Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/73c829-1518-4d41-92c2-7e0ab8bcae89/1/eoSY9JA2Uq3DvzvcWrGosID3jQY.roa
File:                     eoSY9JA2Uq3DvzvcWrGosID3jQY.roa (raw, json)
Hash identifier:          +r7Esz3tjwahIibWuhtx8IYkpGbve2JxuJANeJYNdb4=
Subject key identifier:   7A:84:98:F4:90:36:52:AD:C3:BF:3B:DC:5A:B1:A8:B0:80:F7:8D:06
Certificate issuer:       /CN=316f433bb4cedd72d86c44ed8599903522b5e4f1
Certificate serial:       018CC3495EE2B97778B59BBCA2DE2F2D63A0
Authority key identifier: 31:6F:43:3B:B4:CE:DD:72:D8:6C:44:ED:85:99:90:35:22:B5:E4:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MW9DO7TO3XLYbETthZmQNSK15PE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/73c829-1518-4d41-92c2-7e0ab8bcae89/1/eoSY9JA2Uq3DvzvcWrGosID3jQY.roa
Signing time:             Mon 01 Jan 2024 04:30:14 +0000
ROA not before:           Mon 01 Jan 2024 04:30:14 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     61051
IP address blocks:        91.209.46.0/24 maxlen: 24
                          2a05:f540::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/73c829-1518-4d41-92c2-7e0ab8bcae89/1/MW9DO7TO3XLYbETthZmQNSK15PE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/73c829-1518-4d41-92c2-7e0ab8bcae89/1/MW9DO7TO3XLYbETthZmQNSK15PE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MW9DO7TO3XLYbETthZmQNSK15PE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:5e:e2:b9:77:78:b5:9b:bc:a2:de:2f:2d:63:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=316f433bb4cedd72d86c44ed8599903522b5e4f1
        Validity
            Not Before: Jan  1 04:30:14 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7a8498f4903652adc3bf3bdc5ab1a8b080f78d06
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:03:c2:1b:2b:2e:9d:8c:0f:80:ba:5b:42:c6:
                    18:c8:07:cc:58:ba:62:5d:84:ac:33:fc:60:01:ff:
                    7c:35:27:58:88:b5:b5:5d:53:c4:3a:38:6a:ba:59:
                    b4:c6:a1:16:1e:d9:b7:28:d8:f5:e9:1b:d9:ef:70:
                    16:eb:cf:75:73:f5:10:a9:d7:7e:01:6b:86:50:40:
                    ee:85:14:7f:1f:3e:09:4f:52:5d:89:c0:39:df:da:
                    c2:9a:24:c2:ef:7c:6b:cb:7f:68:c6:80:ba:d3:37:
                    a5:bd:4f:66:5b:78:fe:eb:34:5b:bb:c3:b6:9b:4f:
                    f2:40:39:72:e9:04:b3:1a:4b:aa:37:23:62:ba:71:
                    21:1b:af:b4:83:19:e1:d3:86:58:37:e9:90:90:72:
                    36:91:f7:a7:36:91:3d:93:e6:f0:d2:13:44:da:ce:
                    7b:e1:6c:20:f7:89:a7:29:58:6e:0f:54:9b:53:89:
                    67:dd:7a:d9:ca:91:f5:fa:72:48:16:4b:28:c3:3f:
                    0f:06:59:ff:31:80:9c:fc:8c:35:0c:0a:a9:ac:5a:
                    a9:72:ad:f2:74:0c:e5:93:97:60:da:4e:c2:70:49:
                    e0:8c:74:e0:a8:6a:57:1e:91:9d:aa:12:93:e0:51:
                    d4:44:d7:e8:f5:56:b2:4a:d3:f1:37:e9:ab:d0:79:
                    14:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:84:98:F4:90:36:52:AD:C3:BF:3B:DC:5A:B1:A8:B0:80:F7:8D:06
            X509v3 Authority Key Identifier:
