Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/EnkUpKrN79gl4l8kn3MzKuW5R5E.roa
File:                     EnkUpKrN79gl4l8kn3MzKuW5R5E.roa (raw, json)
Hash identifier:          rgYfyBDjI2oBr/0jQbkr4epb/lAql6S3UKir52D0Iv0=
Subject key identifier:   12:79:14:A4:AA:CD:EF:D8:25:E2:5F:24:9F:73:33:2A:E5:B9:47:91
Certificate issuer:       /CN=dcef58d4cfa35543f8488a2756e6924e647b4589
Certificate serial:       018EBA648759DAF4F0DA01F497E7EE1206B6
Authority key identifier: DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/EnkUpKrN79gl4l8kn3MzKuW5R5E.roa
Signing time:             Sun 07 Apr 2024 21:08:54 +0000
ROA not before:           Sun 07 Apr 2024 21:08:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213323
IP address blocks:        89.42.132.0/24 maxlen: 24
                          89.42.135.0/24 maxlen: 24
                          185.248.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:ba:64:87:59:da:f4:f0:da:01:f4:97:e7:ee:12:06:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcef58d4cfa35543f8488a2756e6924e647b4589
        Validity
            Not Before: Apr  7 21:08:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=127914a4aacdefd825e25f249f73332ae5b94791
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:80:67:28:b7:d5:62:2a:78:0b:21:f9:43:f0:
                    82:4e:2c:53:8b:42:09:86:dc:ec:21:3d:de:8c:76:
                    5e:62:f9:57:c3:7a:bb:00:81:9a:60:0b:1b:d4:64:
                    29:8d:8a:0f:1b:a3:07:28:60:24:2c:20:cf:15:0f:
                    10:8a:5b:af:65:c9:b2:8c:ab:87:22:ce:c2:90:ef:
                    67:76:0a:d6:01:19:cb:2e:1f:e4:74:39:e8:47:7a:
                    24:d6:01:65:bb:a9:8a:f6:f4:ed:55:71:0f:cb:85:
                    ec:df:71:2d:8d:f7:a8:33:47:19:d4:86:cb:0c:1d:
                    f6:c6:87:e6:75:64:ae:21:01:2a:d1:ce:66:48:66:
                    64:52:5b:03:42:9f:2e:bc:c2:8d:9b:be:57:c5:43:
                    40:30:a6:7a:22:cd:a6:05:4a:6f:67:fb:7e:bc:32:
                    14:3a:f5:71:bb:5d:07:3e:82:06:46:97:e3:4e:72:
                    2b:0d:72:6e:bc:74:0a:4a:60:bb:b5:2b:f2:e8:d1:
                    56:50:e5:5c:58:4a:5d:2f:19:a3:2a:1c:1d:60:82:
                    2c:5a:d1:91:50:5a:90:dc:b7:c5:bd:83:a2:a0:aa:
                    bf:5a:bc:c7:cb:fd:be:3d:85:05:3b:60:e0:2a:b7:
                    91:21:28:6b:de:2c:b0:77:c1:90:ed:cc:c1:ed:62:
                    51:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:79:14:A4:AA:CD:EF:D8:25:E2:5F:24:9F:73:33:2A:E5:B9:47:91
            X509v3 Authority Key Identifier:
                keyid:DC:EF:58:D4:CF:A3:55:43:F8:48:8A:27:56:E6:92:4E:64:7B:45:89

