Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/63295f-18cb-4bfe-92e3-4ab5331cd935/1/xAQMU5EfoQOn0ZO1yozUdg_dgq0.roa
File:                     xAQMU5EfoQOn0ZO1yozUdg_dgq0.roa (raw, json)
Hash identifier:          uxx2YwrEuTnzs7XRc7SHTqvv5ucR7M3nZOj5x3JKluM=
Subject key identifier:   C4:04:0C:53:91:1F:A1:03:A7:D1:93:B5:CA:8C:D4:76:0F:DD:82:AD
Certificate issuer:       /CN=eb7bbbfef59509e7263986f780589ab1e7998423
Certificate serial:       018CC794A28F6DFF7F74787BCDD6B3C8071A
Authority key identifier: EB:7B:BB:FE:F5:95:09:E7:26:39:86:F7:80:58:9A:B1:E7:99:84:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/63u7_vWVCecmOYb3gFiaseeZhCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/63295f-18cb-4bfe-92e3-4ab5331cd935/1/xAQMU5EfoQOn0ZO1yozUdg_dgq0.roa
Signing time:             Tue 02 Jan 2024 00:30:56 +0000
ROA not before:           Tue 02 Jan 2024 00:30:56 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50828
IP address blocks:        213.192.112.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/63295f-18cb-4bfe-92e3-4ab5331cd935/1/63u7_vWVCecmOYb3gFiaseeZhCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/63295f-18cb-4bfe-92e3-4ab5331cd935/1/63u7_vWVCecmOYb3gFiaseeZhCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/63u7_vWVCecmOYb3gFiaseeZhCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 20:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:94:a2:8f:6d:ff:7f:74:78:7b:cd:d6:b3:c8:07:1a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb7bbbfef59509e7263986f780589ab1e7998423
        Validity
            Not Before: Jan  2 00:30:56 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c4040c53911fa103a7d193b5ca8cd4760fdd82ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:a6:d3:cd:9f:19:20:3c:5a:cf:3d:83:79:86:
                    bf:fe:49:72:6e:3a:e8:d8:ef:7c:1d:ce:42:50:9d:
                    1a:6c:af:41:8f:6d:5d:2f:04:0b:b8:ee:db:03:a5:
                    51:5f:a7:95:4d:6b:9a:c5:6a:48:66:05:5b:45:7d:
                    f2:58:09:d8:b5:72:2f:2b:1c:b2:e5:e2:2e:e9:26:
                    68:24:dd:5d:f3:72:73:0d:54:18:de:06:9e:ed:91:
                    1c:42:7b:b5:2d:33:6e:bf:40:b8:e4:d0:16:ef:f2:
                    95:2c:46:d4:45:dc:6f:a6:90:df:c3:60:ef:89:27:
                    07:80:a3:79:93:5e:9f:0f:38:14:28:25:de:d6:56:
                    a1:09:4e:39:66:74:56:2c:fe:6b:15:ff:dd:53:2b:
                    da:b1:7f:16:9c:f1:ac:41:c9:a4:c2:57:01:9b:fc:
                    cf:62:92:2b:2b:bb:2e:4f:6c:0d:e4:be:34:91:5f:
                    3e:5d:bb:86:88:6d:52:5c:ff:2f:8a:95:19:0f:88:
                    76:e4:ac:c8:50:90:db:5e:d4:58:3c:05:31:ce:6c:
                    2a:fe:70:7c:05:85:13:1b:9a:1a:0e:53:d4:55:c4:
                    9b:b9:10:df:7d:fc:87:11:14:47:77:af:97:c6:cf:
                    9a:9a:60:77:f4:99:7a:12:ad:53:80:8c:10:aa:de:
                    d9:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:04:0C:53:91:1F:A1:03:A7:D1:93:B5:CA:8C:D4:76:0F:DD:82:AD
            X509v3 Authority Key Identifier:
                keyid:EB:7B:BB:FE:F5:95:09:E7:26:39:86:F7:80:58:9A:B1:E7:99:84:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/63u7_vWVCecmOYb3gFiaseeZhCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/63295f-18cb-4bfe-92e3-4ab5331cd935/1/xAQMU5EfoQOn0ZO1yozUdg_dgq0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/63295f-18cb-4bfe-92e3-4ab5331cd935/1/63u7_vWVCecmOYb3gFiaseeZhCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.192.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8f:21:c0:ef:5d:1d:11:37:72:8a:fa:3b:a9:3a:8c:6e:5b:aa:
         8d:7d:cd:47:02:cf:fd:bb:78:ee:aa:3d:f3:7f:86:8d:81:79:
         2a:18:b9:c1:4d:26:4a:fa:6c:37:81:b5:b9:fd:5a:51:02:07:
         f5:41:68:20:d5:a3:90:26:ba:ed:c1:8d:c4:1d:69:a0:f2:c5:
         d7:35:fc:b3:34:71:36:8d:05:a9:08:2c:26:22:03:30:b9:64:
         77:15:d1:12:31:b3:74:65:ed:55:79:c0:7c:ef:53:ce:27:c1:
         57:f6:78:d7:38:6e:dc:78:23:02:9e:06:a3:05:a6:28:6a:21:
         ee:23:4b:93:0d:50:98:39:15:14:cb:6a:65:19:c6:3d:ef:80:
         d7:f9:6f:eb:aa:99:f2:16:d7:eb:82:9a:7e:21:55:32:d9:6e:
         bb:eb:8b:d6:ca:b5:fd:50:18:bc:86:8d:b3:15:b7:55:66:e7:
         b9:67:2c:95:a0:24:9e:a3:50:d9:4b:90:2c:4f:e7:53:f6:0e:
         fe:62:b5:69:84:46:84:e0:d4:4a:fb:8c:0a:c6:65:4f:67:97:
         3a:8d:ae:16:2e:75:a2:ea:c6:26:9c:0d:4d:bd:be:51:01:69:
         92:ea:29:e5:42:0c:c3:35:fd:fa:b6:37:42:86:c8:33:d8:d1:
         ea:b4:c6:21
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHlKKPbf9/dHh7zdazyAcaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViN2JiYmZlZjU5NTA5ZTcyNjM5ODZmNzgwNTg5YWIxZTc5
OTg0MjMwHhcNMjQwMTAyMDAzMDU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNDA0MGM1MzkxMWZhMTAzYTdkMTkzYjVjYThjZDQ3NjBmZGQ4MmFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjKbTzZ8ZIDxazz2DeYa//klybjro
2O98Hc5CUJ0abK9Bj21dLwQLuO7bA6VRX6eVTWuaxWpIZgVbRX3yWAnYtXIvKxyy
5eIu6SZoJN1d83JzDVQY3gae7ZEcQnu1LTNuv0C45NAW7/KVLEbURdxvppDfw2Dv
iScHgKN5k16fDzgUKCXe1lahCU45ZnRWLP5rFf/dUyvasX8WnPGsQcmkwlcBm/zP
YpIrK7suT2wN5L40kV8+XbuGiG1SXP8vipUZD4h25KzIUJDbXtRYPAUxzmwq/nB8
BYUTG5oaDlPUVcSbuRDfffyHERRHd6+Xxs+ammB39Jl6Eq1TgIwQqt7ZqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMQEDFORH6EDp9GTtcqM1HYP3YKtMB8GA1UdIwQY
MBaAFOt7u/71lQnnJjmG94BYmrHnmYQjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjN1N192V1ZDZWNtT1liM2dGaWFzZWVaaENNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzI5NWYtMThjYi00YmZlLTkyZTMt
NGFiNTMzMWNkOTM1LzEveEFRTVU1RWZvUU9uMFpPMXlvelVkZ19kZ3EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzI5NWYtMThjYi00YmZlLTkyZTMtNGFiNTMzMWNkOTM1
LzEvNjN1N192V1ZDZWNtT1liM2dGaWFzZWVaaENNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1cBwMA0G
CSqGSIb3DQEBCwUAA4IBAQCPIcDvXR0RN3KK+jupOoxuW6qNfc1HAs/9u3juqj3z
f4aNgXkqGLnBTSZK+mw3gbW5/VpRAgf1QWgg1aOQJrrtwY3EHWmg8sXXNfyzNHE2
jQWpCCwmIgMwuWR3FdESMbN0Ze1VecB871POJ8FX9njXOG7ceCMCngajBaYoaiHu
I0uTDVCYORUUy2plGcY974DX+W/rqpnyFtfrgpp+IVUy2W6764vWyrX9UBi8ho2z
FbdVZue5ZyyVoCSeo1DZS5AsT+dT9g7+YrVphEaE4NRK+4wKxmVPZ5c6ja4WLnWi
6sYmnA1Nvb5RAWmS6inlQgzDNf36tjdChsgz2NHqtMYh
-----END CERTIFICATE-----