Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/70a8fa-0fc9-4a97-aade-2ac62657f463/1/IEh7MtGWUd9F8Zt6DXohYPAOl28.roa
File:                     IEh7MtGWUd9F8Zt6DXohYPAOl28.roa (raw, json)
Hash identifier:          HAFIzzTlLibcQUmxi2N05eD8rrrOIav8utpHRiOQfCg=
Subject key identifier:   20:48:7B:32:D1:96:51:DF:45:F1:9B:7A:0D:7A:21:60:F0:0E:97:6F
Certificate issuer:       /CN=12779763ad3f1f4b5a4a0552c6039496bcff3a54
Certificate serial:       018EC89FC392080D2321A0FC7ACFF542F3F6
Authority key identifier: 12:77:97:63:AD:3F:1F:4B:5A:4A:05:52:C6:03:94:96:BC:FF:3A:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EneXY60_H0taSgVSxgOUlrz_OlQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/70a8fa-0fc9-4a97-aade-2ac62657f463/1/IEh7MtGWUd9F8Zt6DXohYPAOl28.roa
Signing time:             Wed 10 Apr 2024 15:28:17 +0000
ROA not before:           Wed 10 Apr 2024 15:28:17 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48129
IP address blocks:        91.210.44.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/70a8fa-0fc9-4a97-aade-2ac62657f463/1/EneXY60_H0taSgVSxgOUlrz_OlQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/70a8fa-0fc9-4a97-aade-2ac62657f463/1/EneXY60_H0taSgVSxgOUlrz_OlQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EneXY60_H0taSgVSxgOUlrz_OlQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:c8:9f:c3:92:08:0d:23:21:a0:fc:7a:cf:f5:42:f3:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12779763ad3f1f4b5a4a0552c6039496bcff3a54
        Validity
            Not Before: Apr 10 15:28:17 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=20487b32d19651df45f19b7a0d7a2160f00e976f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ab:33:07:ee:e9:6d:61:bc:4b:cc:93:32:ae:
                    91:3b:5f:34:fe:1e:ee:8e:1f:eb:a7:6e:fb:ac:bb:
                    51:e6:0f:bf:19:a8:2c:8a:3c:3b:85:42:90:fc:35:
                    b5:7f:da:4d:61:58:a0:50:13:71:d2:84:07:ab:6c:
                    2b:9b:26:cd:23:50:33:f5:55:a0:56:70:0b:e2:e8:
                    36:08:5c:b0:59:0d:55:5e:07:3a:a6:bb:26:f7:54:
                    5e:53:f3:93:ad:9e:1d:38:c3:33:56:0d:47:19:32:
                    c4:ef:30:01:6e:b7:f8:60:4c:6f:f0:e7:6c:37:e6:
                    31:19:47:1f:3f:ad:4b:e5:23:c0:9b:aa:c5:bd:43:
                    57:9f:fd:12:04:82:cd:3f:55:25:c5:fd:1a:91:0c:
                    09:94:7f:b3:21:35:bf:41:f6:97:d9:5e:27:85:c8:
                    c6:28:39:39:4b:bb:fd:6a:33:59:9b:80:aa:40:04:
                    05:c4:2f:8e:10:77:b9:e3:d4:aa:21:e0:f0:a2:ac:
                    47:27:1b:61:82:08:1d:69:08:0d:24:97:a4:6e:26:
                    d1:c1:65:fd:c2:48:f9:c9:8a:32:0f:d7:54:ca:36:
                    75:00:15:10:1f:e6:a9:c3:64:41:29:57:3e:37:39:
                    13:7b:61:d0:6e:34:f6:75:41:96:19:a5:f4:4b:ab:
                    e5:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:48:7B:32:D1:96:51:DF:45:F1:9B:7A:0D:7A:21:60:F0:0E:97:6F
            X509v3 Authority Key Identifier:
                keyid:12:77:97:63:AD:3F:1F:4B:5A:4A:05:52:C6:03:94:96:BC:FF:3A:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EneXY60_H0taSgVSxgOUlrz_OlQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70a8fa-0fc9-4a97-aade-2ac62657f463/1/IEh7MtGWUd9F8Zt6DXohYPAOl28.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/70a8fa-0fc9-4a97-aade-2ac62657f463/1/EneXY60_H0taSgVSxgOUlrz_OlQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.210.44.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:de:9a:d3:e2:bb:da:9e:07:0f:e4:d3:e8:c6:eb:ea:53:7d:
         bb:f2:a2:73:33:17:e0:79:96:aa:05:a5:44:17:af:bf:88:1a:
         4d:d1:0d:80:e0:14:38:8d:2a:76:a7:19:be:83:24:ae:5a:f3:
         eb:74:8a:56:db:2d:69:47:82:99:13:02:b4:7b:8b:23:ed:28:
         ba:e9:07:ba:5f:00:83:e0:4f:98:fa:44:87:1b:2e:58:3d:19:
         b3:2c:e3:cd:94:9f:cd:d7:d3:3d:46:1d:36:bf:e1:38:ed:5a:
         b0:67:4d:b7:09:bb:b6:8f:5f:f6:83:e8:67:4e:70:b6:69:55:
         48:93:5e:19:74:3b:ba:af:f3:38:ff:17:af:1f:b2:7d:e3:09:
         7f:98:33:f1:12:cf:1b:09:a5:b5:7a:05:6b:ac:b4:0e:2c:d9:
         3a:f4:83:6b:fc:16:a9:93:fe:2f:ad:43:b6:c3:52:f0:f1:0f:
         bc:b1:d9:e6:4e:89:5f:49:5c:ac:74:aa:ef:4b:12:b0:11:7a:
         4f:6e:31:a1:6d:4b:67:f4:41:8a:16:79:a2:0c:73:c7:e6:67:
         92:ee:b1:ad:17:17:ac:f3:27:23:42:de:86:ee:c6:95:40:f7:
         47:0d:d1:da:ff:da:f1:75:38:0a:99:59:73:a6:75:8e:41:6d:
         29:19:3a:42
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7In8OSCA0jIaD8es/1QvP2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyNzc5NzYzYWQzZjFmNGI1YTRhMDU1MmM2MDM5NDk2YmNm
ZjNhNTQwHhcNMjQwNDEwMTUyODE3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDQ4N2IzMmQxOTY1MWRmNDVmMTliN2EwZDdhMjE2MGYwMGU5NzZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu6szB+7pbWG8S8yTMq6RO180/h7u
jh/rp277rLtR5g+/Gagsijw7hUKQ/DW1f9pNYVigUBNx0oQHq2wrmybNI1Az9VWg
VnAL4ug2CFywWQ1VXgc6prsm91ReU/OTrZ4dOMMzVg1HGTLE7zABbrf4YExv8Ods
N+YxGUcfP61L5SPAm6rFvUNXn/0SBILNP1Ulxf0akQwJlH+zITW/QfaX2V4nhcjG
KDk5S7v9ajNZm4CqQAQFxC+OEHe549SqIeDwoqxHJxthgggdaQgNJJekbibRwWX9
wkj5yYoyD9dUyjZ1ABUQH+apw2RBKVc+NzkTe2HQbjT2dUGWGaX0S6vlVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCBIezLRllHfRfGbeg16IWDwDpdvMB8GA1UdIwQY
MBaAFBJ3l2OtPx9LWkoFUsYDlJa8/zpUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW5lWFk2MF9IMHRhU2dWU3hnT1VscnpfT2xRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC83MGE4ZmEtMGZjOS00YTk3LWFhZGUt
MmFjNjI2NTdmNDYzLzEvSUVoN010R1dVZDlGOFp0NkRYb2hZUEFPbDI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC83MGE4ZmEtMGZjOS00YTk3LWFhZGUtMmFjNjI2NTdmNDYz
LzEvRW5lWFk2MF9IMHRhU2dWU3hnT1VscnpfT2xRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9IsMA0G
CSqGSIb3DQEBCwUAA4IBAQAR3prT4rvangcP5NPoxuvqU3278qJzMxfgeZaqBaVE
F6+/iBpN0Q2A4BQ4jSp2pxm+gySuWvPrdIpW2y1pR4KZEwK0e4sj7Si66Qe6XwCD
4E+Y+kSHGy5YPRmzLOPNlJ/N19M9Rh02v+E47VqwZ023Cbu2j1/2g+hnTnC2aVVI
k14ZdDu6r/M4/xevH7J94wl/mDPxEs8bCaW1egVrrLQOLNk69INr/Bapk/4vrUO2
w1Lw8Q+8sdnmTolfSVysdKrvSxKwEXpPbjGhbUtn9EGKFnmiDHPH5meS7rGtFxes
8ycjQt6G7saVQPdHDdHa/9rxdTgKmVlzpnWOQW0pGTpC
-----END CERTIFICATE-----