Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/8d0360-fbc2-46eb-9ac2-cac3e42ae03f/1/Eje2YYlkrXil55oGCmM-b04Kh5o.roa
File:                     Eje2YYlkrXil55oGCmM-b04Kh5o.roa (raw, json)
Hash identifier:          SwtE2B9D2Zw+lRC+FPTf9Ufo7TzwEo/kt9TML/czo+Y=
Subject key identifier:   12:37:B6:61:89:64:AD:78:A5:E7:9A:06:0A:63:3E:6F:4E:0A:87:9A
Certificate issuer:       /CN=2f08df165d497d7a9b99e0e71f15ba07d184615a
Certificate serial:       018CC348993A0B9A628E45397EC9DDC6654C
Authority key identifier: 2F:08:DF:16:5D:49:7D:7A:9B:99:E0:E7:1F:15:BA:07:D1:84:61:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LwjfFl1JfXqbmeDnHxW6B9GEYVo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/8d0360-fbc2-46eb-9ac2-cac3e42ae03f/1/Eje2YYlkrXil55oGCmM-b04Kh5o.roa
Signing time:             Mon 01 Jan 2024 04:29:23 +0000
ROA not before:           Mon 01 Jan 2024 04:29:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     10753
IP address blocks:        193.36.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/8d0360-fbc2-46eb-9ac2-cac3e42ae03f/1/LwjfFl1JfXqbmeDnHxW6B9GEYVo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/8d0360-fbc2-46eb-9ac2-cac3e42ae03f/1/LwjfFl1JfXqbmeDnHxW6B9GEYVo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LwjfFl1JfXqbmeDnHxW6B9GEYVo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 17:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:48:99:3a:0b:9a:62:8e:45:39:7e:c9:dd:c6:65:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f08df165d497d7a9b99e0e71f15ba07d184615a
        Validity
            Not Before: Jan  1 04:29:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1237b6618964ad78a5e79a060a633e6f4e0a879a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:51:41:69:d4:b4:30:86:f9:90:e6:a6:e6:dc:
                    9e:e2:36:c7:a9:91:62:7d:1b:4c:5b:ef:3a:89:a8:
                    e6:cf:06:1b:c2:9e:71:fc:52:0b:ac:d8:83:05:27:
                    0f:b0:96:99:3d:16:c1:df:62:2b:99:1d:ed:b5:43:
                    d1:62:93:fc:40:c1:d3:92:e2:9f:ff:b3:7e:28:ba:
                    57:78:56:d4:50:78:c8:ad:64:ab:b6:5b:c9:0a:b9:
                    98:5f:33:e0:5b:e7:7c:bc:a9:7b:d6:9a:fb:07:13:
                    ab:7c:1c:d4:41:66:38:e3:8a:6a:70:32:7c:1b:6a:
                    ba:37:77:04:ba:13:5a:1e:fb:11:56:58:c2:1e:89:
                    61:be:39:37:fd:7b:30:bb:7e:33:f3:37:fd:e9:2d:
                    87:2c:99:af:85:f2:ef:0b:26:9f:ed:4c:ce:ea:8c:
                    6b:10:54:3a:7c:5b:c5:56:3e:ab:40:ba:af:60:35:
                    ee:87:b6:3d:99:27:b0:8f:a4:de:c8:3d:07:6f:0b:
                    5c:34:b8:5f:f7:d4:05:b3:04:aa:1b:6d:c8:13:1c:
                    4f:14:85:5a:26:f8:a5:3c:18:d1:f5:4a:f5:c0:6b:
                    51:c0:ef:38:de:78:81:87:4c:88:37:cb:56:ce:47:
                    1a:a0:39:7a:14:e0:34:db:48:41:2f:85:80:82:f4:
                    71:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:37:B6:61:89:64:AD:78:A5:E7:9A:06:0A:63:3E:6F:4E:0A:87:9A
            X509v3 Authority Key Identifier:
