Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/7e76fc-14a6-4269-8245-f0781a63e440/1/EG5hXkfnCx69G2LzumAxiWKN9ms.roa
File:                     EG5hXkfnCx69G2LzumAxiWKN9ms.roa (raw, json)
Hash identifier:          3kJIgQxOl65B6VANA7tqvV4dS+VVwwDWirt8+6BmkaE=
Subject key identifier:   10:6E:61:5E:47:E7:0B:1E:BD:1B:62:F3:BA:60:31:89:62:8D:F6:6B
Certificate issuer:       /CN=db9d7c57714ef40fdb0165dc1984580ce1d5906b
Certificate serial:       018CC94DD45C23A8E16C691AD5D686E899C4
Authority key identifier: DB:9D:7C:57:71:4E:F4:0F:DB:01:65:DC:19:84:58:0C:E1:D5:90:6B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/2518V3FO9A_bAWXcGYRYDOHVkGs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/7e76fc-14a6-4269-8245-f0781a63e440/1/EG5hXkfnCx69G2LzumAxiWKN9ms.roa
Signing time:             Tue 02 Jan 2024 08:32:50 +0000
ROA not before:           Tue 02 Jan 2024 08:32:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49379
IP address blocks:        91.212.227.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/7e76fc-14a6-4269-8245-f0781a63e440/1/2518V3FO9A_bAWXcGYRYDOHVkGs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/7e76fc-14a6-4269-8245-f0781a63e440/1/2518V3FO9A_bAWXcGYRYDOHVkGs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/2518V3FO9A_bAWXcGYRYDOHVkGs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 11:00:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4d:d4:5c:23:a8:e1:6c:69:1a:d5:d6:86:e8:99:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db9d7c57714ef40fdb0165dc1984580ce1d5906b
        Validity
            Not Before: Jan  2 08:32:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=106e615e47e70b1ebd1b62f3ba603189628df66b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:a0:2a:f5:ec:a7:e9:35:88:d5:04:cf:ca:da:
                    9b:81:cc:77:98:1a:7b:ec:e8:48:39:14:bb:1a:6d:
                    3e:b3:a5:2e:22:2f:f8:59:60:b9:70:81:dd:b2:a3:
                    89:9b:1b:1c:0e:78:bc:5b:03:00:79:af:3a:60:37:
                    c8:3c:67:2e:e8:02:80:20:3b:5e:cd:18:40:11:ca:
                    f3:20:b3:e1:d6:c7:0a:35:d0:b0:86:75:1f:b4:cb:
                    52:39:eb:b5:a0:c6:7b:fb:f4:4d:69:0c:4a:be:7d:
                    c0:96:32:10:87:83:cf:cc:51:c3:49:7e:26:4a:13:
                    4c:e5:94:85:d8:09:79:1f:4f:d5:6a:51:dc:c2:99:
                    2c:26:06:95:b7:19:a7:f3:f0:ec:cf:fa:a9:5b:ab:
                    b9:0f:02:4e:c7:5d:ac:f1:51:2e:52:95:1e:01:00:
                    74:60:14:75:b1:0f:3a:54:0c:1b:c4:4e:cd:d9:cf:
                    7d:a6:d7:e8:51:22:40:3b:07:8e:d4:72:38:21:df:
                    81:a9:7d:a5:3d:bd:57:c5:d5:55:5f:e7:b5:a4:58:
                    cf:ed:26:62:b1:d3:c1:94:45:bb:64:64:ec:02:6d:
                    fb:18:be:00:cd:02:e8:fc:28:6f:fc:8c:5f:f3:db:
                    ba:7a:32:b0:1e:2c:31:b2:1b:2f:99:8a:3d:fe:c4:
                    ad:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:6E:61:5E:47:E7:0B:1E:BD:1B:62:F3:BA:60:31:89:62:8D:F6:6B
            X509v3 Authority Key Identifier:
