          6yVa6KiIXweZp0BoV/GdwUlL1geB3F0jqHYP2WiAg+w=
Subject key identifier:   10:E2:FD:C8:B4:5F:BD:48:D1:71:33:48:59:AE:B7:CF:99:C9:47:5B
Certificate issuer:       /CN=8252c4c372327fdc2c17b495b85891a76de42510
Certificate serial:       018F14AD7A76B4E00E4D54BC9858241F7C37
Authority key identifier: 82:52:C4:C3:72:32:7F:DC:2C:17:B4:95:B8:58:91:A7:6D:E4:25:10
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/glLEw3Iyf9wsF7SVuFiRp23kJRA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/6c4532-07d8-4db3-9b55-fee1d02f1303/1/EOL9yLRfvUjRcTNIWa63z5nJR1s.roa
Signing time:             Thu 25 Apr 2024 09:54:24 +0000
ROA not before:           Thu 25 Apr 2024 09:54:24 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39637
IP address blocks:        193.203.225.0/24 maxlen: 24
                          193.203.226.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/6c4532-07d8-4db3-9b55-fee1d02f1303/1/glLEw3Iyf9wsF7SVuFiRp23kJRA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/6c4532-07d8-4db3-9b55-fee1d02f1303/1/glLEw3Iyf9wsF7SVuFiRp23kJRA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/glLEw3Iyf9wsF7SVuFiRp23kJRA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Sep 2024 22:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:14:ad:7a:76:b4:e0:0e:4d:54:bc:98:58:24:1f:7c:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8252c4c372327fdc2c17b495b85891a76de42510
        Validity
            Not Before: Apr 25 09:54:24 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10e2fdc8b45fbd48d171334859aeb7cf99c9475b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:07:d4:cc:2f:9d:88:11:ef:04:a6:e2:b0:e9:
                    19:5a:87:0a:61:09:30:c8:f9:c8:60:b7:a5:c7:13:
                    21:d2:9e:27:b0:e6:c9:2f:e9:38:ca:a5:b6:58:15:
                    4c:5f:99:9c:e8:98:0b:cd:8f:f7:f1:f3:53:bd:eb:
                    8a:0e:52:ba:d9:e5:39:6d:51:d0:bc:28:ae:91:11:
                    1d:81:8a:bb:3a:3c:78:8c:c2:df:13:f5:bb:36:c4:
                    6e:49:d9:ff:6c:88:e0:cd:a3:c9:8e:b9:50:54:05:
                    7d:b8:a1:e5:bd:fd:ed:53:0d:13:c3:ff:b3:b4:4e:
                    4c:b3:29:60:71:14:80:15:24:da:cf:f9:85:06:c8:
                    44:cd:f7:e5:b7:72:dd:83:7a:9d:b9:4d:18:a6:3b:
                    a6:58:1a:db:fb:ad:03:19:bd:81:00:bf:3f:b4:ba:
                    91:16:40:3c:76:09:01:6c:8d:43:0b:49:e2:42:2a:
                    a1:86:8f:d8:b2:5d:db:d8:93:e4:00:15:09:6f:e8:
                    e2:69:5a:89:f0:22:f7:75:da:06:14:c7:c8:78:c4:
                    93:84:28:f9:b4:4c:d0:54:10:e7:b1:1c:9c:71:a3:
                    a8:d3:ec:11:60:56:31:f0:17:94:f9:fa:05:93:42:
                    e1:0e:56:13:af:9c:f8:3d:84:ec:24:2c:c9:5b:ff:
                    cd:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:E2:FD:C8:B4:5F:BD:48:D1:71:33:48:59:AE:B7:CF:99:C9:47:5B
            X509v3 Authority Key Identifier:
                keyid:82:52:C4:C3:72:32:7F:DC:2C:17:B4:95:B8:58:91:A7:6D:E4:25:10

