Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/64LfqqpoKBnmyPqCpww6Bh_SUY8.roa
File:                     64LfqqpoKBnmyPqCpww6Bh_SUY8.roa (raw, json)
Hash identifier:          KsSqILhKWUHj7XcYXyZ5I4uWAnpU+kTSyuirEBYIPZY=
Subject key identifier:   EB:82:DF:AA:AA:68:28:19:E6:C8:FA:82:A7:0C:3A:06:1F:D2:51:8F
Certificate issuer:       /CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
Certificate serial:       01931CAE1150A2C3D3ADEAA2FE037896CF59
Authority key identifier: E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/64LfqqpoKBnmyPqCpww6Bh_SUY8.roa
Signing time:             Mon 11 Nov 2024 19:23:09 +0000
ROA not before:           Mon 11 Nov 2024 19:23:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213936
IP address blocks:        87.246.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1c:ae:11:50:a2:c3:d3:ad:ea:a2:fe:03:78:96:cf:59
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3be07cb1fd4f1e3c922303b670a881b82e61491
        Validity
            Not Before: Nov 11 19:23:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=eb82dfaaaa682819e6c8fa82a70c3a061fd2518f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:8b:0a:c2:ef:5c:e7:96:da:bc:ec:5b:65:b9:
                    20:ae:e6:25:39:a7:62:40:5e:9e:86:d5:28:d0:6f:
                    68:13:50:5b:59:06:f2:c5:fa:6a:93:5d:56:cb:8a:
                    72:71:55:59:0b:18:6f:33:d3:c0:2a:45:6d:e4:94:
                    1d:09:b6:21:c5:86:f5:f5:5e:eb:8a:5e:0c:16:84:
                    a0:9c:86:d8:70:7d:48:63:be:6c:e2:8a:70:1f:56:
                    7a:d1:a6:91:cf:b9:af:1a:99:3d:cb:05:1f:ed:0c:
                    76:59:40:6d:7f:07:cb:70:a6:0a:06:b0:d0:fd:02:
                    c2:bb:cb:78:78:a8:60:19:ed:b9:f0:f9:f9:a1:1a:
                    7c:13:97:89:50:eb:6e:04:12:c5:53:06:07:cc:3a:
                    1c:30:5c:b9:ad:72:03:f5:ef:22:fe:f9:db:c1:c2:
                    65:08:60:34:b4:7e:ea:9f:51:96:5f:67:62:69:33:
                    1b:10:cd:c4:7d:2e:2e:db:7f:cb:14:62:a9:f4:26:
                    2a:d8:42:1d:99:20:02:a0:06:9d:b2:8c:23:9d:cd:
                    a8:f2:c6:50:bb:92:d4:7c:0b:f4:95:bf:f4:01:9b:
                    42:0b:cc:8c:25:f3:a7:65:45:94:b2:10:cb:af:9d:
                    ab:29:42:f2:42:af:98:59:46:03:72:8c:ce:e8:3c:
                    f0:2f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:82:DF:AA:AA:68:28:19:E6:C8:FA:82:A7:0C:3A:06:1F:D2:51:8F
            X509v3 Authority Key Identifier:
                keyid:E3:BE:07:CB:1F:D4:F1:E3:C9:22:30:3B:67:0A:88:1B:82:E6:14:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/474Hyx_U8ePJIjA7ZwqIG4LmFJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/64LfqqpoKBnmyPqCpww6Bh_SUY8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/8f5fae-da90-4314-bffc-d4ee1d389e0d/1/474Hyx_U8ePJIjA7ZwqIG4LmFJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.246.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:63:9e:31:90:eb:b2:4e:ec:5d:04:b3:b0:b8:9e:4b:62:ef:
         96:f9:2c:c1:53:50:39:75:13:de:84:d3:31:66:bf:be:01:9f:
         c0:32:34:9a:e3:b3:af:ab:a6:15:03:23:cf:db:7c:0b:48:3b:
         b1:73:2c:c5:be:88:b7:70:40:02:49:cc:ac:76:bc:4f:4a:10:
         f7:70:22:02:71:69:76:5d:a1:52:84:67:f6:36:11:1b:1f:97:
         21:ce:43:59:2c:c5:0a:38:d2:4d:f4:77:6d:9b:4f:24:39:2b:
         73:71:bb:55:9d:bd:ba:5f:a6:16:35:f4:e7:6c:2d:26:f5:cd:
         6a:01:75:20:1d:b9:b6:78:63:53:04:88:41:b1:bc:84:c8:b1:
         33:a9:5f:be:cb:8c:88:c3:22:f5:bc:e2:7e:62:1c:94:00:d4:
         77:1b:1a:f3:d9:f3:ab:2b:c9:a4:b8:9a:51:81:d8:f0:47:a5:
         2d:9b:24:f1:79:56:64:37:8d:cb:a5:35:cb:6a:b8:af:92:0b:
         06:c5:32:7c:d4:f3:c9:d9:91:dc:fb:8f:23:b1:4d:38:82:48:
         c2:32:e2:da:ab:12:30:dd:ac:74:82:9a:9b:68:dd:bf:b1:e0:
         5f:4c:93:69:f4:8f:29:b3:d9:c6:54:a2:01:71:f0:0b:3e:1e:
         1b:d5:89:19
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMcrhFQosPTreqi/gN4ls9ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzYmUwN2NiMWZkNGYxZTNjOTIyMzAzYjY3MGE4ODFiODJl
NjE0OTEwHhcNMjQxMTExMTkyMzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjgyZGZhYWFhNjgyODE5ZTZjOGZhODJhNzBjM2EwNjFmZDI1MThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm4sKwu9c55bavOxbZbkgruYlOadi
QF6ehtUo0G9oE1BbWQbyxfpqk11Wy4pycVVZCxhvM9PAKkVt5JQdCbYhxYb19V7r
il4MFoSgnIbYcH1IY75s4opwH1Z60aaRz7mvGpk9ywUf7Qx2WUBtfwfLcKYKBrDQ
/QLCu8t4eKhgGe258Pn5oRp8E5eJUOtuBBLFUwYHzDocMFy5rXID9e8i/vnbwcJl
CGA0tH7qn1GWX2diaTMbEM3EfS4u23/LFGKp9CYq2EIdmSACoAadsowjnc2o8sZQ
u5LUfAv0lb/0AZtCC8yMJfOnZUWUshDLr52rKULyQq+YWUYDcozO6DzwLwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOuC36qqaCgZ5sj6gqcMOgYf0lGPMB8GA1UdIwQY
MBaAFOO+B8sf1PHjySIwO2cKiBuC5hSRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMt
ZDRlZTFkMzg5ZTBkLzEvNjRMZnFxcG9LQm5teVBxQ3B3dzZCaF9TVVk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS84ZjVmYWUtZGE5MC00MzE0LWJmZmMtZDRlZTFkMzg5ZTBk
LzEvNDc0SHl4X1U4ZVBKSWpBN1p3cUlHNExtRkpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/a0MA0G
CSqGSIb3DQEBCwUAA4IBAQCMY54xkOuyTuxdBLOwuJ5LYu+W+SzBU1A5dRPehNMx
Zr++AZ/AMjSa47Ovq6YVAyPP23wLSDuxcyzFvoi3cEACScysdrxPShD3cCICcWl2
XaFShGf2NhEbH5chzkNZLMUKONJN9Hdtm08kOStzcbtVnb26X6YWNfTnbC0m9c1q
AXUgHbm2eGNTBIhBsbyEyLEzqV++y4yIwyL1vOJ+YhyUANR3Gxrz2fOrK8mkuJpR
gdjwR6UtmyTxeVZkN43LpTXLarivkgsGxTJ81PPJ2ZHc+48jsU04gkjCMuLaqxIw
3ax0gpqbaN2/seBfTJNp9I8ps9nGVKIBcfALPh4b1YkZ
-----END CERTIFICATE-----