Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/703df2-b8b4-48f7-9301-de81c7c1e754/1/e-yxhV9CG1lm5S0YfmnvL0HTe90.roa
File:                     e-yxhV9CG1lm5S0YfmnvL0HTe90.roa (raw, json)
Hash identifier:          bq8J4i7aStCDxHh5AmPiCKCKm0h1dnvXH9WUYS7VwzA=
Subject key identifier:   7B:EC:B1:85:5F:42:1B:59:66:E5:2D:18:7E:69:EF:2F:41:D3:7B:DD
Certificate issuer:       /CN=8e2b2982bbbd438b7ab1ac04e36c1880f38c6ada
Certificate serial:       018CC8DCDFA61180A6B7CE72947BB6469A88
Authority key identifier: 8E:2B:29:82:BB:BD:43:8B:7A:B1:AC:04:E3:6C:18:80:F3:8C:6A:DA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jispgru9Q4t6sawE42wYgPOMato.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/703df2-b8b4-48f7-9301-de81c7c1e754/1/e-yxhV9CG1lm5S0YfmnvL0HTe90.roa
Signing time:             Tue 02 Jan 2024 06:29:27 +0000
ROA not before:           Tue 02 Jan 2024 06:29:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     34538
IP address blocks:        193.239.158.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/703df2-b8b4-48f7-9301-de81c7c1e754/1/jispgru9Q4t6sawE42wYgPOMato.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/703df2-b8b4-48f7-9301-de81c7c1e754/1/jispgru9Q4t6sawE42wYgPOMato.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jispgru9Q4t6sawE42wYgPOMato.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Nov 2024 15:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:dc:df:a6:11:80:a6:b7:ce:72:94:7b:b6:46:9a:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e2b2982bbbd438b7ab1ac04e36c1880f38c6ada
        Validity
            Not Before: Jan  2 06:29:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7becb1855f421b5966e52d187e69ef2f41d37bdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:14:ae:b2:fd:c1:98:8a:75:2d:ee:16:a5:aa:
                    3d:17:be:81:db:c0:b0:f2:36:65:ec:71:23:32:08:
                    af:bf:f1:e1:09:94:3d:d0:0f:f2:d6:fa:83:87:7c:
                    e9:0b:b0:39:36:86:95:76:f0:2a:02:fe:de:02:1b:
                    32:dd:90:29:3c:12:f1:cf:d1:47:e3:ac:47:ac:e4:
                    19:6b:b3:71:42:0e:3e:f4:2c:83:da:23:64:00:cb:
                    f6:10:90:f6:82:a4:fb:b8:e0:51:17:af:24:37:cc:
                    1f:4c:30:e2:9c:d0:36:f3:ce:97:48:b1:00:ae:96:
                    24:ad:8d:a2:1a:96:7b:26:33:7d:11:2b:36:72:bb:
                    14:e7:2c:59:3d:e2:e2:7b:e2:bb:f0:9c:ea:40:7c:
                    b6:b4:9a:7e:c6:08:2a:cc:ec:bc:07:1c:aa:92:93:
                    7b:d2:93:0f:3f:4e:db:bd:e2:94:96:a4:5c:19:26:
                    62:9f:a7:f6:6b:5b:ba:c8:08:b0:8d:ae:84:a7:64:
                    06:67:32:4e:11:26:6c:c3:0d:69:93:19:a1:41:b2:
                    c8:2c:e7:82:6b:5e:1a:2e:81:f6:49:20:a8:63:56:
                    12:6b:f9:03:26:9b:71:44:42:88:70:20:84:d9:06:
                    9a:db:48:87:56:89:3b:a9:58:86:de:19:a2:e6:d9:
                    b1:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:EC:B1:85:5F:42:1B:59:66:E5:2D:18:7E:69:EF:2F:41:D3:7B:DD
            X509v3 Authority Key Identifier:
                keyid:8E:2B:29:82:BB:BD:43:8B:7A:B1:AC:04:E3:6C:18:80:F3:8C:6A:DA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jispgru9Q4t6sawE42wYgPOMato.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/703df2-b8b4-48f7-9301-de81c7c1e754/1/e-yxhV9CG1lm5S0YfmnvL0HTe90.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/703df2-b8b4-48f7-9301-de81c7c1e754/1/jispgru9Q4t6sawE42wYgPOMato.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.239.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:d5:d2:ca:dc:cc:20:c1:2f:66:f9:9d:0d:e0:1b:88:52:ed:
         cd:c9:8b:4f:9b:5b:ce:1a:df:40:3b:12:ee:9a:0a:8c:a0:86:
         72:ce:ab:af:fd:9b:74:2c:b4:83:97:f5:61:03:4d:8e:8a:6d:
         15:8c:83:b1:14:b5:bc:60:2c:35:b5:06:b9:05:e9:25:f5:f8:
         2f:62:0f:4b:af:9d:61:53:52:a8:ef:7f:8d:c1:41:6b:66:73:
         30:31:8c:0e:af:91:48:aa:e3:7f:68:e0:4c:00:97:1f:50:f0:
         a0:cf:b7:c6:ce:21:3f:26:e7:b6:5a:d9:90:77:4b:cc:29:02:
         cc:1f:2f:c7:b3:9c:6a:bb:d3:1d:ee:0e:8d:15:fb:e7:b7:69:
         8d:b9:6c:ae:9f:08:1d:41:44:32:74:90:7f:42:7b:9a:82:dd:
         81:c2:fd:5a:6b:4d:59:a2:13:3f:58:a2:0d:c5:6d:08:c7:87:
         e2:8d:c8:a7:fd:27:55:30:97:50:fb:61:24:28:a1:a2:5e:2b:
         bf:46:fc:e4:ac:38:9b:69:2b:eb:a7:08:00:0a:a4:fb:35:f3:
         a8:b6:93:7d:db:18:c4:f9:98:49:e9:78:a3:f0:19:a5:29:40:
         73:fe:2e:4f:9d:59:56:c6:0d:16:d1:94:fe:2d:de:f9:2c:07:
         5d:f3:33:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3N+mEYCmt85ylHu2RpqIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMmIyOTgyYmJiZDQzOGI3YWIxYWMwNGUzNmMxODgwZjM4
YzZhZGEwHhcNMjQwMTAyMDYyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmVjYjE4NTVmNDIxYjU5NjZlNTJkMTg3ZTY5ZWYyZjQxZDM3YmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArxSusv3BmIp1Le4Wpao9F76B28Cw
8jZl7HEjMgivv/HhCZQ90A/y1vqDh3zpC7A5NoaVdvAqAv7eAhsy3ZApPBLxz9FH
46xHrOQZa7NxQg4+9CyD2iNkAMv2EJD2gqT7uOBRF68kN8wfTDDinNA2886XSLEA
rpYkrY2iGpZ7JjN9ESs2crsU5yxZPeLie+K78JzqQHy2tJp+xggqzOy8BxyqkpN7
0pMPP07bveKUlqRcGSZin6f2a1u6yAiwja6Ep2QGZzJOESZsww1pkxmhQbLILOeC
a14aLoH2SSCoY1YSa/kDJptxREKIcCCE2Qaa20iHVok7qViG3hmi5tmxvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHvssYVfQhtZZuUtGH5p7y9B03vdMB8GA1UdIwQY
MBaAFI4rKYK7vUOLerGsBONsGIDzjGraMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamlzcGdydTlRNHQ2c2F3RTQyd1lnUE9NYXRvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS83MDNkZjItYjhiNC00OGY3LTkzMDEt
ZGU4MWM3YzFlNzU0LzEvZS15eGhWOUNHMWxtNVMwWWZtbnZMMEhUZTkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS83MDNkZjItYjhiNC00OGY3LTkzMDEtZGU4MWM3YzFlNzU0
LzEvamlzcGdydTlRNHQ2c2F3RTQyd1lnUE9NYXRvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwe+eMA0G
CSqGSIb3DQEBCwUAA4IBAQBA1dLK3MwgwS9m+Z0N4BuIUu3NyYtPm1vOGt9AOxLu
mgqMoIZyzquv/Zt0LLSDl/VhA02Oim0VjIOxFLW8YCw1tQa5Bekl9fgvYg9Lr51h
U1Ko73+NwUFrZnMwMYwOr5FIquN/aOBMAJcfUPCgz7fGziE/Jue2WtmQd0vMKQLM
Hy/Hs5xqu9Md7g6NFfvnt2mNuWyunwgdQUQydJB/Qnuagt2Bwv1aa01ZohM/WKIN
xW0Ix4fijcin/SdVMJdQ+2EkKKGiXiu/RvzkrDibaSvrpwgACqT7NfOotpN92xjE
+ZhJ6Xij8BmlKUBz/i5PnVlWxg0W0ZT+Ld75LAdd8zMB
-----END CERTIFICATE-----