Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/1341a7-1ce6-43b9-bf76-ef7e8d4434f3/1/EQ_TcJM3m4JeK5xQg-IFncykJYg.roa
File:                     EQ_TcJM3m4JeK5xQg-IFncykJYg.roa (raw, json)
Hash identifier:          BXaUU5649AywDGH+w3/Xli9bxKvFiZ0cZZbRmv9pxqE=
Subject key identifier:   11:0F:D3:70:93:37:9B:82:5E:2B:9C:50:83:E2:05:9D:CC:A4:25:88
Certificate issuer:       /CN=10258ae0c26c65a6a6966f3f7e698633b9143426
Certificate serial:       0193727FFB01B04F75DA8E8595784EED62CC
Authority key identifier: 10:25:8A:E0:C2:6C:65:A6:A6:96:6F:3F:7E:69:86:33:B9:14:34:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ECWK4MJsZaamlm8_fmmGM7kUNCY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/1341a7-1ce6-43b9-bf76-ef7e8d4434f3/1/EQ_TcJM3m4JeK5xQg-IFncykJYg.roa
Signing time:             Thu 28 Nov 2024 11:20:10 +0000
ROA not before:           Thu 28 Nov 2024 11:20:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     56874
IP address blocks:        91.228.118.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/1341a7-1ce6-43b9-bf76-ef7e8d4434f3/1/ECWK4MJsZaamlm8_fmmGM7kUNCY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/1341a7-1ce6-43b9-bf76-ef7e8d4434f3/1/ECWK4MJsZaamlm8_fmmGM7kUNCY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ECWK4MJsZaamlm8_fmmGM7kUNCY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 28 Dec 2024 17:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:72:7f:fb:01:b0:4f:75:da:8e:85:95:78:4e:ed:62:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=10258ae0c26c65a6a6966f3f7e698633b9143426
        Validity
            Not Before: Nov 28 11:20:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=110fd37093379b825e2b9c5083e2059dcca42588
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:49:8c:6d:ca:c9:4c:a7:3a:81:22:f2:d5:e5:
                    0a:34:b0:4d:c1:f5:a7:05:05:c5:29:16:fc:b7:e8:
                    ee:5b:bd:9b:c2:d5:36:67:92:12:44:81:e5:db:b8:
                    f6:a1:52:a3:af:b9:37:e9:d5:f9:34:a5:b8:34:4d:
                    51:d3:c0:94:19:11:06:3b:d1:a5:7c:f5:5d:76:1f:
                    df:88:1a:85:b5:6a:20:7b:13:84:7d:75:c0:64:11:
                    82:13:74:91:bf:5d:d9:dd:ef:15:8a:9c:02:bc:19:
                    31:7d:9e:c4:9a:9a:63:e4:94:4d:42:e3:59:64:ca:
                    ae:29:d1:3f:c4:e6:ad:fa:98:30:5e:66:5b:91:55:
                    c5:0e:50:23:fd:1b:3e:18:59:52:61:0f:2c:6e:79:
                    d2:05:b2:87:b8:35:39:3e:15:95:f6:79:fe:ee:4d:
                    4f:da:96:c4:34:da:6e:0d:f5:25:01:0c:76:e1:a9:
                    53:dc:e6:e7:90:68:8d:39:9f:38:38:e2:07:cf:8c:
                    82:46:8a:1c:0f:7d:b4:e1:c1:42:10:d6:8a:77:84:
                    b9:70:12:e8:c6:3d:8a:e9:5b:17:d2:ed:2d:0e:83:
                    00:1e:bb:fe:f9:69:ba:02:4b:76:3f:c0:6c:3e:eb:
                    48:b3:56:2a:e1:6e:e3:9c:a2:19:53:b4:c4:43:d7:
                    37:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:0F:D3:70:93:37:9B:82:5E:2B:9C:50:83:E2:05:9D:CC:A4:25:88
            X509v3 Authority Key Identifier:
                keyid:10:25:8A:E0:C2:6C:65:A6:A6:96:6F:3F:7E:69:86:33:B9:14:34:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ECWK4MJsZaamlm8_fmmGM7kUNCY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/1341a7-1ce6-43b9-bf76-ef7e8d4434f3/1/EQ_TcJM3m4JeK5xQg-IFncykJYg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/1341a7-1ce6-43b9-bf76-ef7e8d4434f3/1/ECWK4MJsZaamlm8_fmmGM7kUNCY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.228.118.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:86:c4:ee:4f:7f:cc:55:84:28:e6:56:a3:1a:a7:05:dc:31:
         c9:2b:91:ec:44:33:bd:d3:7d:95:8f:d2:2b:37:76:44:e4:79:
         be:37:80:eb:45:19:90:91:ac:3b:6e:63:43:73:01:70:ba:ca:
         40:3e:60:8b:1a:a1:c7:01:57:05:10:06:63:57:b4:4a:14:f1:
         b5:4d:92:b9:43:8a:9e:26:3c:cd:e3:63:61:09:ef:7f:14:82:
         05:fe:3e:9d:db:9a:23:95:57:7e:91:04:29:bf:54:4d:3a:79:
         16:46:dd:f1:fb:1d:c3:33:ea:0c:b0:2f:ec:82:a6:b9:b9:df:
         f6:42:b9:80:29:f6:c2:8d:ad:8a:06:f4:7f:fb:8e:44:df:7c:
         06:09:f4:6f:e7:e6:8d:d8:f2:e1:46:f8:2a:64:6d:3a:43:57:
         e8:92:24:05:66:a0:59:50:88:fe:82:a4:38:f7:28:00:ae:de:
         f3:c6:dc:d1:3c:a5:d6:55:6f:8e:0a:6f:0d:eb:a8:5c:83:2b:
         52:0f:19:0f:41:79:5d:8d:5c:28:e7:a3:69:b6:b4:20:7a:ce:
         d3:9f:2f:10:50:05:bd:67:65:be:97:27:ba:d3:cb:19:2f:cc:
         dc:7a:24:93:9f:49:a0:89:7c:ae:c6:29:df:d8:6c:fc:57:67:
         c6:fd:51:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZNyf/sBsE912o6FlXhO7WLMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwMjU4YWUwYzI2YzY1YTZhNjk2NmYzZjdlNjk4NjMzYjkx
NDM0MjYwHhcNMjQxMTI4MTEyMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTBmZDM3MDkzMzc5YjgyNWUyYjljNTA4M2UyMDU5ZGNjYTQyNTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn0mMbcrJTKc6gSLy1eUKNLBNwfWn
BQXFKRb8t+juW72bwtU2Z5ISRIHl27j2oVKjr7k36dX5NKW4NE1R08CUGREGO9Gl
fPVddh/fiBqFtWogexOEfXXAZBGCE3SRv13Z3e8VipwCvBkxfZ7Emppj5JRNQuNZ
ZMquKdE/xOat+pgwXmZbkVXFDlAj/Rs+GFlSYQ8sbnnSBbKHuDU5PhWV9nn+7k1P
2pbENNpuDfUlAQx24alT3ObnkGiNOZ84OOIHz4yCRoocD3204cFCENaKd4S5cBLo
xj2K6VsX0u0tDoMAHrv++Wm6Akt2P8BsPutIs1Yq4W7jnKIZU7TEQ9c3OwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBEP03CTN5uCXiucUIPiBZ3MpCWIMB8GA1UdIwQY
MBaAFBAliuDCbGWmppZvP35phjO5FDQmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUNXSzRNSnNaYWFtbG04X2ZtbUdNN2tVTkNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8xMzQxYTctMWNlNi00M2I5LWJmNzYt
ZWY3ZThkNDQzNGYzLzEvRVFfVGNKTTNtNEplSzV4UWctSUZuY3lrSllnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8xMzQxYTctMWNlNi00M2I5LWJmNzYtZWY3ZThkNDQzNGYz
LzEvRUNXSzRNSnNaYWFtbG04X2ZtbUdNN2tVTkNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+R2MA0G
CSqGSIb3DQEBCwUAA4IBAQBEhsTuT3/MVYQo5lajGqcF3DHJK5HsRDO9032Vj9Ir
N3ZE5Hm+N4DrRRmQkaw7bmNDcwFwuspAPmCLGqHHAVcFEAZjV7RKFPG1TZK5Q4qe
JjzN42NhCe9/FIIF/j6d25ojlVd+kQQpv1RNOnkWRt3x+x3DM+oMsC/sgqa5ud/2
QrmAKfbCja2KBvR/+45E33wGCfRv5+aN2PLhRvgqZG06Q1fokiQFZqBZUIj+gqQ4
9ygArt7zxtzRPKXWVW+OCm8N66hcgytSDxkPQXldjVwo56NptrQges7Tny8QUAW9
Z2W+lye608sZL8zceiSTn0mgiXyuxinf2Gz8V2fG/VGA
-----END CERTIFICATE-----