Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/eG1NX6T8W2OgaQ0R-TUH-NdFUkE.roa
File:                     eG1NX6T8W2OgaQ0R-TUH-NdFUkE.roa (raw, json)
Hash identifier:          M7+5DO1imXHOihtKzisqex081souNJ3L3lNQS8xdOXw=
Subject key identifier:   78:6D:4D:5F:A4:FC:5B:63:A0:69:0D:11:F9:35:07:F8:D7:45:52:41
Certificate issuer:       /CN=b9954499977278a75570b3403f4d3aa00b1b36e8
Certificate serial:       0194266BD0787BFC78D90F5ABB7093806710
Authority key identifier: B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/eG1NX6T8W2OgaQ0R-TUH-NdFUkE.roa
Signing time:             Thu 02 Jan 2025 09:49:47 +0000
ROA not before:           Thu 02 Jan 2025 09:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15384
IP address blocks:        193.91.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:d0:78:7b:fc:78:d9:0f:5a:bb:70:93:80:67:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b9954499977278a75570b3403f4d3aa00b1b36e8
        Validity
            Not Before: Jan  2 09:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=786d4d5fa4fc5b63a0690d11f93507f8d7455241
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:84:55:6c:3e:3d:d3:ed:c9:a3:4d:2d:18:78:
                    d3:ec:95:65:b3:99:c4:4a:24:24:05:f7:aa:f4:63:
                    68:04:77:03:5e:db:3a:38:cd:5f:ff:db:fe:e9:c6:
                    2e:cb:12:9e:19:20:cf:a6:93:81:b2:32:86:d2:ac:
                    6b:56:74:f2:75:ed:81:2d:d2:c6:4a:1b:7f:6c:c9:
                    a4:f7:0c:04:97:f1:d3:2e:0e:b7:79:3d:f1:dc:48:
                    94:15:b4:c2:cc:e5:16:48:12:bd:ce:0e:2e:9a:76:
                    10:21:77:3b:31:b2:3b:02:df:34:bc:38:4d:7b:ac:
                    6b:50:11:00:35:2b:9e:28:9f:71:42:ee:3e:ed:cf:
                    73:fe:43:f8:67:b4:fc:1b:f1:f7:22:fd:8e:26:e9:
                    64:0e:ec:bd:a6:c7:82:4e:4f:75:02:e2:0f:2c:3a:
                    62:29:78:40:80:0b:5b:54:bd:e7:8c:f0:e4:1a:9d:
                    98:78:3e:62:8c:a5:84:00:b9:2a:66:ce:fe:f1:c9:
                    84:6e:e4:45:91:0e:85:71:72:6c:ab:bb:98:9c:d2:
                    90:ce:99:f3:58:9c:3b:4c:38:5d:2a:7f:80:43:b3:
                    85:69:15:6a:52:91:67:fd:07:27:19:27:90:b8:23:
                    7e:12:82:3e:77:ac:bd:f9:d7:c6:40:b5:4b:60:fd:
                    ef:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:6D:4D:5F:A4:FC:5B:63:A0:69:0D:11:F9:35:07:F8:D7:45:52:41
            X509v3 Authority Key Identifier:
                keyid:B9:95:44:99:97:72:78:A7:55:70:B3:40:3F:4D:3A:A0:0B:1B:36:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uZVEmZdyeKdVcLNAP006oAsbNug.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/eG1NX6T8W2OgaQ0R-TUH-NdFUkE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/788803-be12-433f-a8d0-024b1655c247/1/uZVEmZdyeKdVcLNAP006oAsbNug.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.91.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:e7:0a:1b:bc:45:3a:3c:3e:1b:79:35:c8:96:d0:1c:26:e9:
         64:0a:db:ed:c9:ef:e8:a3:9e:31:d2:42:e1:21:05:80:99:04:
         4a:dc:24:d8:3e:9c:d8:23:79:cb:eb:d6:3a:a1:2d:4f:bd:d7:
         8f:c9:57:5f:f1:30:38:c5:12:fb:5c:41:45:53:51:a1:c0:99:
         77:2a:2e:e2:73:ed:cc:f1:10:be:18:1e:00:c0:35:ab:7f:1f:
         f7:1d:98:a8:d3:df:38:c0:f9:77:41:83:e5:2d:73:f5:fa:8b:
         6d:2d:06:29:d6:a6:8c:33:c5:af:1f:d2:cf:01:91:8e:d6:f4:
         2c:f0:39:1b:71:6a:74:e8:da:a1:3c:ad:a5:cd:93:32:ec:59:
         51:6f:1b:f4:b7:35:ae:0c:d2:e0:b1:5e:82:cd:69:5f:a9:bf:
         ab:16:25:93:7c:d9:9a:7a:37:de:d4:fe:ff:b9:77:59:2a:4f:
         5a:16:c9:0c:1d:d7:b2:ea:fb:00:62:c7:05:a6:4f:15:c4:85:
         6a:30:cc:6d:63:eb:5c:9f:00:78:fd:25:fa:b2:62:7f:06:e5:
         88:bf:ad:36:b6:c6:e9:6e:dd:d5:0e:da:d1:a7:28:13:c6:98:
         22:8c:52:ac:b7:07:71:ec:90:a1:73:1b:87:c6:a6:0c:15:75:
         4a:54:71:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma9B4e/x42Q9au3CTgGcQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5OTU0NDk5OTc3Mjc4YTc1NTcwYjM0MDNmNGQzYWEwMGIx
YjM2ZTgwHhcNMjUwMTAyMDk0OTQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODZkNGQ1ZmE0ZmM1YjYzYTA2OTBkMTFmOTM1MDdmOGQ3NDU1MjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyoRVbD490+3Jo00tGHjT7JVls5nE
SiQkBfeq9GNoBHcDXts6OM1f/9v+6cYuyxKeGSDPppOBsjKG0qxrVnTyde2BLdLG
Sht/bMmk9wwEl/HTLg63eT3x3EiUFbTCzOUWSBK9zg4umnYQIXc7MbI7At80vDhN
e6xrUBEANSueKJ9xQu4+7c9z/kP4Z7T8G/H3Iv2OJulkDuy9pseCTk91AuIPLDpi
KXhAgAtbVL3njPDkGp2YeD5ijKWEALkqZs7+8cmEbuRFkQ6FcXJsq7uYnNKQzpnz
WJw7TDhdKn+AQ7OFaRVqUpFn/QcnGSeQuCN+EoI+d6y9+dfGQLVLYP3vwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhtTV+k/FtjoGkNEfk1B/jXRVJBMB8GA1UdIwQY
MBaAFLmVRJmXcninVXCzQD9NOqALGzboMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAt
MDI0YjE2NTVjMjQ3LzEvZUcxTlg2VDhXMk9nYVEwUi1UVUgtTmRGVWtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny83ODg4MDMtYmUxMi00MzNmLWE4ZDAtMDI0YjE2NTVjMjQ3
LzEvdVpWRW1aZHllS2RWY0xOQVAwMDZvQXNiTnVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwVsfMA0G
CSqGSIb3DQEBCwUAA4IBAQAt5wobvEU6PD4beTXIltAcJulkCtvtye/oo54x0kLh
IQWAmQRK3CTYPpzYI3nL69Y6oS1PvdePyVdf8TA4xRL7XEFFU1GhwJl3Ki7ic+3M
8RC+GB4AwDWrfx/3HZio0984wPl3QYPlLXP1+ottLQYp1qaMM8WvH9LPAZGO1vQs
8DkbcWp06NqhPK2lzZMy7FlRbxv0tzWuDNLgsV6CzWlfqb+rFiWTfNmaejfe1P7/
uXdZKk9aFskMHdey6vsAYscFpk8VxIVqMMxtY+tcnwB4/SX6smJ/BuWIv602tsbp
bt3VDtrRpygTxpgijFKstwdx7JChcxuHxqYMFXVKVHFx
-----END CERTIFICATE-----