Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/eoLrjU8U5mjo-FyfFGhnnf8JTK4.roa
File:                     eoLrjU8U5mjo-FyfFGhnnf8JTK4.roa (raw, json)
Hash identifier:          wvAqaQbUaHrE9hvXqJlolfizZEUpD6sIGhJs8CFvggE=
Subject key identifier:   7A:82:EB:8D:4F:14:E6:68:E8:F8:5C:9F:14:68:67:9D:FF:09:4C:AE
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       018CC7276662EDB287ECC96E2801BCB93143
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/eoLrjU8U5mjo-FyfFGhnnf8JTK4.roa
Signing time:             Mon 01 Jan 2024 22:31:37 +0000
ROA not before:           Mon 01 Jan 2024 22:31:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     57321
IP address blocks:        157.25.134.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:27:66:62:ed:b2:87:ec:c9:6e:28:01:bc:b9:31:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 22:31:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a82eb8d4f14e668e8f85c9f1468679dff094cae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:66:57:98:7a:46:5a:d5:11:10:0c:9d:81:f9:
                    a7:ea:63:16:b1:81:e5:2f:8f:c9:dd:23:87:f4:49:
                    64:c7:69:34:8a:6b:88:f5:61:4d:d2:33:44:20:79:
                    93:fc:05:d6:84:4a:23:f6:bc:44:16:83:c3:4f:fe:
                    2a:b8:01:69:a8:18:31:e7:32:7f:22:6b:b5:d2:92:
                    16:0a:1d:46:57:9b:b6:d4:3e:cf:ca:c8:a1:c7:86:
                    1c:4c:a6:a4:5a:f6:d2:76:c7:5a:e2:1c:a5:9b:63:
                    56:dd:fa:57:3d:c9:dc:fc:a3:a8:c0:85:1a:36:6e:
                    5f:9c:c2:c6:fb:be:6b:72:98:46:de:b6:2a:12:1f:
                    36:9c:07:cb:1d:d0:d3:bd:61:3e:3e:5c:78:8e:15:
                    da:45:be:73:6a:56:4e:16:ad:ac:ee:97:6a:2a:74:
                    49:b4:53:a4:b4:61:c2:2e:85:58:cd:25:90:4e:40:
                    cd:0a:59:32:d5:28:4f:ee:f9:c8:93:bb:4d:bb:0d:
                    e4:42:ee:b3:63:03:b7:9a:18:4d:30:44:a4:dd:c5:
                    78:2b:fc:bd:a0:04:7b:6c:dd:7d:5b:ba:19:8c:11:
                    69:7b:a4:77:37:9b:f5:6c:99:70:b3:7f:f7:3a:ee:
                    72:64:07:70:94:58:4d:de:1b:39:70:5e:8b:82:d2:
                    f5:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:82:EB:8D:4F:14:E6:68:E8:F8:5C:9F:14:68:67:9D:FF:09:4C:AE
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/eoLrjU8U5mjo-FyfFGhnnf8JTK4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.25.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         21:d8:f3:14:7f:a3:13:a8:67:f3:b5:d6:b6:78:f1:39:49:26:
         8a:9b:74:9c:fa:de:c1:08:f8:1c:ea:e8:ff:13:a8:4a:70:6f:
         d3:e7:f2:26:0a:89:d9:b5:ef:05:be:e7:ca:5f:a7:af:59:cc:
         4b:0d:fc:d1:20:61:b3:38:9c:6a:e8:10:ea:82:fa:6d:f2:5c:
         f5:95:67:b9:d5:2a:d5:31:28:cd:d4:93:8f:7e:fb:4c:e9:d9:
         bb:96:59:9c:a4:70:7f:48:6d:0e:4a:36:74:c8:8d:de:1c:3c:
         92:a4:58:5e:c9:53:2f:61:5e:4c:a4:09:f8:bf:e7:90:7d:1a:
         4a:ec:76:52:ef:0b:d3:85:14:4d:6d:16:5b:85:35:7d:1e:5a:
         f3:d8:50:23:49:06:01:5b:45:dd:e9:df:26:7d:f0:d8:61:27:
         15:11:9a:d4:67:c2:74:f8:5a:34:03:5e:33:e4:b8:e3:1d:0f:
         d3:16:02:d7:5a:ea:64:bf:76:03:97:e1:0c:c3:39:bf:e9:53:
         4d:41:71:d6:09:34:9d:c7:53:de:d8:cf:83:45:45:96:7c:a8:
         02:a2:aa:d5:61:9c:19:d2:17:5f:29:2f:6a:b0:e1:38:31:ea:
         ae:03:73:96:a2:92:19:80:1a:0a:bc:5a:1b:11:be:02:7b:36:
         58:da:e8:13
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJ2Zi7bKH7MluKAG8uTFDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjQwMTAxMjIzMTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTgyZWI4ZDRmMTRlNjY4ZThmODVjOWYxNDY4Njc5ZGZmMDk0Y2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGZXmHpGWtUREAydgfmn6mMWsYHl
L4/J3SOH9Elkx2k0imuI9WFN0jNEIHmT/AXWhEoj9rxEFoPDT/4quAFpqBgx5zJ/
Imu10pIWCh1GV5u21D7Pysihx4YcTKakWvbSdsda4hylm2NW3fpXPcnc/KOowIUa
Nm5fnMLG+75rcphG3rYqEh82nAfLHdDTvWE+Plx4jhXaRb5zalZOFq2s7pdqKnRJ
tFOktGHCLoVYzSWQTkDNClky1ShP7vnIk7tNuw3kQu6zYwO3mhhNMESk3cV4K/y9
oAR7bN19W7oZjBFpe6R3N5v1bJlws3/3Ou5yZAdwlFhN3hs5cF6LgtL11QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHqC641PFOZo6PhcnxRoZ53/CUyuMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvZW9McmpVOFU1bWpvLUZ5ZkZHaG5uZjhKVEs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBnRmGMA0G
CSqGSIb3DQEBCwUAA4IBAQAh2PMUf6MTqGfztda2ePE5SSaKm3Sc+t7BCPgc6uj/
E6hKcG/T5/ImConZte8FvufKX6evWcxLDfzRIGGzOJxq6BDqgvpt8lz1lWe51SrV
MSjN1JOPfvtM6dm7llmcpHB/SG0OSjZ0yI3eHDySpFheyVMvYV5MpAn4v+eQfRpK
7HZS7wvThRRNbRZbhTV9Hlrz2FAjSQYBW0Xd6d8mffDYYScVEZrUZ8J0+Fo0A14z
5LjjHQ/TFgLXWupkv3YDl+EMwzm/6VNNQXHWCTSdx1Pe2M+DRUWWfKgCoqrVYZwZ
0hdfKS9qsOE4MequA3OWopIZgBoKvFobEb4CezZY2ugT
-----END CERTIFICATE-----