Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/eobgyGiJ9ziAwfqEQd50KQI9_q8.roa
File:                     eobgyGiJ9ziAwfqEQd50KQI9_q8.roa (raw, json)
Hash identifier:          O/hP5Z6RXHXJ6p6Zi5fP2c3B8IWZZjd3CW3F/Y3Z0sU=
Subject key identifier:   7A:86:E0:C8:68:89:F7:38:80:C1:FA:84:41:DE:74:29:02:3D:FE:AF
Certificate issuer:       /CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
Certificate serial:       018CCA2BC1D790873CC5F6B078860A04F941
Authority key identifier: 68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/eobgyGiJ9ziAwfqEQd50KQI9_q8.roa
Signing time:             Tue 02 Jan 2024 12:35:14 +0000
ROA not before:           Tue 02 Jan 2024 12:35:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     205074
IP address blocks:        212.91.16.0/24 maxlen: 24
                          212.91.17.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 04 Jul 2024 06:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2b:c1:d7:90:87:3c:c5:f6:b0:78:86:0a:04:f9:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c510fc9b865d96e3afc7c56056efad9a330c5b
        Validity
            Not Before: Jan  2 12:35:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a86e0c86889f73880c1fa8441de7429023dfeaf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:9d:cc:35:e1:4b:45:66:f9:37:ab:1d:26:eb:
                    1a:04:70:bb:33:7b:34:f5:9a:01:ab:8a:c4:f0:3f:
                    85:e7:89:85:9a:42:e1:5e:a6:b0:c5:b7:8e:68:a6:
                    14:8e:1a:57:5d:a0:3f:f1:97:b5:51:45:20:24:7c:
                    9a:b3:cb:da:14:45:36:dc:82:ba:8c:d3:f4:1b:ec:
                    dd:e7:0d:78:92:d1:fb:78:93:f5:60:23:5d:7d:6c:
                    92:de:ff:dc:7a:f0:27:3f:b1:5a:6a:24:de:9e:a4:
                    3d:0f:b1:ba:21:c6:ea:94:ca:d0:28:10:7a:e0:a1:
                    a0:49:b8:de:d7:77:42:c6:cd:2b:de:a3:e3:5b:1a:
                    a3:f5:ee:21:3e:c0:23:81:11:0b:84:3b:4c:a9:e3:
                    9b:6f:af:3d:f6:ad:1d:08:b5:8f:00:ae:16:c5:35:
                    6e:0b:aa:d2:f8:fc:98:b7:13:81:3d:8c:03:ee:be:
                    24:bd:8c:5d:9b:0a:d3:28:c0:17:9e:e1:2f:5b:3e:
                    9a:2a:6b:2d:20:36:2e:d7:d5:6d:b4:e5:dc:44:4d:
                    a6:39:ad:66:14:07:9a:b7:a8:3f:5e:2e:65:b8:b4:
                    d8:ed:b4:ad:ac:de:bd:40:3f:4e:10:d1:5c:e2:41:
                    ae:2a:91:a5:86:5e:8a:cd:01:e4:dc:93:29:2b:85:
                    af:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:86:E0:C8:68:89:F7:38:80:C1:FA:84:41:DE:74:29:02:3D:FE:AF
            X509v3 Authority Key Identifier:
                keyid:68:C5:10:FC:9B:86:5D:96:E3:AF:C7:C5:60:56:EF:AD:9A:33:0C:5B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMUQ_JuGXZbjr8fFYFbvrZozDFs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/eobgyGiJ9ziAwfqEQd50KQI9_q8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/18/e0f2f6-3a8a-4daa-8271-5d665e998f6a/1/aMUQ_JuGXZbjr8fFYFbvrZozDFs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.91.16.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b5:7f:05:db:c7:10:8d:7d:c6:58:3e:ba:1d:04:0b:4e:65:b7:
         34:b8:4b:3c:1f:4a:1a:a7:8d:ed:9e:4b:b6:f1:9e:19:8c:b8:
         cc:27:02:7f:ea:b0:49:83:c1:91:0a:00:f7:39:9e:2d:a6:e4:
         95:f7:c6:9f:c5:e8:ec:7f:4f:46:0a:85:6f:67:39:7e:5f:45:
         af:e1:1f:f1:ca:b8:de:e7:ae:e2:78:65:6d:8f:f2:16:cd:60:
         58:9b:ce:34:c3:d8:c3:ac:5a:54:47:30:26:8b:1a:b7:7a:38:
         3f:77:2a:bd:00:08:8d:d1:51:49:f6:32:1b:29:d2:8a:40:1f:
         42:28:05:94:ee:3a:f2:4c:fc:7f:14:3e:7d:b4:49:e1:a3:49:
         8f:01:4d:ec:0b:88:98:74:e8:90:21:c0:fa:35:a2:9f:8b:fb:
         d7:84:96:04:1b:99:a6:d5:b7:5b:15:05:a8:95:c3:ce:fb:ff:
         e6:09:f8:19:49:8e:3b:dd:ae:9f:04:19:9e:75:1b:a8:72:84:
         af:41:db:21:ce:68:e7:22:c3:ce:8e:c3:72:32:bd:b2:32:9a:
         f9:4a:89:3b:7d:72:a2:08:c7:9a:69:21:2d:9e:6f:ee:97:aa:
         4b:4c:75:83:58:d7:ec:ca:2f:f3:e4:57:3e:6a:00:71:24:0d:
         04:4b:c6:1d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKK8HXkIc8xfaweIYKBPlBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzUxMGZjOWI4NjVkOTZlM2FmYzdjNTYwNTZlZmFkOWEz
MzBjNWIwHhcNMjQwMTAyMTIzNTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTg2ZTBjODY4ODlmNzM4ODBjMWZhODQ0MWRlNzQyOTAyM2RmZWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuZ3MNeFLRWb5N6sdJusaBHC7M3s0
9ZoBq4rE8D+F54mFmkLhXqawxbeOaKYUjhpXXaA/8Ze1UUUgJHyas8vaFEU23IK6
jNP0G+zd5w14ktH7eJP1YCNdfWyS3v/cevAnP7FaaiTenqQ9D7G6IcbqlMrQKBB6
4KGgSbje13dCxs0r3qPjWxqj9e4hPsAjgRELhDtMqeObb6899q0dCLWPAK4WxTVu
C6rS+PyYtxOBPYwD7r4kvYxdmwrTKMAXnuEvWz6aKmstIDYu19VttOXcRE2mOa1m
FAeat6g/Xi5luLTY7bStrN69QD9OENFc4kGuKpGlhl6KzQHk3JMpK4Wv0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHqG4Mhoifc4gMH6hEHedCkCPf6vMB8GA1UdIwQY
MBaAFGjFEPybhl2W46/HxWBW762aMwxbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEt
NWQ2NjVlOTk4ZjZhLzEvZW9iZ3lHaUo5emlBd2ZxRVFkNTBLUUk5X3E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xOC9lMGYyZjYtM2E4YS00ZGFhLTgyNzEtNWQ2NjVlOTk4ZjZh
LzEvYU1VUV9KdUdYWmJqcjhmRllGYnZyWm96REZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQB1FsQMA0G
CSqGSIb3DQEBCwUAA4IBAQC1fwXbxxCNfcZYProdBAtOZbc0uEs8H0oap43tnku2
8Z4ZjLjMJwJ/6rBJg8GRCgD3OZ4tpuSV98afxejsf09GCoVvZzl+X0Wv4R/xyrje
567ieGVtj/IWzWBYm840w9jDrFpURzAmixq3ejg/dyq9AAiN0VFJ9jIbKdKKQB9C
KAWU7jryTPx/FD59tEnho0mPAU3sC4iYdOiQIcD6NaKfi/vXhJYEG5mm1bdbFQWo
lcPO+//mCfgZSY473a6fBBmedRuocoSvQdshzmjnIsPOjsNyMr2yMpr5Sok7fXKi
CMeaaSEtnm/ul6pLTHWDWNfsyi/z5Fc+agBxJA0ES8Yd
-----END CERTIFICATE-----