Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/EaYj1OkMggpVWmKzP3EtYuJz8oI.roa
File:                     EaYj1OkMggpVWmKzP3EtYuJz8oI.roa (raw, json)
Hash identifier:          y0OqTeNYwpzKn+LGuYcn575smiEGrnvGIhqUNmH82lw=
Subject key identifier:   11:A6:23:D4:E9:0C:82:0A:55:5A:62:B3:3F:71:2D:62:E2:73:F2:82
Certificate issuer:       /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial:       0190FEDCD8B8665882CD30FFF74213D8EAAB
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/EaYj1OkMggpVWmKzP3EtYuJz8oI.roa
Signing time:             Mon 29 Jul 2024 14:20:04 +0000
ROA not before:           Mon 29 Jul 2024 14:20:04 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     215355
IP address blocks:        91.103.120.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Sep 2024 09:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:fe:dc:d8:b8:66:58:82:cd:30:ff:f7:42:13:d8:ea:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
        Validity
            Not Before: Jul 29 14:20:04 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11a623d4e90c820a555a62b33f712d62e273f282
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:a4:b9:30:3f:40:01:4d:9a:b3:c2:2b:07:d3:
                    79:20:71:1e:20:14:10:14:0f:82:66:07:fd:f3:c1:
                    79:ff:fb:e9:bc:e3:10:fb:95:0d:24:96:f4:62:f0:
                    2e:e1:17:8e:48:b3:a3:9e:81:cb:61:d7:28:ff:92:
                    60:ea:36:6a:20:11:b4:47:02:8d:98:91:e7:86:d3:
                    a6:dd:2a:40:15:42:e6:8a:18:b8:1e:a0:89:67:74:
                    bb:b9:79:00:b9:bb:ad:be:1f:e2:ee:5e:f5:5c:ee:
                    89:6c:68:4d:0e:05:ce:e4:02:17:50:d5:2a:4f:f7:
                    71:c0:90:d1:06:0e:03:12:9a:ff:da:35:68:fa:51:
                    29:38:e9:46:a2:15:80:a8:96:f7:e4:58:c4:98:c2:
                    6b:6a:9d:4f:99:d8:3b:85:c6:a3:e3:7f:65:df:2c:
                    e6:26:45:ee:4e:22:0c:e9:82:6d:78:3e:cb:4b:a9:
                    2c:9b:18:bb:c8:70:f5:9b:b6:b0:d2:80:ce:ac:35:
                    75:69:bc:d0:31:7c:d8:16:c1:9c:bd:76:10:10:07:
                    c1:68:ab:31:f0:7b:b1:3d:9a:b1:8b:d3:69:f9:8f:
                    e7:05:bb:ab:9f:e1:ec:81:34:26:ca:90:7f:e6:24:
                    a5:da:87:dc:23:b2:bd:1d:29:7b:96:8a:4c:0e:4b:
                    94:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:A6:23:D4:E9:0C:82:0A:55:5A:62:B3:3F:71:2D:62:E2:73:F2:82
            X509v3 Authority Key Identifier:
                keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/EaYj1OkMggpVWmKzP3EtYuJz8oI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.103.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         67:3a:eb:89:29:58:0b:94:21:18:d6:63:f6:d6:d1:f4:49:ff:
         97:b0:4a:4f:c6:2a:61:49:6a:41:12:12:a8:88:ac:7e:cb:bd:
         c6:2a:a8:3e:81:7b:4f:63:80:10:51:44:4c:ab:54:95:6d:2b:
         a8:64:36:d7:04:83:06:37:fc:00:21:53:64:2b:bf:36:99:7e:
         b3:ae:63:3e:02:96:94:ff:fb:ca:36:d5:85:93:27:1c:d7:98:
         d9:de:bf:e0:c9:91:bb:ea:1e:3e:55:07:cd:55:0d:9b:e0:0e:
         4a:4c:fb:a1:30:71:f0:28:72:3a:39:09:69:b2:1c:7a:15:af:
         29:f5:15:33:e6:a2:2f:5f:e6:fa:53:7b:37:bf:f8:3f:a4:e6:
         f9:a4:8a:ac:e3:c6:6b:4e:c2:33:8e:40:20:43:e3:01:e6:29:
         39:7b:43:de:72:57:df:6b:e0:63:24:25:58:ff:7b:f1:3c:7e:
         db:33:79:53:95:e5:50:62:c8:d1:7f:32:5d:a3:f8:55:92:f7:
         26:4d:b3:2e:37:77:20:92:15:af:d5:e7:28:6a:4d:9c:a9:73:
         b4:d2:13:33:7a:07:74:89:e8:e8:a6:81:14:e7:d7:6a:83:42:
         c9:ee:98:31:d9:1b:69:f3:7d:b3:6d:9f:7d:18:9e:39:d2:fa:
         36:46:c7:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZD+3Ni4ZliCzTD/90IT2OqrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjQwNzI5MTQyMDA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWE2MjNkNGU5MGM4MjBhNTU1YTYyYjMzZjcxMmQ2MmUyNzNmMjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtaS5MD9AAU2as8IrB9N5IHEeIBQQ
FA+CZgf988F5//vpvOMQ+5UNJJb0YvAu4ReOSLOjnoHLYdco/5Jg6jZqIBG0RwKN
mJHnhtOm3SpAFULmihi4HqCJZ3S7uXkAubutvh/i7l71XO6JbGhNDgXO5AIXUNUq
T/dxwJDRBg4DEpr/2jVo+lEpOOlGohWAqJb35FjEmMJrap1Pmdg7hcaj439l3yzm
JkXuTiIM6YJteD7LS6ksmxi7yHD1m7aw0oDOrDV1abzQMXzYFsGcvXYQEAfBaKsx
8HuxPZqxi9Np+Y/nBburn+HsgTQmypB/5iSl2ofcI7K9HSl7lopMDkuU7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGmI9TpDIIKVVpisz9xLWLic/KCMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvRWFZajFPa01nZ3BWV21LelAzRXRZdUp6OG9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW2d4MA0G
CSqGSIb3DQEBCwUAA4IBAQBnOuuJKVgLlCEY1mP21tH0Sf+XsEpPxiphSWpBEhKo
iKx+y73GKqg+gXtPY4AQUURMq1SVbSuoZDbXBIMGN/wAIVNkK782mX6zrmM+ApaU
//vKNtWFkycc15jZ3r/gyZG76h4+VQfNVQ2b4A5KTPuhMHHwKHI6OQlpshx6Fa8p
9RUz5qIvX+b6U3s3v/g/pOb5pIqs48ZrTsIzjkAgQ+MB5ik5e0Peclffa+BjJCVY
/3vxPH7bM3lTleVQYsjRfzJdo/hVkvcmTbMuN3cgkhWv1ecoak2cqXO00hMzegd0
iejopoEU59dqg0LJ7pgx2Rtp832zbZ99GJ450vo2RsdY
-----END CERTIFICATE-----