Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/eoNgsoi_PNM1A_jcLdRa6T79cgY.roa
File:                     eoNgsoi_PNM1A_jcLdRa6T79cgY.roa (raw, json)
Hash identifier:          DWsIQ9P84XS7ECb2GONxj/Hb67XhJE0T2X/QSUX/TYA=
Subject key identifier:   7A:83:60:B2:88:BF:3C:D3:35:03:F8:DC:2D:D4:5A:E9:3E:FD:72:06
Certificate issuer:       /CN=929352a8d2dd70c91ffcec8e323fe69f1e9a4139
Certificate serial:       0192893654951028B6C7F57056380BB8E78B
Authority key identifier: 92:93:52:A8:D2:DD:70:C9:1F:FC:EC:8E:32:3F:E6:9F:1E:9A:41:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/eoNgsoi_PNM1A_jcLdRa6T79cgY.roa
Signing time:             Mon 14 Oct 2024 04:08:12 +0000
ROA not before:           Mon 14 Oct 2024 04:08:12 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     19905
IP address blocks:        82.119.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/kpNSqNLdcMkf_OyOMj_mnx6aQTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/kpNSqNLdcMkf_OyOMj_mnx6aQTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 25 Nov 2024 18:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:92:89:36:54:95:10:28:b6:c7:f5:70:56:38:0b:b8:e7:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=929352a8d2dd70c91ffcec8e323fe69f1e9a4139
        Validity
            Not Before: Oct 14 04:08:12 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a8360b288bf3cd33503f8dc2dd45ae93efd7206
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:a3:0c:67:b7:35:1d:ad:88:38:24:07:9b:14:
                    ca:2b:3e:91:a7:69:da:7f:eb:64:da:6b:6f:ee:f1:
                    e4:a8:8d:9a:83:60:34:d9:4e:c4:8e:a1:39:b3:52:
                    9f:40:3c:b4:5a:d2:ba:95:59:a4:af:31:bb:22:37:
                    3d:a0:7b:85:ee:af:20:0c:27:0f:47:b6:dd:4b:40:
                    cb:d1:0d:ed:8b:fa:86:a9:d3:1a:41:d0:cf:c0:c3:
                    95:0b:49:0c:52:12:ef:3e:b6:c0:73:43:c6:f9:c2:
                    3b:91:b8:03:95:49:dd:65:ae:43:40:79:c3:2b:bd:
                    79:58:21:d1:88:da:19:69:14:3b:da:df:17:19:24:
                    d0:10:a3:d2:32:38:76:ee:1b:99:b0:ca:22:4f:4c:
                    6a:ad:db:ef:98:7c:45:08:0e:3e:d7:80:af:89:16:
                    7e:ac:94:8d:64:63:8a:aa:29:c7:47:7b:c8:ac:f4:
                    38:88:e8:a5:28:4f:e6:b2:43:29:4e:0a:aa:2b:af:
                    65:d4:24:13:dd:f6:5b:45:72:c3:18:0b:1f:ab:d4:
                    6b:c9:0d:5b:88:55:db:1a:12:3f:35:f1:87:1d:05:
                    16:3f:f3:21:2a:33:7b:21:a1:12:7c:f9:6a:e9:0d:
                    48:c2:e1:82:7a:d2:37:a4:ff:e6:2b:83:b7:ef:b9:
                    88:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:83:60:B2:88:BF:3C:D3:35:03:F8:DC:2D:D4:5A:E9:3E:FD:72:06
            X509v3 Authority Key Identifier:
                keyid:92:93:52:A8:D2:DD:70:C9:1F:FC:EC:8E:32:3F:E6:9F:1E:9A:41:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kpNSqNLdcMkf_OyOMj_mnx6aQTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/eoNgsoi_PNM1A_jcLdRa6T79cgY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/7b6edc-ad23-4d73-ab56-0a1a35897f10/1/kpNSqNLdcMkf_OyOMj_mnx6aQTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.119.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         56:3e:d6:3a:cb:02:62:d7:ef:c5:41:49:8c:6c:47:0f:7b:87:
         5e:07:f2:f2:fe:7e:91:ff:11:57:ec:2e:e9:96:a0:12:9a:0f:
         1a:28:62:6c:20:e9:dd:6a:e8:e4:e9:56:64:47:e6:8e:a5:8b:
         ca:f7:91:db:ca:f2:d9:50:ba:70:60:e7:53:ad:b4:08:bd:5f:
         d6:55:93:9c:ce:5c:da:c7:ed:4b:b0:3e:12:ce:79:66:7e:85:
         15:d9:57:67:fb:06:92:5d:00:de:a1:f9:40:81:7e:e8:b7:49:
         2b:8e:e9:d8:4f:09:1a:1e:2b:ba:0e:ad:fd:97:df:9a:87:48:
         f5:0c:eb:71:78:65:36:fc:14:bb:65:f5:2f:b1:46:8a:76:5c:
         29:2b:d1:38:dc:04:7f:64:ae:d8:3a:6d:ce:c4:91:98:69:ea:
         75:94:2e:48:c1:ef:4a:36:95:aa:81:d3:29:87:21:1b:89:3a:
         54:19:a9:5a:79:6f:36:1e:35:50:b6:ad:54:15:cb:be:6c:cf:
         ab:c1:cf:68:ba:23:04:f0:d8:99:c3:1a:a3:4d:08:24:45:03:
         7d:00:0e:01:f4:13:99:76:69:2c:27:70:30:4e:8b:ae:02:89:
         44:c8:a5:dc:47:72:56:4e:76:8f:a3:fa:4a:23:f0:95:7d:65:
         82:81:4b:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZKJNlSVECi2x/VwVjgLuOeLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyOTM1MmE4ZDJkZDcwYzkxZmZjZWM4ZTMyM2ZlNjlmMWU5
YTQxMzkwHhcNMjQxMDE0MDQwODEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTgzNjBiMjg4YmYzY2QzMzUwM2Y4ZGMyZGQ0NWFlOTNlZmQ3MjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaMMZ7c1Ha2IOCQHmxTKKz6Rp2na
f+tk2mtv7vHkqI2ag2A02U7EjqE5s1KfQDy0WtK6lVmkrzG7Ijc9oHuF7q8gDCcP
R7bdS0DL0Q3ti/qGqdMaQdDPwMOVC0kMUhLvPrbAc0PG+cI7kbgDlUndZa5DQHnD
K715WCHRiNoZaRQ72t8XGSTQEKPSMjh27huZsMoiT0xqrdvvmHxFCA4+14CviRZ+
rJSNZGOKqinHR3vIrPQ4iOilKE/mskMpTgqqK69l1CQT3fZbRXLDGAsfq9RryQ1b
iFXbGhI/NfGHHQUWP/MhKjN7IaESfPlq6Q1IwuGCetI3pP/mK4O377mI+QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHqDYLKIvzzTNQP43C3UWuk+/XIGMB8GA1UdIwQY
MBaAFJKTUqjS3XDJH/zsjjI/5p8emkE5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva3BOU3FOTGRjTWtmX095T01qX21ueDZhUVRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi83YjZlZGMtYWQyMy00ZDczLWFiNTYt
MGExYTM1ODk3ZjEwLzEvZW9OZ3NvaV9QTk0xQV9qY0xkUmE2VDc5Y2dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi83YjZlZGMtYWQyMy00ZDczLWFiNTYtMGExYTM1ODk3ZjEw
LzEva3BOU3FOTGRjTWtmX095T01qX21ueDZhUVRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUnf6MA0G
CSqGSIb3DQEBCwUAA4IBAQBWPtY6ywJi1+/FQUmMbEcPe4deB/Ly/n6R/xFX7C7p
lqASmg8aKGJsIOndaujk6VZkR+aOpYvK95HbyvLZULpwYOdTrbQIvV/WVZOczlza
x+1LsD4SznlmfoUV2Vdn+waSXQDeoflAgX7ot0krjunYTwkaHiu6Dq39l9+ah0j1
DOtxeGU2/BS7ZfUvsUaKdlwpK9E43AR/ZK7YOm3OxJGYaep1lC5Iwe9KNpWqgdMp
hyEbiTpUGalaeW82HjVQtq1UFcu+bM+rwc9ouiME8NiZwxqjTQgkRQN9AA4B9BOZ
dmksJ3AwTouuAolEyKXcR3JWTnaPo/pKI/CVfWWCgUuV
-----END CERTIFICATE-----