Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/eGpo-cifv9rUD-_DC7nDl5Ei1b8.roa
File:                     eGpo-cifv9rUD-_DC7nDl5Ei1b8.roa (raw, json)
Hash identifier:          4OA3+xMJrxtlInhh0L4w5/0Ii1Kiiute0mS7dXlwtNc=
Subject key identifier:   78:6A:68:F9:C8:9F:BF:DA:D4:0F:EF:C3:0B:B9:C3:97:91:22:D5:BF
Certificate issuer:       /CN=92d7c2a1072d73507adbf6507de68aaac01785c0
Certificate serial:       018CC56DF565F14534B59419BB3021789001
Authority key identifier: 92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/eGpo-cifv9rUD-_DC7nDl5Ei1b8.roa
Signing time:             Mon 01 Jan 2024 14:29:26 +0000
ROA not before:           Mon 01 Jan 2024 14:29:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212491
IP address blocks:        185.196.244.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6d:f5:65:f1:45:34:b5:94:19:bb:30:21:78:90:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=92d7c2a1072d73507adbf6507de68aaac01785c0
        Validity
            Not Before: Jan  1 14:29:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=786a68f9c89fbfdad40fefc30bb9c3979122d5bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:9b:56:3e:1c:de:e8:e8:a2:a6:0e:3f:bb:f4:
                    b2:8e:4e:c7:df:eb:87:cb:45:70:03:00:25:7e:a8:
                    5a:f5:e2:61:2a:0c:b1:a3:aa:b0:d9:fa:b1:d7:12:
                    d5:38:0d:b9:2b:71:6a:9a:3f:44:63:59:2b:7b:7d:
                    14:7f:bf:ac:dc:a1:c9:d8:5a:43:44:47:07:30:d5:
                    98:bf:26:d4:69:54:76:bb:bb:25:a8:84:c4:4a:17:
                    e8:62:7b:c6:0e:f1:55:cf:fd:23:37:db:8e:95:4c:
                    ad:56:80:81:76:83:a7:01:01:51:1c:d1:92:9f:bb:
                    71:24:ab:b1:9c:1e:3d:9a:13:47:63:96:59:34:f0:
                    a8:07:7d:d0:49:27:c7:e4:d4:17:31:53:35:90:fd:
                    31:2a:19:9f:0f:44:27:15:8e:e4:e0:30:f2:9a:95:
                    ab:e9:02:34:7b:8b:c3:84:26:8a:70:62:0a:dc:6e:
                    9a:b7:57:6a:7b:50:6e:62:15:c1:20:c3:3c:b6:dc:
                    4f:08:2e:53:7f:4b:fe:50:a6:24:c4:48:8a:c2:f3:
                    e3:29:6b:59:cb:c6:af:52:35:ad:95:4c:41:15:de:
                    2c:a2:f9:a1:83:2e:b2:a6:87:88:99:38:9f:4b:60:
                    32:67:a9:b2:83:dc:3d:28:58:a3:91:52:92:7c:cc:
                    49:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:6A:68:F9:C8:9F:BF:DA:D4:0F:EF:C3:0B:B9:C3:97:91:22:D5:BF
            X509v3 Authority Key Identifier:
                keyid:92:D7:C2:A1:07:2D:73:50:7A:DB:F6:50:7D:E6:8A:AA:C0:17:85:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ktfCoQctc1B62_ZQfeaKqsAXhcA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/eGpo-cifv9rUD-_DC7nDl5Ei1b8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/9cff7c-f05a-4e02-bea7-89e56c80d1d0/1/ktfCoQctc1B62_ZQfeaKqsAXhcA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.196.244.0/24

