Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/EYeZogBHNSZW2g-On_3u6DPf-54.roa
File:                     EYeZogBHNSZW2g-On_3u6DPf-54.roa (raw, json)
Hash identifier:          074icTS5lJ5WNBgbiWgforxOf5PX4bYpTUyeUgC1P90=
Subject key identifier:   11:87:99:A2:00:47:35:26:56:DA:0F:8E:9F:FD:EE:E8:33:DF:FB:9E
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       018FD4625FA93731F7A927B240639BE7CD04
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/EYeZogBHNSZW2g-On_3u6DPf-54.roa
Signing time:             Sat 01 Jun 2024 15:19:27 +0000
ROA not before:           Sat 01 Jun 2024 15:19:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     7018
IP address blocks:        83.147.232.0/22 maxlen: 24
                          91.186.194.0/23 maxlen: 24
                          94.241.160.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:d4:62:5f:a9:37:31:f7:a9:27:b2:40:63:9b:e7:cd:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Jun  1 15:19:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=118799a20047352656da0f8e9ffdeee833dffb9e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:90:58:40:a1:70:8d:e1:77:4a:3a:a4:c9:aa:
                    27:cb:3a:fe:49:1d:9c:5a:ea:88:bf:25:18:2c:d7:
                    b4:0d:1f:09:75:3c:79:2d:18:5a:fa:24:c2:bb:25:
                    b6:80:ba:49:10:7e:e3:45:05:37:b3:5e:80:71:d0:
                    f3:94:7f:fd:57:3b:77:7a:fe:a5:9a:ca:b5:c6:2f:
                    88:ac:3a:1d:5f:e0:87:10:d6:aa:32:44:9e:8a:1c:
                    30:ca:b9:a7:5d:90:2a:db:d4:1b:64:22:b2:ec:e5:
                    ba:c1:fc:0b:b4:67:42:e7:9a:ca:a0:c7:0c:83:26:
                    db:58:05:b3:5f:56:f8:95:9c:ce:71:d7:42:91:01:
                    25:b7:c3:69:61:f6:da:e4:92:00:2b:68:af:b5:31:
                    57:e9:de:07:ca:e0:72:72:2b:7a:c9:63:9e:0d:f7:
                    f6:b8:83:70:72:d2:16:0f:d2:7b:60:74:15:a3:d4:
                    4f:e5:3b:1c:32:22:73:66:08:d1:1a:4f:aa:6d:39:
                    b7:46:ea:1f:fe:08:0b:31:a3:2c:e0:cf:2e:d2:ce:
                    65:02:12:76:65:2b:68:fa:61:a5:5c:22:26:3e:2d:
                    f4:b2:89:f8:37:49:9b:9b:fd:9b:6a:00:84:72:5b:
                    54:aa:f2:0d:01:8b:de:43:43:35:69:d2:95:ac:d2:
                    3d:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:87:99:A2:00:47:35:26:56:DA:0F:8E:9F:FD:EE:E8:33:DF:FB:9E
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/EYeZogBHNSZW2g-On_3u6DPf-54.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.147.232.0/22
                  91.186.194.0/23
                  94.241.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6b:00:13:73:24:f5:83:b5:66:30:72:31:11:8f:bf:05:78:0b:
         81:73:14:30:77:bc:e6:19:b3:1b:57:81:7e:e1:6e:f3:09:6b:
         8a:bb:d3:7d:35:d8:be:55:ac:dd:45:4d:b0:40:70:08:64:a5:
         fc:bc:99:cc:89:62:df:71:13:1e:cb:f0:fc:83:01:91:a8:7e:
         c2:9e:9d:c6:04:ef:75:18:85:80:6b:19:d2:0d:91:9e:41:20:
         b7:38:8f:b8:fc:d0:89:98:33:05:93:15:8b:96:65:1d:d6:48:
         fe:6b:2b:17:c2:15:c2:27:78:be:0e:f2:29:71:26:df:f7:ea:
         ca:f6:48:12:e5:79:5e:b4:00:a1:bc:0c:3c:59:90:c5:a1:13:
         3c:84:9a:1d:fa:6f:6f:94:39:0a:2b:33:72:7d:a5:4c:ce:a6:
         27:91:bc:68:2b:43:29:97:7d:8f:4b:15:ba:8e:2e:01:62:13:
         af:19:fb:4b:5e:ba:99:aa:bc:57:93:0f:5c:42:50:a8:5f:4d:
         92:e5:38:e3:4b:33:03:e2:dd:d9:93:e5:dd:08:37:d0:9f:d1:
         fc:ae:a9:50:03:9f:a4:a9:ad:aa:31:6e:7d:c7:07:35:3d:06:
         3f:1f:40:45:cd:de:7d:0f:bc:e8:ae:3c:87:1f:ed:19:f9:5f:
         f8:36:9c:e3
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY/UYl+pNzH3qSeyQGOb580EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQwNjAxMTUxOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTg3OTlhMjAwNDczNTI2NTZkYTBmOGU5ZmZkZWVlODMzZGZmYjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2pBYQKFwjeF3Sjqkyaonyzr+SR2c
WuqIvyUYLNe0DR8JdTx5LRha+iTCuyW2gLpJEH7jRQU3s16AcdDzlH/9Vzt3ev6l
msq1xi+IrDodX+CHENaqMkSeihwwyrmnXZAq29QbZCKy7OW6wfwLtGdC55rKoMcM
gybbWAWzX1b4lZzOcddCkQElt8NpYfba5JIAK2ivtTFX6d4HyuBycit6yWOeDff2
uINwctIWD9J7YHQVo9RP5TscMiJzZgjRGk+qbTm3Ruof/ggLMaMs4M8u0s5lAhJ2
ZSto+mGlXCImPi30son4N0mbm/2bagCEcltUqvINAYveQ0M1adKVrNI9UwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBGHmaIARzUmVtoPjp/97ugz3/ueMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvRVllWm9nQkhOU1pXMmctT25fM3U2RFBmLTU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCU5PoAwQB
W7rCAwQBXvGgMA0GCSqGSIb3DQEBCwUAA4IBAQBrABNzJPWDtWYwcjERj78FeAuB
cxQwd7zmGbMbV4F+4W7zCWuKu9N9Ndi+VazdRU2wQHAIZKX8vJnMiWLfcRMey/D8
gwGRqH7Cnp3GBO91GIWAaxnSDZGeQSC3OI+4/NCJmDMFkxWLlmUd1kj+aysXwhXC
J3i+DvIpcSbf9+rK9kgS5XletAChvAw8WZDFoRM8hJod+m9vlDkKKzNyfaVMzqYn
kbxoK0Mpl32PSxW6ji4BYhOvGftLXrqZqrxXkw9cQlCoX02S5TjjSzMD4t3Zk+Xd
CDfQn9H8rqlQA5+kqa2qMW59xwc1PQY/H0BFzd59D7zorjyHH+0Z+V/4Npzj
-----END CERTIFICATE-----