Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/eSHOLEOW0ZT8f0zX3SE5relMhZI.roa
File:                     eSHOLEOW0ZT8f0zX3SE5relMhZI.roa (raw, json)
Hash identifier:          6R155v8lntee4rE1CGDeUcgNWoFhZyqonWuqCr4M730=
Subject key identifier:   79:21:CE:2C:43:96:D1:94:FC:7F:4C:D7:DD:21:39:AD:E9:4C:85:92
Certificate issuer:       /CN=29878a2888c9ac3123c795ff9681f1957ca0f964
Certificate serial:       018CCA99A840FD4893AB57CC62BF5BFD2D2F
Authority key identifier: 29:87:8A:28:88:C9:AC:31:23:C7:95:FF:96:81:F1:95:7C:A0:F9:64
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KYeKKIjJrDEjx5X_loHxlXyg-WQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/eSHOLEOW0ZT8f0zX3SE5relMhZI.roa
Signing time:             Tue 02 Jan 2024 14:35:16 +0000
ROA not before:           Tue 02 Jan 2024 14:35:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        185.97.212.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/KYeKKIjJrDEjx5X_loHxlXyg-WQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/KYeKKIjJrDEjx5X_loHxlXyg-WQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KYeKKIjJrDEjx5X_loHxlXyg-WQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 03 May 2024 16:03:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:99:a8:40:fd:48:93:ab:57:cc:62:bf:5b:fd:2d:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=29878a2888c9ac3123c795ff9681f1957ca0f964
        Validity
            Not Before: Jan  2 14:35:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7921ce2c4396d194fc7f4cd7dd2139ade94c8592
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:eb:15:3d:80:91:10:3c:3c:36:9e:86:19:41:
                    80:cc:3f:41:89:a1:43:b0:59:58:1a:c0:1f:6d:ce:
                    ee:9f:c2:57:12:49:05:9e:3a:a9:90:71:9d:b3:8f:
                    48:2d:06:74:a8:5d:c0:51:af:b6:e7:09:95:06:21:
                    a8:2c:6a:77:f5:c1:05:d8:b2:68:eb:6d:c5:1c:03:
                    f7:41:20:a7:eb:15:47:63:3d:b2:21:6a:33:fd:e4:
                    c6:24:e0:ce:24:88:01:ef:75:b6:fa:8d:88:a4:61:
                    1a:49:a2:01:1e:bd:e4:54:a9:e9:13:5c:3d:77:5d:
                    a9:e4:a9:18:f9:85:cb:22:6e:a2:52:3b:f7:ad:c5:
                    60:5c:e4:64:d2:9d:c7:b1:19:0e:8e:43:09:97:97:
                    31:04:3d:bf:d4:ae:5a:b5:55:87:18:ff:ea:ec:bf:
                    03:c7:ac:b4:53:ec:95:33:61:d1:89:47:e2:76:84:
                    0b:bc:3a:2e:32:11:e2:91:4a:00:fe:8a:a2:4e:30:
                    d1:bb:7a:42:0f:12:0f:a7:c8:98:34:35:f7:d8:4c:
                    9a:5e:9b:2f:49:f7:31:1d:69:79:a0:57:14:13:8f:
                    8f:8b:ce:ec:38:22:2c:4f:ec:7c:06:c2:7d:54:59:
                    ff:24:e5:94:8f:63:14:6a:22:30:44:10:b1:7a:2e:
                    39:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:21:CE:2C:43:96:D1:94:FC:7F:4C:D7:DD:21:39:AD:E9:4C:85:92
            X509v3 Authority Key Identifier:
                keyid:29:87:8A:28:88:C9:AC:31:23:C7:95:FF:96:81:F1:95:7C:A0:F9:64

