Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/_ebRMxmH5KizFz1IETPGn1v9aOU.roa
File:                     _ebRMxmH5KizFz1IETPGn1v9aOU.roa (raw, json)
Hash identifier:          LZZ3BN5oEiVwLRT5urIQRWtTLJAAkgzjM7hHJN41ECE=
Subject key identifier:   FD:E6:D1:33:19:87:E4:A8:B3:17:3D:48:11:33:C6:9F:5B:FD:68:E5
Certificate issuer:       /CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
Certificate serial:       018CC94C2A37C967A22B47B58D84A0FB91EB
Authority key identifier: D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/_ebRMxmH5KizFz1IETPGn1v9aOU.roa
Signing time:             Tue 02 Jan 2024 08:31:01 +0000
ROA not before:           Tue 02 Jan 2024 08:31:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     2830
IP address blocks:        193.58.223.0/24 maxlen: 24
                          193.58.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 22 May 2024 13:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4c:2a:37:c9:67:a2:2b:47:b5:8d:84:a0:fb:91:eb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d31dd1a514d3a7e3dfdb8bfb75d7d24ed98d479f
        Validity
            Not Before: Jan  2 08:31:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=fde6d1331987e4a8b3173d481133c69f5bfd68e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:ef:3d:c8:43:3d:74:be:e7:f5:31:15:15:12:
                    bd:f7:e1:4a:d2:88:87:3c:78:ca:34:2f:a9:3d:26:
                    1f:7b:c5:e2:41:3a:fc:80:91:97:5f:5b:39:ff:4f:
                    dc:de:8a:d1:0a:a9:ae:5a:fb:c5:52:22:45:6b:b5:
                    ea:3d:67:1a:ea:a3:ba:36:ac:5a:84:e4:c9:60:06:
                    56:4e:7b:d5:a1:30:b8:4e:39:77:89:8b:32:99:75:
                    b7:ce:d5:73:18:13:20:67:d3:93:ed:5b:a7:67:d7:
                    ce:53:e6:dc:70:5c:8e:04:bc:e2:86:73:f9:5d:cf:
                    9e:cf:66:91:58:29:c5:fa:b3:ba:9a:f7:b0:b9:6a:
                    bb:dd:a2:dd:6f:92:79:6e:7e:f8:47:9d:4c:83:27:
                    6e:1c:38:b1:05:9f:cf:90:c9:b3:cf:d3:90:d2:24:
                    9d:70:b6:09:2a:e6:6e:54:e1:92:9b:e8:91:c2:a8:
                    73:74:8d:be:50:68:1e:f0:c7:d2:b7:70:06:cc:22:
                    8a:6e:cc:d4:60:66:5b:8f:44:c1:3f:02:57:65:36:
                    04:f0:7b:35:36:fd:75:f8:c5:97:f6:66:43:a3:00:
                    d1:fe:b4:a0:a3:63:b6:3d:52:2a:aa:73:82:7e:cd:
                    ac:cb:2f:3b:bd:12:76:b7:18:b4:30:73:9f:61:d4:
                    dc:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:E6:D1:33:19:87:E4:A8:B3:17:3D:48:11:33:C6:9F:5B:FD:68:E5
            X509v3 Authority Key Identifier:
