Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/9ad508-bfc1-4b8a-bafc-cd024788ed3c/1/EiOjn6Cn36HWuMJFodH0EVbfYdc.roa
File:                     EiOjn6Cn36HWuMJFodH0EVbfYdc.roa (raw, json)
Hash identifier:          prKCNtfilLl42pcGEF7Kjg7za6QhPHVZeIUhroTyVuU=
Subject key identifier:   12:23:A3:9F:A0:A7:DF:A1:D6:B8:C2:45:A1:D1:F4:11:56:DF:61:D7
Certificate issuer:       /CN=de0b59fb68151e21dc99d62faf03589be41fbea2
Certificate serial:       0194258FCC8B027CC560257115BB0803AEA4
Authority key identifier: DE:0B:59:FB:68:15:1E:21:DC:99:D6:2F:AF:03:58:9B:E4:1F:BE:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3gtZ-2gVHiHcmdYvrwNYm-QfvqI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/9ad508-bfc1-4b8a-bafc-cd024788ed3c/1/EiOjn6Cn36HWuMJFodH0EVbfYdc.roa
Signing time:             Thu 02 Jan 2025 05:49:28 +0000
ROA not before:           Thu 02 Jan 2025 05:49:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15404
IP address blocks:        91.212.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/9ad508-bfc1-4b8a-bafc-cd024788ed3c/1/3gtZ-2gVHiHcmdYvrwNYm-QfvqI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/9ad508-bfc1-4b8a-bafc-cd024788ed3c/1/3gtZ-2gVHiHcmdYvrwNYm-QfvqI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3gtZ-2gVHiHcmdYvrwNYm-QfvqI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:cc:8b:02:7c:c5:60:25:71:15:bb:08:03:ae:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=de0b59fb68151e21dc99d62faf03589be41fbea2
        Validity
            Not Before: Jan  2 05:49:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1223a39fa0a7dfa1d6b8c245a1d1f41156df61d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:25:f0:ec:bd:97:f3:51:97:b8:7c:b6:cd:8d:
                    72:b5:25:cb:7d:c2:84:78:11:60:07:90:3f:94:03:
                    c9:eb:04:e2:a3:de:41:4e:55:bd:cb:0d:ee:ed:2e:
                    a2:01:72:a1:31:a1:5a:7e:32:c1:2c:2e:38:70:85:
                    09:9c:57:ab:a8:79:bb:51:0b:97:87:a0:ab:ba:f4:
                    8a:f1:61:0f:1d:c7:9d:a6:f2:c7:47:d8:07:95:95:
                    8b:0d:e7:98:b9:c0:d7:36:04:74:f7:f9:5b:1e:f3:
                    11:92:5a:5f:c5:9d:e1:38:16:0b:6e:1b:1d:cf:b5:
                    54:66:23:6d:2f:36:31:90:f4:ed:f6:01:d1:71:b2:
                    4d:a4:56:d3:d5:36:f3:e9:85:b3:1a:07:ab:c8:78:
                    ba:49:e7:2a:0e:44:4a:7f:b3:1f:3d:bb:34:32:a8:
                    62:be:3f:36:17:c9:c6:9c:ec:00:3c:57:8a:4b:f1:
                    12:f0:0a:d2:61:fe:37:8c:25:9d:44:0a:db:f6:67:
                    18:b7:2a:8e:fc:a5:89:f4:39:1d:7f:e8:69:86:1b:
                    05:d9:5b:34:83:f5:6e:95:b2:2b:82:d0:8f:eb:36:
                    97:00:1c:89:d4:a8:2e:25:5d:af:b3:a1:85:6c:13:
                    39:54:f3:4b:5a:0f:8b:f6:95:1a:cb:76:69:93:0d:
                    1e:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:23:A3:9F:A0:A7:DF:A1:D6:B8:C2:45:A1:D1:F4:11:56:DF:61:D7
            X509v3 Authority Key Identifier:
                keyid:DE:0B:59:FB:68:15:1E:21:DC:99:D6:2F:AF:03:58:9B:E4:1F:BE:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3gtZ-2gVHiHcmdYvrwNYm-QfvqI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/9ad508-bfc1-4b8a-bafc-cd024788ed3c/1/EiOjn6Cn36HWuMJFodH0EVbfYdc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/9ad508-bfc1-4b8a-bafc-cd024788ed3c/1/3gtZ-2gVHiHcmdYvrwNYm-QfvqI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:f5:a4:de:c3:88:90:6e:d4:b7:bc:f2:4a:54:fb:12:7f:ad:
         83:29:a2:a9:92:83:c1:7b:92:09:98:2a:60:48:c4:94:51:4d:
         0f:cc:77:78:19:35:55:38:eb:34:9f:1b:10:2e:da:1e:f7:1d:
         71:91:12:bd:a2:f8:6e:3a:70:c4:7d:61:96:23:eb:e0:0a:4e:
         73:8d:89:f4:35:59:6e:e3:f7:e0:73:7b:65:75:b6:dd:8c:02:
         4f:1e:f6:59:8d:e9:e5:f1:8a:88:05:6b:2d:c2:ff:14:a6:24:
         f2:bc:35:5f:bb:2b:e2:87:eb:0c:77:8c:d1:39:ce:31:5e:9e:
         88:af:81:4e:c9:fd:7c:9e:00:0e:72:c2:a5:82:15:32:11:c4:
         de:09:a7:d1:93:20:8e:a1:07:17:61:33:4e:c8:c2:ac:7d:0b:
         3a:c3:4f:bf:3e:56:fb:99:1b:88:e7:10:b8:cf:47:3c:c0:5b:
         c5:99:95:e7:6f:a9:81:48:92:d6:b2:33:3e:11:c4:0e:06:45:
         f7:ad:5c:73:56:a3:65:43:4c:06:fd:45:de:fc:9f:01:c7:2f:
         be:5c:6f:ed:0e:0f:20:7f:03:73:8a:4a:aa:e4:c7:14:93:35:
         54:28:d2:f2:b7:b4:50:6e:60:fb:56:a2:66:47:f7:02:55:2d:
         d5:2d:06:fe
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj8yLAnzFYCVxFbsIA66kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRlMGI1OWZiNjgxNTFlMjFkYzk5ZDYyZmFmMDM1ODliZTQx
ZmJlYTIwHhcNMjUwMTAyMDU0OTI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjIzYTM5ZmEwYTdkZmExZDZiOGMyNDVhMWQxZjQxMTU2ZGY2MWQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhiXw7L2X81GXuHy2zY1ytSXLfcKE
eBFgB5A/lAPJ6wTio95BTlW9yw3u7S6iAXKhMaFafjLBLC44cIUJnFerqHm7UQuX
h6CruvSK8WEPHcedpvLHR9gHlZWLDeeYucDXNgR09/lbHvMRklpfxZ3hOBYLbhsd
z7VUZiNtLzYxkPTt9gHRcbJNpFbT1Tbz6YWzGgeryHi6SecqDkRKf7MfPbs0Mqhi
vj82F8nGnOwAPFeKS/ES8ArSYf43jCWdRArb9mcYtyqO/KWJ9Dkdf+hphhsF2Vs0
g/VulbIrgtCP6zaXAByJ1KguJV2vs6GFbBM5VPNLWg+L9pUay3Zpkw0e5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBIjo5+gp9+h1rjCRaHR9BFW32HXMB8GA1UdIwQY
MBaAFN4LWftoFR4h3JnWL68DWJvkH76iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2d0Wi0yZ1ZIaUhjbWRZdnJ3TlltLVFmdnFJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi85YWQ1MDgtYmZjMS00YjhhLWJhZmMt
Y2QwMjQ3ODhlZDNjLzEvRWlPam42Q24zNkhXdU1KRm9kSDBFVmJmWWRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi85YWQ1MDgtYmZjMS00YjhhLWJhZmMtY2QwMjQ3ODhlZDNj
LzEvM2d0Wi0yZ1ZIaUhjbWRZdnJ3TlltLVFmdnFJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9T1MA0G
CSqGSIb3DQEBCwUAA4IBAQAB9aTew4iQbtS3vPJKVPsSf62DKaKpkoPBe5IJmCpg
SMSUUU0PzHd4GTVVOOs0nxsQLtoe9x1xkRK9ovhuOnDEfWGWI+vgCk5zjYn0NVlu
4/fgc3tldbbdjAJPHvZZjenl8YqIBWstwv8UpiTyvDVfuyvih+sMd4zROc4xXp6I
r4FOyf18ngAOcsKlghUyEcTeCafRkyCOoQcXYTNOyMKsfQs6w0+/Plb7mRuI5xC4
z0c8wFvFmZXnb6mBSJLWsjM+EcQOBkX3rVxzVqNlQ0wG/UXe/J8Bxy++XG/tDg8g
fwNzikqq5McUkzVUKNLyt7RQbmD7VqJmR/cCVS3VLQb+
-----END CERTIFICATE-----