Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/Egp-J31YbTzZ1F1YBnYGSFm3Avk.roa
File:                     Egp-J31YbTzZ1F1YBnYGSFm3Avk.roa (raw, json)
Hash identifier:          WlpRczTTM1drd1GIlghFVYfG6WMZEAo11w978TSMG/E=
Subject key identifier:   12:0A:7E:27:7D:58:6D:3C:D9:D4:5D:58:06:76:06:48:59:B7:02:F9
Certificate issuer:       /CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
Certificate serial:       018CC425327B90F24C50C0927CAE4552C2D2
Authority key identifier: D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/Egp-J31YbTzZ1F1YBnYGSFm3Avk.roa
Signing time:             Mon 01 Jan 2024 08:30:21 +0000
ROA not before:           Mon 01 Jan 2024 08:30:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.172.0/24 maxlen: 24
                          2001:7f8:f5::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 28 Apr 2024 01:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:32:7b:90:f2:4c:50:c0:92:7c:ae:45:52:c2:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
        Validity
            Not Before: Jan  1 08:30:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=120a7e277d586d3cd9d45d580676064859b702f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:6c:fb:11:57:22:7f:a1:1b:0e:77:5c:a8:12:
                    f6:df:b2:36:07:b0:b6:b0:8d:f3:c7:71:72:96:ed:
                    d4:2e:69:6a:64:9f:3c:ac:61:16:a7:c7:a2:cf:82:
                    a4:55:42:61:d8:9d:aa:9a:29:a4:5c:82:07:85:c4:
                    fa:03:2e:de:aa:3f:2b:b8:f8:56:a9:d7:8e:f0:98:
                    3d:f1:97:c3:69:51:8e:7a:35:42:b8:7e:c2:eb:a3:
                    77:ed:76:1f:ad:bd:07:be:a5:88:49:a0:8d:06:f9:
                    82:eb:c9:89:16:74:97:70:f0:37:eb:6c:70:b0:7e:
                    1a:6b:b3:95:5b:cd:d7:cd:7a:d3:f9:28:0d:23:25:
                    53:1f:76:f3:15:d0:1d:a4:6d:85:f8:8d:e6:43:81:
                    eb:1f:10:80:b1:2a:df:0e:ad:a4:50:3b:85:83:61:
                    24:9c:c5:5a:41:eb:d4:03:e4:68:1c:f1:87:e5:ef:
                    96:87:23:35:af:ce:f4:49:1d:0b:37:b3:5d:1d:75:
                    4d:f5:3e:e2:93:7f:50:c9:85:ee:19:3b:9f:5f:9c:
                    2e:84:53:95:5c:89:97:51:24:fa:de:32:5c:85:73:
                    7f:b2:b5:9c:0c:b0:96:38:e4:63:5c:46:53:1f:04:
                    9d:49:74:89:7a:53:ba:44:96:a9:5f:05:0e:f3:d3:
                    f3:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:0A:7E:27:7D:58:6D:3C:D9:D4:5D:58:06:76:06:48:59:B7:02:F9
            X509v3 Authority Key Identifier:
                keyid:D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/Egp-J31YbTzZ1F1YBnYGSFm3Avk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.172.0/24
                IPv6:
                  2001:7f8:f5::/48

    Signature Algorithm: sha256WithRSAEncryption
         7f:4c:4d:3c:1f:ab:e7:6e:40:5e:9a:7f:a5:de:ff:71:6c:3b:
         59:66:d2:8c:6e:69:69:ff:9d:37:6b:91:08:a3:0b:77:bb:e3:
         8f:d0:f5:6e:4d:01:13:a5:de:83:76:cc:82:75:a7:d8:dd:63:
         d8:9b:64:90:3f:2d:cf:9a:82:7c:f0:0a:46:00:9a:2e:60:7b:
         41:2c:e4:a9:cd:95:92:82:f9:1b:19:86:ca:bd:89:66:6d:63:
         17:56:fd:60:9c:6e:b0:7c:1c:72:39:48:79:ea:7e:48:98:94:
         49:59:f1:e5:3d:d4:ee:b0:d4:63:18:42:36:11:cd:e9:99:df:
         63:f7:64:63:17:4b:21:30:43:c6:2b:88:33:92:84:08:c2:9b:
         98:95:ab:f9:a1:1f:f7:63:e1:fb:bf:a8:af:8c:33:bf:34:c4:
         15:c7:4c:9e:a2:4a:3c:ed:8d:79:aa:55:47:78:5a:27:59:82:
         d6:37:ec:40:04:61:0d:76:28:54:aa:2b:7f:42:22:45:93:8b:
         42:01:f9:d0:5d:ef:b5:ef:b5:34:0d:76:5c:76:4f:c8:c0:d6:
         cb:2b:39:c6:3d:65:e0:80:c0:2e:c1:02:1f:6e:d0:31:64:30:
         06:74:6d:9f:91:da:cf:2b:a2:d5:67:d0:56:34:68:cb:e1:5c:
         a3:69:15:3b
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzEJTJ7kPJMUMCSfK5FUsLSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNjAwY2JhZmQyNmZlZTUwNjRmYzg5ZjMwMWRmYzhlM2Mx
ZDNjYTUwHhcNMjQwMTAxMDgzMDIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjBhN2UyNzdkNTg2ZDNjZDlkNDVkNTgwNjc2MDY0ODU5YjcwMmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiGz7EVcif6EbDndcqBL237I2B7C2
sI3zx3Fylu3ULmlqZJ88rGEWp8eiz4KkVUJh2J2qmimkXIIHhcT6Ay7eqj8ruPhW
qdeO8Jg98ZfDaVGOejVCuH7C66N37XYfrb0HvqWISaCNBvmC68mJFnSXcPA362xw
sH4aa7OVW83XzXrT+SgNIyVTH3bzFdAdpG2F+I3mQ4HrHxCAsSrfDq2kUDuFg2Ek
nMVaQevUA+RoHPGH5e+WhyM1r870SR0LN7NdHXVN9T7ik39QyYXuGTufX5wuhFOV
XImXUST63jJchXN/srWcDLCWOORjXEZTHwSdSXSJelO6RJapXwUO89PziwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBIKfid9WG082dRdWAZ2BkhZtwL5MB8GA1UdIwQY
MBaAFNNgDLr9Jv7lBk/InzAd/I48HTylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmIt
MWM2ODBhZGY3YTI2LzEvRWdwLUozMVliVHpaMUYxWUJuWUdTRm0zQXZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmItMWM2ODBhZGY3YTI2
LzEvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQGsMA8E
AgACMAkDBwAgAQf4APUwDQYJKoZIhvcNAQELBQADggEBAH9MTTwfq+duQF6af6Xe
/3FsO1lm0oxuaWn/nTdrkQijC3e744/Q9W5NAROl3oN2zIJ1p9jdY9ibZJA/Lc+a
gnzwCkYAmi5ge0Es5KnNlZKC+RsZhsq9iWZtYxdW/WCcbrB8HHI5SHnqfkiYlElZ
8eU91O6w1GMYQjYRzemZ32P3ZGMXSyEwQ8YriDOShAjCm5iVq/mhH/dj4fu/qK+M
M780xBXHTJ6iSjztjXmqVUd4WidZgtY37EAEYQ12KFSqK39CIkWTi0IB+dBd77Xv
tTQNdlx2T8jA1ssrOcY9ZeCAwC7BAh9u0DFkMAZ0bZ+R2s8rotVn0FY0aMvhXKNp
FTs=
-----END CERTIFICATE-----