Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/b08e6e-0822-4224-954b-a6b1ad34e08c/1/EQpHEcQ0XQTOnGfqpjy43ROg81M.roa
File:                     EQpHEcQ0XQTOnGfqpjy43ROg81M.roa (raw, json)
Hash identifier:          v99H4FfAlEXZ4dtZ2Bm6EyptcevGo81bKd8YuzGeZRk=
Subject key identifier:   11:0A:47:11:C4:34:5D:04:CE:9C:67:EA:A6:3C:B8:DD:13:A0:F3:53
Certificate issuer:       /CN=91d7ecf17142b3b0935f8e37b8f7d9c253f0ee19
Certificate serial:       01902A3673471970DF2A49CBB8EE3BD04DCF
Authority key identifier: 91:D7:EC:F1:71:42:B3:B0:93:5F:8E:37:B8:F7:D9:C2:53:F0:EE:19
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kdfs8XFCs7CTX443uPfZwlPw7hk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/b08e6e-0822-4224-954b-a6b1ad34e08c/1/EQpHEcQ0XQTOnGfqpjy43ROg81M.roa
Signing time:             Tue 18 Jun 2024 07:18:49 +0000
ROA not before:           Tue 18 Jun 2024 07:18:49 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8767
IP address blocks:        45.84.72.0/23 maxlen: 23
                          45.84.74.0/23 maxlen: 23
                          2a0e:a680::/48 maxlen: 48
                          2a0e:a680:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/b08e6e-0822-4224-954b-a6b1ad34e08c/1/kdfs8XFCs7CTX443uPfZwlPw7hk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/b08e6e-0822-4224-954b-a6b1ad34e08c/1/kdfs8XFCs7CTX443uPfZwlPw7hk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kdfs8XFCs7CTX443uPfZwlPw7hk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Sep 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2a:36:73:47:19:70:df:2a:49:cb:b8:ee:3b:d0:4d:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91d7ecf17142b3b0935f8e37b8f7d9c253f0ee19
        Validity
            Not Before: Jun 18 07:18:49 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=110a4711c4345d04ce9c67eaa63cb8dd13a0f353
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a3:ef:9e:3a:d9:d1:78:0e:29:e8:e7:f6:f6:
                    3b:2e:f1:c3:64:12:01:9b:f4:94:48:a1:41:83:82:
                    6c:31:83:4b:72:cf:cd:7c:a7:e9:72:46:83:c7:a7:
                    32:9c:ba:ff:01:10:15:96:f7:31:eb:d0:1a:33:7c:
                    b9:a1:eb:ce:d9:6c:bb:01:84:98:ec:31:46:2a:7c:
                    b4:72:6e:c7:e9:57:ef:47:1d:4e:d6:69:ed:f4:26:
                    1c:dc:8d:46:7b:7e:2d:f3:79:3b:c7:82:ca:8c:ec:
                    fd:40:87:b3:23:89:83:d7:9c:fb:44:e4:02:59:1e:
                    80:c1:c7:1d:37:1c:48:dd:65:4b:a1:c3:4d:c9:06:
                    cf:4e:98:01:64:0f:36:6f:29:c8:03:4b:3b:7c:f5:
                    5e:79:0c:1a:c3:03:1f:29:41:6a:33:b4:44:0f:02:
                    e0:a3:34:cb:d8:99:ad:e5:6a:31:c6:58:ed:ea:d8:
                    49:65:d0:6f:97:82:6c:54:c2:61:61:e3:ad:7e:5b:
                    c3:31:44:7d:77:3d:e4:ca:05:5e:d7:cf:2e:9a:35:
                    ba:67:32:f2:01:09:43:8f:88:c9:12:51:6f:ee:7f:
                    a4:2a:a7:48:6c:2d:cc:72:16:df:01:51:a1:89:25:
                    50:e8:7d:62:36:46:70:98:16:53:7a:5c:c7:11:5b:
                    b8:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:0A:47:11:C4:34:5D:04:CE:9C:67:EA:A6:3C:B8:DD:13:A0:F3:53
            X509v3 Authority Key Identifier:
                keyid:91:D7:EC:F1:71:42:B3:B0:93:5F:8E:37:B8:F7:D9:C2:53:F0:EE:19

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdfs8XFCs7CTX443uPfZwlPw7hk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/b08e6e-0822-4224-954b-a6b1ad34e08c/1/EQpHEcQ0XQTOnGfqpjy43ROg81M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/b08e6e-0822-4224-954b-a6b1ad34e08c/1/kdfs8XFCs7CTX443uPfZwlPw7hk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.84.72.0/22
                IPv6:
                  2a0e:a680::/47

    Signature Algorithm: sha256WithRSAEncryption
         41:fb:1b:12:bb:aa:24:ba:b0:cf:83:ca:34:da:16:de:f6:cb:
         36:69:65:76:d4:06:ee:d0:48:f2:ca:d4:c3:2d:11:18:2e:2f:
         88:1b:b6:b1:db:66:07:f5:3c:3a:a9:e0:0b:9b:8b:d3:48:36:
         6a:ae:24:40:03:29:ff:a5:d1:b4:f4:7d:3d:29:05:f9:75:d2:
         8e:54:bd:0f:0e:b9:5a:d6:83:e8:f8:e6:39:76:26:ec:5b:31:
         ff:9d:b4:4f:04:65:73:79:73:42:2e:3c:2f:cf:bf:2c:15:ec:
         75:86:7a:fd:2c:75:c2:f9:23:2c:69:ff:1d:99:b3:f9:ec:37:
         88:33:1a:7d:0e:58:a3:dd:c9:2e:7f:25:dd:d0:e9:90:fe:b5:
         85:35:97:de:5f:af:fc:16:b3:6a:60:63:bf:fd:bf:5e:5f:bc:
         91:1e:39:d5:23:4a:d1:38:43:c1:bd:21:91:81:0d:48:a9:b3:
         e7:11:63:d0:09:a5:66:b4:a3:de:cb:88:04:03:4d:27:47:9f:
         05:3f:3c:e8:85:94:53:61:4e:9d:b5:04:41:ea:d0:f0:fd:ca:
         38:4d:13:71:48:17:99:54:9a:6e:db:29:2e:20:b2:8e:c2:37:
         1f:b7:24:25:d8:0d:b6:b5:49:6c:ae:8c:83:1a:79:7e:fc:c9:
         20:02:c1:80
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZAqNnNHGXDfKknLuO470E3PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDdlY2YxNzE0MmIzYjA5MzVmOGUzN2I4ZjdkOWMyNTNm
MGVlMTkwHhcNMjQwNjE4MDcxODQ5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTBhNDcxMWM0MzQ1ZDA0Y2U5YzY3ZWFhNjNjYjhkZDEzYTBmMzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvaPvnjrZ0XgOKejn9vY7LvHDZBIB
m/SUSKFBg4JsMYNLcs/NfKfpckaDx6cynLr/ARAVlvcx69AaM3y5oevO2Wy7AYSY
7DFGKny0cm7H6VfvRx1O1mnt9CYc3I1Ge34t83k7x4LKjOz9QIezI4mD15z7ROQC
WR6AwccdNxxI3WVLocNNyQbPTpgBZA82bynIA0s7fPVeeQwawwMfKUFqM7REDwLg
ozTL2Jmt5Woxxljt6thJZdBvl4JsVMJhYeOtflvDMUR9dz3kygVe188umjW6ZzLy
AQlDj4jJElFv7n+kKqdIbC3MchbfAVGhiSVQ6H1iNkZwmBZTelzHEVu45wIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBEKRxHENF0Ezpxn6qY8uN0ToPNTMB8GA1UdIwQY
MBaAFJHX7PFxQrOwk1+ON7j32cJT8O4ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RmczhYRkNzN0NUWDQ0M3VQZlp3bFB3N2hrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi9iMDhlNmUtMDgyMi00MjI0LTk1NGIt
YTZiMWFkMzRlMDhjLzEvRVFwSEVjUTBYUVRPbkdmcXBqeTQzUk9nODFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi9iMDhlNmUtMDgyMi00MjI0LTk1NGItYTZiMWFkMzRlMDhj
LzEva2RmczhYRkNzN0NUWDQ0M3VQZlp3bFB3N2hrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCLVRIMA8E
AgACMAkDBwEqDqaAAAAwDQYJKoZIhvcNAQELBQADggEBAEH7GxK7qiS6sM+DyjTa
Ft72yzZpZXbUBu7QSPLK1MMtERguL4gbtrHbZgf1PDqp4Aubi9NINmquJEADKf+l
0bT0fT0pBfl10o5UvQ8OuVrWg+j45jl2JuxbMf+dtE8EZXN5c0IuPC/PvywV7HWG
ev0sdcL5Iyxp/x2Zs/nsN4gzGn0OWKPdyS5/Jd3Q6ZD+tYU1l95fr/wWs2pgY7/9
v15fvJEeOdUjStE4Q8G9IZGBDUips+cRY9AJpWa0o97LiAQDTSdHnwU/POiFlFNh
Tp21BEHq0PD9yjhNE3FIF5lUmm7bKS4gso7CNx+3JCXYDba1SWyujIMaeX78ySAC
wYA=
-----END CERTIFICATE-----