Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/EU5erptTLN_CrspUWDoZeHhCXc8.roa
File:                     EU5erptTLN_CrspUWDoZeHhCXc8.roa (raw, json)
Hash identifier:          FD3WDT3AlgKH0hXHVjx2A/3meI/qllbY8bEnPYVFgDw=
Subject key identifier:   11:4E:5E:AE:9B:53:2C:DF:C2:AE:CA:54:58:3A:19:78:78:42:5D:CF
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       018CC8028207DBFE97BEB5692D36C6182E74
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/EU5erptTLN_CrspUWDoZeHhCXc8.roa
Signing time:             Tue 02 Jan 2024 02:30:56 +0000
ROA not before:           Tue 02 Jan 2024 02:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60781
IP address blocks:        185.223.152.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 05 May 2024 05:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:02:82:07:db:fe:97:be:b5:69:2d:36:c6:18:2e:74
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  2 02:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=114e5eae9b532cdfc2aeca54583a197878425dcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:e6:50:9f:52:d5:4a:e1:52:61:7c:b1:f7:9e:
                    f9:e7:46:a7:d4:1c:f0:bc:65:df:8d:01:f9:7f:94:
                    c5:a8:e6:f2:61:52:9c:cb:34:1e:e3:7a:50:28:55:
                    42:47:07:c3:87:c9:d3:dc:db:8b:a4:b0:b4:94:af:
                    66:c9:c8:6a:d7:dc:13:1b:d4:37:3d:22:36:a0:f7:
                    38:b5:0b:c7:22:d5:d4:cb:68:3c:95:8a:df:c8:25:
                    0a:99:6a:9d:7a:d6:62:e6:1d:dc:bf:70:94:cf:27:
                    18:e1:3b:aa:d3:2c:11:2e:b1:bd:e8:51:92:cf:f2:
                    f4:26:59:b4:43:74:d3:83:7e:7d:3c:79:e3:80:4e:
                    93:7c:74:84:26:71:6d:4a:a6:52:c5:dd:e6:9f:c1:
                    4c:8f:00:b6:33:84:57:53:91:db:0d:c8:32:2e:4d:
                    77:7c:34:f7:b4:1a:7a:9b:ac:da:90:ba:0e:7e:d5:
                    42:f1:20:fb:72:2a:fb:9c:6b:c1:65:7e:f9:00:c9:
                    76:2a:c8:21:dc:77:1e:07:d6:d5:31:e9:25:c5:b2:
                    cb:f8:56:16:2b:58:0a:c3:2a:ee:0c:47:83:3f:e7:
                    e0:2a:bc:70:d6:d6:0b:38:de:07:27:ed:b2:57:88:
                    54:3b:31:42:24:90:77:1e:44:a9:de:83:82:c3:5b:
                    f5:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:4E:5E:AE:9B:53:2C:DF:C2:AE:CA:54:58:3A:19:78:78:42:5D:CF
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/EU5erptTLN_CrspUWDoZeHhCXc8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.152.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:56:2b:97:14:1b:0e:5b:44:1b:1a:e0:25:f0:fc:5d:47:ec:
         62:4a:5c:b6:bd:86:86:9c:1a:61:e0:70:25:f3:b2:52:d5:16:
         e5:cb:00:0b:3e:68:ad:0f:f0:c7:b4:49:5b:d6:85:82:80:d3:
         ef:38:25:65:78:1b:df:68:02:d1:32:aa:77:1a:05:99:bb:e2:
         85:95:33:21:3d:9e:09:a8:d5:3e:3e:96:f0:b6:06:34:8a:82:
         4f:f0:05:8a:a4:07:79:f3:06:94:64:61:16:2f:5a:be:1a:4f:
         50:75:3a:b0:6a:4c:38:a5:40:0a:70:bd:89:c1:e9:3d:60:0a:
         23:dc:d9:f6:85:01:81:59:40:ec:2e:ce:b4:b3:27:ff:34:2d:
         bc:7f:8b:0d:54:b8:d1:62:7f:50:83:61:f4:d4:bd:20:07:df:
         a9:71:c0:17:9f:85:0a:1c:c1:4f:d8:97:88:03:56:f2:c0:bb:
         9b:2f:6f:b3:cd:51:74:59:80:8f:40:76:bd:ba:43:a3:9c:81:
         80:fb:68:d4:31:69:ec:ed:29:76:78:22:b0:96:d2:8e:db:f7:
         59:d8:41:dc:5f:27:6c:5a:fd:33:2b:f3:01:e3:56:27:ca:58:
         5e:8d:56:8d:05:71:5e:70:ae:0c:78:cc:ba:76:e0:5b:4c:6a:
         5c:9d:70:15
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIAoIH2/6XvrVpLTbGGC50MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwMTAyMDIzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTRlNWVhZTliNTMyY2RmYzJhZWNhNTQ1ODNhMTk3ODc4NDI1ZGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxeZQn1LVSuFSYXyx957550an1Bzw
vGXfjQH5f5TFqObyYVKcyzQe43pQKFVCRwfDh8nT3NuLpLC0lK9mychq19wTG9Q3
PSI2oPc4tQvHItXUy2g8lYrfyCUKmWqdetZi5h3cv3CUzycY4Tuq0ywRLrG96FGS
z/L0Jlm0Q3TTg359PHnjgE6TfHSEJnFtSqZSxd3mn8FMjwC2M4RXU5HbDcgyLk13
fDT3tBp6m6zakLoOftVC8SD7cir7nGvBZX75AMl2Ksgh3HceB9bVMeklxbLL+FYW
K1gKwyruDEeDP+fgKrxw1tYLON4HJ+2yV4hUOzFCJJB3HkSp3oOCw1v1QQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBFOXq6bUyzfwq7KVFg6GXh4Ql3PMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvRVU1ZXJwdFRMTl9DcnNwVVdEb1plSGhDWGM4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud+YMA0G
CSqGSIb3DQEBCwUAA4IBAQBiViuXFBsOW0QbGuAl8PxdR+xiSly2vYaGnBph4HAl
87JS1RblywALPmitD/DHtElb1oWCgNPvOCVleBvfaALRMqp3GgWZu+KFlTMhPZ4J
qNU+PpbwtgY0ioJP8AWKpAd58waUZGEWL1q+Gk9QdTqwakw4pUAKcL2Jwek9YAoj
3Nn2hQGBWUDsLs60syf/NC28f4sNVLjRYn9Qg2H01L0gB9+pccAXn4UKHMFP2JeI
A1bywLubL2+zzVF0WYCPQHa9ukOjnIGA+2jUMWns7Sl2eCKwltKO2/dZ2EHcXyds
Wv0zK/MB41YnylhejVaNBXFecK4MeMy6duBbTGpcnXAV
-----END CERTIFICATE-----