                keyid:31:6F:43:3B:B4:CE:DD:72:D8:6C:44:ED:85:99:90:35:22:B5:E4:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MW9DO7TO3XLYbETthZmQNSK15PE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/73c829-1518-4d41-92c2-7e0ab8bcae89/1/eoSY9JA2Uq3DvzvcWrGosID3jQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/73c829-1518-4d41-92c2-7e0ab8bcae89/1/MW9DO7TO3XLYbETthZmQNSK15PE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.46.0/24
                IPv6:
                  2a05:f540::/29

    Signature Algorithm: sha256WithRSAEncryption
         9c:e7:9f:c0:71:fe:a1:bf:8b:45:8e:d1:b7:6f:00:59:ad:62:
         16:74:67:d7:c4:6d:db:22:44:36:a4:c1:4a:be:38:ea:ad:66:
         ad:8d:d8:9b:9f:ad:4f:7f:7b:7e:11:b0:5b:f0:e1:b3:11:5b:
         00:c5:29:fa:e1:f6:25:87:ea:4d:30:23:33:a3:ec:ce:cd:3b:
         34:93:d6:80:d7:2f:11:90:71:e8:8f:38:fd:6e:97:6c:e3:fe:
         4a:6c:df:60:8f:93:36:c0:74:c7:08:70:be:57:a7:e4:7b:2b:
         75:34:90:91:30:5c:68:39:6c:84:33:43:c1:09:7c:e9:52:09:
         7a:52:6a:10:39:42:f6:f1:ff:59:48:85:af:1c:cf:bf:d5:1c:
         e2:68:bd:47:f3:ef:9f:4b:3a:e9:a9:49:d5:2d:12:02:e0:29:
         1d:93:6f:f6:b1:e4:4c:cf:aa:14:9e:69:0a:0e:10:ef:2c:0c:
         4e:60:0d:22:a1:9a:04:1b:7f:b2:a2:7e:9b:d3:85:d5:31:63:
         22:c7:04:30:de:fb:32:c3:79:0c:f6:e8:3d:eb:73:0a:36:40:
         a2:5a:6c:2b:65:fe:68:42:78:93:50:a1:4a:68:8d:26:16:fc:
         1a:59:be:08:01:1f:ca:f1:16:55:67:1e:5b:fb:12:14:4d:71:
         b9:e5:79:6b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYzDSV7iuXd4tZu8ot4vLWOgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxNmY0MzNiYjRjZWRkNzJkODZjNDRlZDg1OTk5MDM1MjJi
NWU0ZjEwHhcNMjQwMTAxMDQzMDE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTg0OThmNDkwMzY1MmFkYzNiZjNiZGM1YWIxYThiMDgwZjc4ZDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQPCGysunYwPgLpbQsYYyAfMWLpi
XYSsM/xgAf98NSdYiLW1XVPEOjhqulm0xqEWHtm3KNj16RvZ73AW6891c/UQqdd+
AWuGUEDuhRR/Hz4JT1JdicA539rCmiTC73xry39oxoC60zelvU9mW3j+6zRbu8O2
m0/yQDly6QSzGkuqNyNiunEhG6+0gxnh04ZYN+mQkHI2kfenNpE9k+bw0hNE2s57
4Wwg94mnKVhuD1SbU4ln3XrZypH1+nJIFksowz8PBln/MYCc/Iw1DAqprFqpcq3y
dAzlk5dg2k7CcEngjHTgqGpXHpGdqhKT4FHURNfo9VayStPxN+mr0HkU3QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFHqEmPSQNlKtw7873FqxqLCA940GMB8GA1UdIwQY
MBaAFDFvQzu0zt1y2GxE7YWZkDUiteTxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVc5RE83VE8zWExZYkVUdGhabVFOU0sxNVBFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS83M2M4MjktMTUxOC00ZDQxLTkyYzIt
N2UwYWI4YmNhZTg5LzEvZW9TWTlKQTJVcTNEdnp2Y1dyR29zSUQzalFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS83M2M4MjktMTUxOC00ZDQxLTkyYzItN2UwYWI4YmNhZTg5
LzEvTVc5RE83VE8zWExZYkVUdGhabVFOU0sxNVBFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAW9EuMA0E
AgACMAcDBQMqBfVAMA0GCSqGSIb3DQEBCwUAA4IBAQCc55/Acf6hv4tFjtG3bwBZ
rWIWdGfXxG3bIkQ2pMFKvjjqrWatjdibn61Pf3t+EbBb8OGzEVsAxSn64fYlh+pN
MCMzo+zOzTs0k9aA1y8RkHHojzj9bpds4/5KbN9gj5M2wHTHCHC+V6fkeyt1NJCR
MFxoOWyEM0PBCXzpUgl6UmoQOUL28f9ZSIWvHM+/1RziaL1H8++fSzrpqUnVLRIC
4Ckdk2/2seRMz6oUnmkKDhDvLAxOYA0ioZoEG3+yon6b04XVMWMixwQw3vsyw3kM
9ug963MKNkCiWmwrZf5oQniTUKFKaI0mFvwaWb4IAR/K8RZVZx5b+xIUTXG55Xlr
-----END CERTIFICATE-----