Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Bmr6a1OTCn6D-lB_C0wMC9mTyd4.roa
File:                     Bmr6a1OTCn6D-lB_C0wMC9mTyd4.roa (raw, json)
Hash identifier:          fsmPcaBclX4Is02dBOsu/wY1nLMiNatqt0KTHHPalQY=
Subject key identifier:   06:6A:FA:6B:53:93:0A:7E:83:FA:50:7F:0B:4C:0C:0B:D9:93:C9:DE
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       01934F93DB1816AAFA2F1C556BAF08D02D25
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Bmr6a1OTCn6D-lB_C0wMC9mTyd4.roa
Signing time:             Thu 21 Nov 2024 16:35:10 +0000
ROA not before:           Thu 21 Nov 2024 16:35:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215287
IP address blocks:        77.111.107.0/24 maxlen: 24
                          94.229.223.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 26 Nov 2024 14:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:4f:93:db:18:16:aa:fa:2f:1c:55:6b:af:08:d0:2d:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Nov 21 16:35:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=066afa6b53930a7e83fa507f0b4c0c0bd993c9de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:dd:25:ba:53:c4:ad:08:ed:a6:21:f5:60:f6:
                    b2:9b:db:e0:3b:b0:65:bb:5b:f7:bd:79:92:aa:b4:
                    a0:0b:1d:36:f4:67:18:9b:19:37:8e:af:c6:90:38:
                    f7:22:78:73:8d:82:c2:ff:0b:31:15:1b:91:ae:85:
                    a9:03:46:b3:2b:24:a6:83:8d:ee:14:24:5b:5b:4c:
                    57:65:5e:a2:64:69:a7:6d:a8:6e:8f:99:14:aa:b3:
                    40:32:47:fd:ab:ac:13:d9:3a:f0:24:21:1a:28:3d:
                    e8:3f:e3:e2:34:76:a8:29:7d:c3:e3:e8:ae:a5:fa:
                    80:40:35:e8:f5:09:dc:d9:28:b1:31:27:98:34:b4:
                    89:2c:a5:18:4a:9c:ee:d9:96:9a:27:22:43:87:3a:
                    4c:1c:7b:da:fc:f8:0b:14:df:b5:1e:ae:d3:27:09:
                    df:1e:0f:c3:55:27:b0:38:7f:32:46:b2:53:cd:bd:
                    58:4e:43:33:97:14:71:d8:bc:8a:96:fe:09:41:62:
                    7a:b6:5e:c6:68:6a:55:3d:21:47:87:48:0d:48:3f:
                    d5:34:c1:53:a6:64:d9:cb:09:ab:7f:89:ca:b1:fb:
                    f6:ed:27:78:1d:6f:89:46:95:e5:84:e8:c1:a3:a2:
                    9e:b9:7c:0c:9e:ca:3b:c8:14:c4:71:8b:81:5f:8d:
                    55:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:6A:FA:6B:53:93:0A:7E:83:FA:50:7F:0B:4C:0C:0B:D9:93:C9:DE
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/Bmr6a1OTCn6D-lB_C0wMC9mTyd4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.107.0/24
                  94.229.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:db:f8:36:76:e1:05:58:2a:b1:a1:da:da:70:f7:3a:01:36:
         2b:5e:45:6f:44:fc:0c:56:75:89:f8:3d:44:b2:b8:b8:4c:93:
         38:e8:04:98:28:11:d6:ee:cd:1d:43:21:3f:98:3e:e1:f7:1b:
         86:fc:59:ab:16:48:9f:e3:9a:c6:d3:0f:24:57:56:06:b6:1e:
         6a:30:3b:01:6e:39:ae:4a:68:ee:a9:a7:fe:11:e6:75:b2:e2:
         bc:21:77:77:c5:c7:67:40:c0:5c:e0:4d:56:81:e7:61:c8:75:
         96:9c:36:94:e1:c4:df:ac:4e:11:d1:a2:bf:0b:5e:b7:e8:20:
         f1:b0:fd:95:f5:ec:82:80:fa:a5:ba:4a:cb:40:3e:49:c2:62:
         f7:a7:2d:58:22:8f:5f:db:28:2d:b7:44:d0:9e:c5:6d:aa:9d:
         84:93:54:59:67:4d:c9:66:c9:0c:47:80:40:71:b1:25:57:5e:
         38:11:c2:88:c7:b9:d5:4d:ee:a6:a3:bc:39:01:46:ce:6d:aa:
         26:81:c6:b4:8d:78:d6:f9:0c:a9:9e:82:35:6b:5c:78:eb:be:
         7e:70:3b:ba:96:07:c7:50:d7:18:0a:80:97:39:6a:d5:f5:2d:
         37:e5:c5:fb:b0:1e:09:76:0a:85:91:64:7e:8f:21:3e:36:5f:
         89:b3:9c:2b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZNPk9sYFqr6LxxVa68I0C0lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQxMTIxMTYzNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjZhZmE2YjUzOTMwYTdlODNmYTUwN2YwYjRjMGMwYmQ5OTNjOWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzt0lulPErQjtpiH1YPaym9vgO7Bl
u1v3vXmSqrSgCx029GcYmxk3jq/GkDj3InhzjYLC/wsxFRuRroWpA0azKySmg43u
FCRbW0xXZV6iZGmnbahuj5kUqrNAMkf9q6wT2TrwJCEaKD3oP+PiNHaoKX3D4+iu
pfqAQDXo9Qnc2SixMSeYNLSJLKUYSpzu2ZaaJyJDhzpMHHva/PgLFN+1Hq7TJwnf
Hg/DVSewOH8yRrJTzb1YTkMzlxRx2LyKlv4JQWJ6tl7GaGpVPSFHh0gNSD/VNMFT
pmTZywmrf4nKsfv27Sd4HW+JRpXlhOjBo6KeuXwMnso7yBTEcYuBX41VVwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFAZq+mtTkwp+g/pQfwtMDAvZk8neMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvQm1yNmExT1RDbjZELWxCX0Mwd01DOW1UeWQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQATW9rAwQA
XuXfMA0GCSqGSIb3DQEBCwUAA4IBAQBW2/g2duEFWCqxodracPc6ATYrXkVvRPwM
VnWJ+D1Esri4TJM46ASYKBHW7s0dQyE/mD7h9xuG/FmrFkif45rG0w8kV1YGth5q
MDsBbjmuSmjuqaf+EeZ1suK8IXd3xcdnQMBc4E1WgedhyHWWnDaU4cTfrE4R0aK/
C1636CDxsP2V9eyCgPqlukrLQD5JwmL3py1YIo9f2ygtt0TQnsVtqp2Ek1RZZ03J
ZskMR4BAcbElV144EcKIx7nVTe6mo7w5AUbObaomgca0jXjW+QypnoI1a1x4675+
cDu6lgfHUNcYCoCXOWrV9S035cX7sB4JdgqFkWR+jyE+Nl+Js5wr
-----END CERTIFICATE-----