Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/dd672d-e980-4dca-9195-859dbca38714/1/EIB_jtuk4g5VJUYhEdc4eNLhp3U.roa
File:                     EIB_jtuk4g5VJUYhEdc4eNLhp3U.roa (raw, json)
Hash identifier:          0JtpSJHLxsFEGUzohUqsyCJAGwxORpPoqd2m+J181nA=
Subject key identifier:   10:80:7F:8E:DB:A4:E2:0E:55:25:46:21:11:D7:38:78:D2:E1:A7:75
Certificate issuer:       /CN=ad442bdda2a35320a96d806bf168d5b84a76d426
Certificate serial:       018CC9BC2CF64ADDF806F9F2CA27C5884306
Authority key identifier: AD:44:2B:DD:A2:A3:53:20:A9:6D:80:6B:F1:68:D5:B8:4A:76:D4:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/rUQr3aKjUyCpbYBr8WjVuEp21CY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c9/dd672d-e980-4dca-9195-859dbca38714/1/EIB_jtuk4g5VJUYhEdc4eNLhp3U.roa
Signing time:             Tue 02 Jan 2024 10:33:21 +0000
ROA not before:           Tue 02 Jan 2024 10:33:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211389
IP address blocks:        195.10.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c9/dd672d-e980-4dca-9195-859dbca38714/1/rUQr3aKjUyCpbYBr8WjVuEp21CY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c9/dd672d-e980-4dca-9195-859dbca38714/1/rUQr3aKjUyCpbYBr8WjVuEp21CY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/rUQr3aKjUyCpbYBr8WjVuEp21CY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 07:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:2c:f6:4a:dd:f8:06:f9:f2:ca:27:c5:88:43:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ad442bdda2a35320a96d806bf168d5b84a76d426
        Validity
            Not Before: Jan  2 10:33:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10807f8edba4e20e5525462111d73878d2e1a775
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:02:f7:7d:b2:7f:c3:d8:bd:4c:66:43:25:4d:
                    62:b2:fb:3c:dc:e6:f4:40:52:74:0d:dd:30:4a:c9:
                    01:b9:29:e1:e6:32:db:57:6d:5c:27:9e:b7:89:42:
                    81:8f:db:ae:10:1d:8d:74:83:fa:c9:d0:bf:1c:38:
                    b2:22:38:b4:e1:14:2d:36:91:35:d0:69:d9:9f:6e:
                    f4:3b:48:61:98:01:c8:cc:95:32:e1:6d:e4:b8:21:
                    63:25:60:b0:57:c5:10:b0:c8:ac:8a:a3:51:d0:c9:
                    28:aa:e0:7f:3a:da:87:cc:3b:2e:bc:fe:26:dc:7d:
                    61:ea:d9:14:ba:b6:eb:35:7f:1c:29:6f:b5:c1:1d:
                    1d:53:cc:33:bc:1a:aa:b0:1e:3b:aa:94:eb:0c:64:
                    70:8c:9a:7e:c6:d6:b8:2d:43:00:ae:27:ab:70:1f:
                    80:a7:bc:61:6d:fc:b8:42:d3:94:1a:18:7c:e6:25:
                    b1:8e:c2:d9:a1:cb:75:60:ea:fa:8c:49:50:28:ca:
                    1f:63:67:d2:7b:93:24:c2:4b:cb:39:2e:b2:6a:6e:
                    9d:6a:e5:a1:c3:83:6e:14:2b:f6:92:db:5b:ed:4d:
                    2f:fb:92:8a:24:69:65:62:f7:70:f2:fb:b3:b0:6f:
                    55:03:3b:d9:53:e6:db:5b:7e:bc:bb:ce:e7:4b:bb:
                    c4:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:80:7F:8E:DB:A4:E2:0E:55:25:46:21:11:D7:38:78:D2:E1:A7:75
            X509v3 Authority Key Identifier:
