Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/2c0dcd-8e47-442c-b0f4-cc7679f1802f/1/EIPXP4SEmPbV8aQA2-5L0Ta_OhQ.roa
File:                     EIPXP4SEmPbV8aQA2-5L0Ta_OhQ.roa (raw, json)
Hash identifier:          YwImDgJjuNmka436Jqvx4IjnyNxYmhqYhI9Yd1gMUo8=
Subject key identifier:   10:83:D7:3F:84:84:98:F6:D5:F1:A4:00:DB:EE:4B:D1:36:BF:3A:14
Certificate issuer:       /CN=e1d3c9af6cf52b8a390b58f00b14a88710336944
Certificate serial:       019427B5D512DFCDC3FB6F321ED557A7F932
Authority key identifier: E1:D3:C9:AF:6C:F5:2B:8A:39:0B:58:F0:0B:14:A8:87:10:33:69:44
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4dPJr2z1K4o5C1jwCxSohxAzaUQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/2c0dcd-8e47-442c-b0f4-cc7679f1802f/1/EIPXP4SEmPbV8aQA2-5L0Ta_OhQ.roa
Signing time:             Thu 02 Jan 2025 15:50:15 +0000
ROA not before:           Thu 02 Jan 2025 15:50:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21217
IP address blocks:        83.97.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/2c0dcd-8e47-442c-b0f4-cc7679f1802f/1/4dPJr2z1K4o5C1jwCxSohxAzaUQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/2c0dcd-8e47-442c-b0f4-cc7679f1802f/1/4dPJr2z1K4o5C1jwCxSohxAzaUQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4dPJr2z1K4o5C1jwCxSohxAzaUQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:d5:12:df:cd:c3:fb:6f:32:1e:d5:57:a7:f9:32
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1d3c9af6cf52b8a390b58f00b14a88710336944
        Validity
            Not Before: Jan  2 15:50:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1083d73f848498f6d5f1a400dbee4bd136bf3a14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:a5:6b:68:bb:2a:66:4f:42:63:f3:6f:c4:19:
                    c4:7e:d4:64:e6:22:fc:be:db:52:43:c4:3c:83:53:
                    89:92:73:5f:dc:e5:d4:71:35:97:9c:42:fb:b6:60:
                    e2:e1:8b:d7:03:55:a8:29:db:e1:61:84:6a:84:4e:
                    ef:0d:cf:4b:63:2b:f0:35:10:21:59:15:ae:b6:8b:
                    a1:00:2a:40:47:25:0b:72:12:cb:b0:57:a0:90:58:
                    0a:aa:56:9b:cb:79:0c:d7:f5:fc:f0:08:58:e7:d5:
                    d0:c1:8d:d5:98:0f:9a:92:05:0d:1b:0c:45:b4:88:
                    52:3c:fd:7a:e7:41:0d:76:bf:e1:79:8d:c0:c4:88:
                    06:16:3a:7e:7d:78:0d:38:35:14:8f:d4:b5:15:95:
                    a3:60:74:f5:d2:b5:85:6e:85:fc:b7:aa:e2:78:5a:
                    86:ca:55:35:cf:94:b5:93:59:12:19:8f:a4:08:2f:
                    bc:a8:8a:65:f1:8c:3f:2e:ab:f1:13:7c:69:37:41:
                    30:1f:4d:90:be:48:8c:67:5b:eb:7f:ef:77:fc:9e:
                    12:d7:47:34:e8:9f:db:ed:39:db:6b:c1:5c:02:47:
                    98:4c:38:d3:3a:71:2d:ce:ef:12:40:f2:0b:44:ae:
                    72:86:6f:e6:80:36:b3:98:7e:a2:35:45:00:4c:51:
                    fa:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:83:D7:3F:84:84:98:F6:D5:F1:A4:00:DB:EE:4B:D1:36:BF:3A:14
            X509v3 Authority Key Identifier:
                keyid:E1:D3:C9:AF:6C:F5:2B:8A:39:0B:58:F0:0B:14:A8:87:10:33:69:44

