Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/EryKrNhV2BVs9wnUgOovwO3VgNY.roa
File:                     EryKrNhV2BVs9wnUgOovwO3VgNY.roa (raw, json)
Hash identifier:          I+Tt8UGh10uukOo+fZMNFIj+7OE5oxTZ9+6lX0afsVY=
Subject key identifier:   12:BC:8A:AC:D8:55:D8:15:6C:F7:09:D4:80:EA:2F:C0:ED:D5:80:D6
Certificate issuer:       /CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
Certificate serial:       018CC493862BE20A4515C91D446B27C06549
Authority key identifier: 72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/EryKrNhV2BVs9wnUgOovwO3VgNY.roa
Signing time:             Mon 01 Jan 2024 10:30:51 +0000
ROA not before:           Mon 01 Jan 2024 10:30:51 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     31715
IP address blocks:        149.126.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 04 May 2024 02:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:86:2b:e2:0a:45:15:c9:1d:44:6b:27:c0:65:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=72b78f6682fc39c55b41d48f80b8838d5d2dbf07
        Validity
            Not Before: Jan  1 10:30:51 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12bc8aacd855d8156cf709d480ea2fc0edd580d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:e2:36:8f:05:70:0a:3a:e1:f5:87:58:e6:6e:
                    7a:2d:b3:49:53:98:56:86:a0:a6:4b:d3:6a:b9:da:
                    88:4d:c3:7f:df:ef:89:aa:5f:79:33:60:95:af:d1:
                    06:ca:53:84:64:b6:a3:1a:8c:22:62:44:33:03:7c:
                    3b:76:a7:33:f9:0d:92:39:10:82:1b:e7:fa:ac:a5:
                    82:9c:88:29:ed:07:3d:1a:29:e7:8c:de:57:f8:17:
                    84:17:fa:50:33:f4:13:ac:39:ff:d4:d2:d6:e4:cc:
                    53:65:74:6e:13:85:3a:49:40:5e:e5:63:5f:ed:00:
                    cc:c9:44:ae:84:b0:b3:00:b9:c1:cd:26:74:29:c1:
                    a0:a8:fa:dc:1a:bc:3f:47:e9:7e:eb:c5:cc:64:33:
                    c5:04:68:ca:b2:79:20:ba:93:63:98:a9:04:89:99:
                    ee:ff:cb:da:1e:21:61:50:3e:aa:f8:ee:e0:e0:0c:
                    27:96:32:e1:a0:7d:1e:d8:bd:ef:4e:3a:7a:5f:ad:
                    85:0d:8c:90:91:ee:9c:af:46:fb:10:22:58:94:79:
                    e1:f4:7d:62:59:f6:00:f5:18:02:e8:b7:dd:b5:6f:
                    98:0a:2e:3b:02:61:65:9e:a4:36:de:3d:b9:4d:5a:
                    47:cb:dd:55:6a:45:a0:84:79:a9:44:a2:ae:43:5f:
                    cb:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:BC:8A:AC:D8:55:D8:15:6C:F7:09:D4:80:EA:2F:C0:ED:D5:80:D6
            X509v3 Authority Key Identifier:
                keyid:72:B7:8F:66:82:FC:39:C5:5B:41:D4:8F:80:B8:83:8D:5D:2D:BF:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/crePZoL8OcVbQdSPgLiDjV0tvwc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/EryKrNhV2BVs9wnUgOovwO3VgNY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/3c4b8a-bfc7-41e9-99e1-f3e506aeaa01/1/crePZoL8OcVbQdSPgLiDjV0tvwc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  149.126.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:fc:23:58:2a:10:00:2e:a6:a7:85:ad:4e:9d:5f:4e:df:61:
         6d:e1:ed:38:97:d8:3c:7e:68:a1:81:a8:93:6b:3d:6b:89:ce:
         86:1f:0b:ff:99:53:f5:b8:94:28:58:cb:dc:e0:bf:2a:a5:13:
         bb:b1:32:22:f7:c9:ce:f1:0b:82:12:ea:86:fb:8c:0a:25:ec:
         c7:a0:a5:38:df:ab:99:14:de:e8:2a:76:e1:89:b9:d7:92:45:
         1c:ca:5e:cb:da:64:30:0f:9a:99:69:5e:52:bd:b6:7e:31:cb:
         28:9d:c1:52:d5:8a:1f:c1:9e:a3:50:21:e4:43:99:56:1a:01:
         25:d6:72:d0:d1:79:77:41:a4:d9:c8:73:aa:5c:8f:1b:86:55:
         0b:7c:9b:3a:e6:71:a0:27:29:fb:ad:f9:55:4c:88:e5:fe:10:
         cf:b7:82:35:9a:8a:6b:4f:10:7c:c4:21:1b:b3:50:a8:dd:e5:
         b8:93:5b:3a:54:36:b7:a6:2a:76:22:cd:5f:cd:91:64:f6:45:
         32:51:fc:47:a8:6f:8b:d6:5b:3c:7b:2b:c2:32:22:62:65:1a:
         32:26:d6:a2:79:a4:88:87:41:88:89:7e:04:5d:86:ae:ad:e9:
         f2:75:05:5d:69:68:24:1f:d4:70:0e:8d:bd:e6:f9:55:3c:c1:
         51:a3:34:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEk4Yr4gpFFckdRGsnwGVJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyYjc4ZjY2ODJmYzM5YzU1YjQxZDQ4ZjgwYjg4MzhkNWQy
ZGJmMDcwHhcNMjQwMTAxMTAzMDUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmJjOGFhY2Q4NTVkODE1NmNmNzA5ZDQ4MGVhMmZjMGVkZDU4MGQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnOI2jwVwCjrh9YdY5m56LbNJU5hW
hqCmS9NqudqITcN/3++Jql95M2CVr9EGylOEZLajGowiYkQzA3w7dqcz+Q2SORCC
G+f6rKWCnIgp7Qc9GinnjN5X+BeEF/pQM/QTrDn/1NLW5MxTZXRuE4U6SUBe5WNf
7QDMyUSuhLCzALnBzSZ0KcGgqPrcGrw/R+l+68XMZDPFBGjKsnkgupNjmKkEiZnu
/8vaHiFhUD6q+O7g4AwnljLhoH0e2L3vTjp6X62FDYyQke6cr0b7ECJYlHnh9H1i
WfYA9RgC6LfdtW+YCi47AmFlnqQ23j25TVpHy91VakWghHmpRKKuQ1/L6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBK8iqzYVdgVbPcJ1IDqL8Dt1YDWMB8GA1UdIwQY
MBaAFHK3j2aC/DnFW0HUj4C4g41dLb8HMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEt
ZjNlNTA2YWVhYTAxLzEvRXJ5S3JOaFYyQlZzOXduVWdPb3Z3TzNWZ05ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS8zYzRiOGEtYmZjNy00MWU5LTk5ZTEtZjNlNTA2YWVhYTAx
LzEvY3JlUFpvTDhPY1ZiUWRTUGdMaURqVjB0dndjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAlX4NMA0G
CSqGSIb3DQEBCwUAA4IBAQBp/CNYKhAALqanha1OnV9O32Ft4e04l9g8fmihgaiT
az1ric6GHwv/mVP1uJQoWMvc4L8qpRO7sTIi98nO8QuCEuqG+4wKJezHoKU436uZ
FN7oKnbhibnXkkUcyl7L2mQwD5qZaV5SvbZ+McsoncFS1YofwZ6jUCHkQ5lWGgEl
1nLQ0Xl3QaTZyHOqXI8bhlULfJs65nGgJyn7rflVTIjl/hDPt4I1moprTxB8xCEb
s1Co3eW4k1s6VDa3pip2Is1fzZFk9kUyUfxHqG+L1ls8eyvCMiJiZRoyJtaieaSI
h0GIiX4EXYaurenydQVdaWgkH9RwDo295vlVPMFRozTN
-----END CERTIFICATE-----