Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/d505e8-02b3-4d87-94c6-1da4b92799f6/1/eVKsEsZr6gB68Zo9TNcu-9I752U.roa
File:                     eVKsEsZr6gB68Zo9TNcu-9I752U.roa (raw, json)
Hash identifier:          EZGdWjVxX6cyHbSc76sTqplIRnZDqoYAvS/hd1OeT4Q=
Subject key identifier:   79:52:AC:12:C6:6B:EA:00:7A:F1:9A:3D:4C:D7:2E:FB:D2:3B:E7:65
Certificate issuer:       /CN=982b5693b8261fb539fea3b13c817115f00c18df
Certificate serial:       019426D9E7D25D54B93A9A4146800924FE58
Authority key identifier: 98:2B:56:93:B8:26:1F:B5:39:FE:A3:B1:3C:81:71:15:F0:0C:18:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mCtWk7gmH7U5_qOxPIFxFfAMGN8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/d505e8-02b3-4d87-94c6-1da4b92799f6/1/eVKsEsZr6gB68Zo9TNcu-9I752U.roa
Signing time:             Thu 02 Jan 2025 11:50:02 +0000
ROA not before:           Thu 02 Jan 2025 11:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     6428
IP address blocks:        91.90.162.1/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/d505e8-02b3-4d87-94c6-1da4b92799f6/1/mCtWk7gmH7U5_qOxPIFxFfAMGN8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/d505e8-02b3-4d87-94c6-1da4b92799f6/1/mCtWk7gmH7U5_qOxPIFxFfAMGN8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mCtWk7gmH7U5_qOxPIFxFfAMGN8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:e7:d2:5d:54:b9:3a:9a:41:46:80:09:24:fe:58
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=982b5693b8261fb539fea3b13c817115f00c18df
        Validity
            Not Before: Jan  2 11:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7952ac12c66bea007af19a3d4cd72efbd23be765
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:0d:10:eb:8c:07:fc:ca:76:94:ec:c9:ae:0b:
                    94:48:47:c0:1a:ed:e7:9f:0a:b4:9c:4b:80:1e:2f:
                    85:8a:3c:87:d4:b8:2a:17:f1:2a:72:e6:aa:0d:0b:
                    d8:d1:23:fa:eb:d1:89:e4:ad:63:3a:8c:d8:1b:a0:
                    61:3a:52:f5:5d:a3:13:0f:db:1b:72:6d:53:c8:5c:
                    15:97:8e:23:d1:35:7f:09:d5:e2:df:cf:81:83:f1:
                    7a:8a:6e:0d:c3:5d:a3:60:9b:ee:dd:39:00:04:b8:
                    b1:22:ff:53:95:ef:55:ee:40:5e:5e:9c:da:c6:eb:
                    a1:60:6d:59:fa:e8:b7:78:b9:c6:c5:6f:6d:64:5e:
                    fa:47:e4:73:41:2e:e5:5b:0c:e8:2a:4b:47:e6:18:
                    e8:31:28:3d:e5:7b:bc:3c:f8:91:13:ca:6f:54:77:
                    05:ab:4e:da:20:f2:00:63:8a:16:23:b2:94:68:c4:
                    42:40:65:e0:66:b3:6f:82:d3:fa:c8:4a:9b:24:92:
                    50:21:5f:25:ce:30:dd:f1:18:c4:e6:15:e1:a6:ad:
                    1c:82:33:8e:b1:4d:5c:b6:4c:a8:2b:b4:c8:2c:45:
                    98:99:c2:02:87:8d:df:f8:71:1f:9e:ee:b6:a2:f6:
                    a2:88:a4:17:0e:0d:f0:e6:eb:72:08:1b:49:cc:ac:
                    23:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:52:AC:12:C6:6B:EA:00:7A:F1:9A:3D:4C:D7:2E:FB:D2:3B:E7:65
            X509v3 Authority Key Identifier:
                keyid:98:2B:56:93:B8:26:1F:B5:39:FE:A3:B1:3C:81:71:15:F0:0C:18:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mCtWk7gmH7U5_qOxPIFxFfAMGN8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/d505e8-02b3-4d87-94c6-1da4b92799f6/1/eVKsEsZr6gB68Zo9TNcu-9I752U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/d505e8-02b3-4d87-94c6-1da4b92799f6/1/mCtWk7gmH7U5_qOxPIFxFfAMGN8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.90.162.1/32

    Signature Algorithm: sha256WithRSAEncryption
         7a:10:54:b1:07:26:7e:8a:4d:7e:c9:21:5b:50:7e:c1:4e:7b:
         a5:50:ef:ef:da:71:e2:1b:00:55:ed:8d:43:ba:25:c6:f3:da:
         f3:db:be:39:48:19:b8:30:fd:65:f7:0f:b4:fd:f9:d6:75:a3:
         44:11:6d:b8:3d:4f:0c:8b:02:5b:ae:83:a0:79:60:8a:8c:87:
         35:ef:fc:fd:67:b2:5f:2b:10:c7:db:77:fd:ae:3b:fe:ef:32:
         ac:99:25:04:2e:1f:26:3b:10:54:89:75:a1:ae:bc:65:4a:4e:
         14:a9:b5:d0:50:dd:7c:4c:33:c0:d2:39:be:dc:92:53:77:5a:
         b1:d8:22:81:fe:ff:7c:54:8c:21:2f:27:fd:bc:01:61:08:8d:
         20:48:a8:82:0f:7a:e7:2a:7c:cc:0b:c7:32:13:3f:a9:ca:e0:
         e9:8b:b9:42:ae:c7:6d:eb:6c:67:e5:66:74:94:db:44:10:87:
         b4:31:cc:3c:2a:40:8e:75:b3:22:20:de:07:ee:b5:fd:0a:b1:
         aa:a5:a5:af:51:65:2a:27:ee:40:d4:f5:83:d8:3c:af:33:99:
         90:52:75:57:bf:25:06:dc:19:b7:91:04:30:7b:45:6e:ac:8c:
         dc:d6:9f:e0:95:22:d9:c3:7c:3a:81:cd:61:a6:83:af:56:58:
         21:1b:c7:27
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQm2efSXVS5OppBRoAJJP5YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk4MmI1NjkzYjgyNjFmYjUzOWZlYTNiMTNjODE3MTE1ZjAw
YzE4ZGYwHhcNMjUwMTAyMTE1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTUyYWMxMmM2NmJlYTAwN2FmMTlhM2Q0Y2Q3MmVmYmQyM2JlNzY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+w0Q64wH/Mp2lOzJrguUSEfAGu3n
nwq0nEuAHi+FijyH1LgqF/EqcuaqDQvY0SP669GJ5K1jOozYG6BhOlL1XaMTD9sb
cm1TyFwVl44j0TV/CdXi38+Bg/F6im4Nw12jYJvu3TkABLixIv9Tle9V7kBeXpza
xuuhYG1Z+ui3eLnGxW9tZF76R+RzQS7lWwzoKktH5hjoMSg95Xu8PPiRE8pvVHcF
q07aIPIAY4oWI7KUaMRCQGXgZrNvgtP6yEqbJJJQIV8lzjDd8RjE5hXhpq0cgjOO
sU1ctkyoK7TILEWYmcICh43f+HEfnu62ovaiiKQXDg3w5utyCBtJzKwjswIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFHlSrBLGa+oAevGaPUzXLvvSO+dlMB8GA1UdIwQY
MBaAFJgrVpO4Jh+1Of6jsTyBcRXwDBjfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbUN0V2s3Z21IN1U1X3FPeFBJRnhGZkFNR044LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9kNTA1ZTgtMDJiMy00ZDg3LTk0YzYt
MWRhNGI5Mjc5OWY2LzEvZVZLc0VzWnI2Z0I2OFpvOVROY3UtOUk3NTJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9kNTA1ZTgtMDJiMy00ZDg3LTk0YzYtMWRhNGI5Mjc5OWY2
LzEvbUN0V2s3Z21IN1U1X3FPeFBJRnhGZkFNR044LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUAW1qiATAN
BgkqhkiG9w0BAQsFAAOCAQEAehBUsQcmfopNfskhW1B+wU57pVDv79px4hsAVe2N
Q7olxvPa89u+OUgZuDD9ZfcPtP351nWjRBFtuD1PDIsCW66DoHlgioyHNe/8/Wey
XysQx9t3/a47/u8yrJklBC4fJjsQVIl1oa68ZUpOFKm10FDdfEwzwNI5vtySU3da
sdgigf7/fFSMIS8n/bwBYQiNIEiogg965yp8zAvHMhM/qcrg6Yu5Qq7HbetsZ+Vm
dJTbRBCHtDHMPCpAjnWzIiDeB+61/QqxqqWlr1FlKifuQNT1g9g8rzOZkFJ1V78l
BtwZt5EEMHtFbqyM3Naf4JUi2cN8OoHNYaaDr1ZYIRvHJw==
-----END CERTIFICATE-----