Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/6fcf66-8e8c-4dbb-8cf0-5019d2c388db/1/eUmwH2Njm9Tde52InLiStJ-3jio.roa
File:                     eUmwH2Njm9Tde52InLiStJ-3jio.roa (raw, json)
Hash identifier:          Q12eDS1fydr78YXs8pfGMhKKNdAoxhioLl1Tg/McMIY=
Subject key identifier:   79:49:B0:1F:63:63:9B:D4:DD:7B:9D:88:9C:B8:92:B4:9F:B7:8E:2A
Certificate issuer:       /CN=2ca6137749599c03c7b472f142c719680006b6e6
Certificate serial:       018CCA2A40BD73DED6F7A818A71BFB2DBAC5
Authority key identifier: 2C:A6:13:77:49:59:9C:03:C7:B4:72:F1:42:C7:19:68:00:06:B6:E6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LKYTd0lZnAPHtHLxQscZaAAGtuY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/6fcf66-8e8c-4dbb-8cf0-5019d2c388db/1/eUmwH2Njm9Tde52InLiStJ-3jio.roa
Signing time:             Tue 02 Jan 2024 12:33:35 +0000
ROA not before:           Tue 02 Jan 2024 12:33:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     47700
IP address blocks:        91.208.107.0/24 maxlen: 24
                          2001:678:478::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/6fcf66-8e8c-4dbb-8cf0-5019d2c388db/1/LKYTd0lZnAPHtHLxQscZaAAGtuY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/6fcf66-8e8c-4dbb-8cf0-5019d2c388db/1/LKYTd0lZnAPHtHLxQscZaAAGtuY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LKYTd0lZnAPHtHLxQscZaAAGtuY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 23:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:40:bd:73:de:d6:f7:a8:18:a7:1b:fb:2d:ba:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ca6137749599c03c7b472f142c719680006b6e6
        Validity
            Not Before: Jan  2 12:33:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7949b01f63639bd4dd7b9d889cb892b49fb78e2a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:02:b7:c4:c4:60:32:d2:c9:43:4f:74:39:af:
                    28:7a:1b:b9:cc:0f:14:5b:62:c4:a7:a4:3d:9f:72:
                    7a:f4:91:d4:e1:ac:c9:36:fa:e8:fb:1b:5e:9e:12:
                    61:ce:70:0a:d5:02:2a:84:88:1d:f1:49:9a:ce:78:
                    b6:fc:4e:2e:7d:38:0f:8d:cc:f7:07:24:45:06:bd:
                    1e:2e:da:ff:81:a5:52:37:74:74:a4:f3:4b:1e:b1:
                    d9:71:f7:a8:92:57:58:e7:58:fa:1b:20:21:a3:75:
                    2e:12:64:57:c1:0c:9b:0d:aa:cc:03:19:77:59:b4:
                    47:1d:29:5f:25:cc:87:b6:ed:67:d6:61:5d:0b:f6:
                    d1:65:c8:4d:d2:c2:1d:35:6d:63:f7:97:8b:76:3c:
                    71:f9:7d:18:64:d4:86:e8:79:c4:49:12:d3:a4:ab:
                    01:f1:49:5e:e8:59:df:61:49:51:88:72:cf:fa:9e:
                    86:ed:cd:69:78:5c:1e:23:3e:a2:0d:56:93:b9:b8:
                    3e:d1:7f:01:74:0c:dd:fd:fa:b2:29:ce:fc:eb:75:
                    ff:43:59:b0:44:1f:41:0b:fa:47:74:85:bf:c5:75:
                    bd:35:2e:a9:a5:f0:a3:a5:14:b6:da:43:1e:33:eb:
                    87:65:a6:ca:c7:5c:f3:6d:23:3c:3d:4b:61:8b:b3:
                    2d:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:49:B0:1F:63:63:9B:D4:DD:7B:9D:88:9C:B8:92:B4:9F:B7:8E:2A
            X509v3 Authority Key Identifier:
                keyid:2C:A6:13:77:49:59:9C:03:C7:B4:72:F1:42:C7:19:68:00:06:B6:E6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LKYTd0lZnAPHtHLxQscZaAAGtuY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/6fcf66-8e8c-4dbb-8cf0-5019d2c388db/1/eUmwH2Njm9Tde52InLiStJ-3jio.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/6fcf66-8e8c-4dbb-8cf0-5019d2c388db/1/LKYTd0lZnAPHtHLxQscZaAAGtuY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.107.0/24
                IPv6:
                  2001:678:478::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:73:2d:8a:2d:90:0b:25:be:a5:ac:fa:e2:6b:8d:2b:12:68:
         8b:04:41:49:f2:6c:24:57:0c:9c:dc:54:a3:44:80:1c:59:39:
         54:0a:53:0a:01:f3:85:c0:21:2b:89:58:2c:df:7a:da:cc:f0:
         47:55:e3:45:97:68:1b:a4:ba:5d:3e:36:23:fc:52:d2:c8:25:
         3a:26:40:61:60:7e:04:e2:9f:f8:0d:45:b7:f0:8d:13:ec:32:
         32:de:0a:86:c3:18:0a:5b:87:e2:49:e1:55:98:60:41:31:f7:
         9e:e5:89:bc:31:c4:1d:f0:cc:68:56:a5:08:a5:cc:5b:06:d5:
         5c:57:26:c1:d0:75:dc:1d:5f:fa:99:f6:b9:c0:37:14:c8:e5:
         fe:21:3f:da:e7:ef:9a:13:4f:7d:83:e1:56:72:68:8a:54:a5:
         50:67:c2:a6:6d:8c:93:47:2d:ac:c0:78:c5:77:ac:a2:71:d1:
         48:a5:97:ec:4c:a5:5c:1d:a1:14:a1:ec:b4:ed:5c:ae:81:38:
         3c:ee:ef:62:45:ca:09:b3:a5:a4:6b:e8:94:b0:65:3e:95:5e:
         f0:30:8a:58:6a:01:0a:c0:ba:1b:fa:2d:b1:25:48:57:fe:1f:
         28:7e:53:14:d1:b9:56:9e:be:1a:97:85:30:4f:eb:ae:ef:82:
         4c:26:42:3c
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzKKkC9c97W96gYpxv7LbrFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjYTYxMzc3NDk1OTljMDNjN2I0NzJmMTQyYzcxOTY4MDAw
NmI2ZTYwHhcNMjQwMTAyMTIzMzM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTQ5YjAxZjYzNjM5YmQ0ZGQ3YjlkODg5Y2I4OTJiNDlmYjc4ZTJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgK3xMRgMtLJQ090Oa8oehu5zA8U
W2LEp6Q9n3J69JHU4azJNvro+xtenhJhznAK1QIqhIgd8Umazni2/E4ufTgPjcz3
ByRFBr0eLtr/gaVSN3R0pPNLHrHZcfeokldY51j6GyAho3UuEmRXwQybDarMAxl3
WbRHHSlfJcyHtu1n1mFdC/bRZchN0sIdNW1j95eLdjxx+X0YZNSG6HnESRLTpKsB
8Ule6FnfYUlRiHLP+p6G7c1peFweIz6iDVaTubg+0X8BdAzd/fqyKc7863X/Q1mw
RB9BC/pHdIW/xXW9NS6ppfCjpRS22kMeM+uHZabKx1zzbSM8PUthi7MtXQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHlJsB9jY5vU3XudiJy4krSft44qMB8GA1UdIwQY
MBaAFCymE3dJWZwDx7Ry8ULHGWgABrbmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEtZVGQwbFpuQVBIdEhMeFFzY1phQUFHdHVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS82ZmNmNjYtOGU4Yy00ZGJiLThjZjAt
NTAxOWQyYzM4OGRiLzEvZVVtd0gyTmptOVRkZTUySW5MaVN0Si0zamlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS82ZmNmNjYtOGU4Yy00ZGJiLThjZjAtNTAxOWQyYzM4OGRi
LzEvTEtZVGQwbFpuQVBIdEhMeFFzY1phQUFHdHVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW9BrMA8E
AgACMAkDBwAgAQZ4BHgwDQYJKoZIhvcNAQELBQADggEBAFFzLYotkAslvqWs+uJr
jSsSaIsEQUnybCRXDJzcVKNEgBxZOVQKUwoB84XAISuJWCzfetrM8EdV40WXaBuk
ul0+NiP8UtLIJTomQGFgfgTin/gNRbfwjRPsMjLeCobDGApbh+JJ4VWYYEEx957l
ibwxxB3wzGhWpQilzFsG1VxXJsHQddwdX/qZ9rnANxTI5f4hP9rn75oTT32D4VZy
aIpUpVBnwqZtjJNHLazAeMV3rKJx0Uill+xMpVwdoRSh7LTtXK6BODzu72JFygmz
paRr6JSwZT6VXvAwilhqAQrAuhv6LbElSFf+Hyh+UxTRuVaevhqXhTBP667vgkwm
Qjw=
-----END CERTIFICATE-----