Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/eddc05-402d-4da7-97ef-c10da6aac1b1/1/Ee8lJMiWoandRDVD6rbWMUIhtRI.roa
File:                     Ee8lJMiWoandRDVD6rbWMUIhtRI.roa (raw, json)
Hash identifier:          CZjmdek3+J9Hkjiuh4yXaPGBI8665BCA9WmONY5Rw1I=
Subject key identifier:   11:EF:25:24:C8:96:A1:A9:DD:44:35:43:EA:B6:D6:31:42:21:B5:12
Certificate issuer:       /CN=2874e46bf636ea63e5d12362f551b80b27714780
Certificate serial:       018CC7953BFDE8C03974C15F95070F120E41
Authority key identifier: 28:74:E4:6B:F6:36:EA:63:E5:D1:23:62:F5:51:B8:0B:27:71:47:80
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KHTka_Y26mPl0SNi9VG4CydxR4A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/eddc05-402d-4da7-97ef-c10da6aac1b1/1/Ee8lJMiWoandRDVD6rbWMUIhtRI.roa
Signing time:             Tue 02 Jan 2024 00:31:35 +0000
ROA not before:           Tue 02 Jan 2024 00:31:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     203875
IP address blocks:        2a00:4cc5::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/eddc05-402d-4da7-97ef-c10da6aac1b1/1/KHTka_Y26mPl0SNi9VG4CydxR4A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/eddc05-402d-4da7-97ef-c10da6aac1b1/1/KHTka_Y26mPl0SNi9VG4CydxR4A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KHTka_Y26mPl0SNi9VG4CydxR4A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:95:3b:fd:e8:c0:39:74:c1:5f:95:07:0f:12:0e:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2874e46bf636ea63e5d12362f551b80b27714780
        Validity
            Not Before: Jan  2 00:31:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11ef2524c896a1a9dd443543eab6d6314221b512
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:d3:7d:4d:e8:0d:09:3d:6c:85:9f:97:85:d4:
                    2b:44:4e:35:b1:0d:35:72:9f:8c:f6:62:bb:81:0f:
                    8b:0f:e2:0d:a0:f8:ac:d7:8b:7c:1f:2e:26:23:66:
                    47:0a:b8:17:12:aa:91:af:c2:0b:33:82:bc:dc:2d:
                    d4:02:64:db:f9:3a:7a:1c:c8:3d:61:4d:3c:9e:ed:
                    8f:ec:1c:48:ae:b7:41:c7:b7:b5:65:9f:0b:31:e3:
                    c5:a4:4e:9c:18:f3:a1:1b:c0:97:93:02:a8:d0:82:
                    d2:5c:a2:aa:05:0e:8f:d1:88:eb:a8:b8:5c:94:d4:
                    cd:c2:d5:96:82:06:01:52:23:82:2f:4f:44:36:03:
                    d4:fa:10:99:5a:1a:9a:ae:b0:e2:fa:c1:94:1c:a0:
                    af:00:27:06:ba:09:e1:c3:06:8e:e8:0e:50:39:9b:
                    84:90:9c:ba:7b:e2:dc:53:28:1a:9e:9e:02:14:3a:
                    ee:84:e2:cd:71:ab:f2:89:35:df:2b:ba:5d:ae:7a:
                    be:50:3e:85:e9:74:e0:77:5c:da:12:30:01:58:47:
                    da:19:dc:49:32:5c:90:b3:cc:6c:96:83:25:fe:bc:
                    75:1e:1a:b8:c2:16:e9:2b:dd:2c:29:a9:19:cd:ab:
                    1e:a7:f7:25:38:d3:a2:5e:77:e7:5c:ee:16:4b:de:
                    2d:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:EF:25:24:C8:96:A1:A9:DD:44:35:43:EA:B6:D6:31:42:21:B5:12
            X509v3 Authority Key Identifier:
                keyid:28:74:E4:6B:F6:36:EA:63:E5:D1:23:62:F5:51:B8:0B:27:71:47:80

