Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/eSrUspaQOCRxUsfFahCR6t-kFmc.roa
File:                     eSrUspaQOCRxUsfFahCR6t-kFmc.roa (raw, json)
Hash identifier:          vTkEsgk1bI9SrzLLBSkPf/ZSmt+JAwkTrouz96MtbDs=
Subject key identifier:   79:2A:D4:B2:96:90:38:24:71:52:C7:C5:6A:10:91:EA:DF:A4:16:67
Certificate issuer:       /CN=db1d6eba463b7564abfae938b46ed47187de0ec0
Certificate serial:       018CC80300A293D02BB52D6DC0975F31577F
Authority key identifier: DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/eSrUspaQOCRxUsfFahCR6t-kFmc.roa
Signing time:             Tue 02 Jan 2024 02:31:29 +0000
ROA not before:           Tue 02 Jan 2024 02:31:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     200019
IP address blocks:        185.113.8.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 14 May 2024 14:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:03:00:a2:93:d0:2b:b5:2d:6d:c0:97:5f:31:57:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db1d6eba463b7564abfae938b46ed47187de0ec0
        Validity
            Not Before: Jan  2 02:31:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=792ad4b2969038247152c7c56a1091eadfa41667
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:2c:38:30:2b:ac:5a:af:eb:46:22:8c:92:d4:
                    1d:14:5b:d7:0b:db:fd:23:74:dd:74:59:b7:35:7c:
                    e2:16:82:67:1e:fb:d9:c5:9e:4a:f4:f0:1b:c5:ac:
                    b1:a4:f3:be:4c:ae:a7:90:23:8a:bb:96:69:9a:a0:
                    2a:dc:5b:0c:14:91:6b:57:eb:91:23:50:27:a9:7a:
                    8b:42:1f:53:fb:86:a4:18:53:81:a4:a1:47:30:6d:
                    0d:e3:d1:d6:f6:7a:67:eb:69:fa:39:63:28:e4:6a:
                    20:95:9b:59:30:81:12:c7:e0:2a:fc:29:73:f1:70:
                    4c:ef:22:39:6a:d0:1e:64:f9:23:f0:2d:05:c8:f1:
                    0a:74:86:b4:21:31:8b:2c:95:e4:b5:f9:d1:52:63:
                    52:da:67:47:18:ce:0e:dd:bc:1b:23:31:c4:37:b7:
                    e8:10:f0:dd:32:f6:66:94:6c:fc:cf:5d:70:41:b6:
                    24:db:19:5b:20:65:8d:c6:2f:15:88:2c:80:76:c1:
                    8d:3f:14:c1:e6:f6:7b:dc:cb:d1:6b:13:50:43:4e:
                    53:0b:ec:f4:0f:8f:10:83:b8:70:56:72:36:34:83:
                    c9:9b:b4:b5:3a:3e:57:f8:c9:ea:fb:3a:11:b7:cd:
                    67:f3:ef:20:73:31:45:77:a4:16:f7:b5:dd:ec:f1:
                    6e:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:2A:D4:B2:96:90:38:24:71:52:C7:C5:6A:10:91:EA:DF:A4:16:67
            X509v3 Authority Key Identifier:
                keyid:DB:1D:6E:BA:46:3B:75:64:AB:FA:E9:38:B4:6E:D4:71:87:DE:0E:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2x1uukY7dWSr-uk4tG7UcYfeDsA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/eSrUspaQOCRxUsfFahCR6t-kFmc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/4f6985-b94a-47cc-a300-6f2cf4f03ceb/1/2x1uukY7dWSr-uk4tG7UcYfeDsA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.113.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:ce:ec:8f:af:04:71:f7:5a:46:97:24:53:6f:25:c8:cf:ce:
         26:95:cb:ae:95:58:44:9f:54:ba:87:93:26:9b:37:3a:bd:5b:
         99:23:bd:99:29:5f:60:da:b9:9f:2c:9d:99:42:d2:ce:0a:0f:
         c4:00:ee:07:d9:7e:96:95:85:62:3a:69:57:68:08:fe:b0:88:
         b1:f9:6b:07:32:72:d1:18:d6:77:1d:17:82:ef:62:2c:46:23:
         b9:d2:c6:b0:f2:b8:8e:35:3c:8f:d7:bb:50:28:48:c0:11:c9:
         ea:d7:b4:d6:d4:dc:7a:c8:d6:a7:b9:e8:19:b4:e1:cc:d9:dd:
         74:d9:54:d2:42:8a:df:2d:37:fb:ac:99:27:a8:0f:67:0e:ab:
         87:7c:3a:6a:dd:23:e2:00:84:56:98:93:0c:5e:a9:7f:50:51:
         41:c1:51:84:aa:f2:e4:14:97:a3:36:2a:87:d9:d2:46:9a:51:
         f8:36:a2:52:2a:d4:13:3a:c6:29:15:30:30:5c:28:e1:3b:d6:
         c1:c9:c8:76:a3:d3:19:2d:99:f2:e6:b1:c4:9a:bb:d7:ce:5b:
         d3:c5:03:59:7e:61:00:80:a0:55:de:f3:af:01:a9:c8:16:c9:
         53:e1:92:ec:d7:2e:b5:88:5f:c4:1e:31:69:ce:3d:34:5a:85:
         f0:47:b1:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAwCik9ArtS1twJdfMVd/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiMWQ2ZWJhNDYzYjc1NjRhYmZhZTkzOGI0NmVkNDcxODdk
ZTBlYzAwHhcNMjQwMTAyMDIzMTI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTJhZDRiMjk2OTAzODI0NzE1MmM3YzU2YTEwOTFlYWRmYTQxNjY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSw4MCusWq/rRiKMktQdFFvXC9v9
I3TddFm3NXziFoJnHvvZxZ5K9PAbxayxpPO+TK6nkCOKu5ZpmqAq3FsMFJFrV+uR
I1AnqXqLQh9T+4akGFOBpKFHMG0N49HW9npn62n6OWMo5GoglZtZMIESx+Aq/Clz
8XBM7yI5atAeZPkj8C0FyPEKdIa0ITGLLJXktfnRUmNS2mdHGM4O3bwbIzHEN7fo
EPDdMvZmlGz8z11wQbYk2xlbIGWNxi8ViCyAdsGNPxTB5vZ73MvRaxNQQ05TC+z0
D48Qg7hwVnI2NIPJm7S1Oj5X+Mnq+zoRt81n8+8gczFFd6QW97Xd7PFuwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHkq1LKWkDgkcVLHxWoQkerfpBZnMB8GA1UdIwQY
MBaAFNsdbrpGO3Vkq/rpOLRu1HGH3g7AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAt
NmYyY2Y0ZjAzY2ViLzEvZVNyVXNwYVFPQ1J4VXNmRmFoQ1I2dC1rRm1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80ZjY5ODUtYjk0YS00N2NjLWEzMDAtNmYyY2Y0ZjAzY2Vi
LzEvMngxdXVrWTdkV1NyLXVrNHRHN1VjWWZlRHNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXEIMA0G
CSqGSIb3DQEBCwUAA4IBAQB2zuyPrwRx91pGlyRTbyXIz84mlcuulVhEn1S6h5Mm
mzc6vVuZI72ZKV9g2rmfLJ2ZQtLOCg/EAO4H2X6WlYViOmlXaAj+sIix+WsHMnLR
GNZ3HReC72IsRiO50saw8riONTyP17tQKEjAEcnq17TW1Nx6yNanuegZtOHM2d10
2VTSQorfLTf7rJknqA9nDquHfDpq3SPiAIRWmJMMXql/UFFBwVGEqvLkFJejNiqH
2dJGmlH4NqJSKtQTOsYpFTAwXCjhO9bBych2o9MZLZny5rHEmrvXzlvTxQNZfmEA
gKBV3vOvAanIFslT4ZLs1y61iF/EHjFpzj00WoXwR7Eq
-----END CERTIFICATE-----