Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b0/0b2143-96e9-43d3-878d-3668f0008648/1/gRS9kIKLCFuPc0CSiWD_9AILlHY.roa
File:                     gRS9kIKLCFuPc0CSiWD_9AILlHY.roa (raw, json)
Hash identifier:          a5WrZVa23SUwlg8I3BLWwD8Xb0+kRE7lT4dSv1rU74k=
Subject key identifier:   81:14:BD:90:82:8B:08:5B:8F:73:40:92:89:60:FF:F4:02:0B:94:76
Certificate issuer:       /CN=eb7f8ce2158c3df950539171d9ec52dfd51563e4
Certificate serial:       018FE325AAB1E83EC24317D96C87BF5E7692
Authority key identifier: EB:7F:8C:E2:15:8C:3D:F9:50:53:91:71:D9:EC:52:DF:D5:15:63:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/63-M4hWMPflQU5Fx2exS39UVY-Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b0/0b2143-96e9-43d3-878d-3668f0008648/1/gRS9kIKLCFuPc0CSiWD_9AILlHY.roa
Signing time:             Tue 04 Jun 2024 12:07:27 +0000
ROA not before:           Tue 04 Jun 2024 12:07:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215399
IP address blocks:        194.62.45.0/24 maxlen: 24
                          2001:67c:e18::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b0/0b2143-96e9-43d3-878d-3668f0008648/1/63-M4hWMPflQU5Fx2exS39UVY-Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b0/0b2143-96e9-43d3-878d-3668f0008648/1/63-M4hWMPflQU5Fx2exS39UVY-Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/63-M4hWMPflQU5Fx2exS39UVY-Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 06:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:e3:25:aa:b1:e8:3e:c2:43:17:d9:6c:87:bf:5e:76:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb7f8ce2158c3df950539171d9ec52dfd51563e4
        Validity
            Not Before: Jun  4 12:07:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=8114bd90828b085b8f7340928960fff4020b9476
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:07:8b:ad:be:d9:35:54:92:b0:9f:5f:b2:89:
                    88:6b:1b:a3:cd:86:c9:3e:37:80:b7:54:6d:c5:d5:
                    cb:28:99:8b:61:2b:45:fb:59:f9:3b:5c:61:26:37:
                    19:0a:02:5c:69:ff:0b:17:80:d3:26:0b:4c:f9:ae:
                    fd:b5:33:b0:fb:05:0d:2b:4b:b9:24:73:45:12:e0:
                    c2:c0:0f:01:df:96:b5:ca:43:84:0f:8b:35:10:0f:
                    bc:ce:cf:72:00:1d:dd:ed:96:36:21:34:a6:65:92:
                    d6:39:a9:63:66:53:e9:88:6e:08:78:c9:a5:43:8f:
                    86:60:54:72:72:07:14:0e:59:17:56:86:0b:03:7f:
                    2f:80:6d:fa:79:b8:04:c2:c4:33:b1:44:89:20:a0:
                    56:dd:f1:88:7b:93:f8:24:8e:9b:52:45:13:58:ac:
                    03:d3:8b:70:95:92:4a:9e:02:26:6b:74:fe:2d:f5:
                    c8:5e:90:8d:1e:a0:37:64:3a:6f:10:33:ff:e0:d8:
                    06:17:47:2a:39:ec:ad:05:c5:e0:5f:fb:a1:97:87:
                    9c:db:66:78:6d:23:18:14:30:7f:23:78:6c:b8:cf:
                    bf:2e:95:cc:c5:22:9c:a7:45:8e:11:b5:07:06:4f:
                    4c:3d:80:2b:01:f5:33:81:ce:da:26:a6:c1:85:17:
                    07:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:14:BD:90:82:8B:08:5B:8F:73:40:92:89:60:FF:F4:02:0B:94:76
            X509v3 Authority Key Identifier:
                keyid:EB:7F:8C:E2:15:8C:3D:F9:50:53:91:71:D9:EC:52:DF:D5:15:63:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/63-M4hWMPflQU5Fx2exS39UVY-Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0b2143-96e9-43d3-878d-3668f0008648/1/gRS9kIKLCFuPc0CSiWD_9AILlHY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b0/0b2143-96e9-43d3-878d-3668f0008648/1/63-M4hWMPflQU5Fx2exS39UVY-Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.62.45.0/24
                IPv6:
                  2001:67c:e18::/48

    Signature Algorithm: sha256WithRSAEncryption
         47:33:3f:f0:d0:70:65:a1:4e:6b:f9:7e:cd:34:33:36:22:a2:
         39:e1:c8:14:f1:98:4a:ae:83:d5:42:88:2e:8b:89:05:bc:3e:
         22:fb:2e:69:c4:8b:dd:0a:f7:d9:bb:92:fd:a3:f2:d5:38:69:
         43:2c:ba:d5:16:3e:0b:da:d9:39:39:50:53:d9:aa:2f:6a:a8:
         a0:f3:a7:b0:c9:69:bb:09:54:9d:28:36:8f:6f:7c:e0:21:37:
         48:c7:94:b0:5c:f6:35:64:94:c1:72:a9:58:01:66:88:97:f1:
         e0:9d:2e:94:16:ff:15:cf:73:aa:a7:f4:81:0b:f9:62:26:6f:
         95:d0:05:67:c2:bf:a4:a7:99:91:22:cc:58:f9:ef:25:38:a4:
         2b:80:c3:c1:17:0c:c8:b1:21:f6:74:b4:b7:b8:e3:17:db:91:
         98:8a:ee:4e:99:68:55:47:f2:cc:dd:33:1a:35:fb:2a:24:ba:
         eb:3f:ef:d4:1e:db:d1:6e:3c:48:89:b2:0c:39:39:5c:6b:69:
         9a:d5:bc:ac:7d:92:30:d6:32:9a:24:72:68:bd:af:d7:f1:03:
         64:5e:2a:62:e6:1f:60:57:d2:4d:2c:43:be:61:3c:0a:4d:2f:
         2a:e5:dc:71:b6:b2:1c:03:31:e6:dd:74:40:91:2a:96:50:a5:
         ea:8f:09:d8
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAY/jJaqx6D7CQxfZbIe/XnaSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViN2Y4Y2UyMTU4YzNkZjk1MDUzOTE3MWQ5ZWM1MmRmZDUx
NTYzZTQwHhcNMjQwNjA0MTIwNzI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTE0YmQ5MDgyOGIwODViOGY3MzQwOTI4OTYwZmZmNDAyMGI5NDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQeLrb7ZNVSSsJ9fsomIaxujzYbJ
PjeAt1RtxdXLKJmLYStF+1n5O1xhJjcZCgJcaf8LF4DTJgtM+a79tTOw+wUNK0u5
JHNFEuDCwA8B35a1ykOED4s1EA+8zs9yAB3d7ZY2ITSmZZLWOaljZlPpiG4IeMml
Q4+GYFRycgcUDlkXVoYLA38vgG36ebgEwsQzsUSJIKBW3fGIe5P4JI6bUkUTWKwD
04twlZJKngIma3T+LfXIXpCNHqA3ZDpvEDP/4NgGF0cqOeytBcXgX/uhl4ec22Z4
bSMYFDB/I3hsuM+/LpXMxSKcp0WOEbUHBk9MPYArAfUzgc7aJqbBhRcH6QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFIEUvZCCiwhbj3NAkolg//QCC5R2MB8GA1UdIwQY
MBaAFOt/jOIVjD35UFORcdnsUt/VFWPkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjMtTTRoV01QZmxRVTVGeDJleFMzOVVWWS1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMC8wYjIxNDMtOTZlOS00M2QzLTg3OGQt
MzY2OGYwMDA4NjQ4LzEvZ1JTOWtJS0xDRnVQYzBDU2lXRF85QUlMbEhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMC8wYjIxNDMtOTZlOS00M2QzLTg3OGQtMzY2OGYwMDA4NjQ4
LzEvNjMtTTRoV01QZmxRVTVGeDJleFMzOVVWWS1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAwj4tMA8E
AgACMAkDBwAgAQZ8DhgwDQYJKoZIhvcNAQELBQADggEBAEczP/DQcGWhTmv5fs00
MzYiojnhyBTxmEqug9VCiC6LiQW8PiL7LmnEi90K99m7kv2j8tU4aUMsutUWPgva
2Tk5UFPZqi9qqKDzp7DJabsJVJ0oNo9vfOAhN0jHlLBc9jVklMFyqVgBZoiX8eCd
LpQW/xXPc6qn9IEL+WImb5XQBWfCv6SnmZEizFj57yU4pCuAw8EXDMixIfZ0tLe4
4xfbkZiK7k6ZaFVH8szdMxo1+yokuus/79Qe29FuPEiJsgw5OVxraZrVvKx9kjDW
Mpokcmi9r9fxA2ReKmLmH2BX0k0sQ75hPApNLyrl3HG2shwDMebddECRKpZQpeqP
Cdg=
-----END CERTIFICATE-----