Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/EuA8YHfQmSLPvlGbs9ETNNlPkkE.roa
File:                     EuA8YHfQmSLPvlGbs9ETNNlPkkE.roa (raw, json)
Hash identifier:          jK9fV/O8wX2xhZWDq99+cgwzWc0Rjj+NF9J/UzgoFc8=
Subject key identifier:   12:E0:3C:60:77:D0:99:22:CF:BE:51:9B:B3:D1:13:34:D9:4F:92:41
Certificate issuer:       /CN=9a526a73ce8f9f62c14a11a2ea913ec273d58c46
Certificate serial:       018CC56E3D27653F8375A997B435610516DA
Authority key identifier: 9A:52:6A:73:CE:8F:9F:62:C1:4A:11:A2:EA:91:3E:C2:73:D5:8C:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mlJqc86Pn2LBShGi6pE-wnPVjEY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/EuA8YHfQmSLPvlGbs9ETNNlPkkE.roa
Signing time:             Mon 01 Jan 2024 14:29:45 +0000
ROA not before:           Mon 01 Jan 2024 14:29:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44408
IP address blocks:        194.54.13.0/24 maxlen: 24
                          194.54.12.0/23 maxlen: 23
                          194.54.12.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/mlJqc86Pn2LBShGi6pE-wnPVjEY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/mlJqc86Pn2LBShGi6pE-wnPVjEY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mlJqc86Pn2LBShGi6pE-wnPVjEY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 21:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:3d:27:65:3f:83:75:a9:97:b4:35:61:05:16:da
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9a526a73ce8f9f62c14a11a2ea913ec273d58c46
        Validity
            Not Before: Jan  1 14:29:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=12e03c6077d09922cfbe519bb3d11334d94f9241
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:c7:4b:73:2b:37:6d:b4:3c:88:43:4c:46:69:
                    fb:a2:6a:1e:ba:dd:54:c4:3b:de:8a:48:4b:48:6f:
                    37:4c:7a:35:8b:54:78:fe:1d:4f:4a:f1:ce:0e:b9:
                    f6:33:b6:a7:1a:0b:26:0d:aa:2f:63:3e:1a:3e:61:
                    15:72:f5:3a:55:d6:8b:2a:64:8e:92:39:1c:fb:b6:
                    e9:a7:f6:16:0f:1c:05:56:cd:ce:41:e8:25:12:13:
                    a2:ea:a7:ce:da:43:d5:77:81:e5:eb:0e:01:ce:74:
                    4d:11:40:05:87:08:f5:15:38:ce:ec:b6:f3:00:98:
                    17:af:f3:77:d2:0e:4c:c6:12:00:fd:4e:d2:32:91:
                    97:23:f3:db:87:3d:7f:a3:ab:fd:20:80:af:5d:46:
                    79:a7:56:ad:6c:e4:26:95:2d:44:cc:e7:d8:8b:9b:
                    2d:67:4d:59:8b:0e:62:ea:02:9f:bd:fc:98:6d:b2:
                    91:07:40:d8:8c:d3:25:68:9d:56:4d:08:87:49:d0:
                    4b:fc:a9:da:0e:0c:7d:7c:4f:1f:80:3e:09:54:32:
                    76:11:86:03:dd:07:07:38:57:35:21:a4:c6:d6:f4:
                    72:d6:e1:c9:cb:58:8c:fb:14:a1:e1:36:51:3e:e3:
                    ab:68:14:9b:da:4a:a3:0e:97:62:20:f6:28:09:25:
                    0f:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:E0:3C:60:77:D0:99:22:CF:BE:51:9B:B3:D1:13:34:D9:4F:92:41
            X509v3 Authority Key Identifier:
                keyid:9A:52:6A:73:CE:8F:9F:62:C1:4A:11:A2:EA:91:3E:C2:73:D5:8C:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mlJqc86Pn2LBShGi6pE-wnPVjEY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/EuA8YHfQmSLPvlGbs9ETNNlPkkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/6fcdca-d121-4391-9cfc-7d16b90dbe72/1/mlJqc86Pn2LBShGi6pE-wnPVjEY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.54.12.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:6b:f2:38:76:1c:62:a7:58:02:ec:d7:f7:3d:1a:b8:d4:87:
         8c:4b:93:3b:75:8e:a5:5f:8e:51:56:b5:f4:53:36:82:d6:cd:
         ce:1f:7f:f8:b9:23:b5:5d:b1:4a:01:6b:da:6d:48:64:54:12:
         15:d6:ea:81:f4:74:d3:e0:7c:fc:bd:88:33:07:7a:eb:24:37:
         75:0f:f0:0f:37:55:2d:48:df:cd:77:2d:c1:9e:d9:bb:37:16:
         fa:1c:29:0e:dc:9d:6c:80:4a:d4:d2:2e:dc:e3:00:77:ed:16:
         c5:07:a8:dd:84:8a:9c:30:85:e0:79:0f:b5:8b:a9:8d:39:90:
         62:8b:0c:43:88:83:a8:1c:11:88:26:b3:1e:d4:ac:55:77:66:
         cb:46:33:74:1c:e4:f7:4b:85:3f:54:eb:43:fd:9a:79:eb:cb:
         6a:e5:db:ee:75:a6:83:3d:69:8e:b0:88:87:72:12:44:6f:ff:
         39:e5:91:fb:cb:b5:3e:4b:b4:7d:3b:ff:11:75:70:0b:a9:47:
         8b:7d:bd:46:83:0c:55:7f:cb:83:6c:4d:4a:ce:40:23:95:17:
         3c:07:32:0f:da:74:ae:dd:6b:39:4e:34:2d:b5:02:fb:94:dc:
         6a:c1:56:e3:9d:8d:8a:a1:ab:29:a3:1f:1e:55:3c:ba:a6:c3:
         f7:10:67:c2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbj0nZT+DdamXtDVhBRbaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlhNTI2YTczY2U4ZjlmNjJjMTRhMTFhMmVhOTEzZWMyNzNk
NThjNDYwHhcNMjQwMTAxMTQyOTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmUwM2M2MDc3ZDA5OTIyY2ZiZTUxOWJiM2QxMTMzNGQ5NGY5MjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksdLcys3bbQ8iENMRmn7omoeut1U
xDveikhLSG83THo1i1R4/h1PSvHODrn2M7anGgsmDaovYz4aPmEVcvU6VdaLKmSO
kjkc+7bpp/YWDxwFVs3OQeglEhOi6qfO2kPVd4Hl6w4BznRNEUAFhwj1FTjO7Lbz
AJgXr/N30g5MxhIA/U7SMpGXI/Pbhz1/o6v9IICvXUZ5p1atbOQmlS1EzOfYi5st
Z01Ziw5i6gKfvfyYbbKRB0DYjNMlaJ1WTQiHSdBL/KnaDgx9fE8fgD4JVDJ2EYYD
3QcHOFc1IaTG1vRy1uHJy1iM+xSh4TZRPuOraBSb2kqjDpdiIPYoCSUPdQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBLgPGB30Jkiz75Rm7PREzTZT5JBMB8GA1UdIwQY
MBaAFJpSanPOj59iwUoRouqRPsJz1YxGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWxKcWM4NlBuMkxCU2hHaTZwRS13blBWakVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi82ZmNkY2EtZDEyMS00MzkxLTljZmMt
N2QxNmI5MGRiZTcyLzEvRXVBOFlIZlFtU0xQdmxHYnM5RVROTmxQa2tFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi82ZmNkY2EtZDEyMS00MzkxLTljZmMtN2QxNmI5MGRiZTcy
LzEvbWxKcWM4NlBuMkxCU2hHaTZwRS13blBWakVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwjYMMA0G
CSqGSIb3DQEBCwUAA4IBAQAWa/I4dhxip1gC7Nf3PRq41IeMS5M7dY6lX45RVrX0
UzaC1s3OH3/4uSO1XbFKAWvabUhkVBIV1uqB9HTT4Hz8vYgzB3rrJDd1D/APN1Ut
SN/Ndy3Bntm7Nxb6HCkO3J1sgErU0i7c4wB37RbFB6jdhIqcMIXgeQ+1i6mNOZBi
iwxDiIOoHBGIJrMe1KxVd2bLRjN0HOT3S4U/VOtD/Zp568tq5dvudaaDPWmOsIiH
chJEb/855ZH7y7U+S7R9O/8RdXALqUeLfb1GgwxVf8uDbE1KzkAjlRc8BzIP2nSu
3Ws5TjQttQL7lNxqwVbjnY2Koaspox8eVTy6psP3EGfC
-----END CERTIFICATE-----