Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/23640c-3065-43b8-b955-1888845ca859/1/EXG1Kh7sTp722KvR-iffby_Bh-o.roa
File:                     EXG1Kh7sTp722KvR-iffby_Bh-o.roa (raw, json)
Hash identifier:          dg0lifJjOBES0yHfaQ7JxnUdcUVeToBKYSjn/8FBJhE=
Subject key identifier:   11:71:B5:2A:1E:EC:4E:9E:F6:D8:AB:D1:FA:27:DF:6F:2F:C1:87:EA
Certificate issuer:       /CN=17eb3e00450198c8ad45ebf83e130219b93643a5
Certificate serial:       018CC86F20EBACD75F5248A67454E110DEFB
Authority key identifier: 17:EB:3E:00:45:01:98:C8:AD:45:EB:F8:3E:13:02:19:B9:36:43:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F-s-AEUBmMitRev4PhMCGbk2Q6U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/23640c-3065-43b8-b955-1888845ca859/1/EXG1Kh7sTp722KvR-iffby_Bh-o.roa
Signing time:             Tue 02 Jan 2024 04:29:35 +0000
ROA not before:           Tue 02 Jan 2024 04:29:35 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     49256
IP address blocks:        91.214.13.0/24 maxlen: 24
                          91.214.12.0/24 maxlen: 24
                          91.214.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/23640c-3065-43b8-b955-1888845ca859/1/F-s-AEUBmMitRev4PhMCGbk2Q6U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/23640c-3065-43b8-b955-1888845ca859/1/F-s-AEUBmMitRev4PhMCGbk2Q6U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F-s-AEUBmMitRev4PhMCGbk2Q6U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 May 2024 10:03:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:20:eb:ac:d7:5f:52:48:a6:74:54:e1:10:de:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17eb3e00450198c8ad45ebf83e130219b93643a5
        Validity
            Not Before: Jan  2 04:29:35 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1171b52a1eec4e9ef6d8abd1fa27df6f2fc187ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:88:53:e6:86:57:95:0c:0d:73:74:74:76:88:32:
                    d7:8e:8a:d3:03:42:59:79:08:13:25:bc:5c:47:62:
                    db:f9:1e:04:6b:c9:e1:71:c3:f5:4b:a4:bb:03:6e:
                    eb:37:13:3f:35:ab:8b:59:9f:d6:1e:1a:b7:55:19:
                    89:08:41:5e:26:cb:4f:2f:9e:f7:15:0b:24:0b:59:
                    50:f5:80:6b:d0:8b:7f:27:8e:50:18:96:4d:b7:ac:
                    2e:1f:d5:70:f2:4a:02:aa:6a:43:9e:35:ed:9a:e8:
                    bb:27:31:60:a0:a7:e7:e5:9d:f0:c6:d5:ca:05:04:
                    2e:54:56:ed:34:98:44:7c:4d:63:bf:0b:8e:8b:97:
                    52:98:57:87:4d:ad:03:9d:8a:40:bf:35:c8:23:0d:
                    60:3e:1b:60:7d:ed:a4:d3:52:67:6a:a7:fa:94:5e:
                    b9:40:36:ba:e1:e5:5d:b8:c3:a2:0a:07:51:3c:ce:
                    aa:16:1e:b3:89:a6:eb:33:f5:b9:fb:e0:be:bf:25:
                    59:5a:6f:d2:20:2e:9f:df:9d:d8:04:67:92:0c:08:
                    d5:1b:24:11:59:fa:d4:06:3f:8c:62:e2:42:b8:bd:
                    2b:9a:9e:05:d7:9b:a9:9d:8a:0c:91:46:57:4e:06:
                    34:95:81:ef:26:7f:0f:02:9f:03:19:38:bc:45:32:
                    8b:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:71:B5:2A:1E:EC:4E:9E:F6:D8:AB:D1:FA:27:DF:6F:2F:C1:87:EA
            X509v3 Authority Key Identifier:
                keyid:17:EB:3E:00:45:01:98:C8:AD:45:EB:F8:3E:13:02:19:B9:36:43:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F-s-AEUBmMitRev4PhMCGbk2Q6U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/23640c-3065-43b8-b955-1888845ca859/1/EXG1Kh7sTp722KvR-iffby_Bh-o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/23640c-3065-43b8-b955-1888845ca859/1/F-s-AEUBmMitRev4PhMCGbk2Q6U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.214.12.0-91.214.14.255

    Signature Algorithm: sha256WithRSAEncryption
         70:fb:d5:97:7c:43:18:d1:90:05:3c:2e:4c:80:e7:90:c2:bd:
         df:06:ac:39:ca:1d:2a:b7:d3:c2:f6:84:d3:dc:fa:14:69:5c:
         3d:76:20:6f:e1:07:4f:78:94:7f:ae:7e:fd:08:55:c1:bf:f1:
         01:23:74:5e:7f:40:27:51:bb:c3:d0:5c:30:00:ca:81:6e:a0:
         59:a6:5b:a5:09:7d:c3:d9:2a:c5:be:6a:5c:e6:6b:3d:11:e0:
         12:a9:ed:0b:bf:79:72:b2:13:37:4a:e7:56:89:c6:fa:47:6a:
         d4:50:ac:a0:8c:b3:20:3f:68:ab:12:61:5b:d1:79:16:64:83:
         a4:47:3c:de:58:ae:54:09:20:2d:f7:ba:e5:79:93:cf:61:d8:
         8d:d9:4b:c0:5b:80:c7:c0:d7:76:af:ca:1c:28:b0:b4:cb:c8:
         64:07:85:85:ef:d8:74:6f:1c:f8:e5:90:e8:6c:0d:0f:1f:a0:
         2d:73:e3:f2:80:8c:a6:0b:14:37:3a:1d:e2:e2:a7:60:41:b2:
         a2:2c:97:db:30:bf:de:b1:ac:a1:44:df:3a:e5:2c:82:6e:ca:
         de:fc:30:fb:22:05:42:fa:4b:3d:ae:72:f0:41:ec:81:6b:ca:
         4e:b3:25:5d:8c:72:70:55:41:fa:31:26:6c:c1:8f:23:41:58:
         28:01:13:d1
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzIbyDrrNdfUkimdFThEN77MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3ZWIzZTAwNDUwMTk4YzhhZDQ1ZWJmODNlMTMwMjE5Yjkz
NjQzYTUwHhcNMjQwMTAyMDQyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTcxYjUyYTFlZWM0ZTllZjZkOGFiZDFmYTI3ZGY2ZjJmYzE4N2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFPmhleVDA1zdHR2iDLXjorTA0JZ
eQgTJbxcR2Lb+R4Ea8nhccP1S6S7A27rNxM/NauLWZ/WHhq3VRmJCEFeJstPL573
FQskC1lQ9YBr0It/J45QGJZNt6wuH9Vw8koCqmpDnjXtmui7JzFgoKfn5Z3wxtXK
BQQuVFbtNJhEfE1jvwuOi5dSmFeHTa0DnYpAvzXIIw1gPhtgfe2k01Jnaqf6lF65
QDa64eVduMOiCgdRPM6qFh6ziabrM/W5++C+vyVZWm/SIC6f353YBGeSDAjVGyQR
WfrUBj+MYuJCuL0rmp4F15upnYoMkUZXTgY0lYHvJn8PAp8DGTi8RTKLkwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBFxtSoe7E6e9tir0fon328vwYfqMB8GA1UdIwQY
MBaAFBfrPgBFAZjIrUXr+D4TAhm5NkOlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRi1zLUFFVUJtTWl0UmV2NFBoTUNHYmsyUTZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yMzY0MGMtMzA2NS00M2I4LWI5NTUt
MTg4ODg0NWNhODU5LzEvRVhHMUtoN3NUcDcyMkt2Ui1pZmZieV9CaC1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yMzY0MGMtMzA2NS00M2I4LWI5NTUtMTg4ODg0NWNhODU5
LzEvRi1zLUFFVUJtTWl0UmV2NFBoTUNHYmsyUTZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAJb1gwD
BABb1g4wDQYJKoZIhvcNAQELBQADggEBAHD71Zd8QxjRkAU8LkyA55DCvd8GrDnK
HSq308L2hNPc+hRpXD12IG/hB094lH+ufv0IVcG/8QEjdF5/QCdRu8PQXDAAyoFu
oFmmW6UJfcPZKsW+alzmaz0R4BKp7Qu/eXKyEzdK51aJxvpHatRQrKCMsyA/aKsS
YVvReRZkg6RHPN5YrlQJIC33uuV5k89h2I3ZS8BbgMfA13avyhwosLTLyGQHhYXv
2HRvHPjlkOhsDQ8foC1z4/KAjKYLFDc6HeLip2BBsqIsl9swv96xrKFE3zrlLIJu
yt78MPsiBUL6Sz2ucvBB7IFryk6zJV2McnBVQfoxJmzBjyNBWCgBE9E=
-----END CERTIFICATE-----