Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/662Sh5aHIY06ZxdYnbfNzjlIE3k.roa
File:                     662Sh5aHIY06ZxdYnbfNzjlIE3k.roa (raw, json)
Hash identifier:          pukr5Q4MPjRc/svbds90/tHNFyDa+vh8zaIIaflFuD4=
Subject key identifier:   EB:AD:92:87:96:87:21:8D:3A:67:17:58:9D:B7:CD:CE:39:48:13:79
Certificate issuer:       /CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
Certificate serial:       018FF2F8E2043D1BC9D8169839C7A79E60EE
Authority key identifier: DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/662Sh5aHIY06ZxdYnbfNzjlIE3k.roa
Signing time:             Fri 07 Jun 2024 13:52:28 +0000
ROA not before:           Fri 07 Jun 2024 13:52:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61371
IP address blocks:        94.131.196.0/23 maxlen: 23
                          94.131.198.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 06:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:f2:f8:e2:04:3d:1b:c9:d8:16:98:39:c7:a7:9e:60:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dbb396dfa951ec4157f211e5ed740ed97e1b0f3f
        Validity
            Not Before: Jun  7 13:52:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ebad92879687218d3a6717589db7cdce39481379
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:42:dd:91:7c:f9:4e:69:d6:58:e8:36:2a:d1:
                    26:ba:3e:ee:0b:62:43:ec:6f:2c:82:80:fd:04:5d:
                    0b:03:68:8b:05:4f:b0:a2:4c:1a:62:04:d5:2d:17:
                    a7:22:b8:7b:24:a6:00:19:47:ac:24:7b:32:c2:36:
                    78:0c:db:d4:7d:c1:8f:90:08:0a:bd:6d:c5:79:46:
                    f0:44:c3:16:bd:ec:14:c4:33:a8:8b:99:44:06:5f:
                    14:17:c2:85:93:35:f5:f8:7d:d6:78:70:e1:87:12:
                    c5:1d:73:af:55:a2:5e:0c:04:9c:76:29:27:2a:ba:
                    0b:3f:72:26:8d:c0:79:78:a6:8b:36:13:ce:77:8e:
                    ba:da:29:e1:e7:b1:fb:48:61:d0:5b:5f:2f:64:aa:
                    6a:c1:89:e5:4f:53:86:1e:8b:8a:ca:13:d8:e2:9a:
                    85:b1:8e:f0:6b:9a:57:34:b6:33:94:7f:cb:ce:4e:
                    d2:29:14:75:94:36:9d:b1:e8:41:78:66:35:e3:25:
                    87:82:7e:26:6b:ea:bd:92:9d:ab:81:27:b9:da:0e:
                    f9:69:94:cf:28:62:c0:df:e3:77:e1:25:8e:e0:28:
                    08:5d:fd:94:e7:e2:67:ae:5a:99:c2:e8:fb:01:f5:
                    5c:1e:3d:f6:f9:52:f6:db:6f:b0:cd:c5:4f:ec:fe:
                    8e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:AD:92:87:96:87:21:8D:3A:67:17:58:9D:B7:CD:CE:39:48:13:79
            X509v3 Authority Key Identifier:
