Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/64/ad5ea9-8bd1-41ef-8356-fadc3524fa30/1/XiTX8PRRbjXruYbuuuJUYnL12Hc.roa
File:                     XiTX8PRRbjXruYbuuuJUYnL12Hc.roa (raw, json)
Hash identifier:          9YQjgU1UXlyr6JjfJF2PAwxgn/9h4L92vADp3ZCOwiQ=
Subject key identifier:   5E:24:D7:F0:F4:51:6E:35:EB:B9:86:EE:BA:E2:54:62:72:F5:D8:77
Certificate issuer:       /CN=eeb3e113ccfaeee1996ba90c461407fce290a9db
Certificate serial:       019427B5B8F2D55886A713C104F1A5753AAC
Authority key identifier: EE:B3:E1:13:CC:FA:EE:E1:99:6B:A9:0C:46:14:07:FC:E2:90:A9:DB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rPhE8z67uGZa6kMRhQH_OKQqds.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/64/ad5ea9-8bd1-41ef-8356-fadc3524fa30/1/XiTX8PRRbjXruYbuuuJUYnL12Hc.roa
Signing time:             Thu 02 Jan 2025 15:50:08 +0000
ROA not before:           Thu 02 Jan 2025 15:50:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208081
IP address blocks:        91.199.36.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/64/ad5ea9-8bd1-41ef-8356-fadc3524fa30/1/7rPhE8z67uGZa6kMRhQH_OKQqds.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/64/ad5ea9-8bd1-41ef-8356-fadc3524fa30/1/7rPhE8z67uGZa6kMRhQH_OKQqds.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rPhE8z67uGZa6kMRhQH_OKQqds.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 06:01:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:b8:f2:d5:58:86:a7:13:c1:04:f1:a5:75:3a:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eeb3e113ccfaeee1996ba90c461407fce290a9db
        Validity
            Not Before: Jan  2 15:50:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e24d7f0f4516e35ebb986eebae2546272f5d877
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:1b:f4:d8:12:fc:32:ca:a5:bd:05:ba:e8:6a:
                    81:c1:48:4e:e9:c2:88:a9:35:5a:65:8c:b8:ed:8e:
                    4d:9f:ee:4d:a5:de:48:cd:7f:92:bb:56:50:66:76:
                    da:e2:f0:7c:a8:41:af:4b:c3:b6:a7:19:9d:f7:eb:
                    79:20:ee:bc:3d:c2:05:08:ab:2d:5e:23:10:0a:19:
                    45:39:4d:ba:f4:ca:f5:48:67:b4:61:26:25:d3:67:
                    f9:6d:00:e3:dd:2f:6b:d0:03:4f:7a:cb:60:8b:d9:
                    be:40:e5:47:f9:f5:e2:69:91:3c:e7:d7:03:58:a2:
                    18:d7:3f:fa:96:53:0f:61:fa:4e:46:1f:c4:a6:00:
                    17:7f:d3:c5:97:0f:f1:4f:56:b6:5a:cd:af:05:3e:
                    d0:15:66:3f:b9:6b:b5:88:1d:1d:1a:3e:75:5e:8a:
                    76:c3:c6:8b:10:74:a0:37:c4:b3:32:b6:af:b3:45:
                    0a:82:a7:31:0c:8a:a4:52:06:02:b5:ef:53:ca:d4:
                    9e:9f:eb:4e:f6:a8:55:b2:29:fb:c3:3d:f2:c4:d2:
                    82:ec:d4:68:a5:c3:07:94:cb:d4:3c:96:dd:80:8f:
                    5a:f2:5b:fe:f5:ef:12:8f:2b:7d:18:d9:45:4c:8a:
                    2d:a9:42:78:65:15:0c:87:d4:5a:64:09:49:7b:42:
                    a3:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:24:D7:F0:F4:51:6E:35:EB:B9:86:EE:BA:E2:54:62:72:F5:D8:77
            X509v3 Authority Key Identifier:
                keyid:EE:B3:E1:13:CC:FA:EE:E1:99:6B:A9:0C:46:14:07:FC:E2:90:A9:DB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rPhE8z67uGZa6kMRhQH_OKQqds.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/64/ad5ea9-8bd1-41ef-8356-fadc3524fa30/1/XiTX8PRRbjXruYbuuuJUYnL12Hc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/64/ad5ea9-8bd1-41ef-8356-fadc3524fa30/1/7rPhE8z67uGZa6kMRhQH_OKQqds.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.36.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:c7:56:14:c0:09:c5:cb:55:a3:ce:bd:bf:ba:84:e1:f8:e8:
         b9:ee:27:ac:0d:af:3c:0d:1e:c7:bb:c2:11:d6:3b:33:e0:36:
         9b:bb:3c:ee:6a:92:2e:b8:99:09:00:63:5f:41:25:24:d1:ff:
         d1:bd:6a:10:3b:9a:0a:1c:b1:af:d0:6f:32:07:0b:ed:e0:67:
         cd:1c:b8:87:5f:3c:ef:1c:5a:01:da:a5:73:1b:29:f9:c7:86:
         d4:02:5f:6e:71:ee:37:11:b1:ae:0d:f5:01:c6:32:fc:f7:7c:
         98:9c:bd:08:e3:bc:eb:ae:25:3d:0d:6c:81:7c:72:0a:cc:03:
         c6:ce:dd:53:00:73:86:37:1f:1e:c8:cf:95:3b:80:45:10:6a:
         49:24:40:49:fe:f4:61:d8:ae:3b:89:cb:ba:5d:0b:e3:5a:dd:
         69:f7:4b:7a:a6:dd:2a:8a:e2:9b:20:69:22:7a:46:bf:04:43:
         36:72:ef:19:d5:28:f1:2e:40:35:18:eb:5f:87:8d:c1:ec:1e:
         9f:fc:be:ef:0e:2e:8e:be:16:a1:da:7f:7a:a2:69:16:54:50:
         1f:70:21:8b:92:ff:47:75:43:f9:19:d2:46:d8:1a:12:63:61:
         c5:52:62:f0:39:c8:dd:af:d6:e1:ca:0f:bc:58:8c:6f:12:5a:
         f1:a4:c7:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntbjy1ViGpxPBBPGldTqsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYjNlMTEzY2NmYWVlZTE5OTZiYTkwYzQ2MTQwN2ZjZTI5
MGE5ZGIwHhcNMjUwMTAyMTU1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTI0ZDdmMGY0NTE2ZTM1ZWJiOTg2ZWViYWUyNTQ2MjcyZjVkODc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBv02BL8MsqlvQW66GqBwUhO6cKI
qTVaZYy47Y5Nn+5Npd5IzX+Su1ZQZnba4vB8qEGvS8O2pxmd9+t5IO68PcIFCKst
XiMQChlFOU269Mr1SGe0YSYl02f5bQDj3S9r0ANPestgi9m+QOVH+fXiaZE859cD
WKIY1z/6llMPYfpORh/EpgAXf9PFlw/xT1a2Ws2vBT7QFWY/uWu1iB0dGj51Xop2
w8aLEHSgN8SzMravs0UKgqcxDIqkUgYCte9TytSen+tO9qhVsin7wz3yxNKC7NRo
pcMHlMvUPJbdgI9a8lv+9e8Sjyt9GNlFTIotqUJ4ZRUMh9RaZAlJe0KjNQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF4k1/D0UW4167mG7rriVGJy9dh3MB8GA1UdIwQY
MBaAFO6z4RPM+u7hmWupDEYUB/zikKnbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3JQaEU4ejY3dUdaYTZrTVJoUUhfT0tRcWRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NC9hZDVlYTktOGJkMS00MWVmLTgzNTYt
ZmFkYzM1MjRmYTMwLzEvWGlUWDhQUlJialhydVlidXV1SlVZbkwxMkhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NC9hZDVlYTktOGJkMS00MWVmLTgzNTYtZmFkYzM1MjRmYTMw
LzEvN3JQaEU4ejY3dUdaYTZrTVJoUUhfT0tRcWRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8ckMA0G
CSqGSIb3DQEBCwUAA4IBAQCdx1YUwAnFy1Wjzr2/uoTh+Oi57iesDa88DR7Hu8IR
1jsz4DabuzzuapIuuJkJAGNfQSUk0f/RvWoQO5oKHLGv0G8yBwvt4GfNHLiHXzzv
HFoB2qVzGyn5x4bUAl9uce43EbGuDfUBxjL893yYnL0I47zrriU9DWyBfHIKzAPG
zt1TAHOGNx8eyM+VO4BFEGpJJEBJ/vRh2K47icu6XQvjWt1p90t6pt0qiuKbIGki
eka/BEM2cu8Z1SjxLkA1GOtfh43B7B6f/L7vDi6Ovhah2n96omkWVFAfcCGLkv9H
dUP5GdJG2BoSY2HFUmLwOcjdr9bhyg+8WIxvElrxpMdL
-----END CERTIFICATE-----