                keyid:DB:9D:7C:57:71:4E:F4:0F:DB:01:65:DC:19:84:58:0C:E1:D5:90:6B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2518V3FO9A_bAWXcGYRYDOHVkGs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/7e76fc-14a6-4269-8245-f0781a63e440/1/EG5hXkfnCx69G2LzumAxiWKN9ms.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/7e76fc-14a6-4269-8245-f0781a63e440/1/2518V3FO9A_bAWXcGYRYDOHVkGs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:06:93:2d:70:27:fe:10:90:f8:0b:e5:94:26:cd:b8:85:5b:
         49:36:d9:3f:3d:c6:c8:56:83:9e:90:c7:d7:5c:a3:c1:f4:14:
         66:4b:71:22:00:8f:03:48:ef:8e:40:57:98:55:5d:e7:5d:36:
         b6:15:55:05:a8:27:62:6f:50:34:c7:72:52:b5:cc:95:a5:19:
         df:71:91:1e:60:34:79:74:fb:8a:33:85:c2:9a:d1:2f:57:f0:
         85:e9:a3:9f:3e:5b:d3:62:cd:d8:9d:86:d5:7f:80:a1:87:86:
         d4:e9:5e:ba:2b:e1:9d:fb:3d:18:f3:30:d3:0b:81:1d:8b:35:
         3e:b1:95:8f:71:88:e6:d1:02:08:04:75:e2:37:3a:6c:cb:03:
         86:3e:02:a0:33:b1:90:1a:b6:13:32:03:9b:7a:4f:e0:97:6d:
         48:ea:33:6f:91:a5:f3:30:71:89:13:14:41:c1:2e:ec:0a:43:
         a4:94:04:53:87:dc:29:ab:67:60:52:bf:6b:0d:85:6a:9f:fd:
         2e:de:f3:9e:9b:5d:00:85:58:7a:da:b0:fe:ea:e2:65:db:40:
         3d:9a:4d:8b:2c:18:94:78:1e:98:da:52:b1:a6:6a:cd:fb:b6:
         4e:e0:26:e2:62:f4:6a:b3:78:bf:e4:2e:77:4d:53:6c:63:cd:
         d2:8c:33:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTdRcI6jhbGka1daG6JnEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiOWQ3YzU3NzE0ZWY0MGZkYjAxNjVkYzE5ODQ1ODBjZTFk
NTkwNmIwHhcNMjQwMTAyMDgzMjUwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDZlNjE1ZTQ3ZTcwYjFlYmQxYjYyZjNiYTYwMzE4OTYyOGRmNjZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoaAq9eyn6TWI1QTPytqbgcx3mBp7
7OhIORS7Gm0+s6UuIi/4WWC5cIHdsqOJmxscDni8WwMAea86YDfIPGcu6AKAIDte
zRhAEcrzILPh1scKNdCwhnUftMtSOeu1oMZ7+/RNaQxKvn3AljIQh4PPzFHDSX4m
ShNM5ZSF2Al5H0/ValHcwpksJgaVtxmn8/Dsz/qpW6u5DwJOx12s8VEuUpUeAQB0
YBR1sQ86VAwbxE7N2c99ptfoUSJAOweO1HI4Id+BqX2lPb1XxdVVX+e1pFjP7SZi
sdPBlEW7ZGTsAm37GL4AzQLo/Chv/Ixf89u6ejKwHiwxshsvmYo9/sStnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBBuYV5H5wsevRti87pgMYlijfZrMB8GA1UdIwQY
MBaAFNudfFdxTvQP2wFl3BmEWAzh1ZBrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjUxOFYzRk85QV9iQVdYY0dZUllET0hWa0dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My83ZTc2ZmMtMTRhNi00MjY5LTgyNDUt
ZjA3ODFhNjNlNDQwLzEvRUc1aFhrZm5DeDY5RzJMenVtQXhpV0tOOW1zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My83ZTc2ZmMtMTRhNi00MjY5LTgyNDUtZjA3ODFhNjNlNDQw
LzEvMjUxOFYzRk85QV9iQVdYY0dZUllET0hWa0dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9TjMA0G
CSqGSIb3DQEBCwUAA4IBAQBlBpMtcCf+EJD4C+WUJs24hVtJNtk/PcbIVoOekMfX
XKPB9BRmS3EiAI8DSO+OQFeYVV3nXTa2FVUFqCdib1A0x3JStcyVpRnfcZEeYDR5
dPuKM4XCmtEvV/CF6aOfPlvTYs3YnYbVf4Chh4bU6V66K+Gd+z0Y8zDTC4EdizU+
sZWPcYjm0QIIBHXiNzpsywOGPgKgM7GQGrYTMgObek/gl21I6jNvkaXzMHGJExRB
wS7sCkOklARTh9wpq2dgUr9rDYVqn/0u3vOem10AhVh62rD+6uJl20A9mk2LLBiU
eB6Y2lKxpmrN+7ZO4CbiYvRqs3i/5C53TVNsY83SjDNL
-----END CERTIFICATE-----