Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/efff71-7d11-4a1a-8ad3-a67d8c7ed7ca/1/E6SsxrL0YU9sVh9I8GUbKrOvT1M.roa
File:                     E6SsxrL0YU9sVh9I8GUbKrOvT1M.roa (raw, json)
Hash identifier:          YCaqr7sid2K9NSVR3DjQ0cVKpB+Nv1AlUmt5Gzw4TLs=
Subject key identifier:   13:A4:AC:C6:B2:F4:61:4F:6C:56:1F:48:F0:65:1B:2A:B3:AF:4F:53
Certificate issuer:       /CN=eeb59b791c7a11d232a95c7ef169285caea695bc
Certificate serial:       019420684CA8D506C0AEB74703BA41DECC53
Authority key identifier: EE:B5:9B:79:1C:7A:11:D2:32:A9:5C:7E:F1:69:28:5C:AE:A6:95:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rWbeRx6EdIyqVx-8WkoXK6mlbw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/efff71-7d11-4a1a-8ad3-a67d8c7ed7ca/1/E6SsxrL0YU9sVh9I8GUbKrOvT1M.roa
Signing time:             Wed 01 Jan 2025 05:48:13 +0000
ROA not before:           Wed 01 Jan 2025 05:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211085
IP address blocks:        91.198.87.0/24 maxlen: 24
                          2a02:6c20:7::/48 maxlen: 48
                          2a10:d4c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/efff71-7d11-4a1a-8ad3-a67d8c7ed7ca/1/7rWbeRx6EdIyqVx-8WkoXK6mlbw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/efff71-7d11-4a1a-8ad3-a67d8c7ed7ca/1/7rWbeRx6EdIyqVx-8WkoXK6mlbw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rWbeRx6EdIyqVx-8WkoXK6mlbw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 05:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:4c:a8:d5:06:c0:ae:b7:47:03:ba:41:de:cc:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eeb59b791c7a11d232a95c7ef169285caea695bc
        Validity
            Not Before: Jan  1 05:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13a4acc6b2f4614f6c561f48f0651b2ab3af4f53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:35:97:29:da:f0:98:99:0f:65:44:a3:f4:4f:
                    25:54:ae:25:11:38:0b:e2:fa:6a:00:9e:68:97:d9:
                    89:c2:dd:b5:ef:d9:a1:ce:e5:29:aa:c2:a4:25:ef:
                    d6:d1:5f:ab:87:00:44:e3:97:c5:cc:2d:c8:d8:df:
                    fa:cc:96:8a:3e:7d:08:3b:76:90:ff:24:00:b2:4a:
                    09:4c:49:7a:c1:b0:99:d5:ff:c0:76:9b:ee:d3:60:
                    a5:df:a6:bd:f3:73:5e:78:06:7d:ee:4e:6b:2b:57:
                    64:3a:6d:be:51:5f:27:95:d0:06:b0:af:15:ae:8d:
                    e4:55:37:12:a3:9f:8e:9e:2b:4f:e8:77:64:64:8d:
                    45:36:9b:4f:d6:ed:da:18:67:43:d8:d4:69:96:50:
                    72:3b:77:e9:eb:d9:d3:e7:4b:02:80:65:0b:06:fe:
                    6c:bd:56:f8:76:92:86:d4:0e:12:f6:77:88:c1:6b:
                    28:48:f3:f3:67:d9:1c:e8:95:29:c1:ce:69:ab:eb:
                    19:19:f4:8a:11:14:bb:f5:3e:d9:24:8c:d9:01:fd:
                    a9:08:9f:4d:61:0d:de:0d:c5:ae:58:71:a3:20:67:
                    ac:2e:63:2c:7d:e2:59:ae:9b:7f:07:29:3e:96:dd:
                    93:2e:94:6d:f8:f4:b1:d3:55:40:11:8b:b0:27:7b:
                    37:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:A4:AC:C6:B2:F4:61:4F:6C:56:1F:48:F0:65:1B:2A:B3:AF:4F:53
            X509v3 Authority Key Identifier:
                keyid:EE:B5:9B:79:1C:7A:11:D2:32:A9:5C:7E:F1:69:28:5C:AE:A6:95:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rWbeRx6EdIyqVx-8WkoXK6mlbw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/efff71-7d11-4a1a-8ad3-a67d8c7ed7ca/1/E6SsxrL0YU9sVh9I8GUbKrOvT1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/efff71-7d11-4a1a-8ad3-a67d8c7ed7ca/1/7rWbeRx6EdIyqVx-8WkoXK6mlbw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.87.0/24
                IPv6:
                  2a02:6c20:7::/48
                  2a10:d4c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         ba:49:8e:1a:88:fb:94:46:78:c7:ed:8f:0a:f5:f3:36:2f:69:
         88:f4:d9:c7:9c:81:f2:06:dc:51:92:88:5b:19:98:ee:2c:3c:
         76:2c:85:78:17:c3:54:a2:c7:42:16:d7:35:ea:cc:eb:41:b3:
         03:7a:0f:ea:2e:f9:89:87:fa:ec:b1:12:2e:cc:58:a9:16:9f:
         25:9d:93:f6:39:ec:2f:99:df:7e:e9:ab:4a:ae:13:92:9b:ed:
         37:f0:59:2b:cd:0f:09:da:e7:2d:9d:31:f1:b9:ba:06:e1:ab:
         73:23:2a:39:43:e8:c8:92:af:3b:4b:db:0b:6c:08:23:42:16:
         e2:f3:d6:1f:4a:3b:3b:96:78:12:34:27:09:6f:21:f1:f9:38:
         05:ca:a4:0f:3c:ab:3c:cf:fd:09:c6:2a:67:50:76:15:46:5a:
         65:cb:79:26:bd:ba:c9:dc:0d:c4:33:7f:b0:f4:3e:f6:7f:05:
         44:c5:98:dd:84:03:80:67:b7:eb:09:7f:d9:2b:50:97:51:d7:
         27:b2:7d:1e:02:21:8c:b4:3b:fa:ff:b3:c4:19:50:91:37:34:
         54:7a:cc:22:42:4e:22:19:50:b3:ef:a0:5a:dc:24:b9:84:0a:
         eb:5e:12:14:08:05:86:57:bc:c5:ec:39:64:6b:32:7b:b4:e2:
         e4:2f:e1:3d
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZQgaEyo1QbArrdHA7pB3sxTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYjU5Yjc5MWM3YTExZDIzMmE5NWM3ZWYxNjkyODVjYWVh
Njk1YmMwHhcNMjUwMTAxMDU0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2E0YWNjNmIyZjQ2MTRmNmM1NjFmNDhmMDY1MWIyYWIzYWY0ZjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5TWXKdrwmJkPZUSj9E8lVK4lETgL
4vpqAJ5ol9mJwt2179mhzuUpqsKkJe/W0V+rhwBE45fFzC3I2N/6zJaKPn0IO3aQ
/yQAskoJTEl6wbCZ1f/Adpvu02Cl36a983NeeAZ97k5rK1dkOm2+UV8nldAGsK8V
ro3kVTcSo5+OnitP6HdkZI1FNptP1u3aGGdD2NRpllByO3fp69nT50sCgGULBv5s
vVb4dpKG1A4S9neIwWsoSPPzZ9kc6JUpwc5pq+sZGfSKERS79T7ZJIzZAf2pCJ9N
YQ3eDcWuWHGjIGesLmMsfeJZrpt/Byk+lt2TLpRt+PSx01VAEYuwJ3s3fwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFBOkrMay9GFPbFYfSPBlGyqzr09TMB8GA1UdIwQY
MBaAFO61m3kcehHSMqlcfvFpKFyuppW8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3JXYmVSeDZFZEl5cVZ4LThXa29YSzZtbGJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS9lZmZmNzEtN2QxMS00YTFhLThhZDMt
YTY3ZDhjN2VkN2NhLzEvRTZTc3hyTDBZVTlzVmg5SThHVWJLck92VDFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS9lZmZmNzEtN2QxMS00YTFhLThhZDMtYTY3ZDhjN2VkN2Nh
LzEvN3JXYmVSeDZFZEl5cVZ4LThXa29YSzZtbGJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAMBAIAATAGAwQAW8ZXMBYE
AgACMBADBwAqAmwgAAcDBQMqENTAMA0GCSqGSIb3DQEBCwUAA4IBAQC6SY4aiPuU
RnjH7Y8K9fM2L2mI9NnHnIHyBtxRkohbGZjuLDx2LIV4F8NUosdCFtc16szrQbMD
eg/qLvmJh/rssRIuzFipFp8lnZP2Oewvmd9+6atKrhOSm+038FkrzQ8J2uctnTHx
uboG4atzIyo5Q+jIkq87S9sLbAgjQhbi89YfSjs7lngSNCcJbyHx+TgFyqQPPKs8
z/0JxipnUHYVRlply3kmvbrJ3A3EM3+w9D72fwVExZjdhAOAZ7frCX/ZK1CXUdcn
sn0eAiGMtDv6/7PEGVCRNzRUeswiQk4iGVCz76Ba3CS5hArrXhIUCAWGV7zF7Dlk
azJ7tOLkL+E9
-----END CERTIFICATE-----