Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/ekMl0J6199YGwLhPM4Fh6M94isM.roa
File:                     ekMl0J6199YGwLhPM4Fh6M94isM.roa (raw, json)
Hash identifier:          XXfvcnef83fgsedI0rc6iiPnU3sJlatjLbFEqpCzx/o=
Subject key identifier:   7A:43:25:D0:9E:B5:F7:D6:06:C0:B8:4F:33:81:61:E8:CF:78:8A:C3
Certificate issuer:       /CN=57c670c8db32dd748df797c5c93013d8c91fa839
Certificate serial:       018E3343301EC8ED1D1E444558EF1D924169
Authority key identifier: 57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/ekMl0J6199YGwLhPM4Fh6M94isM.roa
Signing time:             Tue 12 Mar 2024 15:23:44 +0000
ROA not before:           Tue 12 Mar 2024 15:23:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44477
IP address blocks:        194.31.73.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 13:02:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:33:43:30:1e:c8:ed:1d:1e:44:45:58:ef:1d:92:41:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=57c670c8db32dd748df797c5c93013d8c91fa839
        Validity
            Not Before: Mar 12 15:23:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a4325d09eb5f7d606c0b84f338161e8cf788ac3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:63:b2:cb:6b:37:69:54:6d:14:e3:c3:c0:bc:
                    a8:a9:45:8c:a0:6d:60:d6:c2:f5:00:bc:e9:a5:23:
                    93:08:b7:a5:72:5d:d8:56:a6:3d:c2:56:57:40:02:
                    dd:2f:be:c3:d5:81:2b:87:c3:e4:79:39:d3:ed:7a:
                    7c:7a:c7:7a:67:28:fd:46:c9:fd:d0:8a:fa:8b:19:
                    c3:62:7e:5d:85:fc:5d:e1:94:3c:36:c9:6a:50:60:
                    22:1e:56:fe:16:dd:e9:4d:18:a0:92:28:ba:26:57:
                    ba:e8:e9:c9:0b:ad:33:b1:66:5c:79:54:65:8a:97:
                    e6:25:59:5d:64:6d:7b:a2:14:94:b9:c3:1d:42:d5:
                    ff:26:b7:3a:89:9a:81:58:5d:1e:00:1c:87:57:44:
                    8c:46:c0:10:ea:05:e4:8a:cb:f7:90:f4:f8:e0:57:
                    1d:4d:96:5a:66:65:9a:0e:80:30:d1:59:35:40:92:
                    66:36:fa:5d:c5:17:47:aa:d6:e4:4d:82:9a:31:41:
                    17:e0:3a:77:e8:71:51:e8:f7:24:bb:82:1c:bb:fa:
                    10:f8:a3:5b:2c:79:c5:b1:92:aa:d4:f4:c8:f0:c2:
                    11:34:b2:bd:de:15:7e:9d:fd:44:c9:4d:cb:08:6b:
                    e1:a8:b3:07:4f:e3:2e:c4:c6:3d:ee:f7:54:f6:95:
                    35:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:43:25:D0:9E:B5:F7:D6:06:C0:B8:4F:33:81:61:E8:CF:78:8A:C3
            X509v3 Authority Key Identifier:
