Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/e-PH4T2SbuJ2fuplFeAJelt2uZI.roa
File:                     e-PH4T2SbuJ2fuplFeAJelt2uZI.roa (raw, json)
Hash identifier:          olIZHsC0PIIvt6QiXCcrGrFQyO8GIrGegMeY2nXxKjI=
Subject key identifier:   7B:E3:C7:E1:3D:92:6E:E2:76:7E:EA:65:15:E0:09:7A:5B:76:B9:92
Certificate issuer:       /CN=874bf8070cee4305d1a389e910fb5102bbcc1941
Certificate serial:       018CC56E38A06D720FCB13F4B07BF1C3C169
Authority key identifier: 87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/e-PH4T2SbuJ2fuplFeAJelt2uZI.roa
Signing time:             Mon 01 Jan 2024 14:29:44 +0000
ROA not before:           Mon 01 Jan 2024 14:29:44 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     211826
IP address blocks:        85.237.89.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 17:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:38:a0:6d:72:0f:cb:13:f4:b0:7b:f1:c3:c1:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=874bf8070cee4305d1a389e910fb5102bbcc1941
        Validity
            Not Before: Jan  1 14:29:44 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7be3c7e13d926ee2767eea6515e0097a5b76b992
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:96:f7:8d:c0:21:c5:07:23:23:dc:e6:5e:78:
                    b1:c4:80:ec:c2:e2:cf:b9:b1:d1:5c:0a:fe:75:39:
                    5c:fd:34:76:f5:6c:1e:48:2c:3e:e3:fa:59:f7:54:
                    c0:e2:a8:1f:c7:7d:43:c5:45:6d:4a:c4:e7:30:5e:
                    31:1b:49:20:b8:d5:37:62:27:24:dd:0b:fb:eb:34:
                    0c:3c:e3:72:42:0b:9d:63:a8:a8:d4:be:91:b0:ef:
                    e7:ba:ae:b9:7a:09:42:05:8d:eb:9c:59:17:54:75:
                    37:48:ef:dd:0a:1f:d9:12:af:55:bc:bd:8a:36:db:
                    43:40:62:d9:e2:bd:a5:d0:2a:f3:ac:c5:69:7e:50:
                    28:27:7b:79:66:1d:ca:40:00:36:53:29:f7:ea:aa:
                    f1:d8:34:f6:19:52:11:f9:ec:7d:51:4e:ab:31:8b:
                    ae:36:5d:f4:52:a8:5b:51:2e:f9:54:79:7c:c5:3e:
                    51:83:33:b4:5c:47:cb:70:d2:ce:ed:43:56:e4:1f:
                    98:98:3d:80:7a:be:87:86:fb:d3:74:83:09:9c:0a:
                    b5:e6:c4:3e:04:cf:59:83:7b:33:86:f1:0c:9e:ef:
                    b4:0d:6f:6f:61:88:7d:ee:fd:70:a0:a8:a1:dd:f8:
                    95:b7:56:9d:27:27:ea:79:25:b3:38:23:1c:fe:22:
                    a9:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:E3:C7:E1:3D:92:6E:E2:76:7E:EA:65:15:E0:09:7A:5B:76:B9:92
            X509v3 Authority Key Identifier:
                keyid:87:4B:F8:07:0C:EE:43:05:D1:A3:89:E9:10:FB:51:02:BB:CC:19:41