                keyid:AD:44:2B:DD:A2:A3:53:20:A9:6D:80:6B:F1:68:D5:B8:4A:76:D4:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rUQr3aKjUyCpbYBr8WjVuEp21CY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/dd672d-e980-4dca-9195-859dbca38714/1/EIB_jtuk4g5VJUYhEdc4eNLhp3U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/dd672d-e980-4dca-9195-859dbca38714/1/rUQr3aKjUyCpbYBr8WjVuEp21CY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:8e:2e:cc:d3:ae:b0:f4:76:8f:65:d0:10:bb:ef:41:9f:67:
         24:ef:b1:ef:00:d7:94:a6:c9:fc:d7:d9:6a:b9:15:97:79:ed:
         7e:8e:fc:e5:66:ba:65:e5:ee:1f:3c:be:89:d7:f3:e4:21:b5:
         9d:56:ed:68:26:23:00:24:0b:79:2f:aa:92:e1:71:54:83:6c:
         f6:38:76:15:05:62:f1:7a:c2:46:fb:7e:a6:c8:38:83:f6:50:
         c7:e2:a0:d5:00:e2:e6:d5:60:dd:d3:41:1c:25:03:dd:82:12:
         d9:eb:ee:28:c5:81:d9:7b:29:c2:d8:c7:1b:4c:83:7b:a3:ff:
         a1:ee:ca:25:4b:a1:71:57:13:e5:72:82:43:aa:b9:53:ee:85:
         e0:b8:b8:5c:f6:06:0d:7f:89:79:18:87:15:1e:2d:38:54:ad:
         c1:05:be:41:1c:bb:0f:e7:ae:30:66:5a:63:93:d1:fb:e3:01:
         85:12:cc:ea:5d:57:4c:57:78:69:38:6b:ee:ef:41:5a:2b:ad:
         33:65:66:d6:ad:f9:fb:4f:29:42:e8:9a:39:f7:30:1d:61:4d:
         9e:1a:62:c5:2d:cb:08:02:e0:4e:59:10:13:7e:9a:bf:20:f3:
         f2:03:52:48:7a:f7:06:3e:9e:c2:99:51:ec:ea:d3:ea:6b:9d:
         56:9c:ca:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvCz2St34BvnyyifFiEMGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkNDQyYmRkYTJhMzUzMjBhOTZkODA2YmYxNjhkNWI4NGE3
NmQ0MjYwHhcNMjQwMTAyMTAzMzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDgwN2Y4ZWRiYTRlMjBlNTUyNTQ2MjExMWQ3Mzg3OGQyZTFhNzc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiAL3fbJ/w9i9TGZDJU1isvs83Ob0
QFJ0Dd0wSskBuSnh5jLbV21cJ563iUKBj9uuEB2NdIP6ydC/HDiyIji04RQtNpE1
0GnZn270O0hhmAHIzJUy4W3kuCFjJWCwV8UQsMisiqNR0MkoquB/OtqHzDsuvP4m
3H1h6tkUurbrNX8cKW+1wR0dU8wzvBqqsB47qpTrDGRwjJp+xta4LUMAriercB+A
p7xhbfy4QtOUGhh85iWxjsLZoct1YOr6jElQKMofY2fSe5MkwkvLOS6yam6dauWh
w4NuFCv2kttb7U0v+5KKJGllYvdw8vuzsG9VAzvZU+bbW368u87nS7vErQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBCAf47bpOIOVSVGIRHXOHjS4ad1MB8GA1UdIwQY
MBaAFK1EK92io1MgqW2Aa/Fo1bhKdtQmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvclVRcjNhS2pVeUNwYllCcjhXalZ1RXAyMUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS9kZDY3MmQtZTk4MC00ZGNhLTkxOTUt
ODU5ZGJjYTM4NzE0LzEvRUlCX2p0dWs0ZzVWSlVZaEVkYzRlTkxocDNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS9kZDY3MmQtZTk4MC00ZGNhLTkxOTUtODU5ZGJjYTM4NzE0
LzEvclVRcjNhS2pVeUNwYllCcjhXalZ1RXAyMUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwrbMA0G
CSqGSIb3DQEBCwUAA4IBAQAGji7M066w9HaPZdAQu+9Bn2ck77HvANeUpsn819lq
uRWXee1+jvzlZrpl5e4fPL6J1/PkIbWdVu1oJiMAJAt5L6qS4XFUg2z2OHYVBWLx
esJG+36myDiD9lDH4qDVAOLm1WDd00EcJQPdghLZ6+4oxYHZeynC2McbTIN7o/+h
7solS6FxVxPlcoJDqrlT7oXguLhc9gYNf4l5GIcVHi04VK3BBb5BHLsP564wZlpj
k9H74wGFEszqXVdMV3hpOGvu70FaK60zZWbWrfn7TylC6Jo59zAdYU2eGmLFLcsI
AuBOWRATfpq/IPPyA1JIevcGPp7CmVHs6tPqa51WnMo+
-----END CERTIFICATE-----