                keyid:57:C6:70:C8:DB:32:DD:74:8D:F7:97:C5:C9:30:13:D8:C9:1F:A8:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/V8ZwyNsy3XSN95fFyTAT2MkfqDk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/ekMl0J6199YGwLhPM4Fh6M94isM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/5a6fda-7896-4c50-affd-30495f403784/1/V8ZwyNsy3XSN95fFyTAT2MkfqDk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.31.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:9a:0e:8f:78:f6:63:c1:cf:a0:c2:b6:49:0f:5b:e0:98:e2:
         a0:cc:e6:e0:c8:e9:b2:63:2d:6c:a2:ed:89:c4:96:57:53:fb:
         8c:2f:62:4c:d3:1b:f0:87:37:ed:b6:e7:9b:e5:69:6c:05:a6:
         91:ee:a0:7a:44:87:57:41:5e:8c:5a:3b:89:68:d9:f6:39:cb:
         6a:1f:c2:f4:4d:7a:ca:bd:f7:31:65:ff:81:39:ed:b8:a8:e1:
         40:62:aa:09:ac:13:16:bb:90:84:14:88:e5:2a:73:df:96:4f:
         bf:74:e2:68:43:2d:89:8e:45:ee:fc:eb:4a:83:ba:a3:fa:92:
         87:dd:8d:7f:94:01:70:8d:d0:2a:82:d0:d7:cb:d9:11:c3:ae:
         75:af:a9:8c:81:2e:5c:d2:ad:6f:2c:5c:36:da:62:07:60:30:
         6f:ff:49:79:d1:99:f7:96:ef:01:fd:07:70:8e:4d:f7:c6:32:
         01:d2:15:2a:f6:a2:ad:a6:f2:98:5a:97:85:88:e1:98:f4:a6:
         05:5d:45:e5:5b:8a:5d:3b:a2:33:ce:19:ba:ef:9b:6e:d3:36:
         6e:0d:0e:d2:98:35:38:ad:c4:7f:38:51:e3:32:e1:9d:ef:df:
         2a:d2:f1:36:25:87:79:a4:be:20:16:f6:88:0c:6e:15:9d:4a:
         d5:d7:b3:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY4zQzAeyO0dHkRFWO8dkkFpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3YzY3MGM4ZGIzMmRkNzQ4ZGY3OTdjNWM5MzAxM2Q4Yzkx
ZmE4MzkwHhcNMjQwMzEyMTUyMzQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTQzMjVkMDllYjVmN2Q2MDZjMGI4NGYzMzgxNjFlOGNmNzg4YWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3mOyy2s3aVRtFOPDwLyoqUWMoG1g
1sL1ALzppSOTCLelcl3YVqY9wlZXQALdL77D1YErh8PkeTnT7Xp8esd6Zyj9Rsn9
0Ir6ixnDYn5dhfxd4ZQ8NslqUGAiHlb+Ft3pTRigkii6Jle66OnJC60zsWZceVRl
ipfmJVldZG17ohSUucMdQtX/Jrc6iZqBWF0eAByHV0SMRsAQ6gXkisv3kPT44Fcd
TZZaZmWaDoAw0Vk1QJJmNvpdxRdHqtbkTYKaMUEX4Dp36HFR6Pcku4Icu/oQ+KNb
LHnFsZKq1PTI8MIRNLK93hV+nf1EyU3LCGvhqLMHT+MuxMY97vdU9pU16QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHpDJdCetffWBsC4TzOBYejPeIrDMB8GA1UdIwQY
MBaAFFfGcMjbMt10jfeXxckwE9jJH6g5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQt
MzA0OTVmNDAzNzg0LzEvZWtNbDBKNjE5OVlHd0xoUE00Rmg2TTk0aXNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC81YTZmZGEtNzg5Ni00YzUwLWFmZmQtMzA0OTVmNDAzNzg0
LzEvVjhad3lOc3kzWFNOOTVmRnlUQVQyTWtmcURrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwh9JMA0G
CSqGSIb3DQEBCwUAA4IBAQBsmg6PePZjwc+gwrZJD1vgmOKgzObgyOmyYy1sou2J
xJZXU/uML2JM0xvwhzfttueb5WlsBaaR7qB6RIdXQV6MWjuJaNn2OctqH8L0TXrK
vfcxZf+BOe24qOFAYqoJrBMWu5CEFIjlKnPflk+/dOJoQy2JjkXu/OtKg7qj+pKH
3Y1/lAFwjdAqgtDXy9kRw651r6mMgS5c0q1vLFw22mIHYDBv/0l50Zn3lu8B/Qdw
jk33xjIB0hUq9qKtpvKYWpeFiOGY9KYFXUXlW4pdO6Izzhm675tu0zZuDQ7SmDU4
rcR/OFHjMuGd798q0vE2JYd5pL4gFvaIDG4VnUrV17PS
-----END CERTIFICATE-----