Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/1f74e4-dc68-4b2e-8eb1-7b8d7ee9f411/1/EBiJ3aQaltoRD9MLuy2zv1nRp70.roa
File:                     EBiJ3aQaltoRD9MLuy2zv1nRp70.roa (raw, json)
Hash identifier:          7GKQ7GSUAPWwCQwXf/G7nhiN7DbTdWYb4xz2ezGm74I=
Subject key identifier:   10:18:89:DD:A4:1A:96:DA:11:0F:D3:0B:BB:2D:B3:BF:59:D1:A7:BD
Certificate issuer:       /CN=80e6205c2a210f57fb71f27f3c4baaeb53dd5e33
Certificate serial:       018CC424499EC893348754BED72CA13B69D5
Authority key identifier: 80:E6:20:5C:2A:21:0F:57:FB:71:F2:7F:3C:4B:AA:EB:53:DD:5E:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gOYgXCohD1f7cfJ_PEuq61PdXjM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/1f74e4-dc68-4b2e-8eb1-7b8d7ee9f411/1/EBiJ3aQaltoRD9MLuy2zv1nRp70.roa
Signing time:             Mon 01 Jan 2024 08:29:21 +0000
ROA not before:           Mon 01 Jan 2024 08:29:21 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47607
IP address blocks:        91.208.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/1f74e4-dc68-4b2e-8eb1-7b8d7ee9f411/1/gOYgXCohD1f7cfJ_PEuq61PdXjM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/1f74e4-dc68-4b2e-8eb1-7b8d7ee9f411/1/gOYgXCohD1f7cfJ_PEuq61PdXjM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gOYgXCohD1f7cfJ_PEuq61PdXjM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 00:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:24:49:9e:c8:93:34:87:54:be:d7:2c:a1:3b:69:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80e6205c2a210f57fb71f27f3c4baaeb53dd5e33
        Validity
            Not Before: Jan  1 08:29:21 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=101889dda41a96da110fd30bbb2db3bf59d1a7bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:56:fd:69:cd:84:1e:a4:90:06:b9:58:8b:05:
                    c9:60:c2:4f:42:49:a5:54:08:be:79:9f:6e:71:bd:
                    44:61:f5:13:f4:5e:41:6a:04:03:1f:80:81:02:95:
                    83:0e:12:d8:fe:6e:a2:99:c3:79:77:22:13:ea:7c:
                    43:ce:13:26:31:3e:87:ea:72:5c:1d:87:4a:5c:bc:
                    9c:d1:16:80:87:7c:a5:83:a9:ec:4a:ea:16:4a:97:
                    39:50:cf:af:1c:75:86:82:00:2b:bd:44:db:bf:b2:
                    12:b3:26:b4:75:28:7c:7b:a6:cf:70:95:2a:0f:9b:
                    a3:49:ca:9e:e1:26:fc:14:b7:8d:85:37:0d:28:eb:
                    78:b6:4c:64:39:00:91:e1:04:d5:d4:30:0a:52:ea:
                    85:16:44:df:99:56:6b:a1:e7:52:ff:c1:d9:e5:d1:
                    8d:d7:1f:97:70:26:b0:af:25:99:c5:e6:71:d1:43:
                    18:b0:55:19:f2:92:bd:e2:0c:bf:79:94:85:8e:cb:
                    79:7c:89:dc:a3:13:74:e9:4a:a9:65:77:93:77:ff:
                    64:e2:90:25:c7:14:74:78:46:06:65:63:64:2c:b5:
                    7c:aa:e3:02:d0:a2:68:53:37:cd:be:9d:d5:37:58:
                    aa:29:21:af:fd:0c:a3:4d:d3:77:26:b6:94:2a:be:
                    af:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:18:89:DD:A4:1A:96:DA:11:0F:D3:0B:BB:2D:B3:BF:59:D1:A7:BD
            X509v3 Authority Key Identifier:
                keyid:80:E6:20:5C:2A:21:0F:57:FB:71:F2:7F:3C:4B:AA:EB:53:DD:5E:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gOYgXCohD1f7cfJ_PEuq61PdXjM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1f74e4-dc68-4b2e-8eb1-7b8d7ee9f411/1/EBiJ3aQaltoRD9MLuy2zv1nRp70.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/1f74e4-dc68-4b2e-8eb1-7b8d7ee9f411/1/gOYgXCohD1f7cfJ_PEuq61PdXjM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:e4:f2:68:11:43:56:97:6d:bb:33:39:75:ce:dc:04:4e:c1:
         a4:75:48:e0:e9:f7:ef:6b:25:f5:c8:ac:69:98:64:eb:96:ff:
         51:9f:de:e4:55:9a:01:26:f3:44:1b:46:8a:a2:ec:a2:63:9d:
         c2:f4:f4:75:6d:fc:85:3c:8f:00:88:c8:bb:e1:61:26:25:15:
         7e:6a:31:f1:07:31:06:3f:6c:6a:3f:3c:1c:fa:c0:1e:2b:fa:
         e5:11:81:1e:af:e7:1f:cb:ab:bb:4e:10:e8:26:e8:4a:72:10:
         ea:06:96:a5:6b:6b:b8:4e:63:0d:4b:bd:e3:c0:44:0f:ff:dd:
         ab:03:b8:74:6d:c4:41:a3:dc:5b:48:f6:4a:5c:ee:1c:a1:64:
         6c:24:27:5e:d6:90:e7:4c:e4:a4:dc:d5:14:fe:37:81:71:2a:
         9e:f1:b1:0b:60:90:bc:bb:09:55:7c:5a:51:ca:ae:5a:af:f5:
         8d:6c:49:36:a0:08:fc:1b:fe:75:9d:d1:ef:04:8e:5c:4c:25:
         d8:ad:6d:aa:fd:f3:0c:b2:79:13:7d:d3:37:a5:7b:0c:3e:fe:
         57:b2:9d:ff:d0:16:d5:76:70:db:fb:f2:78:79:bd:bc:ca:ff:
         3e:5b:f1:3a:94:03:0e:b2:5a:62:dc:fa:41:1a:97:f9:66:23:
         ea:fd:1a:b3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJEmeyJM0h1S+1yyhO2nVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwZTYyMDVjMmEyMTBmNTdmYjcxZjI3ZjNjNGJhYWViNTNk
ZDVlMzMwHhcNMjQwMTAxMDgyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDE4ODlkZGE0MWE5NmRhMTEwZmQzMGJiYjJkYjNiZjU5ZDFhN2JkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoFb9ac2EHqSQBrlYiwXJYMJPQkml
VAi+eZ9ucb1EYfUT9F5BagQDH4CBApWDDhLY/m6imcN5dyIT6nxDzhMmMT6H6nJc
HYdKXLyc0RaAh3ylg6nsSuoWSpc5UM+vHHWGggArvUTbv7ISsya0dSh8e6bPcJUq
D5ujScqe4Sb8FLeNhTcNKOt4tkxkOQCR4QTV1DAKUuqFFkTfmVZroedS/8HZ5dGN
1x+XcCawryWZxeZx0UMYsFUZ8pK94gy/eZSFjst5fIncoxN06UqpZXeTd/9k4pAl
xxR0eEYGZWNkLLV8quMC0KJoUzfNvp3VN1iqKSGv/QyjTdN3JraUKr6vuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBAYid2kGpbaEQ/TC7sts79Z0ae9MB8GA1UdIwQY
MBaAFIDmIFwqIQ9X+3HyfzxLqutT3V4zMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ09ZZ1hDb2hEMWY3Y2ZKX1BFdXE2MVBkWGpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC8xZjc0ZTQtZGM2OC00YjJlLThlYjEt
N2I4ZDdlZTlmNDExLzEvRUJpSjNhUWFsdG9SRDlNTHV5Mnp2MW5ScDcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC8xZjc0ZTQtZGM2OC00YjJlLThlYjEtN2I4ZDdlZTlmNDEx
LzEvZ09ZZ1hDb2hEMWY3Y2ZKX1BFdXE2MVBkWGpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9BGMA0G
CSqGSIb3DQEBCwUAA4IBAQBw5PJoEUNWl227Mzl1ztwETsGkdUjg6ffvayX1yKxp
mGTrlv9Rn97kVZoBJvNEG0aKouyiY53C9PR1bfyFPI8AiMi74WEmJRV+ajHxBzEG
P2xqPzwc+sAeK/rlEYEer+cfy6u7ThDoJuhKchDqBpala2u4TmMNS73jwEQP/92r
A7h0bcRBo9xbSPZKXO4coWRsJCde1pDnTOSk3NUU/jeBcSqe8bELYJC8uwlVfFpR
yq5ar/WNbEk2oAj8G/51ndHvBI5cTCXYrW2q/fMMsnkTfdM3pXsMPv5Xsp3/0BbV
dnDb+/J4eb28yv8+W/E6lAMOslpi3PpBGpf5ZiPq/Rqz
-----END CERTIFICATE-----