    Signature Algorithm: sha256WithRSAEncryption
         64:61:3c:ca:b6:d6:d2:b2:93:c1:b5:62:2c:64:90:a7:a3:04:
         e4:fe:0d:59:23:87:e8:5c:4b:44:2e:98:4f:bd:92:c0:f1:63:
         16:97:aa:70:3d:bd:21:5d:d6:88:87:63:aa:44:1a:19:00:de:
         34:51:6a:0e:06:a2:f5:3a:30:93:58:a0:0f:51:16:ad:b4:f0:
         5b:e1:55:eb:dc:97:95:d5:85:d6:f6:b6:ae:fb:5f:45:c1:24:
         d2:47:03:53:61:68:06:01:d4:61:8c:b6:c2:0e:42:17:a8:0f:
         d9:c7:bb:50:71:38:b1:ec:47:ef:f7:4e:12:a0:78:d8:fe:87:
         55:ca:a3:2a:e1:52:e7:20:0b:5b:a7:ff:5f:a9:c9:6b:e9:2a:
         de:05:22:94:38:c5:3f:24:06:58:d3:12:9e:2e:00:d0:44:15:
         16:a4:a7:59:42:f4:f7:d5:64:48:61:57:c5:16:df:1f:d2:df:
         26:8b:62:fd:35:94:b1:3a:e1:56:63:7f:51:79:2a:ad:fd:6e:
         a1:8c:df:70:7a:1d:c5:8f:9d:73:83:fe:b5:f9:7f:71:c8:68:
         07:f7:85:3f:c7:ca:12:12:ed:f0:47:ca:d3:20:0a:d7:54:85:
         e1:69:f8:e2:27:b0:8f:74:5b:ea:0a:aa:88:33:d7:62:03:6e:
         97:17:5d:bd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbfVl8UU0tZQZuzAheJABMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyZDdjMmExMDcyZDczNTA3YWRiZjY1MDdkZTY4YWFhYzAx
Nzg1YzAwHhcNMjQwMTAxMTQyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODZhNjhmOWM4OWZiZmRhZDQwZmVmYzMwYmI5YzM5NzkxMjJkNWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2JtWPhze6Oiipg4/u/Syjk7H3+uH
y0VwAwAlfqha9eJhKgyxo6qw2fqx1xLVOA25K3Fqmj9EY1kre30Uf7+s3KHJ2FpD
REcHMNWYvybUaVR2u7slqITEShfoYnvGDvFVz/0jN9uOlUytVoCBdoOnAQFRHNGS
n7txJKuxnB49mhNHY5ZZNPCoB33QSSfH5NQXMVM1kP0xKhmfD0QnFY7k4DDympWr
6QI0e4vDhCaKcGIK3G6at1dqe1BuYhXBIMM8ttxPCC5Tf0v+UKYkxEiKwvPjKWtZ
y8avUjWtlUxBFd4sovmhgy6ypoeImTifS2AyZ6myg9w9KFijkVKSfMxJvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhqaPnIn7/a1A/vwwu5w5eRItW/MB8GA1UdIwQY
MBaAFJLXwqEHLXNQetv2UH3miqrAF4XAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTct
ODllNTZjODBkMWQwLzEvZUdwby1jaWZ2OXJVRC1fREM3bkRsNUVpMWI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy85Y2ZmN2MtZjA1YS00ZTAyLWJlYTctODllNTZjODBkMWQw
LzEva3RmQ29RY3RjMUI2Ml9aUWZlYUtxc0FYaGNBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucT0MA0G
CSqGSIb3DQEBCwUAA4IBAQBkYTzKttbSspPBtWIsZJCnowTk/g1ZI4foXEtELphP
vZLA8WMWl6pwPb0hXdaIh2OqRBoZAN40UWoOBqL1OjCTWKAPURattPBb4VXr3JeV
1YXW9rau+19FwSTSRwNTYWgGAdRhjLbCDkIXqA/Zx7tQcTix7Efv904SoHjY/odV
yqMq4VLnIAtbp/9fqclr6SreBSKUOMU/JAZY0xKeLgDQRBUWpKdZQvT31WRIYVfF
Ft8f0t8mi2L9NZSxOuFWY39ReSqt/W6hjN9weh3Fj51zg/61+X9xyGgH94U/x8oS
Eu3wR8rTIArXVIXhafjiJ7CPdFvqCqqIM9diA26XF129
-----END CERTIFICATE-----