Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/EBk93I4900QqTMvZRzqyplsvM3c.roa
File:                     EBk93I4900QqTMvZRzqyplsvM3c.roa (raw, json)
Hash identifier:          s1i1d8VQsWm5nV3CVj1X9heIVd4MWnvwOkF7NpRyouY=
Subject key identifier:   10:19:3D:DC:8E:3D:D3:44:2A:4C:CB:D9:47:3A:B2:A6:5B:2F:33:77
Certificate issuer:       /CN=49c403d43b5f38fca2119cd1409a92763edefe71
Certificate serial:       01919FFBD1E9A237A09ADDAC66E989DCA2E0
Authority key identifier: 49:C4:03:D4:3B:5F:38:FC:A2:11:9C:D1:40:9A:92:76:3E:DE:FE:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ScQD1DtfOPyiEZzRQJqSdj7e_nE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/EBk93I4900QqTMvZRzqyplsvM3c.roa
Signing time:             Thu 29 Aug 2024 21:12:46 +0000
ROA not before:           Thu 29 Aug 2024 21:12:46 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     273908
IP address blocks:        185.75.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/ScQD1DtfOPyiEZzRQJqSdj7e_nE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/ScQD1DtfOPyiEZzRQJqSdj7e_nE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ScQD1DtfOPyiEZzRQJqSdj7e_nE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 25 Oct 2024 08:00:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:91:9f:fb:d1:e9:a2:37:a0:9a:dd:ac:66:e9:89:dc:a2:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49c403d43b5f38fca2119cd1409a92763edefe71
        Validity
            Not Before: Aug 29 21:12:46 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10193ddc8e3dd3442a4ccbd9473ab2a65b2f3377
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e3:9b:0f:e3:fc:5e:44:c2:0b:b4:81:68:e8:
                    1e:ee:51:7c:a2:a9:31:fd:9d:e1:6f:7a:b6:0f:b3:
                    b2:ad:44:0e:21:33:d2:04:ca:2d:fd:5e:af:67:73:
                    43:b9:28:ce:2d:ef:03:b7:4d:c8:a9:1c:51:76:67:
                    bf:f5:23:cb:58:46:07:4c:d9:1b:c9:6f:80:0e:7f:
                    1e:e1:f3:6e:9a:ce:af:82:7b:fe:de:88:63:db:83:
                    05:06:16:02:b5:8a:d0:5d:a0:e3:fc:9d:cf:53:99:
                    39:a2:b3:30:5b:05:db:ad:69:a2:9b:35:56:ea:13:
                    6a:fa:c3:be:91:ab:be:19:a4:6b:af:5c:bd:fc:de:
                    29:0c:8e:36:22:b3:00:35:d0:c8:63:78:19:4a:a7:
                    04:97:3a:7c:1c:5a:dc:03:e9:9c:fd:b4:26:20:4b:
                    61:c9:0f:92:7a:b3:85:96:de:d0:7f:b4:be:b3:e5:
                    fc:5f:f9:a8:95:2a:4b:b3:76:c0:50:73:08:71:cb:
                    3b:eb:9f:6e:ca:e0:ce:67:c0:e1:1d:41:80:8a:ff:
                    64:a6:ae:46:20:7a:9c:0d:f8:6e:9a:a9:97:33:11:
                    67:06:fb:ba:d9:e8:b5:e2:ae:a4:1f:66:93:bf:b0:
                    8b:d7:55:e3:ab:24:6b:61:c2:32:da:1f:43:3c:04:
                    f2:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:19:3D:DC:8E:3D:D3:44:2A:4C:CB:D9:47:3A:B2:A6:5B:2F:33:77
            X509v3 Authority Key Identifier:
                keyid:49:C4:03:D4:3B:5F:38:FC:A2:11:9C:D1:40:9A:92:76:3E:DE:FE:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ScQD1DtfOPyiEZzRQJqSdj7e_nE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/EBk93I4900QqTMvZRzqyplsvM3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/a2f87b-4811-4fe1-b15d-f889ca161c01/1/ScQD1DtfOPyiEZzRQJqSdj7e_nE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:e2:11:bb:3e:6f:e1:a3:ce:de:26:4c:f3:41:6b:7b:aa:82:
         da:5c:60:4d:e3:27:ad:d8:e9:26:98:b4:29:71:65:91:95:ab:
         c6:58:ae:4a:29:c7:d5:6c:c4:85:e0:72:ba:5d:95:21:cd:a9:
         7c:f9:55:e9:20:a5:2b:35:fc:16:38:22:39:95:02:a2:d1:b1:
         58:2e:bc:5f:b3:f7:4a:58:5d:2b:a2:8c:85:41:66:be:2d:3d:
         8f:09:b0:52:f9:7d:4b:8f:14:71:59:76:98:89:e0:ef:42:51:
         05:30:4a:ea:d6:e0:1a:7b:cc:42:80:84:af:2d:40:ce:c9:7d:
         f4:23:a1:ed:0c:76:7b:fa:1f:f0:9e:db:f9:b6:46:6e:5e:c4:
         f7:dc:b5:59:8a:51:10:1d:c5:59:b6:7b:d2:50:93:54:0d:ca:
         28:d6:36:c9:ba:c5:60:d7:04:10:f7:7b:b8:b0:9e:d1:76:f7:
         be:6b:7f:ff:28:7c:42:26:39:ce:a3:23:1f:d4:ec:e2:eb:d0:
         32:ba:39:b8:03:23:2b:8d:19:ef:ee:57:8c:60:67:85:ac:37:
         27:ba:1d:81:50:d2:c4:67:7b:f8:26:6c:b9:e9:7b:95:d0:40:
         3c:6c:b0:44:40:09:4f:1f:ca:0c:04:f4:54:ff:4c:2f:e8:37:
         a3:f2:78:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZGf+9Hpojegmt2sZumJ3KLgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5YzQwM2Q0M2I1ZjM4ZmNhMjExOWNkMTQwOWE5Mjc2M2Vk
ZWZlNzEwHhcNMjQwODI5MjExMjQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDE5M2RkYzhlM2RkMzQ0MmE0Y2NiZDk0NzNhYjJhNjViMmYzMzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquObD+P8XkTCC7SBaOge7lF8oqkx
/Z3hb3q2D7OyrUQOITPSBMot/V6vZ3NDuSjOLe8Dt03IqRxRdme/9SPLWEYHTNkb
yW+ADn8e4fNums6vgnv+3ohj24MFBhYCtYrQXaDj/J3PU5k5orMwWwXbrWmimzVW
6hNq+sO+kau+GaRrr1y9/N4pDI42IrMANdDIY3gZSqcElzp8HFrcA+mc/bQmIEth
yQ+SerOFlt7Qf7S+s+X8X/molSpLs3bAUHMIccs7659uyuDOZ8DhHUGAiv9kpq5G
IHqcDfhumqmXMxFnBvu62ei14q6kH2aTv7CL11XjqyRrYcIy2h9DPATyqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBAZPdyOPdNEKkzL2Uc6sqZbLzN3MB8GA1UdIwQY
MBaAFEnEA9Q7Xzj8ohGc0UCaknY+3v5xMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2NRRDFEdGZPUHlpRVp6UlFKcVNkajdlX25FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9hMmY4N2ItNDgxMS00ZmUxLWIxNWQt
Zjg4OWNhMTYxYzAxLzEvRUJrOTNJNDkwMFFxVE12WlJ6cXlwbHN2TTNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9hMmY4N2ItNDgxMS00ZmUxLWIxNWQtZjg4OWNhMTYxYzAx
LzEvU2NRRDFEdGZPUHlpRVp6UlFKcVNkajdlX25FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUsNMA0G
CSqGSIb3DQEBCwUAA4IBAQA84hG7Pm/ho87eJkzzQWt7qoLaXGBN4yet2OkmmLQp
cWWRlavGWK5KKcfVbMSF4HK6XZUhzal8+VXpIKUrNfwWOCI5lQKi0bFYLrxfs/dK
WF0rooyFQWa+LT2PCbBS+X1LjxRxWXaYieDvQlEFMErq1uAae8xCgISvLUDOyX30
I6HtDHZ7+h/wntv5tkZuXsT33LVZilEQHcVZtnvSUJNUDcoo1jbJusVg1wQQ93u4
sJ7Rdve+a3//KHxCJjnOoyMf1Ozi69Ayujm4AyMrjRnv7leMYGeFrDcnuh2BUNLE
Z3v4Jmy56XuV0EA8bLBEQAlPH8oMBPRU/0wv6Dej8ngJ
-----END CERTIFICATE-----