Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/af/45d284-a373-4552-bc8a-743112b0e771/1/Eq7v5DCBHsL5Wnq-Q9FlnlBqUTA.roa
File:                     Eq7v5DCBHsL5Wnq-Q9FlnlBqUTA.roa (raw, json)
Hash identifier:          xR7dR4CPrXlYzAVJyX1oZUTKlN6eEUe65aSB5WR5c80=
Subject key identifier:   12:AE:EF:E4:30:81:1E:C2:F9:5A:7A:BE:43:D1:65:9E:50:6A:51:30
Certificate issuer:       /CN=50bb158d29e37500d5c3a25dada149b2a503f6a5
Certificate serial:       018EC707ACAB21AA5211029B4A2B225E7178
Authority key identifier: 50:BB:15:8D:29:E3:75:00:D5:C3:A2:5D:AD:A1:49:B2:A5:03:F6:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ULsVjSnjdQDVw6JdraFJsqUD9qU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/af/45d284-a373-4552-bc8a-743112b0e771/1/Eq7v5DCBHsL5Wnq-Q9FlnlBqUTA.roa
Signing time:             Wed 10 Apr 2024 08:02:32 +0000
ROA not before:           Wed 10 Apr 2024 08:02:32 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     202630
IP address blocks:        185.121.88.0/24 maxlen: 24
                          185.121.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/af/45d284-a373-4552-bc8a-743112b0e771/1/ULsVjSnjdQDVw6JdraFJsqUD9qU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/af/45d284-a373-4552-bc8a-743112b0e771/1/ULsVjSnjdQDVw6JdraFJsqUD9qU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ULsVjSnjdQDVw6JdraFJsqUD9qU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 09 Jun 2024 05:01:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c7:07:ac:ab:21:aa:52:11:02:9b:4a:2b:22:5e:71:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=50bb158d29e37500d5c3a25dada149b2a503f6a5
        Validity
            Not Before: Apr 10 08:02:32 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12aeefe430811ec2f95a7abe43d1659e506a5130
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:49:3f:d9:7f:7b:3b:36:f6:4d:8f:9a:a2:be:
                    9f:64:3b:54:32:0b:ed:ee:9d:f9:59:27:a4:ce:e0:
                    57:39:22:f1:d6:57:cf:29:0b:b3:d7:3f:78:ab:20:
                    2c:0d:11:8b:9b:b6:4a:a9:7c:26:b6:e0:ad:bc:41:
                    b2:01:c8:f7:e7:d3:83:16:cf:03:63:01:0f:08:a3:
                    f1:83:23:8f:c3:88:6a:07:79:70:c6:c0:0b:db:3c:
                    c8:e7:7f:dc:e7:a2:cb:c9:13:a7:78:78:f5:5c:93:
                    4a:c1:bd:c3:7b:9d:33:44:9c:d4:b2:41:a9:7a:72:
                    e8:ed:65:a0:f8:32:c2:39:57:ec:af:1b:14:70:2d:
                    88:5d:89:11:8f:c7:f1:a9:22:d6:9b:88:76:f1:26:
                    4e:dd:8b:ba:de:c4:0b:f0:62:28:fe:00:63:35:91:
                    22:02:db:30:da:f5:4a:d1:f5:60:8c:3e:64:d8:05:
                    85:5a:80:45:09:81:7f:13:8d:98:86:50:2e:78:6b:
                    d5:d5:50:4a:8c:e3:3b:43:ef:7f:10:97:61:e6:aa:
                    03:4a:d0:bb:90:1e:90:71:25:f4:74:1c:24:1d:d6:
                    e6:a0:ce:5b:45:37:33:5b:bf:68:48:10:59:d3:7c:
                    64:a7:58:91:00:c8:34:29:64:68:24:00:23:3f:6f:
                    f7:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:AE:EF:E4:30:81:1E:C2:F9:5A:7A:BE:43:D1:65:9E:50:6A:51:30
