Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/d38360-4d1f-422e-90ae-08b9e1101aa7/1/V0EFEhey7obucioqDkd4qD1cNgM.roa
File:                     V0EFEhey7obucioqDkd4qD1cNgM.roa (raw, json)
Hash identifier:          Apn/NAhg4hg6Sq4WUb5gNPVwpP0Zra6HNarrbrkCBtQ=
Subject key identifier:   57:41:05:12:17:B2:EE:86:EE:72:2A:2A:0E:47:78:A8:3D:5C:36:03
Certificate issuer:       /CN=ccb0ca2291276d7d2a2f8a7050f4ba827fe910a1
Certificate serial:       018CC56E2720898E21C7DF5320DE75A33C80
Authority key identifier: CC:B0:CA:22:91:27:6D:7D:2A:2F:8A:70:50:F4:BA:82:7F:E9:10:A1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/zLDKIpEnbX0qL4pwUPS6gn_pEKE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/d38360-4d1f-422e-90ae-08b9e1101aa7/1/V0EFEhey7obucioqDkd4qD1cNgM.roa
Signing time:             Mon 01 Jan 2024 14:29:39 +0000
ROA not before:           Mon 01 Jan 2024 14:29:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211753
IP address blocks:        87.254.36.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/d38360-4d1f-422e-90ae-08b9e1101aa7/1/zLDKIpEnbX0qL4pwUPS6gn_pEKE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/d38360-4d1f-422e-90ae-08b9e1101aa7/1/zLDKIpEnbX0qL4pwUPS6gn_pEKE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/zLDKIpEnbX0qL4pwUPS6gn_pEKE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:27:20:89:8e:21:c7:df:53:20:de:75:a3:3c:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ccb0ca2291276d7d2a2f8a7050f4ba827fe910a1
        Validity
            Not Before: Jan  1 14:29:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5741051217b2ee86ee722a2a0e4778a83d5c3603
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:df:13:a1:65:80:8d:c0:9b:67:7d:53:64:1c:
                    51:b2:d5:95:c3:3c:be:a2:c3:02:5e:9f:f3:6f:db:
                    b7:b5:cf:cd:c0:47:d2:03:fb:46:c8:4f:49:94:16:
                    d9:4b:d1:a5:84:76:2c:8b:47:52:5d:7c:e1:63:3a:
                    08:fd:00:86:9e:6d:c8:3a:96:88:0b:33:6e:da:5e:
                    3d:3a:8a:d1:13:46:87:73:8e:5d:f1:72:05:10:f3:
                    95:39:6d:19:c9:10:ed:a2:f6:7a:3f:a1:94:5c:57:
                    e9:fc:0c:73:6e:6a:9e:3d:f7:a5:8b:bf:e7:cd:8c:
                    7d:dd:5b:07:d6:01:48:94:94:1b:6d:86:b9:3d:1c:
                    74:80:9d:bb:0e:3f:26:46:fb:ba:19:b1:7e:1b:f5:
                    15:37:11:5e:a1:92:06:10:6e:9b:4b:db:ed:c5:08:
                    ea:ae:b1:41:b8:f6:04:c6:54:f8:11:35:2b:b1:e2:
                    fd:af:d7:ea:3a:7c:64:c3:3d:58:be:1f:f9:55:45:
                    fd:ad:13:04:c2:f7:70:84:10:bf:ed:42:21:d1:48:
                    0d:43:18:75:fb:89:29:81:31:0b:3a:d8:79:24:03:
                    af:c4:79:5e:07:6a:94:04:98:0b:f8:18:14:a0:ce:
                    40:2e:c3:94:c1:69:2b:82:86:ca:ae:8f:34:a0:cc:
                    ad:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:41:05:12:17:B2:EE:86:EE:72:2A:2A:0E:47:78:A8:3D:5C:36:03
            X509v3 Authority Key Identifier:
