Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/af4e4b-2026-4bbb-9628-f08a0ae92b8d/1/EpbVXDNuUExOwnTLJb2CgGRynSQ.roa
File:                     EpbVXDNuUExOwnTLJb2CgGRynSQ.roa (raw, json)
Hash identifier:          2I1nNLjR59j/XALA3pPyQ/Z/XzQoKYD7XZKcIK7g5XY=
Subject key identifier:   12:96:D5:5C:33:6E:50:4C:4E:C2:74:CB:25:BD:82:80:64:72:9D:24
Certificate issuer:       /CN=b18c4a4300837c4ea17ad1e3821a09ad53764087
Certificate serial:       018CC56ED3E5ECB276166FC863F2FBFF5837
Authority key identifier: B1:8C:4A:43:00:83:7C:4E:A1:7A:D1:E3:82:1A:09:AD:53:76:40:87
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sYxKQwCDfE6hetHjghoJrVN2QIc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/af4e4b-2026-4bbb-9628-f08a0ae92b8d/1/EpbVXDNuUExOwnTLJb2CgGRynSQ.roa
Signing time:             Mon 01 Jan 2024 14:30:23 +0000
ROA not before:           Mon 01 Jan 2024 14:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     213011
IP address blocks:        91.211.1.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/af4e4b-2026-4bbb-9628-f08a0ae92b8d/1/sYxKQwCDfE6hetHjghoJrVN2QIc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/af4e4b-2026-4bbb-9628-f08a0ae92b8d/1/sYxKQwCDfE6hetHjghoJrVN2QIc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sYxKQwCDfE6hetHjghoJrVN2QIc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 20:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:6e:d3:e5:ec:b2:76:16:6f:c8:63:f2:fb:ff:58:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b18c4a4300837c4ea17ad1e3821a09ad53764087
        Validity
            Not Before: Jan  1 14:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1296d55c336e504c4ec274cb25bd828064729d24
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:90:5b:e4:64:13:18:77:0f:ec:36:9f:86:c4:
                    51:a6:63:04:7c:2c:e2:04:c3:a4:46:56:f8:59:b4:
                    fb:97:78:79:21:dd:71:36:9d:e4:65:79:f3:fa:85:
                    39:51:3c:51:51:c8:e7:89:58:59:a1:20:4b:74:c5:
                    61:91:d2:e6:c6:1d:1e:b5:10:f0:71:fd:dd:f2:a0:
                    61:31:74:b7:3b:a3:22:3e:13:c6:5c:79:8f:8a:ef:
                    7a:66:a8:b6:e7:5b:51:53:a7:c2:db:16:56:4d:ff:
                    37:4f:f7:e9:1d:d4:00:bf:73:11:24:43:1c:95:47:
                    65:27:a6:52:a8:db:5c:46:a1:e3:c1:f2:38:44:ef:
                    fe:50:8a:6f:5f:85:4c:1d:54:8d:49:05:54:5a:37:
                    51:ff:89:04:33:cb:c4:c8:5c:38:a6:0d:5d:39:5b:
                    e7:af:11:4f:be:02:ef:6b:4a:7f:5b:2b:ed:13:e1:
                    4d:9c:51:ad:42:fc:c9:47:4a:af:3c:0b:d8:ef:dc:
                    27:01:22:8c:22:4a:3f:2e:4a:ed:74:16:ea:65:62:
                    c5:d3:50:28:71:52:35:21:62:09:a0:59:db:9f:1a:
                    78:19:8c:e1:ce:fe:b2:1e:7a:64:16:d1:b9:77:33:
                    41:7a:d6:f7:ba:7e:00:03:67:52:c0:b8:01:3c:a5:
                    c8:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:96:D5:5C:33:6E:50:4C:4E:C2:74:CB:25:BD:82:80:64:72:9D:24
            X509v3 Authority Key Identifier:
                keyid:B1:8C:4A:43:00:83:7C:4E:A1:7A:D1:E3:82:1A:09:AD:53:76:40:87

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sYxKQwCDfE6hetHjghoJrVN2QIc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/af4e4b-2026-4bbb-9628-f08a0ae92b8d/1/EpbVXDNuUExOwnTLJb2CgGRynSQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/af4e4b-2026-4bbb-9628-f08a0ae92b8d/1/sYxKQwCDfE6hetHjghoJrVN2QIc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.1.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:01:cd:ff:b7:73:e2:46:d4:40:7d:9b:88:4e:66:36:67:ce:
         ad:3c:95:14:39:4d:37:9a:fd:89:85:48:f5:c6:b9:82:19:a6:
         af:76:21:65:5e:45:25:9f:0f:8c:fe:33:ec:f2:e7:68:0f:9e:
         f0:3b:b4:9c:ed:ad:a4:94:ab:37:e6:ed:f7:06:35:fa:ad:08:
         fc:9b:e3:37:59:4c:a9:2b:3f:35:6d:d5:c3:42:2e:f2:98:bf:
         11:0b:7a:1e:14:a3:4c:c3:11:e9:90:e2:6e:d1:8c:65:a0:27:
         a7:13:cd:82:7a:12:05:db:cd:97:c5:1b:25:df:45:97:06:f6:
         1c:11:97:7a:ec:2b:f1:f0:db:5b:4d:b7:82:38:81:06:11:76:
         1d:d1:f1:96:9f:a2:c3:16:ee:76:20:57:ae:41:79:a9:b3:f6:
         78:47:43:bb:5b:db:75:57:8a:7d:11:33:d9:cd:3e:4e:db:1f:
         5d:c7:5f:2c:8d:a9:58:fc:c8:49:79:7b:8d:e1:a6:69:69:06:
         97:97:8c:35:22:1d:49:c5:fc:a6:37:6a:90:ed:e1:f9:20:b9:
         88:bf:d3:1e:7e:ee:e2:fd:50:f2:30:30:0e:4f:89:21:0a:88:
         ab:24:d4:96:c0:b2:4f:bf:98:ed:33:63:8a:93:3b:a5:49:57:
         ed:81:d0:28
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbtPl7LJ2Fm/IY/L7/1g3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxOGM0YTQzMDA4MzdjNGVhMTdhZDFlMzgyMWEwOWFkNTM3
NjQwODcwHhcNMjQwMTAxMTQzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjk2ZDU1YzMzNmU1MDRjNGVjMjc0Y2IyNWJkODI4MDY0NzI5ZDI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt5Bb5GQTGHcP7DafhsRRpmMEfCzi
BMOkRlb4WbT7l3h5Id1xNp3kZXnz+oU5UTxRUcjniVhZoSBLdMVhkdLmxh0etRDw
cf3d8qBhMXS3O6MiPhPGXHmPiu96Zqi251tRU6fC2xZWTf83T/fpHdQAv3MRJEMc
lUdlJ6ZSqNtcRqHjwfI4RO/+UIpvX4VMHVSNSQVUWjdR/4kEM8vEyFw4pg1dOVvn
rxFPvgLva0p/WyvtE+FNnFGtQvzJR0qvPAvY79wnASKMIko/LkrtdBbqZWLF01Ao
cVI1IWIJoFnbnxp4GYzhzv6yHnpkFtG5dzNBetb3un4AA2dSwLgBPKXITwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBKW1VwzblBMTsJ0yyW9goBkcp0kMB8GA1UdIwQY
MBaAFLGMSkMAg3xOoXrR44IaCa1TdkCHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc1l4S1F3Q0RmRTZoZXRIamdob0pyVk4yUUljLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9hZjRlNGItMjAyNi00YmJiLTk2Mjgt
ZjA4YTBhZTkyYjhkLzEvRXBiVlhETnVVRXhPd25UTEpiMkNnR1J5blNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9hZjRlNGItMjAyNi00YmJiLTk2MjgtZjA4YTBhZTkyYjhk
LzEvc1l4S1F3Q0RmRTZoZXRIamdob0pyVk4yUUljLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9MBMA0G
CSqGSIb3DQEBCwUAA4IBAQAZAc3/t3PiRtRAfZuITmY2Z86tPJUUOU03mv2JhUj1
xrmCGaavdiFlXkUlnw+M/jPs8udoD57wO7Sc7a2klKs35u33BjX6rQj8m+M3WUyp
Kz81bdXDQi7ymL8RC3oeFKNMwxHpkOJu0YxloCenE82CehIF282XxRsl30WXBvYc
EZd67Cvx8NtbTbeCOIEGEXYd0fGWn6LDFu52IFeuQXmps/Z4R0O7W9t1V4p9ETPZ
zT5O2x9dx18sjalY/MhJeXuN4aZpaQaXl4w1Ih1JxfymN2qQ7eH5ILmIv9Mefu7i
/VDyMDAOT4khCoirJNSWwLJPv5jtM2OKkzulSVftgdAo
-----END CERTIFICATE-----