Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb5a43-817b-449b-bcfc-adf6dab88c84/1/b-uWQhdWurEWmOYjolCSLOXc0n0.roa
File:                     b-uWQhdWurEWmOYjolCSLOXc0n0.roa (raw, json)
Hash identifier:          idWHNBaO1yy9ybN/SYJlzaR/HJQ2KlhCC1OQCs0Fp7k=
Subject key identifier:   6F:EB:96:42:17:56:BA:B1:16:98:E6:23:A2:50:92:2C:E5:DC:D2:7D
Certificate issuer:       /CN=ee1b0899e38a96b54fc4cbcd10ef539c54ed4d38
Certificate serial:       018CC4932F58334EAD0C3936D5ABFCE1B515
Authority key identifier: EE:1B:08:99:E3:8A:96:B5:4F:C4:CB:CD:10:EF:53:9C:54:ED:4D:38
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hsImeOKlrVPxMvNEO9TnFTtTTg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/fb5a43-817b-449b-bcfc-adf6dab88c84/1/b-uWQhdWurEWmOYjolCSLOXc0n0.roa
Signing time:             Mon 01 Jan 2024 10:30:29 +0000
ROA not before:           Mon 01 Jan 2024 10:30:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     8789
IP address blocks:        90.155.112.0/21 maxlen: 21
                          90.155.112.0/20 maxlen: 20
                          90.155.120.0/21 maxlen: 21
                          90.155.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/fb5a43-817b-449b-bcfc-adf6dab88c84/1/7hsImeOKlrVPxMvNEO9TnFTtTTg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/fb5a43-817b-449b-bcfc-adf6dab88c84/1/7hsImeOKlrVPxMvNEO9TnFTtTTg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hsImeOKlrVPxMvNEO9TnFTtTTg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:02:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:93:2f:58:33:4e:ad:0c:39:36:d5:ab:fc:e1:b5:15
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1b0899e38a96b54fc4cbcd10ef539c54ed4d38
        Validity
            Not Before: Jan  1 10:30:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6feb96421756bab11698e623a250922ce5dcd27d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:60:3d:75:10:97:37:64:58:e4:24:1f:7a:33:
                    aa:1c:83:47:ac:9b:c2:19:77:20:54:6e:23:e2:ac:
                    78:e7:5c:64:1c:6f:1a:5c:45:15:ff:b1:f0:97:e3:
                    65:dd:3d:0c:af:79:be:14:bf:4c:5c:23:b5:0b:98:
                    f9:c1:8a:40:7c:70:de:10:84:83:b5:55:7e:c3:04:
                    82:0b:81:97:47:57:50:bc:bd:13:c3:40:a1:ef:de:
                    82:72:f3:d1:f3:8f:36:88:5a:99:dc:66:01:8d:72:
                    d1:3a:d7:21:f9:12:09:89:ef:bd:2e:02:ed:50:95:
                    50:fa:79:5e:7a:cb:00:94:75:66:e8:6a:cb:5b:02:
                    ff:97:d4:58:62:07:c7:75:e1:a4:de:b1:97:03:79:
                    eb:24:ba:61:df:2b:2d:62:69:9a:d1:fb:ab:64:81:
                    e3:ea:0d:cb:ba:5d:4b:38:99:5a:c5:17:1c:eb:bd:
                    3e:c3:68:e4:f5:2d:e5:7c:f5:c1:d8:70:f2:a6:f0:
                    5d:62:97:31:fb:06:a1:23:f6:6f:1c:65:6f:f2:dc:
                    63:96:76:37:8c:d4:81:0e:82:98:59:41:6d:25:7c:
                    12:1f:f8:ab:b7:a4:cc:40:ed:69:be:2b:1d:cf:52:
                    c9:6f:4b:48:15:47:76:81:95:48:0a:f6:b4:62:4b:
                    5f:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:EB:96:42:17:56:BA:B1:16:98:E6:23:A2:50:92:2C:E5:DC:D2:7D