                keyid:CC:B0:CA:22:91:27:6D:7D:2A:2F:8A:70:50:F4:BA:82:7F:E9:10:A1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zLDKIpEnbX0qL4pwUPS6gn_pEKE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/d38360-4d1f-422e-90ae-08b9e1101aa7/1/V0EFEhey7obucioqDkd4qD1cNgM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/d38360-4d1f-422e-90ae-08b9e1101aa7/1/zLDKIpEnbX0qL4pwUPS6gn_pEKE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.254.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         82:21:9f:81:65:c9:8e:eb:88:14:32:f9:fc:57:f5:bc:60:6e:
         00:24:e2:35:47:73:11:56:f7:19:c5:81:9f:d5:bc:2d:27:60:
         9c:68:12:0d:4f:df:c0:06:c2:e5:2c:96:2c:07:d7:1f:f4:a7:
         ad:5e:b4:c3:5c:c4:00:10:64:fd:4b:e3:69:de:d7:93:4c:a2:
         93:e0:f5:c9:fe:ec:7c:cd:0f:16:75:53:a6:64:7a:49:7e:a1:
         15:22:1c:85:9a:f1:4e:1c:b4:2c:fd:15:54:91:e8:47:97:a9:
         33:1b:ca:8e:eb:38:48:a9:ca:7c:b0:67:0e:66:2f:77:14:a7:
         8c:72:3b:68:8f:ea:d2:c7:22:f2:e3:11:24:28:40:c4:dd:1a:
         fd:9d:56:72:70:97:be:7c:b1:d9:ae:b2:38:e9:12:d1:42:f3:
         95:ff:ce:bb:8e:d8:e3:d8:e7:e0:ad:9a:fd:52:fe:60:18:1e:
         fa:35:9c:c2:f1:c6:bd:0b:27:e9:33:df:09:07:3a:48:a3:2c:
         b9:a8:e2:ea:05:f7:9f:a8:6d:e0:44:b8:ad:a9:70:24:fe:d6:
         e5:85:73:4b:3e:55:aa:4d:ce:68:b9:37:25:a1:7d:62:e6:ef:
         56:75:89:2e:10:e9:8a:ad:c8:90:bc:15:0d:01:6d:df:33:b3:
         55:c0:4f:45
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbicgiY4hx99TIN51ozyAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjYjBjYTIyOTEyNzZkN2QyYTJmOGE3MDUwZjRiYTgyN2Zl
OTEwYTEwHhcNMjQwMTAxMTQyOTM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzQxMDUxMjE3YjJlZTg2ZWU3MjJhMmEwZTQ3NzhhODNkNWMzNjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6N8ToWWAjcCbZ31TZBxRstWVwzy+
osMCXp/zb9u3tc/NwEfSA/tGyE9JlBbZS9GlhHYsi0dSXXzhYzoI/QCGnm3IOpaI
CzNu2l49OorRE0aHc45d8XIFEPOVOW0ZyRDtovZ6P6GUXFfp/AxzbmqePfeli7/n
zYx93VsH1gFIlJQbbYa5PRx0gJ27Dj8mRvu6GbF+G/UVNxFeoZIGEG6bS9vtxQjq
rrFBuPYExlT4ETUrseL9r9fqOnxkwz1Yvh/5VUX9rRMEwvdwhBC/7UIh0UgNQxh1
+4kpgTELOth5JAOvxHleB2qUBJgL+BgUoM5ALsOUwWkrgobKro80oMytcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFdBBRIXsu6G7nIqKg5HeKg9XDYDMB8GA1UdIwQY
MBaAFMywyiKRJ219Ki+KcFD0uoJ/6RChMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvekxES0lwRW5iWDBxTDRwd1VQUzZnbl9wRUtFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC9kMzgzNjAtNGQxZi00MjJlLTkwYWUt
MDhiOWUxMTAxYWE3LzEvVjBFRkVoZXk3b2J1Y2lvcURrZDRxRDFjTmdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC9kMzgzNjAtNGQxZi00MjJlLTkwYWUtMDhiOWUxMTAxYWE3
LzEvekxES0lwRW5iWDBxTDRwd1VQUzZnbl9wRUtFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV/4kMA0G
CSqGSIb3DQEBCwUAA4IBAQCCIZ+BZcmO64gUMvn8V/W8YG4AJOI1R3MRVvcZxYGf
1bwtJ2CcaBINT9/ABsLlLJYsB9cf9KetXrTDXMQAEGT9S+Np3teTTKKT4PXJ/ux8
zQ8WdVOmZHpJfqEVIhyFmvFOHLQs/RVUkehHl6kzG8qO6zhIqcp8sGcOZi93FKeM
cjtoj+rSxyLy4xEkKEDE3Rr9nVZycJe+fLHZrrI46RLRQvOV/867jtjj2OfgrZr9
Uv5gGB76NZzC8ca9CyfpM98JBzpIoyy5qOLqBfefqG3gRLitqXAk/tblhXNLPlWq
Tc5ouTcloX1i5u9WdYkuEOmKrciQvBUNAW3fM7NVwE9F
-----END CERTIFICATE-----