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3O9Y1M-jVUP4SIonVuaSTmR7RYk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/EnkUpKrN79gl4l8kn3MzKuW5R5E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/ea4455-7836-44c4-b2a3-2ece04e185c2/1/3O9Y1M-jVUP4SIonVuaSTmR7RYk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.132.0/24
                  89.42.135.0/24
                  185.248.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:09:46:0e:db:3a:cc:69:81:c5:b0:56:4b:3b:a2:b2:bc:53:
         1c:60:a9:9c:2b:a1:f6:7c:a9:4d:51:0d:0a:76:5f:1d:70:8d:
         ea:e0:fa:14:23:3e:80:5c:b1:1b:cf:9f:d6:84:3b:29:e0:33:
         55:ba:f4:21:fa:35:61:85:5d:53:84:37:df:8c:fb:c2:12:cf:
         0d:80:c4:4c:f8:ec:e2:f0:3c:2e:86:60:45:36:4c:1a:75:b7:
         e3:40:eb:12:0a:64:8a:ee:fb:e7:7d:86:8b:d5:d8:bf:7d:5a:
         25:dd:b3:79:15:e7:db:ab:ce:d8:8b:f5:1c:98:0e:cf:e3:94:
         b1:04:ce:4e:1d:1b:4f:62:68:44:b1:22:27:0b:07:b0:26:3d:
         99:ed:98:53:c3:bd:f0:5f:c8:4d:e3:36:a3:15:2b:2b:25:c1:
         a1:94:12:fc:b6:78:3f:36:46:7a:c8:0f:6c:e0:09:01:a7:b5:
         a7:53:3c:ff:1d:1a:5a:87:cf:a9:d4:9c:d2:04:e9:93:58:07:
         f6:96:b6:7b:6e:45:eb:a4:07:f2:22:52:10:06:53:c2:a4:aa:
         fe:1d:c3:c6:c5:f7:cf:f9:87:bb:e7:89:e8:1e:51:a7:99:00:
         27:52:8b:ca:17:b7:91:32:70:2e:3b:ed:99:2d:2c:8c:9e:47:
         f7:f6:e2:26
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY66ZIdZ2vTw2gH0l+fuEga2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWY1OGQ0Y2ZhMzU1NDNmODQ4OGEyNzU2ZTY5MjRlNjQ3
YjQ1ODkwHhcNMjQwNDA3MjEwODU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjc5MTRhNGFhY2RlZmQ4MjVlMjVmMjQ5ZjczMzMyYWU1Yjk0NzkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjYBnKLfVYip4CyH5Q/CCTixTi0IJ
htzsIT3ejHZeYvlXw3q7AIGaYAsb1GQpjYoPG6MHKGAkLCDPFQ8QiluvZcmyjKuH
Is7CkO9ndgrWARnLLh/kdDnoR3ok1gFlu6mK9vTtVXEPy4Xs33EtjfeoM0cZ1IbL
DB32xofmdWSuIQEq0c5mSGZkUlsDQp8uvMKNm75XxUNAMKZ6Is2mBUpvZ/t+vDIU
OvVxu10HPoIGRpfjTnIrDXJuvHQKSmC7tSvy6NFWUOVcWEpdLxmjKhwdYIIsWtGR
UFqQ3LfFvYOioKq/WrzHy/2+PYUFO2DgKreRIShr3iywd8GQ7czB7WJRZQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBJ5FKSqze/YJeJfJJ9zMyrluUeRMB8GA1UdIwQY
MBaAFNzvWNTPo1VD+EiKJ1bmkk5ke0WJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMt
MmVjZTA0ZTE4NWMyLzEvRW5rVXBLck43OWdsNGw4a24zTXpLdVc1UjVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS9lYTQ0NTUtNzgzNi00NGM0LWIyYTMtMmVjZTA0ZTE4NWMy
LzEvM085WTFNLWpWVVA0U0lvblZ1YVNUbVI3UllrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSqEAwQA
WSqHAwQAufiKMA0GCSqGSIb3DQEBCwUAA4IBAQCPCUYO2zrMaYHFsFZLO6KyvFMc
YKmcK6H2fKlNUQ0Kdl8dcI3q4PoUIz6AXLEbz5/WhDsp4DNVuvQh+jVhhV1ThDff
jPvCEs8NgMRM+Ozi8DwuhmBFNkwadbfjQOsSCmSK7vvnfYaL1di/fVol3bN5Fefb
q87Yi/UcmA7P45SxBM5OHRtPYmhEsSInCwewJj2Z7ZhTw73wX8hN4zajFSsrJcGh
lBL8tng/NkZ6yA9s4AkBp7WnUzz/HRpah8+p1JzSBOmTWAf2lrZ7bkXrpAfyIlIQ
BlPCpKr+HcPGxffP+Ye754noHlGnmQAnUovKF7eRMnAuO+2ZLSyMnkf39uIm
-----END CERTIFICATE-----