Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/9smlgqx0GmSg2gnPYcnpi1mWhM0.roa
File:                     9smlgqx0GmSg2gnPYcnpi1mWhM0.roa (raw, json)
Hash identifier:          HuHQQsu09kGHUU+Qx9FKerKvvlnid1CkLz/6ezw1lxY=
Subject key identifier:   F6:C9:A5:82:AC:74:1A:64:A0:DA:09:CF:61:C9:E9:8B:59:96:84:CD
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0192D10631F818F08FB9FD784259C5035EA4
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/9smlgqx0GmSg2gnPYcnpi1mWhM0.roa
Signing time:             Mon 28 Oct 2024 02:48:16 +0000
ROA not before:           Mon 28 Oct 2024 02:48:16 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212416
IP address blocks:        77.111.108.0/24 maxlen: 24
                          94.229.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 03:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:d1:06:31:f8:18:f0:8f:b9:fd:78:42:59:c5:03:5e:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Oct 28 02:48:16 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f6c9a582ac741a64a0da09cf61c9e98b599684cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ac:b6:c9:1b:cb:1e:4c:df:19:f5:fd:5c:4c:
                    39:dd:0c:56:09:37:e7:af:38:87:03:07:86:88:b4:
                    d7:f6:5f:4c:bc:2a:96:20:29:4a:6c:3c:5e:6d:eb:
                    89:9c:7e:ec:ed:a3:94:a2:80:f4:4b:25:06:84:ed:
                    99:1d:f4:d5:e2:4c:0c:a9:f1:13:34:1b:51:a3:12:
                    38:6f:71:87:bb:43:43:93:d6:31:f0:ae:32:34:d5:
                    96:73:84:da:63:c8:81:0f:9a:ce:6d:57:42:28:37:
                    44:8a:b3:04:55:94:ea:92:01:df:9d:e3:f6:f7:a2:
                    f3:1b:43:08:1f:5d:28:85:52:c4:43:cc:66:b1:b6:
                    9d:2f:03:a4:7f:7a:ec:45:a8:a2:55:77:4f:89:26:
                    f5:3e:a4:5a:a3:c1:43:30:53:c1:a7:af:06:20:fe:
                    e8:ea:54:bd:23:f6:e9:70:df:76:e5:bd:08:d6:b7:
                    a0:c6:0f:6d:75:1e:9f:95:a1:21:65:6a:fd:eb:6a:
                    7e:a4:8f:8f:a7:3b:3e:31:a1:d7:25:a4:a1:99:a7:
                    82:42:fb:b4:a8:ef:66:0e:cd:8c:92:40:7d:d3:e0:
                    cc:9b:12:38:27:c8:7b:81:31:57:c9:80:0c:4d:02:
                    69:14:b5:ee:4d:e5:dc:34:e8:2c:6c:48:34:3e:ac:
                    0a:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:C9:A5:82:AC:74:1A:64:A0:DA:09:CF:61:C9:E9:8B:59:96:84:CD
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/9smlgqx0GmSg2gnPYcnpi1mWhM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.108.0/24
                  94.229.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         e0:6f:e0:df:6e:83:a1:ca:a2:d8:97:dc:fe:86:a5:fd:43:61:
         9b:f7:1a:a2:80:f7:76:af:10:99:e8:4e:a2:27:85:e9:49:fa:
         d1:97:e1:e8:ba:95:47:7a:a1:12:93:d4:60:68:7e:e3:78:eb:
         dc:f0:45:58:8a:12:2d:69:c6:a6:68:7e:77:89:e1:b3:99:e2:
         bc:8b:80:61:bb:4c:cc:52:9a:a1:8c:87:10:b7:7a:a3:dd:21:
         77:85:54:2d:5a:a7:3e:01:6b:22:52:1a:82:f4:a3:51:8f:37:
         b0:6f:f6:2a:04:7b:a7:39:e5:17:f4:4b:c6:6f:ba:9d:81:db:
         72:32:42:8d:11:fb:67:19:1b:8c:11:62:f5:bd:02:f6:9b:89:
         2e:0c:8e:0c:9a:b9:6a:81:b3:d5:dd:84:2a:6a:e9:85:f7:32:
         a0:1a:70:3d:e8:ea:06:92:d3:a8:d7:d0:66:4e:b3:c4:de:ab:
         93:89:73:14:1f:fa:43:4a:32:55:1e:e7:d9:1a:63:dd:8e:c7:
         3e:fe:a1:35:6c:3d:a4:5a:a9:0d:ef:47:3d:43:54:a2:17:1b:
         1d:a7:3b:dd:b7:d9:59:c2:2e:c9:d6:c8:0c:7a:46:ac:ab:1d:
         ce:c9:f3:f8:29:aa:50:f1:42:91:09:7f:78:a7:de:ef:9f:76:
         99:d3:0a:b7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZLRBjH4GPCPuf14QlnFA16kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQxMDI4MDI0ODE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmM5YTU4MmFjNzQxYTY0YTBkYTA5Y2Y2MWM5ZTk4YjU5OTY4NGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6y2yRvLHkzfGfX9XEw53QxWCTfn
rziHAweGiLTX9l9MvCqWIClKbDxebeuJnH7s7aOUooD0SyUGhO2ZHfTV4kwMqfET
NBtRoxI4b3GHu0NDk9Yx8K4yNNWWc4TaY8iBD5rObVdCKDdEirMEVZTqkgHfneP2
96LzG0MIH10ohVLEQ8xmsbadLwOkf3rsRaiiVXdPiSb1PqRao8FDMFPBp68GIP7o
6lS9I/bpcN925b0I1regxg9tdR6flaEhZWr962p+pI+Ppzs+MaHXJaShmaeCQvu0
qO9mDs2MkkB90+DMmxI4J8h7gTFXyYAMTQJpFLXuTeXcNOgsbEg0PqwKcwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPbJpYKsdBpkoNoJz2HJ6YtZloTNMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvOXNtbGdxeDBHbVNnMmduUFljbnBpMW1XaE0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATW9sAwQA
XuXeMA0GCSqGSIb3DQEBCwUAA4IBAQDgb+DfboOhyqLYl9z+hqX9Q2Gb9xqigPd2
rxCZ6E6iJ4XpSfrRl+HoupVHeqESk9RgaH7jeOvc8EVYihItacamaH53ieGzmeK8
i4Bhu0zMUpqhjIcQt3qj3SF3hVQtWqc+AWsiUhqC9KNRjzewb/YqBHunOeUX9EvG
b7qdgdtyMkKNEftnGRuMEWL1vQL2m4kuDI4MmrlqgbPV3YQqaumF9zKgGnA96OoG
ktOo19BmTrPE3quTiXMUH/pDSjJVHufZGmPdjsc+/qE1bD2kWqkN70c9Q1SiFxsd
pzvdt9lZwi7J1sgMekasqx3OyfP4KapQ8UKRCX94p97vn3aZ0wq3
-----END CERTIFICATE-----