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4dPJr2z1K4o5C1jwCxSohxAzaUQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2c0dcd-8e47-442c-b0f4-cc7679f1802f/1/EIPXP4SEmPbV8aQA2-5L0Ta_OhQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/2c0dcd-8e47-442c-b0f4-cc7679f1802f/1/4dPJr2z1K4o5C1jwCxSohxAzaUQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.97.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         25:d2:45:ed:b5:7c:b2:e5:70:5c:1d:a7:f3:50:d6:49:cb:e7:
         54:fd:ef:2f:b0:2b:6a:bd:bf:0e:c3:09:e5:8b:9a:a8:e6:dd:
         cb:a0:7e:2f:80:76:d7:92:86:67:dd:5e:e5:7c:c5:89:de:66:
         d2:5a:5c:4e:52:2a:30:92:b1:be:ef:9f:34:87:6b:5a:9e:b7:
         eb:b4:2a:12:d6:94:67:fb:f1:3f:16:d7:58:e0:53:f1:3b:f7:
         b5:fa:09:95:b2:0c:ec:c8:03:39:77:a9:0b:01:5e:09:72:f6:
         a4:98:b1:fe:7d:a4:a0:15:03:96:47:0e:c4:eb:d4:6d:c3:e3:
         e8:48:33:72:96:2e:03:08:a4:d4:c9:df:bc:30:e3:e0:2e:2d:
         40:9a:47:5a:df:2c:da:75:f4:c2:5a:60:c6:c4:23:13:be:3e:
         8f:1f:70:e6:97:09:9f:c8:a1:c8:0c:2d:2d:dd:58:90:97:5e:
         d4:c8:36:37:40:c9:77:be:29:78:6e:79:4f:aa:55:8a:91:96:
         ff:79:e2:27:cb:ef:3a:cf:d1:2c:32:ed:59:82:e2:ba:03:65:
         dd:0d:8a:29:0c:d3:68:b2:d5:4a:80:a7:d1:2a:9a:92:20:57:
         d8:b9:78:f1:5f:fa:c4:32:3d:76:59:52:a9:b7:f4:26:b7:fd:
         e7:41:08:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntdUS383D+28yHtVXp/kyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZDNjOWFmNmNmNTJiOGEzOTBiNThmMDBiMTRhODg3MTAz
MzY5NDQwHhcNMjUwMTAyMTU1MDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDgzZDczZjg0ODQ5OGY2ZDVmMWE0MDBkYmVlNGJkMTM2YmYzYTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqVraLsqZk9CY/NvxBnEftRk5iL8
vttSQ8Q8g1OJknNf3OXUcTWXnEL7tmDi4YvXA1WoKdvhYYRqhE7vDc9LYyvwNRAh
WRWutouhACpARyULchLLsFegkFgKqlaby3kM1/X88AhY59XQwY3VmA+akgUNGwxF
tIhSPP1650ENdr/heY3AxIgGFjp+fXgNODUUj9S1FZWjYHT10rWFboX8t6rieFqG
ylU1z5S1k1kSGY+kCC+8qIpl8Yw/LqvxE3xpN0EwH02QvkiMZ1vrf+93/J4S10c0
6J/b7Tnba8FcAkeYTDjTOnEtzu8SQPILRK5yhm/mgDazmH6iNUUATFH6fQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBCD1z+EhJj21fGkANvuS9E2vzoUMB8GA1UdIwQY
MBaAFOHTya9s9SuKOQtY8AsUqIcQM2lEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGRQSnIyejFLNG81QzFqd0N4U29oeEF6YVVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8yYzBkY2QtOGU0Ny00NDJjLWIwZjQt
Y2M3Njc5ZjE4MDJmLzEvRUlQWFA0U0VtUGJWOGFRQTItNUwwVGFfT2hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8yYzBkY2QtOGU0Ny00NDJjLWIwZjQtY2M3Njc5ZjE4MDJm
LzEvNGRQSnIyejFLNG81QzFqd0N4U29oeEF6YVVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCU2F4MA0G
CSqGSIb3DQEBCwUAA4IBAQAl0kXttXyy5XBcHafzUNZJy+dU/e8vsCtqvb8Owwnl
i5qo5t3LoH4vgHbXkoZn3V7lfMWJ3mbSWlxOUiowkrG+7580h2tanrfrtCoS1pRn
+/E/FtdY4FPxO/e1+gmVsgzsyAM5d6kLAV4JcvakmLH+faSgFQOWRw7E69Rtw+Po
SDNyli4DCKTUyd+8MOPgLi1Amkda3yzadfTCWmDGxCMTvj6PH3DmlwmfyKHIDC0t
3ViQl17UyDY3QMl3vil4bnlPqlWKkZb/eeIny+86z9EsMu1ZguK6A2XdDYopDNNo
stVKgKfRKpqSIFfYuXjxX/rEMj12WVKpt/Qmt/3nQQjN
-----END CERTIFICATE-----