                keyid:DB:B3:96:DF:A9:51:EC:41:57:F2:11:E5:ED:74:0E:D9:7E:1B:0F:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/27OW36lR7EFX8hHl7XQO2X4bDz8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/662Sh5aHIY06ZxdYnbfNzjlIE3k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b3987a-4504-4749-9d73-df572fe9672a/1/27OW36lR7EFX8hHl7XQO2X4bDz8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.131.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:8e:97:d5:de:32:56:a0:da:ab:8a:53:04:a8:09:0e:10:36:
         e2:87:b7:38:ef:34:df:94:fa:c5:80:15:e1:c4:ae:b8:22:89:
         7c:85:75:80:07:fd:56:d7:5f:f2:5f:b6:20:98:8b:18:fc:43:
         de:1a:de:d0:3e:6e:68:11:3a:b7:cc:72:b8:96:22:8c:ca:6d:
         21:c2:c3:9a:86:ad:7c:37:b6:8c:3e:a1:d7:fd:e2:30:d4:6b:
         9a:c5:ea:21:25:39:12:6d:ff:2f:ed:91:29:4e:2a:e6:21:c4:
         e1:c7:0e:78:b5:1b:76:a9:c3:35:09:a2:28:3b:0a:de:62:04:
         59:b8:af:82:a0:84:65:91:1b:82:50:17:e4:14:28:4e:ba:0d:
         db:69:41:86:94:76:ab:56:cd:e3:58:59:f2:fd:4b:49:dd:6d:
         da:29:37:56:76:8c:a1:e3:1e:d4:10:21:aa:5f:aa:2b:6b:be:
         e2:98:44:49:6d:4e:f4:fb:cc:da:2c:1f:57:2f:fb:76:bc:3e:
         bd:c4:2a:fe:ad:2f:9b:24:dc:1d:2e:33:b8:ea:11:33:46:d3:
         a3:d1:e4:81:ce:65:30:6b:03:81:4a:8a:13:74:8d:e4:94:c0:
         6e:19:68:4c:d8:aa:be:00:23:de:d3:a1:cb:0a:0f:01:59:18:
         25:48:e6:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/y+OIEPRvJ2BaYOcennmDuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYjM5NmRmYTk1MWVjNDE1N2YyMTFlNWVkNzQwZWQ5N2Ux
YjBmM2YwHhcNMjQwNjA3MTM1MjI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYmFkOTI4Nzk2ODcyMThkM2E2NzE3NTg5ZGI3Y2RjZTM5NDgxMzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnULdkXz5TmnWWOg2KtEmuj7uC2JD
7G8sgoD9BF0LA2iLBU+wokwaYgTVLRenIrh7JKYAGUesJHsywjZ4DNvUfcGPkAgK
vW3FeUbwRMMWvewUxDOoi5lEBl8UF8KFkzX1+H3WeHDhhxLFHXOvVaJeDAScdikn
KroLP3ImjcB5eKaLNhPOd4662inh57H7SGHQW18vZKpqwYnlT1OGHouKyhPY4pqF
sY7wa5pXNLYzlH/Lzk7SKRR1lDadsehBeGY14yWHgn4ma+q9kp2rgSe52g75aZTP
KGLA3+N34SWO4CgIXf2U5+JnrlqZwuj7AfVcHj32+VL222+wzcVP7P6O5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOutkoeWhyGNOmcXWJ23zc45SBN5MB8GA1UdIwQY
MBaAFNuzlt+pUexBV/IR5e10Dtl+Gw8/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMt
ZGY1NzJmZTk2NzJhLzEvNjYyU2g1YUhJWTA2WnhkWW5iZk56amxJRTNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iMzk4N2EtNDUwNC00NzQ5LTlkNzMtZGY1NzJmZTk2NzJh
LzEvMjdPVzM2bFI3RUZYOGhIbDdYUU8yWDRiRHo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCXoPEMA0G
CSqGSIb3DQEBCwUAA4IBAQACjpfV3jJWoNqrilMEqAkOEDbih7c47zTflPrFgBXh
xK64Iol8hXWAB/1W11/yX7YgmIsY/EPeGt7QPm5oETq3zHK4liKMym0hwsOahq18
N7aMPqHX/eIw1GuaxeohJTkSbf8v7ZEpTirmIcThxw54tRt2qcM1CaIoOwreYgRZ
uK+CoIRlkRuCUBfkFChOug3baUGGlHarVs3jWFny/UtJ3W3aKTdWdoyh4x7UECGq
X6ora77imERJbU70+8zaLB9XL/t2vD69xCr+rS+bJNwdLjO46hEzRtOj0eSBzmUw
awOBSooTdI3klMBuGWhM2Kq+ACPe06HLCg8BWRglSObA
-----END CERTIFICATE-----