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/h0v4BwzuQwXRo4npEPtRArvMGUE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/e-PH4T2SbuJ2fuplFeAJelt2uZI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/eee131-bb8c-4887-869b-6fe4d8fed160/1/h0v4BwzuQwXRo4npEPtRArvMGUE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.237.89.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:05:46:8b:86:31:e7:79:83:ba:60:30:5a:76:2e:b1:f5:58:
         fa:75:8e:6b:78:a4:18:44:42:83:f7:19:99:ff:48:e7:6e:f3:
         52:c2:87:53:46:42:fe:b4:bf:56:04:9b:09:9d:a1:53:c0:51:
         0e:3b:3a:68:39:73:72:df:96:96:6b:d4:fa:d1:44:af:d6:15:
         a1:84:e1:42:e2:62:e8:db:d1:32:1d:85:1c:97:eb:36:10:f6:
         f7:b3:89:d3:4f:f3:67:6d:6b:26:00:aa:f2:11:ba:2e:7f:22:
         46:b1:04:ee:f1:37:57:53:27:fc:a6:49:69:c7:d4:41:06:43:
         e5:4d:83:f4:ee:0f:58:27:87:fe:de:3e:f7:d1:71:87:de:cb:
         ee:9b:c8:03:6f:de:2a:8a:ed:0b:01:66:69:78:d8:b2:67:de:
         51:46:bb:f9:17:b8:8c:6f:1d:14:ac:b9:80:5d:53:ea:33:0e:
         c2:66:b1:43:58:cd:7c:5e:35:53:37:c8:33:07:63:1a:fb:41:
         8e:86:c2:20:cd:83:93:7b:4b:c1:a4:fb:40:90:09:01:29:d9:
         a0:70:4c:00:7f:37:08:a4:d2:9f:44:b2:11:51:5f:0d:99:37:
         d0:da:02:04:39:36:df:4d:53:18:1f:0f:03:17:f6:36:62:a5:
         23:19:22:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbjigbXIPyxP0sHvxw8FpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg3NGJmODA3MGNlZTQzMDVkMWEzODllOTEwZmI1MTAyYmJj
YzE5NDEwHhcNMjQwMTAxMTQyOTQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmUzYzdlMTNkOTI2ZWUyNzY3ZWVhNjUxNWUwMDk3YTViNzZiOTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArpb3jcAhxQcjI9zmXnixxIDswuLP
ubHRXAr+dTlc/TR29WweSCw+4/pZ91TA4qgfx31DxUVtSsTnMF4xG0kguNU3Yick
3Qv76zQMPONyQgudY6io1L6RsO/nuq65eglCBY3rnFkXVHU3SO/dCh/ZEq9VvL2K
NttDQGLZ4r2l0CrzrMVpflAoJ3t5Zh3KQAA2Uyn36qrx2DT2GVIR+ex9UU6rMYuu
Nl30UqhbUS75VHl8xT5RgzO0XEfLcNLO7UNW5B+YmD2Aer6HhvvTdIMJnAq15sQ+
BM9Zg3szhvEMnu+0DW9vYYh97v1woKih3fiVt1adJyfqeSWzOCMc/iKpQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHvjx+E9km7idn7qZRXgCXpbdrmSMB8GA1UdIwQY
MBaAFIdL+AcM7kMF0aOJ6RD7UQK7zBlBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWIt
NmZlNGQ4ZmVkMTYwLzEvZS1QSDRUMlNidUoyZnVwbEZlQUplbHQydVpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9lZWUxMzEtYmI4Yy00ODg3LTg2OWItNmZlNGQ4ZmVkMTYw
LzEvaDB2NEJ3enVRd1hSbzRucEVQdFJBcnZNR1VFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVe1ZMA0G
CSqGSIb3DQEBCwUAA4IBAQCBBUaLhjHneYO6YDBadi6x9Vj6dY5reKQYREKD9xmZ
/0jnbvNSwodTRkL+tL9WBJsJnaFTwFEOOzpoOXNy35aWa9T60USv1hWhhOFC4mLo
29EyHYUcl+s2EPb3s4nTT/NnbWsmAKryEboufyJGsQTu8TdXUyf8pklpx9RBBkPl
TYP07g9YJ4f+3j730XGH3svum8gDb94qiu0LAWZpeNiyZ95RRrv5F7iMbx0UrLmA
XVPqMw7CZrFDWM18XjVTN8gzB2Ma+0GOhsIgzYOTe0vBpPtAkAkBKdmgcEwAfzcI
pNKfRLIRUV8NmTfQ2gIEOTbfTVMYHw8DF/Y2YqUjGSLL
-----END CERTIFICATE-----