Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/7db7a8-827f-4cf0-abc9-b8c46f95640e/1/EZqj58kUCwY4xc77_ybfDJaqPyM.roa
File:                     EZqj58kUCwY4xc77_ybfDJaqPyM.roa (raw, json)
Hash identifier:          z2ssv3Xoy7/vUIc/oiQ3Ip4yx2vI7RJfv9XcS5Kq6ak=
Subject key identifier:   11:9A:A3:E7:C9:14:0B:06:38:C5:CE:FB:FF:26:DF:0C:96:AA:3F:23
Certificate issuer:       /CN=1089a0251e32bf3c480f5a94abb5fb4eb906a5b3
Certificate serial:       018CC493297576D3423F29D4A07C5BA388EC
Authority key identifier: 10:89:A0:25:1E:32:BF:3C:48:0F:5A:94:AB:B5:FB:4E:B9:06:A5:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EImgJR4yvzxID1qUq7X7TrkGpbM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/7db7a8-827f-4cf0-abc9-b8c46f95640e/1/EZqj58kUCwY4xc77_ybfDJaqPyM.roa
Signing time:             Mon 01 Jan 2024 10:30:27 +0000
ROA not before:           Mon 01 Jan 2024 10:30:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203412
IP address blocks:        194.55.162.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/7db7a8-827f-4cf0-abc9-b8c46f95640e/1/EImgJR4yvzxID1qUq7X7TrkGpbM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/7db7a8-827f-4cf0-abc9-b8c46f95640e/1/EImgJR4yvzxID1qUq7X7TrkGpbM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EImgJR4yvzxID1qUq7X7TrkGpbM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 31 May 2024 01:01:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:29:75:76:d3:42:3f:29:d4:a0:7c:5b:a3:88:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1089a0251e32bf3c480f5a94abb5fb4eb906a5b3
        Validity
            Not Before: Jan  1 10:30:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=119aa3e7c9140b0638c5cefbff26df0c96aa3f23
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:03:90:68:0f:a3:91:96:bb:46:91:b5:df:7f:
                    a1:e9:74:26:34:b4:ae:22:4c:eb:b6:d8:1d:3e:88:
                    90:7d:1a:46:e4:4c:2f:73:fd:e9:dd:b4:4f:2a:2b:
                    2d:62:c3:9a:b0:60:af:ec:14:e8:89:f9:d1:11:65:
                    97:62:b0:fd:be:fd:ea:8a:78:18:f4:ac:ae:5e:ec:
                    0a:49:03:2c:17:0d:54:8d:df:b2:49:22:3b:a3:46:
                    c9:40:05:67:75:f4:14:fd:04:c5:f4:e9:21:2b:15:
                    35:21:e3:27:10:86:bb:de:bd:62:74:12:00:a2:f8:
                    39:9e:3b:28:58:a1:89:44:89:25:43:05:8a:d3:a8:
                    3b:d7:d6:d0:c4:47:f6:67:70:13:94:e8:e9:cb:52:
                    f3:5c:cb:e5:fb:10:23:6d:6c:bb:86:f3:7f:1e:e4:
                    57:0f:f3:91:cd:0a:01:ce:88:36:6c:07:44:b7:a3:
                    80:ef:88:b8:e8:04:68:d1:27:50:2a:49:89:4d:88:
                    09:80:67:5a:36:a1:24:85:11:3d:c7:ee:c8:2b:77:
                    26:bf:33:0a:53:c7:7b:ef:c6:07:46:36:cc:67:8d:
                    6f:a9:9e:47:bd:7a:ba:67:c0:78:a6:bb:e2:c7:0a:
                    ed:7f:01:31:f8:96:ed:92:d5:fc:ce:7b:ca:54:1d:
                    f7:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:9A:A3:E7:C9:14:0B:06:38:C5:CE:FB:FF:26:DF:0C:96:AA:3F:23
            X509v3 Authority Key Identifier:
                keyid:10:89:A0:25:1E:32:BF:3C:48:0F:5A:94:AB:B5:FB:4E:B9:06:A5:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EImgJR4yvzxID1qUq7X7TrkGpbM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/7db7a8-827f-4cf0-abc9-b8c46f95640e/1/EZqj58kUCwY4xc77_ybfDJaqPyM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/7db7a8-827f-4cf0-abc9-b8c46f95640e/1/EImgJR4yvzxID1qUq7X7TrkGpbM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.55.162.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:ae:90:98:86:bf:ac:85:9d:f7:a9:7e:47:18:08:0a:d1:64:
         c1:2a:ba:41:50:d3:08:85:97:4d:e8:1a:be:01:5b:b2:1d:31:
         f4:d5:af:86:b4:b8:e1:b0:08:34:04:9c:d6:99:40:e7:24:b8:
         35:09:6e:8c:4d:88:0b:ac:8c:13:8d:d7:98:ed:d1:56:03:f9:
         66:15:e4:be:70:81:1c:be:8a:3a:51:9c:e3:50:62:5d:12:8a:
         49:b5:8b:7c:db:89:97:ee:12:12:78:56:e9:93:15:e2:63:f0:
         a6:56:12:8f:9a:54:e0:b6:ac:f5:0e:59:fd:37:4b:c3:b7:64:
         18:25:60:84:da:f2:85:8f:d4:c3:9e:6d:d6:f4:fa:16:a5:2f:
         cb:41:3c:c4:8e:9d:63:99:ab:7a:8d:1a:65:03:3a:f3:c3:22:
         03:06:0e:fb:4e:24:73:60:3b:de:f2:e1:3d:01:b8:8f:93:93:
         29:62:0d:51:49:80:cb:ef:36:9b:49:2b:a7:0c:c2:c7:22:db:
         df:a5:e6:0d:bb:f2:45:e2:ea:b6:e4:02:f6:74:91:01:ee:67:
         bd:0b:5d:29:6d:77:56:68:3d:5e:51:64:eb:d4:de:30:4f:6a:
         cc:cf:c3:d1:43:5d:94:b8:71:5a:6a:6b:22:b3:69:6f:12:96:
         c9:29:e5:8a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEkyl1dtNCPynUoHxbo4jsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwODlhMDI1MWUzMmJmM2M0ODBmNWE5NGFiYjVmYjRlYjkw
NmE1YjMwHhcNMjQwMTAxMTAzMDI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTlhYTNlN2M5MTQwYjA2MzhjNWNlZmJmZjI2ZGYwYzk2YWEzZjIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtAOQaA+jkZa7RpG133+h6XQmNLSu
IkzrttgdPoiQfRpG5Ewvc/3p3bRPKistYsOasGCv7BToifnREWWXYrD9vv3qingY
9KyuXuwKSQMsFw1Ujd+ySSI7o0bJQAVndfQU/QTF9OkhKxU1IeMnEIa73r1idBIA
ovg5njsoWKGJRIklQwWK06g719bQxEf2Z3ATlOjpy1LzXMvl+xAjbWy7hvN/HuRX
D/ORzQoBzog2bAdEt6OA74i46ARo0SdQKkmJTYgJgGdaNqEkhRE9x+7IK3cmvzMK
U8d778YHRjbMZ41vqZ5HvXq6Z8B4prvixwrtfwEx+JbtktX8znvKVB33CwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGao+fJFAsGOMXO+/8m3wyWqj8jMB8GA1UdIwQY
MBaAFBCJoCUeMr88SA9alKu1+065BqWzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUltZ0pSNHl2enhJRDFxVXE3WDdUcmtHcGJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83ZGI3YTgtODI3Zi00Y2YwLWFiYzkt
YjhjNDZmOTU2NDBlLzEvRVpxajU4a1VDd1k0eGM3N195YmZESmFxUHlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83ZGI3YTgtODI3Zi00Y2YwLWFiYzktYjhjNDZmOTU2NDBl
LzEvRUltZ0pSNHl2enhJRDFxVXE3WDdUcmtHcGJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwjeiMA0G
CSqGSIb3DQEBCwUAA4IBAQAPrpCYhr+shZ33qX5HGAgK0WTBKrpBUNMIhZdN6Bq+
AVuyHTH01a+GtLjhsAg0BJzWmUDnJLg1CW6MTYgLrIwTjdeY7dFWA/lmFeS+cIEc
voo6UZzjUGJdEopJtYt824mX7hISeFbpkxXiY/CmVhKPmlTgtqz1Dln9N0vDt2QY
JWCE2vKFj9TDnm3W9PoWpS/LQTzEjp1jmat6jRplAzrzwyIDBg77TiRzYDve8uE9
AbiPk5MpYg1RSYDL7zabSSunDMLHItvfpeYNu/JF4uq25AL2dJEB7me9C10pbXdW
aD1eUWTr1N4wT2rMz8PRQ12UuHFaamsis2lvEpbJKeWK
-----END CERTIFICATE-----