Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/4f9b82-f1b0-4fe4-a798-5a06f7887dbd/1/EbF0lyPE8kt-9kmU0Q2sC3Oidqo.roa
File:                     EbF0lyPE8kt-9kmU0Q2sC3Oidqo.roa (raw, json)
Hash identifier:          A9aqCFcME5hLjJ+/snXlgtqlNzt/FiVcszUscGMTt50=
Subject key identifier:   11:B1:74:97:23:C4:F2:4B:7E:F6:49:94:D1:0D:AC:0B:73:A2:76:AA
Certificate issuer:       /CN=879b5d7b5759409937c5c2c22f0adbe8e832a05d
Certificate serial:       018CC8DF02C5D23EBD34FDBD327B5966D08A
Authority key identifier: 87:9B:5D:7B:57:59:40:99:37:C5:C2:C2:2F:0A:DB:E8:E8:32:A0:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h5tde1dZQJk3xcLCLwrb6OgyoF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/4f9b82-f1b0-4fe4-a798-5a06f7887dbd/1/EbF0lyPE8kt-9kmU0Q2sC3Oidqo.roa
Signing time:             Tue 02 Jan 2024 06:31:47 +0000
ROA not before:           Tue 02 Jan 2024 06:31:47 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     12874
IP address blocks:        185.139.48.0/24 maxlen: 24
                          185.139.49.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/4f9b82-f1b0-4fe4-a798-5a06f7887dbd/1/h5tde1dZQJk3xcLCLwrb6OgyoF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/4f9b82-f1b0-4fe4-a798-5a06f7887dbd/1/h5tde1dZQJk3xcLCLwrb6OgyoF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h5tde1dZQJk3xcLCLwrb6OgyoF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 18:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:02:c5:d2:3e:bd:34:fd:bd:32:7b:59:66:d0:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=879b5d7b5759409937c5c2c22f0adbe8e832a05d
        Validity
            Not Before: Jan  2 06:31:47 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11b1749723c4f24b7ef64994d10dac0b73a276aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:9a:25:67:80:d5:53:98:78:99:cc:3e:a1:8f:
                    a3:92:e1:65:90:c1:36:03:0e:61:81:7e:ae:43:25:
                    fd:b4:98:b0:16:ab:4e:5c:67:87:b4:41:e9:53:b3:
                    95:99:89:90:dc:6c:fb:b3:ad:3d:c1:ae:e7:66:88:
                    7b:30:37:d1:09:4f:c0:c6:8a:0b:35:3a:49:c8:e8:
                    bb:99:c7:b5:fd:23:db:c0:3b:30:4f:b5:59:08:8d:
                    b9:83:24:8b:af:91:bf:ad:51:17:fb:e3:c6:03:18:
                    73:46:5a:7d:13:cb:2c:c0:ce:81:cd:21:0e:8a:d9:
                    5c:86:bd:7f:ca:4c:ca:32:de:3d:4d:91:ad:85:c3:
                    0f:ce:13:ad:3b:68:81:2f:8d:32:7a:10:d2:b4:84:
                    e6:98:2e:07:6c:7a:10:30:19:69:0b:ea:f5:9e:e1:
                    db:10:c9:e5:d8:88:bd:89:33:17:d3:ed:3f:23:52:
                    68:c8:25:00:07:77:3a:21:3c:cd:73:f5:1b:10:c7:
                    f1:fb:a4:51:fe:00:cc:b4:9a:7b:0f:9c:88:87:44:
                    0a:83:1c:c8:28:cb:c5:35:28:f5:d2:67:f7:ce:27:
                    63:18:c7:bf:fa:15:9e:11:f3:f8:c2:3d:32:e6:14:
                    02:8a:b5:2b:fd:8a:5a:22:89:69:8a:f8:2b:fe:b0:
                    85:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:B1:74:97:23:C4:F2:4B:7E:F6:49:94:D1:0D:AC:0B:73:A2:76:AA
            X509v3 Authority Key Identifier:
