Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/4c2637-3bbb-4a53-a216-237be773007a/1/EBWFT3MB-2Xoxm7s-cJ1ZJa4jZA.roa
File:                     EBWFT3MB-2Xoxm7s-cJ1ZJa4jZA.roa (raw, json)
Hash identifier:          LC35+s8HFbeeWD/FhX9dR0h6DPT6SkgZpMLRrHHSrD0=
Subject key identifier:   10:15:85:4F:73:01:FB:65:E8:C6:6E:EC:F9:C2:75:64:96:B8:8D:90
Certificate issuer:       /CN=56afcd8fb40aae1d243c2a8ce2541a69987eed13
Certificate serial:       018CC500294F943A09B430EBC0847FC39D5B
Authority key identifier: 56:AF:CD:8F:B4:0A:AE:1D:24:3C:2A:8C:E2:54:1A:69:98:7E:ED:13
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vq_Nj7QKrh0kPCqM4lQaaZh-7RM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/4c2637-3bbb-4a53-a216-237be773007a/1/EBWFT3MB-2Xoxm7s-cJ1ZJa4jZA.roa
Signing time:             Mon 01 Jan 2024 12:29:31 +0000
ROA not before:           Mon 01 Jan 2024 12:29:31 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     60674
IP address blocks:        91.216.40.0/24 maxlen: 24
                          2a11:e480::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/4c2637-3bbb-4a53-a216-237be773007a/1/Vq_Nj7QKrh0kPCqM4lQaaZh-7RM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/4c2637-3bbb-4a53-a216-237be773007a/1/Vq_Nj7QKrh0kPCqM4lQaaZh-7RM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vq_Nj7QKrh0kPCqM4lQaaZh-7RM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 22:01:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:29:4f:94:3a:09:b4:30:eb:c0:84:7f:c3:9d:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=56afcd8fb40aae1d243c2a8ce2541a69987eed13
        Validity
            Not Before: Jan  1 12:29:31 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1015854f7301fb65e8c66eecf9c2756496b88d90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:86:7a:57:5a:f5:13:f4:f4:01:6e:b4:91:48:
                    85:c3:b0:3b:fc:55:8e:a4:f2:4a:11:6a:98:70:67:
                    b7:22:da:aa:8f:4c:ec:2b:9c:22:3c:45:8f:e0:19:
                    57:08:59:8d:50:11:d8:d4:76:a3:68:cf:1c:e4:a5:
                    81:99:eb:1a:1e:07:84:6a:ad:11:1b:a6:5b:22:b7:
                    a0:51:ce:7e:27:25:e0:a7:69:ab:c6:4d:a1:16:65:
                    49:02:99:da:36:b3:67:b2:82:2f:a4:0a:bf:28:b9:
                    df:8b:e7:9f:ad:15:b6:1a:47:25:9b:08:67:00:f2:
                    72:15:a8:61:3c:d6:f6:96:fc:82:fa:74:98:b1:db:
                    f9:1d:e5:4a:03:dc:a4:12:58:d9:aa:bb:47:8c:b0:
                    fc:f4:d8:8e:4a:a9:84:c0:04:4e:50:39:72:1d:b2:
                    c0:76:a9:f7:c2:f5:09:9b:e5:d6:f3:6b:cf:43:57:
                    6e:14:ef:56:37:5c:b7:c9:e2:5b:70:01:0e:26:d2:
                    15:17:c2:07:49:3a:cd:ef:01:5c:ae:f8:28:63:95:
                    17:b9:9f:0f:14:6e:b2:39:ea:90:de:16:c4:1d:15:
                    d0:1f:59:ac:70:99:cf:7f:df:33:7f:7a:56:50:26:
                    1b:61:59:7d:7b:3a:08:55:47:3d:f5:8f:fa:47:c8:
                    7e:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:15:85:4F:73:01:FB:65:E8:C6:6E:EC:F9:C2:75:64:96:B8:8D:90
            X509v3 Authority Key Identifier:
                keyid:56:AF:CD:8F:B4:0A:AE:1D:24:3C:2A:8C:E2:54:1A:69:98:7E:ED:13