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/glLEw3Iyf9wsF7SVuFiRp23kJRA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/6c4532-07d8-4db3-9b55-fee1d02f1303/1/EOL9yLRfvUjRcTNIWa63z5nJR1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/6c4532-07d8-4db3-9b55-fee1d02f1303/1/glLEw3Iyf9wsF7SVuFiRp23kJRA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.203.225.0-193.203.226.255

    Signature Algorithm: sha256WithRSAEncryption
         a5:1a:9e:80:5b:ff:6c:18:df:d2:7e:ce:c3:9a:33:0c:eb:80:
         ac:3e:e2:60:4c:2a:c3:83:b1:d3:a9:20:8d:81:35:43:3e:95:
         88:59:30:7f:61:ad:4f:91:cd:29:60:09:57:4f:1d:6d:a6:87:
         10:e0:13:0f:3f:0b:9f:45:35:18:84:ff:fe:d0:11:cf:59:51:
         79:84:73:81:2f:55:36:52:9e:7e:a4:98:2d:71:d0:c5:94:28:
         d0:24:8e:9f:35:c2:f6:52:ed:e2:ab:7f:62:27:b6:77:91:61:
         fc:78:af:28:a9:94:42:eb:ea:a8:30:99:d2:45:2b:cd:5a:85:
         fb:8f:7c:c4:10:2f:3f:f5:24:e2:4f:1f:6a:1f:96:46:90:b5:
         ee:75:33:f1:2f:67:1e:2f:43:e2:15:19:89:28:cc:21:05:36:
         a2:f1:73:d8:ea:75:06:18:8d:2f:42:5b:fa:33:2d:e7:e4:84:
         db:57:2d:fc:47:74:3d:a6:d0:48:9d:85:c9:a0:ff:43:83:43:
         88:50:2f:e0:06:2f:a6:52:f7:3c:af:12:1e:8f:f3:63:d5:25:
         4b:98:ea:0a:f9:85:b3:da:98:fc:42:89:3d:f2:5f:38:2e:e3:
         c1:a1:cb:7a:9a:50:e2:1e:5e:26:cf:39:75:44:31:56:f1:ce:
         d9:a9:b7:eb
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY8UrXp2tOAOTVS8mFgkH3w3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNTJjNGMzNzIzMjdmZGMyYzE3YjQ5NWI4NTg5MWE3NmRl
NDI1MTAwHhcNMjQwNDI1MDk1NDI0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGUyZmRjOGI0NWZiZDQ4ZDE3MTMzNDg1OWFlYjdjZjk5Yzk0NzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnQfUzC+diBHvBKbisOkZWocKYQkw
yPnIYLelxxMh0p4nsObJL+k4yqW2WBVMX5mc6JgLzY/38fNTveuKDlK62eU5bVHQ
vCiukREdgYq7Ojx4jMLfE/W7NsRuSdn/bIjgzaPJjrlQVAV9uKHlvf3tUw0Tw/+z
tE5MsylgcRSAFSTaz/mFBshEzfflt3Ldg3qduU0YpjumWBrb+60DGb2BAL8/tLqR
FkA8dgkBbI1DC0niQiqhho/Ysl3b2JPkABUJb+jiaVqJ8CL3ddoGFMfIeMSThCj5
tEzQVBDnsRyccaOo0+wRYFYx8BeU+foFk0LhDlYTr5z4PYTsJCzJW//NZQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBDi/ci0X71I0XEzSFmut8+ZyUdbMB8GA1UdIwQY
MBaAFIJSxMNyMn/cLBe0lbhYkadt5CUQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2xMRXczSXlmOXdzRjdTVnVGaVJwMjNrSlJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy82YzQ1MzItMDdkOC00ZGIzLTliNTUt
ZmVlMWQwMmYxMzAzLzEvRU9MOXlMUmZ2VWpSY1ROSVdhNjN6NW5KUjFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy82YzQ1MzItMDdkOC00ZGIzLTliNTUtZmVlMWQwMmYxMzAz
LzEvZ2xMRXczSXlmOXdzRjdTVnVGaVJwMjNrSlJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADBy+ED
BADBy+IwDQYJKoZIhvcNAQELBQADggEBAKUanoBb/2wY39J+zsOaMwzrgKw+4mBM
KsODsdOpII2BNUM+lYhZMH9hrU+RzSlgCVdPHW2mhxDgEw8/C59FNRiE//7QEc9Z
UXmEc4EvVTZSnn6kmC1x0MWUKNAkjp81wvZS7eKrf2IntneRYfx4ryiplELr6qgw
mdJFK81ahfuPfMQQLz/1JOJPH2oflkaQte51M/EvZx4vQ+IVGYkozCEFNqLxc9jq
dQYYjS9CW/ozLefkhNtXLfxHdD2m0Eidhcmg/0ODQ4hQL+AGL6ZS9zyvEh6P82PV
JUuY6gr5hbPamPxCiT3yXzgu48Ghy3qaUOIeXibPOXVEMVbxztmpt+s=
-----END CERTIFICATE-----