                keyid:87:9B:5D:7B:57:59:40:99:37:C5:C2:C2:2F:0A:DB:E8:E8:32:A0:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h5tde1dZQJk3xcLCLwrb6OgyoF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/4f9b82-f1b0-4fe4-a798-5a06f7887dbd/1/EbF0lyPE8kt-9kmU0Q2sC3Oidqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/4f9b82-f1b0-4fe4-a798-5a06f7887dbd/1/h5tde1dZQJk3xcLCLwrb6OgyoF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.139.48.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:c8:a6:64:8b:41:ba:c4:e6:d1:c6:74:fa:e8:c7:b4:7b:fa:
         4b:9c:59:eb:e5:00:8d:dd:96:0e:c6:fc:37:d4:d1:81:d1:2d:
         f9:3a:15:2e:f4:bd:9e:5e:85:73:07:08:d8:f8:05:1e:3f:e5:
         d7:03:c8:2f:63:f5:c3:e7:04:6a:ab:7b:42:73:d7:ef:ed:c5:
         63:f1:46:ce:a1:28:bd:27:63:af:49:33:37:ec:56:a3:8a:87:
         af:d0:8f:8d:5f:b9:bf:f7:8e:bb:24:9b:ab:70:93:bf:50:f5:
         58:fe:d2:fa:51:df:91:25:de:b9:ec:fe:00:fd:5b:1f:0d:0b:
         f8:e0:69:18:34:5f:4f:c6:7d:55:f1:8d:e4:56:85:86:98:d9:
         b7:42:66:51:3d:46:11:a2:54:da:40:60:6d:e6:4c:4e:37:7d:
         f6:fe:f4:b1:25:9b:80:a9:9e:d9:d2:1c:fc:5c:2b:af:63:67:
         a6:a2:c1:f3:29:d4:d2:11:f0:83:90:b2:1d:25:af:03:4e:e5:
         0e:da:c4:f8:69:77:d7:d6:c8:7b:69:04:d6:ad:08:cd:c8:72:
         86:50:02:2a:07:7b:b3:37:09:4b:0b:aa:80:93:85:83:00:d8:
         3b:10:8b:1e:92:5f:67:0c:78:5d:6e:94:fb:f7:7c:2f:58:ba:
         79:05:46:8b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3wLF0j69NP29MntZZtCKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3OWI1ZDdiNTc1OTQwOTkzN2M1YzJjMjJmMGFkYmU4ZTgz
MmEwNWQwHhcNMjQwMTAyMDYzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWIxNzQ5NzIzYzRmMjRiN2VmNjQ5OTRkMTBkYWMwYjczYTI3NmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJolZ4DVU5h4mcw+oY+jkuFlkME2
Aw5hgX6uQyX9tJiwFqtOXGeHtEHpU7OVmYmQ3Gz7s609wa7nZoh7MDfRCU/AxooL
NTpJyOi7mce1/SPbwDswT7VZCI25gySLr5G/rVEX++PGAxhzRlp9E8sswM6BzSEO
itlchr1/ykzKMt49TZGthcMPzhOtO2iBL40yehDStITmmC4HbHoQMBlpC+r1nuHb
EMnl2Ii9iTMX0+0/I1JoyCUAB3c6ITzNc/UbEMfx+6RR/gDMtJp7D5yIh0QKgxzI
KMvFNSj10mf3zidjGMe/+hWeEfP4wj0y5hQCirUr/YpaIolpivgr/rCFkwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGxdJcjxPJLfvZJlNENrAtzonaqMB8GA1UdIwQY
MBaAFIebXXtXWUCZN8XCwi8K2+joMqBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDV0ZGUxZFpRSmszeGNMQ0x3cmI2T2d5b0YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi80ZjliODItZjFiMC00ZmU0LWE3OTgt
NWEwNmY3ODg3ZGJkLzEvRWJGMGx5UEU4a3QtOWttVTBRMnNDM09pZHFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi80ZjliODItZjFiMC00ZmU0LWE3OTgtNWEwNmY3ODg3ZGJk
LzEvaDV0ZGUxZFpRSmszeGNMQ0x3cmI2T2d5b0YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuYswMA0G
CSqGSIb3DQEBCwUAA4IBAQCJyKZki0G6xObRxnT66Me0e/pLnFnr5QCN3ZYOxvw3
1NGB0S35OhUu9L2eXoVzBwjY+AUeP+XXA8gvY/XD5wRqq3tCc9fv7cVj8UbOoSi9
J2OvSTM37Fajioev0I+NX7m/9467JJurcJO/UPVY/tL6Ud+RJd657P4A/VsfDQv4
4GkYNF9Pxn1V8Y3kVoWGmNm3QmZRPUYRolTaQGBt5kxON332/vSxJZuAqZ7Z0hz8
XCuvY2emosHzKdTSEfCDkLIdJa8DTuUO2sT4aXfX1sh7aQTWrQjNyHKGUAIqB3uz
NwlLC6qAk4WDANg7EIsekl9nDHhdbpT793wvWLp5BUaL
-----END CERTIFICATE-----