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KYeKKIjJrDEjx5X_loHxlXyg-WQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/eSHOLEOW0ZT8f0zX3SE5relMhZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/e3aa51-6129-493d-91d2-51751b29f8b4/1/KYeKKIjJrDEjx5X_loHxlXyg-WQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.97.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:63:b6:ac:41:d1:c4:e9:79:ce:df:ba:03:f8:b3:97:92:99:
         79:f4:c4:e3:ee:88:ec:f3:38:fb:07:8e:c7:a0:bc:f5:3d:41:
         83:25:78:3b:00:b2:78:a9:a6:bf:24:ac:b5:c6:97:c5:49:e2:
         f5:9b:ca:ca:c4:7b:85:79:04:8a:c0:3f:37:b0:bb:83:fc:d2:
         45:c2:7d:87:44:13:a4:1d:74:ad:85:4e:1a:e0:52:d6:37:ac:
         29:7a:5b:c4:8f:98:de:12:d7:f9:6b:25:15:02:51:2d:e4:2b:
         fc:ed:d0:bc:a5:f3:33:5b:31:ae:5a:10:d2:db:e3:4c:67:8b:
         da:2d:c4:30:d1:39:26:60:3b:f7:0c:eb:c2:7a:55:db:36:f3:
         c1:4f:bb:ab:1a:82:b0:46:78:95:4f:ac:d6:ae:8f:46:c7:5d:
         ac:d6:a7:c8:9b:33:d5:88:c3:34:eb:6a:84:80:42:48:3f:b6:
         b9:90:c1:90:ab:32:7f:fe:34:a1:f6:25:c0:ca:09:ad:b7:3d:
         f7:94:f0:6d:47:3e:12:94:fb:a4:57:15:ec:53:95:36:fd:4c:
         6f:93:b3:ac:79:a2:c8:e0:4c:b6:90:b3:78:cf:56:0f:1c:dd:
         a0:e5:19:1a:98:0f:ab:ff:f3:09:1b:fd:81:9e:bf:ca:76:6b:
         93:89:9b:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKmahA/UiTq1fMYr9b/S0vMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5ODc4YTI4ODhjOWFjMzEyM2M3OTVmZjk2ODFmMTk1N2Nh
MGY5NjQwHhcNMjQwMTAyMTQzNTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTIxY2UyYzQzOTZkMTk0ZmM3ZjRjZDdkZDIxMzlhZGU5NGM4NTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArusVPYCREDw8Np6GGUGAzD9BiaFD
sFlYGsAfbc7un8JXEkkFnjqpkHGds49ILQZ0qF3AUa+25wmVBiGoLGp39cEF2LJo
623FHAP3QSCn6xVHYz2yIWoz/eTGJODOJIgB73W2+o2IpGEaSaIBHr3kVKnpE1w9
d12p5KkY+YXLIm6iUjv3rcVgXORk0p3HsRkOjkMJl5cxBD2/1K5atVWHGP/q7L8D
x6y0U+yVM2HRiUfidoQLvDouMhHikUoA/oqiTjDRu3pCDxIPp8iYNDX32EyaXpsv
SfcxHWl5oFcUE4+Pi87sOCIsT+x8BsJ9VFn/JOWUj2MUaiIwRBCxei45awIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHkhzixDltGU/H9M190hOa3pTIWSMB8GA1UdIwQY
MBaAFCmHiiiIyawxI8eV/5aB8ZV8oPlkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1llS0tJakpyREVqeDVYX2xvSHhsWHlnLVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9lM2FhNTEtNjEyOS00OTNkLTkxZDIt
NTE3NTFiMjlmOGI0LzEvZVNIT0xFT1cwWlQ4ZjB6WDNTRTVyZWxNaFpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9lM2FhNTEtNjEyOS00OTNkLTkxZDItNTE3NTFiMjlmOGI0
LzEvS1llS0tJakpyREVqeDVYX2xvSHhsWHlnLVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWHUMA0G
CSqGSIb3DQEBCwUAA4IBAQAnY7asQdHE6XnO37oD+LOXkpl59MTj7ojs8zj7B47H
oLz1PUGDJXg7ALJ4qaa/JKy1xpfFSeL1m8rKxHuFeQSKwD83sLuD/NJFwn2HRBOk
HXSthU4a4FLWN6wpelvEj5jeEtf5ayUVAlEt5Cv87dC8pfMzWzGuWhDS2+NMZ4va
LcQw0TkmYDv3DOvCelXbNvPBT7urGoKwRniVT6zWro9Gx12s1qfImzPViMM062qE
gEJIP7a5kMGQqzJ//jSh9iXAygmttz33lPBtRz4SlPukVxXsU5U2/Uxvk7OseaLI
4Ey2kLN4z1YPHN2g5RkamA+r//MJG/2Bnr/KdmuTiZu1
-----END CERTIFICATE-----