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vq_Nj7QKrh0kPCqM4lQaaZh-7RM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/4c2637-3bbb-4a53-a216-237be773007a/1/EBWFT3MB-2Xoxm7s-cJ1ZJa4jZA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/4c2637-3bbb-4a53-a216-237be773007a/1/Vq_Nj7QKrh0kPCqM4lQaaZh-7RM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.216.40.0/24
                IPv6:
                  2a11:e480::/32

    Signature Algorithm: sha256WithRSAEncryption
         57:87:f4:a0:a6:9b:2c:9f:62:9f:12:57:09:09:f9:54:d6:bc:
         1a:b1:6e:4e:37:38:fa:c9:ce:a4:ed:32:90:3f:00:3a:9f:04:
         db:7c:79:1d:01:96:a6:9d:40:8a:7d:a9:5e:84:41:8a:f2:77:
         60:08:b0:b0:e7:7d:ee:77:d1:2c:57:a8:2f:83:77:98:4e:9d:
         05:00:c0:b2:db:37:21:8f:02:e7:0d:97:d2:bf:42:c5:89:40:
         6d:71:df:bd:27:ac:87:eb:09:d9:d6:31:73:ac:ae:8e:01:17:
         1f:bd:aa:8f:08:4b:59:18:55:7e:5a:f2:dd:b9:6e:d2:90:42:
         41:c3:f4:6a:2e:1a:60:76:9b:cb:4d:50:3e:ee:cb:05:3c:53:
         69:67:46:42:0d:1a:e6:3c:7f:93:63:9a:23:60:61:ae:f3:21:
         43:ca:be:17:3c:e3:39:29:49:ee:ba:28:88:23:e7:9b:37:19:
         e2:a8:7c:bd:38:b9:7e:70:0a:42:91:3a:e8:17:99:18:41:aa:
         a7:b2:61:bd:88:fa:f5:f8:bf:09:92:6e:13:75:c8:96:64:df:
         67:01:09:76:a4:fd:8f:c3:99:b2:fd:4c:86:fd:e5:fc:8b:76:
         35:fe:bf:99:97:4e:f6:34:25:6d:3b:02:f9:2e:f4:15:05:7a:
         be:24:23:e3
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzFAClPlDoJtDDrwIR/w51bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2YWZjZDhmYjQwYWFlMWQyNDNjMmE4Y2UyNTQxYTY5OTg3
ZWVkMTMwHhcNMjQwMTAxMTIyOTMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDE1ODU0ZjczMDFmYjY1ZThjNjZlZWNmOWMyNzU2NDk2Yjg4ZDkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuIZ6V1r1E/T0AW60kUiFw7A7/FWO
pPJKEWqYcGe3Itqqj0zsK5wiPEWP4BlXCFmNUBHY1HajaM8c5KWBmesaHgeEaq0R
G6ZbIregUc5+JyXgp2mrxk2hFmVJApnaNrNnsoIvpAq/KLnfi+efrRW2Gkclmwhn
APJyFahhPNb2lvyC+nSYsdv5HeVKA9ykEljZqrtHjLD89NiOSqmEwAROUDlyHbLA
dqn3wvUJm+XW82vPQ1duFO9WN1y3yeJbcAEOJtIVF8IHSTrN7wFcrvgoY5UXuZ8P
FG6yOeqQ3hbEHRXQH1mscJnPf98zf3pWUCYbYVl9ezoIVUc99Y/6R8h+aQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBAVhU9zAftl6MZu7PnCdWSWuI2QMB8GA1UdIwQY
MBaAFFavzY+0Cq4dJDwqjOJUGmmYfu0TMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnFfTmo3UUtyaDBrUENxTTRsUWFhWmgtN1JNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS80YzI2MzctM2JiYi00YTUzLWEyMTYt
MjM3YmU3NzMwMDdhLzEvRUJXRlQzTUItMlhveG03cy1jSjFaSmE0alpBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS80YzI2MzctM2JiYi00YTUzLWEyMTYtMjM3YmU3NzMwMDdh
LzEvVnFfTmo3UUtyaDBrUENxTTRsUWFhWmgtN1JNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9goMA0E
AgACMAcDBQAqEeSAMA0GCSqGSIb3DQEBCwUAA4IBAQBXh/Sgppssn2KfElcJCflU
1rwasW5ONzj6yc6k7TKQPwA6nwTbfHkdAZamnUCKfalehEGK8ndgCLCw533ud9Es
V6gvg3eYTp0FAMCy2zchjwLnDZfSv0LFiUBtcd+9J6yH6wnZ1jFzrK6OARcfvaqP
CEtZGFV+WvLduW7SkEJBw/RqLhpgdpvLTVA+7ssFPFNpZ0ZCDRrmPH+TY5ojYGGu
8yFDyr4XPOM5KUnuuiiII+ebNxniqHy9OLl+cApCkTroF5kYQaqnsmG9iPr1+L8J
km4TdciWZN9nAQl2pP2Pw5my/UyG/eX8i3Y1/r+Zl072NCVtOwL5LvQVBXq+JCPj
-----END CERTIFICATE-----