            X509v3 Authority Key Identifier:
                keyid:50:BB:15:8D:29:E3:75:00:D5:C3:A2:5D:AD:A1:49:B2:A5:03:F6:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ULsVjSnjdQDVw6JdraFJsqUD9qU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/af/45d284-a373-4552-bc8a-743112b0e771/1/Eq7v5DCBHsL5Wnq-Q9FlnlBqUTA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/af/45d284-a373-4552-bc8a-743112b0e771/1/ULsVjSnjdQDVw6JdraFJsqUD9qU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         82:ae:ee:4d:9a:b0:ac:31:39:f0:5b:ff:d0:2a:a8:8d:3c:8b:
         07:19:86:84:ae:5c:9c:a0:c9:e3:cf:7f:45:2b:6c:6b:bb:ae:
         09:a7:24:33:37:45:d8:7a:0e:db:31:80:e4:10:30:3d:04:85:
         d6:d3:e5:89:6a:97:04:c3:fe:5f:61:43:98:7c:38:c4:a5:01:
         e9:b1:af:17:3a:07:bc:60:7d:d1:6b:2e:20:ca:f5:df:50:04:
         a2:7d:19:59:f9:ab:af:58:7b:80:ec:64:f5:19:4e:38:ae:8e:
         f6:f9:c0:af:1d:79:4e:54:19:5d:3f:73:0d:cb:62:2b:9d:02:
         c5:9e:a4:f3:d9:6a:e4:e8:27:f8:99:52:32:dc:c7:a4:06:03:
         14:e0:63:fb:b2:72:aa:2e:61:35:08:e6:c1:2f:6e:ed:86:86:
         ab:79:6e:43:67:63:6a:18:8c:7d:85:31:42:da:ca:b3:07:02:
         95:5a:f5:79:d9:21:e4:f0:cf:a3:2e:10:66:7f:79:18:e7:26:
         c3:56:1c:1b:8f:38:8b:02:6f:78:b2:7b:9a:46:b6:42:41:57:
         1d:5b:65:ec:20:47:69:6c:b6:34:1a:82:61:23:d9:74:3f:a0:
         06:c8:b3:b3:48:67:14:8e:c7:56:15:46:a0:1d:da:71:fc:e1:
         97:84:80:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7HB6yrIapSEQKbSisiXnF4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUwYmIxNThkMjllMzc1MDBkNWMzYTI1ZGFkYTE0OWIyYTUw
M2Y2YTUwHhcNMjQwNDEwMDgwMjMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmFlZWZlNDMwODExZWMyZjk1YTdhYmU0M2QxNjU5ZTUwNmE1MTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1kk/2X97Ozb2TY+aor6fZDtUMgvt
7p35WSekzuBXOSLx1lfPKQuz1z94qyAsDRGLm7ZKqXwmtuCtvEGyAcj359ODFs8D
YwEPCKPxgyOPw4hqB3lwxsAL2zzI53/c56LLyROneHj1XJNKwb3De50zRJzUskGp
enLo7WWg+DLCOVfsrxsUcC2IXYkRj8fxqSLWm4h28SZO3Yu63sQL8GIo/gBjNZEi
Atsw2vVK0fVgjD5k2AWFWoBFCYF/E42YhlAueGvV1VBKjOM7Q+9/EJdh5qoDStC7
kB6QcSX0dBwkHdbmoM5bRTczW79oSBBZ03xkp1iRAMg0KWRoJAAjP2/3NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBKu7+QwgR7C+Vp6vkPRZZ5QalEwMB8GA1UdIwQY
MBaAFFC7FY0p43UA1cOiXa2hSbKlA/alMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVUxzVmpTbmpkUURWdzZKZHJhRkpzcVVEOXFVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZi80NWQyODQtYTM3My00NTUyLWJjOGEt
NzQzMTEyYjBlNzcxLzEvRXE3djVEQ0JIc0w1V25xLVE5RmxubEJxVVRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZi80NWQyODQtYTM3My00NTUyLWJjOGEtNzQzMTEyYjBlNzcx
LzEvVUxzVmpTbmpkUURWdzZKZHJhRkpzcVVEOXFVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuXlYMA0G
CSqGSIb3DQEBCwUAA4IBAQCCru5NmrCsMTnwW//QKqiNPIsHGYaErlycoMnjz39F
K2xru64JpyQzN0XYeg7bMYDkEDA9BIXW0+WJapcEw/5fYUOYfDjEpQHpsa8XOge8
YH3Ray4gyvXfUASifRlZ+auvWHuA7GT1GU44ro72+cCvHXlOVBldP3MNy2IrnQLF
nqTz2Wrk6Cf4mVIy3MekBgMU4GP7snKqLmE1CObBL27thoareW5DZ2NqGIx9hTFC
2sqzBwKVWvV52SHk8M+jLhBmf3kY5ybDVhwbjziLAm94snuaRrZCQVcdW2XsIEdp
bLY0GoJhI9l0P6AGyLOzSGcUjsdWFUagHdpx/OGXhIB2
-----END CERTIFICATE-----