                keyid:2F:08:DF:16:5D:49:7D:7A:9B:99:E0:E7:1F:15:BA:07:D1:84:61:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LwjfFl1JfXqbmeDnHxW6B9GEYVo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/8d0360-fbc2-46eb-9ac2-cac3e42ae03f/1/Eje2YYlkrXil55oGCmM-b04Kh5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/8d0360-fbc2-46eb-9ac2-cac3e42ae03f/1/LwjfFl1JfXqbmeDnHxW6B9GEYVo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:27:32:aa:e6:f3:60:83:2a:f4:d8:8a:ea:2e:cb:d9:73:15:
         44:79:69:a8:22:b6:53:51:44:35:04:05:1c:da:4f:8f:88:35:
         ac:a4:0b:03:f0:1b:27:77:45:a5:80:ee:dd:83:0d:7d:0b:59:
         9c:e6:9e:14:22:e3:3c:c8:91:ae:15:5a:18:f2:4c:b0:9e:34:
         3c:7d:ef:d6:8b:c6:1d:51:75:17:49:fb:49:f2:79:a8:47:42:
         f4:e1:4f:4a:aa:12:f7:46:32:f8:dd:a5:a2:a8:73:5e:86:a9:
         4a:da:97:21:62:b9:7a:c7:68:e8:71:71:a5:71:56:a9:70:16:
         25:d6:30:e7:cc:d3:fe:07:ab:87:32:c4:34:9d:21:ca:10:d5:
         f6:0e:93:73:26:90:d6:b1:cd:e2:ee:11:6a:e4:84:51:ca:e0:
         9e:92:d6:4e:98:c5:a0:8d:16:41:01:bf:28:6f:dc:e6:f6:35:
         02:a8:a7:b0:e9:05:c6:3b:8c:ca:2d:af:cd:77:a3:21:8b:c1:
         8b:b0:76:de:aa:ac:4e:7c:9f:51:20:c4:78:7a:35:04:3e:ee:
         94:fb:9f:a7:c8:af:68:42:f5:43:69:8d:0c:31:b2:be:4c:d0:
         0e:fa:b6:e9:9d:dd:83:31:d5:6e:c6:32:a2:0e:7e:91:d4:a1:
         93:0f:4e:86
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSJk6C5pijkU5fsndxmVMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmMDhkZjE2NWQ0OTdkN2E5Yjk5ZTBlNzFmMTViYTA3ZDE4
NDYxNWEwHhcNMjQwMTAxMDQyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjM3YjY2MTg5NjRhZDc4YTVlNzlhMDYwYTYzM2U2ZjRlMGE4NzlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnVFBadS0MIb5kOam5tye4jbHqZFi
fRtMW+86iajmzwYbwp5x/FILrNiDBScPsJaZPRbB32IrmR3ttUPRYpP8QMHTkuKf
/7N+KLpXeFbUUHjIrWSrtlvJCrmYXzPgW+d8vKl71pr7BxOrfBzUQWY444pqcDJ8
G2q6N3cEuhNaHvsRVljCHolhvjk3/Xswu34z8zf96S2HLJmvhfLvCyaf7UzO6oxr
EFQ6fFvFVj6rQLqvYDXuh7Y9mSewj6TeyD0HbwtcNLhf99QFswSqG23IExxPFIVa
JvilPBjR9Ur1wGtRwO843niBh0yIN8tWzkcaoDl6FOA020hBL4WAgvRx+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBI3tmGJZK14peeaBgpjPm9OCoeaMB8GA1UdIwQY
MBaAFC8I3xZdSX16m5ng5x8VugfRhGFaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTHdqZkZsMUpmWHFibWVEbkh4VzZCOUdFWVZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi84ZDAzNjAtZmJjMi00NmViLTlhYzIt
Y2FjM2U0MmFlMDNmLzEvRWplMllZbGtyWGlsNTVvR0NtTS1iMDRLaDVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi84ZDAzNjAtZmJjMi00NmViLTlhYzItY2FjM2U0MmFlMDNm
LzEvTHdqZkZsMUpmWHFibWVEbkh4VzZCOUdFWVZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSTjMA0G
CSqGSIb3DQEBCwUAA4IBAQANJzKq5vNggyr02IrqLsvZcxVEeWmoIrZTUUQ1BAUc
2k+PiDWspAsD8Bsnd0WlgO7dgw19C1mc5p4UIuM8yJGuFVoY8kywnjQ8fe/Wi8Yd
UXUXSftJ8nmoR0L04U9KqhL3RjL43aWiqHNehqlK2pchYrl6x2jocXGlcVapcBYl
1jDnzNP+B6uHMsQ0nSHKENX2DpNzJpDWsc3i7hFq5IRRyuCektZOmMWgjRZBAb8o
b9zm9jUCqKew6QXGO4zKLa/Nd6Mhi8GLsHbeqqxOfJ9RIMR4ejUEPu6U+5+nyK9o
QvVDaY0MMbK+TNAO+rbpnd2DMdVuxjKiDn6R1KGTD06G
-----END CERTIFICATE-----