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KHTka_Y26mPl0SNi9VG4CydxR4A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/eddc05-402d-4da7-97ef-c10da6aac1b1/1/Ee8lJMiWoandRDVD6rbWMUIhtRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/eddc05-402d-4da7-97ef-c10da6aac1b1/1/KHTka_Y26mPl0SNi9VG4CydxR4A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a00:4cc5::/32

    Signature Algorithm: sha256WithRSAEncryption
         50:0f:31:87:07:5d:91:9d:2b:c7:dd:71:e5:f9:84:a2:9b:b9:
         68:7e:4e:20:58:7d:47:18:44:88:a3:70:af:13:62:c4:9a:a5:
         40:20:63:4f:38:0a:58:72:51:ab:34:20:a8:bc:47:93:9f:40:
         e2:63:6b:fd:10:80:87:56:00:ec:0b:03:49:3d:b6:35:54:36:
         24:4d:f1:6c:57:fe:b9:d3:3c:5f:09:b6:e0:63:d5:23:b4:ba:
         41:f1:9a:f4:76:bf:54:47:0e:bd:61:82:b7:6d:8c:5d:40:9d:
         5e:84:87:27:7c:bb:41:d0:e1:4a:af:63:5b:09:eb:89:84:40:
         e8:9b:d7:ec:e2:b2:ae:3c:53:f4:8b:85:ba:97:c9:1a:db:c8:
         2a:38:cd:f8:b0:5c:6e:79:e9:9f:e9:6c:11:99:25:06:b0:12:
         b8:37:e5:44:b3:a4:93:ee:c3:6b:a0:b6:79:17:36:d4:85:d9:
         c1:de:17:83:b5:f0:a8:d0:a9:72:ad:93:9a:37:28:46:6a:03:
         68:71:22:75:77:65:3d:3a:51:bb:fe:3b:58:e9:d1:2e:02:58:
         b6:af:1e:2e:5c:2b:02:11:85:c5:74:12:3b:52:eb:1a:f6:94:
         ce:ae:be:12:06:9f:f3:22:8d:81:44:79:47:5a:a5:19:1e:fc:
         64:4c:ef:3c
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAYzHlTv96MA5dMFflQcPEg5BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4NzRlNDZiZjYzNmVhNjNlNWQxMjM2MmY1NTFiODBiMjc3
MTQ3ODAwHhcNMjQwMTAyMDAzMTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWVmMjUyNGM4OTZhMWE5ZGQ0NDM1NDNlYWI2ZDYzMTQyMjFiNTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAndN9TegNCT1shZ+XhdQrRE41sQ01
cp+M9mK7gQ+LD+INoPis14t8Hy4mI2ZHCrgXEqqRr8ILM4K83C3UAmTb+Tp6HMg9
YU08nu2P7BxIrrdBx7e1ZZ8LMePFpE6cGPOhG8CXkwKo0ILSXKKqBQ6P0YjrqLhc
lNTNwtWWggYBUiOCL09ENgPU+hCZWhqarrDi+sGUHKCvACcGugnhwwaO6A5QOZuE
kJy6e+LcUyganp4CFDruhOLNcavyiTXfK7pdrnq+UD6F6XTgd1zaEjABWEfaGdxJ
MlyQs8xsloMl/rx1Hhq4whbpK90sKakZzasep/clONOiXnfnXO4WS94tbQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFBHvJSTIlqGp3UQ1Q+q21jFCIbUSMB8GA1UdIwQY
MBaAFCh05Gv2Nupj5dEjYvVRuAsncUeAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0hUa2FfWTI2bVBsMFNOaTlWRzRDeWR4UjRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC9lZGRjMDUtNDAyZC00ZGE3LTk3ZWYt
YzEwZGE2YWFjMWIxLzEvRWU4bEpNaVdvYW5kUkRWRDZyYldNVUlodFJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC9lZGRjMDUtNDAyZC00ZGE3LTk3ZWYtYzEwZGE2YWFjMWIx
LzEvS0hUa2FfWTI2bVBsMFNOaTlWRzRDeWR4UjRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAAjAHAwUAKgBMxTAN
BgkqhkiG9w0BAQsFAAOCAQEAUA8xhwddkZ0rx91x5fmEopu5aH5OIFh9RxhEiKNw
rxNixJqlQCBjTzgKWHJRqzQgqLxHk59A4mNr/RCAh1YA7AsDST22NVQ2JE3xbFf+
udM8Xwm24GPVI7S6QfGa9Ha/VEcOvWGCt22MXUCdXoSHJ3y7QdDhSq9jWwnriYRA
6JvX7OKyrjxT9IuFupfJGtvIKjjN+LBcbnnpn+lsEZklBrASuDflRLOkk+7Da6C2
eRc21IXZwd4Xg7XwqNCpcq2TmjcoRmoDaHEidXdlPTpRu/47WOnRLgJYtq8eLlwr
AhGFxXQSO1LrGvaUzq6+Egaf8yKNgUR5R1qlGR78ZEzvPA==
-----END CERTIFICATE-----