            X509v3 Authority Key Identifier:
                keyid:EE:1B:08:99:E3:8A:96:B5:4F:C4:CB:CD:10:EF:53:9C:54:ED:4D:38

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hsImeOKlrVPxMvNEO9TnFTtTTg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb5a43-817b-449b-bcfc-adf6dab88c84/1/b-uWQhdWurEWmOYjolCSLOXc0n0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb5a43-817b-449b-bcfc-adf6dab88c84/1/7hsImeOKlrVPxMvNEO9TnFTtTTg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  90.155.112.0/20

    Signature Algorithm: sha256WithRSAEncryption
         2a:2f:38:db:ea:68:68:24:a0:32:5f:20:e4:74:5d:36:5b:e3:
         07:ac:94:83:d0:1c:31:31:f4:f6:fd:14:07:88:42:48:90:fe:
         d6:92:ec:0a:c6:a7:55:77:89:82:c9:79:13:32:5a:d4:68:ff:
         5d:41:61:a3:cc:df:9c:1f:6f:26:a2:e9:78:d3:68:b9:4a:75:
         00:3f:b5:54:e3:d5:ff:30:bb:7a:b6:01:13:7d:d1:86:ae:61:
         ca:01:2d:2f:3d:c4:a8:ce:14:34:16:5e:98:24:7d:ac:6e:64:
         03:cb:1e:d5:eb:fc:98:c8:af:99:e5:2c:3b:c6:f4:b2:28:3f:
         ba:82:54:69:5a:0c:5d:4c:ba:3a:e1:7c:ad:49:f1:b0:28:f7:
         e2:87:9f:f1:44:35:7c:ff:44:17:2e:f1:3b:f9:1d:35:31:16:
         67:78:f3:37:3b:74:6f:b0:78:ce:47:d8:19:4e:97:13:86:6f:
         da:73:d4:87:eb:e9:e3:4e:e8:97:54:ab:b7:43:84:b5:11:d6:
         8d:30:63:1e:4d:e7:80:c3:1a:e8:20:3f:63:65:92:69:46:49:
         cd:7f:ae:9d:5f:3d:3a:4e:98:f5:94:92:c9:36:18:a9:75:39:
         ad:17:f7:ce:d3:e4:a0:74:9f:ed:76:c2:90:35:28:d7:7c:5b:
         28:84:d9:56
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEky9YM06tDDk21av84bUVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWIwODk5ZTM4YTk2YjU0ZmM0Y2JjZDEwZWY1MzljNTRl
ZDRkMzgwHhcNMjQwMTAxMTAzMDI5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmViOTY0MjE3NTZiYWIxMTY5OGU2MjNhMjUwOTIyY2U1ZGNkMjdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmA9dRCXN2RY5CQfejOqHINHrJvC
GXcgVG4j4qx451xkHG8aXEUV/7Hwl+Nl3T0Mr3m+FL9MXCO1C5j5wYpAfHDeEISD
tVV+wwSCC4GXR1dQvL0Tw0Ch796CcvPR8482iFqZ3GYBjXLROtch+RIJie+9LgLt
UJVQ+nleessAlHVm6GrLWwL/l9RYYgfHdeGk3rGXA3nrJLph3ystYmma0furZIHj
6g3Lul1LOJlaxRcc670+w2jk9S3lfPXB2HDypvBdYpcx+wahI/ZvHGVv8txjlnY3
jNSBDoKYWUFtJXwSH/irt6TMQO1pvisdz1LJb0tIFUd2gZVICva0YktfuwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFG/rlkIXVrqxFpjmI6JQkizl3NJ9MB8GA1UdIwQY
MBaAFO4bCJnjipa1T8TLzRDvU5xU7U04MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2hzSW1lT0tsclZQeE12TkVPOVRuRlR0VFRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjVhNDMtODE3Yi00NDliLWJjZmMt
YWRmNmRhYjg4Yzg0LzEvYi11V1FoZFd1ckVXbU9Zam9sQ1NMT1hjMG4wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjVhNDMtODE3Yi00NDliLWJjZmMtYWRmNmRhYjg4Yzg0
LzEvN2hzSW1lT0tsclZQeE12TkVPOVRuRlR0VFRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEWptwMA0G
CSqGSIb3DQEBCwUAA4IBAQAqLzjb6mhoJKAyXyDkdF02W+MHrJSD0BwxMfT2/RQH
iEJIkP7WkuwKxqdVd4mCyXkTMlrUaP9dQWGjzN+cH28moul402i5SnUAP7VU49X/
MLt6tgETfdGGrmHKAS0vPcSozhQ0Fl6YJH2sbmQDyx7V6/yYyK+Z5Sw7xvSyKD+6
glRpWgxdTLo64XytSfGwKPfih5/xRDV8/0QXLvE7+R01MRZnePM3O3RvsHjOR9gZ
TpcThm/ac9SH6+njTuiXVKu3Q4S1EdaNMGMeTeeAwxroID9jZZJpRknNf66dXz06
Tpj1lJLJNhipdTmtF/fO0+SgdJ/tdsKQNSjXfFsohNlW
-----END CERTIFICATE-----