                keyid:D3:1D:D1:A5:14:D3:A7:E3:DF:DB:8B:FB:75:D7:D2:4E:D9:8D:47:9F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0x3RpRTTp-Pf24v7ddfSTtmNR58.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/_ebRMxmH5KizFz1IETPGn1v9aOU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/f2478f-c503-42c2-94b2-b166ae2ef287/1/0x3RpRTTp-Pf24v7ddfSTtmNR58.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.58.222.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c4:53:96:1d:c6:c1:c7:d1:9b:c1:fb:d9:d5:a2:c7:f0:8f:b1:
         bd:e3:7b:53:62:5c:dd:b0:28:94:83:bf:1c:c8:42:12:ed:96:
         d5:e4:c3:eb:93:24:80:a5:c9:f1:1b:d7:b3:32:36:89:6d:c8:
         c0:b4:85:3a:40:2b:90:be:02:fb:d0:26:10:42:c0:5a:8f:cc:
         ba:9a:89:fc:6d:63:73:5f:d8:1e:d8:34:65:cc:34:00:d7:eb:
         29:41:ab:6e:98:4f:f6:20:46:ff:9b:f9:9d:f9:7a:67:7e:fb:
         38:51:29:f2:d1:65:cb:a2:b6:f6:c4:62:c6:ac:3b:c1:45:e0:
         aa:5c:ef:ea:8a:bc:2f:e6:37:cd:c0:58:ca:c7:c2:80:f8:af:
         74:4e:81:7a:f1:0b:04:ae:12:f2:55:75:a3:30:53:71:c5:da:
         ad:ed:85:3e:08:7b:d7:0b:c0:8c:ef:c1:02:ae:2b:f6:c3:97:
         50:43:ec:dd:42:24:22:1c:99:8d:5c:b1:eb:de:14:c9:4b:23:
         dd:3d:85:7d:ff:ad:44:25:5e:8a:a7:e9:87:c2:c7:cf:f0:f7:
         12:83:84:71:07:19:09:34:de:2f:17:d7:a9:9c:42:55:21:6a:
         2d:a6:f3:fc:8e:0f:5b:ed:3b:66:0f:88:1f:5e:3c:df:e5:ff:
         70:b9:4c:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTCo3yWeiK0e1jYSg+5HrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzMWRkMWE1MTRkM2E3ZTNkZmRiOGJmYjc1ZDdkMjRlZDk4
ZDQ3OWYwHhcNMjQwMTAyMDgzMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZGU2ZDEzMzE5ODdlNGE4YjMxNzNkNDgxMTMzYzY5ZjViZmQ2OGU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqu89yEM9dL7n9TEVFRK99+FK0oiH
PHjKNC+pPSYfe8XiQTr8gJGXX1s5/0/c3orRCqmuWvvFUiJFa7XqPWca6qO6Nqxa
hOTJYAZWTnvVoTC4Tjl3iYsymXW3ztVzGBMgZ9OT7VunZ9fOU+bccFyOBLzihnP5
Xc+ez2aRWCnF+rO6mvewuWq73aLdb5J5bn74R51MgyduHDixBZ/PkMmzz9OQ0iSd
cLYJKuZuVOGSm+iRwqhzdI2+UGge8MfSt3AGzCKKbszUYGZbj0TBPwJXZTYE8Hs1
Nv11+MWX9mZDowDR/rSgo2O2PVIqqnOCfs2syy87vRJ2txi0MHOfYdTccwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP3m0TMZh+Sosxc9SBEzxp9b/WjlMB8GA1UdIwQY
MBaAFNMd0aUU06fj39uL+3XX0k7ZjUefMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjIt
YjE2NmFlMmVmMjg3LzEvX2ViUk14bUg1S2l6RnoxSUVUUEduMXY5YU9VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9mMjQ3OGYtYzUwMy00MmMyLTk0YjItYjE2NmFlMmVmMjg3
LzEvMHgzUnBSVFRwLVBmMjR2N2RkZlNUdG1OUjU4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwTreMA0G
CSqGSIb3DQEBCwUAA4IBAQDEU5YdxsHH0ZvB+9nVosfwj7G943tTYlzdsCiUg78c
yEIS7ZbV5MPrkySApcnxG9ezMjaJbcjAtIU6QCuQvgL70CYQQsBaj8y6mon8bWNz
X9ge2DRlzDQA1+spQatumE/2IEb/m/md+Xpnfvs4USny0WXLorb2xGLGrDvBReCq
XO/qirwv5jfNwFjKx8KA+K90ToF68QsErhLyVXWjMFNxxdqt7YU+CHvXC8CM78EC
riv2w5dQQ+zdQiQiHJmNXLHr3hTJSyPdPYV9/61EJV6Kp+mHwsfP8PcSg4RxBxkJ
NN4vF9epnEJVIWotpvP8jg9b7TtmD4gfXjzf5f9wuUzh
-----END CERTIFICATE-----