Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/yRi1UZ9JMgxV6C8-qpHz-70-7BU.roa
File:                     yRi1UZ9JMgxV6C8-qpHz-70-7BU.roa (raw, json)
Hash identifier:          tiXPVplFNxJbZbHN3ZOXK6utci9EHJyAa83OkB0eqig=
Subject key identifier:   C9:18:B5:51:9F:49:32:0C:55:E8:2F:3E:AA:91:F3:FB:BD:3E:EC:15
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0192BB12B1AC2D7B69153B642799B126A9E1
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/yRi1UZ9JMgxV6C8-qpHz-70-7BU.roa
Signing time:             Wed 23 Oct 2024 20:30:17 +0000
ROA not before:           Wed 23 Oct 2024 20:30:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     54852
IP address blocks:        94.229.210.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Oct 2024 11:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:bb:12:b1:ac:2d:7b:69:15:3b:64:27:99:b1:26:a9:e1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Oct 23 20:30:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c918b5519f49320c55e82f3eaa91f3fbbd3eec15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:99:9e:1a:d3:bd:dc:aa:df:57:6d:d1:1a:a0:
                    55:08:8e:db:1c:4c:c6:a6:36:7c:e0:02:36:86:1b:
                    0f:7f:f5:e6:4f:ba:ea:44:2c:c3:7d:7d:ca:d8:de:
                    64:00:9a:a3:79:41:0f:55:fc:d3:4d:39:37:29:0a:
                    83:13:f0:33:62:1d:8c:ca:47:a1:96:67:3c:40:04:
                    b5:13:dc:5b:fc:2d:b0:6a:fe:a5:2b:f0:f6:3f:9f:
                    94:ef:a7:35:46:00:76:eb:48:17:ab:7b:76:cb:7b:
                    eb:5f:c7:0c:c1:ff:4e:15:79:a6:8a:ef:10:6d:66:
                    5e:ba:9e:3f:87:4d:40:61:44:dd:f9:e5:bf:27:9d:
                    e7:0f:b9:25:d1:9c:fa:a5:e1:bd:6b:e6:be:2f:2e:
                    80:78:5a:eb:28:f2:29:e4:64:a4:51:ff:81:cc:de:
                    c2:2f:c3:5f:4d:5e:a8:36:d4:72:e6:dc:6f:ca:e2:
                    13:bb:0a:01:bd:2c:84:10:8d:56:79:69:c6:c8:60:
                    5c:5d:3c:6b:a7:a5:5a:98:7f:95:e6:e4:28:49:d7:
                    6b:00:8a:6e:e7:73:d5:c3:ca:8a:41:07:6d:24:5b:
                    ce:f7:07:ed:5b:b8:67:8c:c7:2e:31:25:94:f8:ec:
                    97:f8:84:0f:7f:5e:a6:37:6e:52:c2:85:09:8d:ea:
                    53:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:18:B5:51:9F:49:32:0C:55:E8:2F:3E:AA:91:F3:FB:BD:3E:EC:15
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/yRi1UZ9JMgxV6C8-qpHz-70-7BU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.229.210.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:a7:63:b9:82:cc:78:16:7e:c0:01:7e:c9:79:62:2c:31:13:
         38:29:4e:01:5a:ea:02:98:3f:18:2d:e3:f6:ea:7a:01:eb:45:
         9a:4c:fe:f3:e2:eb:38:d6:d0:dd:34:8a:67:55:69:3f:29:ba:
         c9:fc:e5:4d:c1:9b:04:7e:f7:24:cb:ae:2e:f5:88:f3:ab:b6:
         50:aa:07:5a:27:39:ec:af:f2:27:16:a0:0e:a2:6b:7a:de:64:
         82:bc:82:f4:c3:35:64:18:1b:90:ab:d3:ab:eb:2b:69:2c:93:
         d5:e4:e8:ec:86:a3:05:f8:5a:c3:7b:c0:73:d8:d8:39:3d:2d:
         79:0d:8c:36:a6:89:a9:0c:e4:b2:6c:e5:2a:52:e4:16:87:2f:
         47:4f:4c:9f:b7:a2:2a:a3:0a:96:85:0d:28:a9:a6:63:db:ba:
         80:00:40:a7:64:96:e9:d6:96:ad:37:51:7e:a4:b5:51:22:fa:
         76:25:27:5c:77:69:07:c1:c3:82:3e:c7:81:a7:bb:c9:b7:cd:
         c9:9d:e2:96:bc:3a:7d:a7:59:d3:76:a4:40:d4:67:88:91:71:
         b2:e4:a7:f7:f9:f3:06:50:af:6a:b6:96:df:31:53:31:8e:5a:
         12:2a:09:13:a8:9c:c4:89:cf:92:0a:f5:93:17:54:37:8c:e6:
         43:d6:42:57
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZK7ErGsLXtpFTtkJ5mxJqnhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjQxMDIzMjAzMDE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTE4YjU1MTlmNDkzMjBjNTVlODJmM2VhYTkxZjNmYmJkM2VlYzE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr5meGtO93KrfV23RGqBVCI7bHEzG
pjZ84AI2hhsPf/XmT7rqRCzDfX3K2N5kAJqjeUEPVfzTTTk3KQqDE/AzYh2Mykeh
lmc8QAS1E9xb/C2wav6lK/D2P5+U76c1RgB260gXq3t2y3vrX8cMwf9OFXmmiu8Q
bWZeup4/h01AYUTd+eW/J53nD7kl0Zz6peG9a+a+Ly6AeFrrKPIp5GSkUf+BzN7C
L8NfTV6oNtRy5txvyuITuwoBvSyEEI1WeWnGyGBcXTxrp6VamH+V5uQoSddrAIpu
53PVw8qKQQdtJFvO9wftW7hnjMcuMSWU+OyX+IQPf16mN25SwoUJjepTYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMkYtVGfSTIMVegvPqqR8/u9PuwVMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEveVJpMVVaOUpNZ3hWNkM4LXFwSHotNzAtN0JVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXuXSMA0G
CSqGSIb3DQEBCwUAA4IBAQASp2O5gsx4Fn7AAX7JeWIsMRM4KU4BWuoCmD8YLeP2
6noB60WaTP7z4us41tDdNIpnVWk/KbrJ/OVNwZsEfvcky64u9Yjzq7ZQqgdaJzns
r/InFqAOomt63mSCvIL0wzVkGBuQq9Or6ytpLJPV5OjshqMF+FrDe8Bz2Ng5PS15
DYw2pompDOSybOUqUuQWhy9HT0yft6IqowqWhQ0oqaZj27qAAECnZJbp1patN1F+
pLVRIvp2JSdcd2kHwcOCPseBp7vJt83JneKWvDp9p1nTdqRA1GeIkXGy5Kf3+fMG
UK9qtpbfMVMxjloSKgkTqJzEic+SCvWTF1Q3jOZD1kJX
-----END CERTIFICATE-----