Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/a20963-fad7-4e34-bf1e-658b800a5d61/1/EfjDLot0qCx04TlgjeP8FrkvziI.roa
File:                     EfjDLot0qCx04TlgjeP8FrkvziI.roa (raw, json)
Hash identifier:          XF8DtEfIj1c10sSgBW4JLWNAC5k8cnwfKOOWHSsN0Lw=
Subject key identifier:   11:F8:C3:2E:8B:74:A8:2C:74:E1:39:60:8D:E3:FC:16:B9:2F:CE:22
Certificate issuer:       /CN=7186e64b5823c4c61287858d9770c70df706b0cc
Certificate serial:       018CC726BAECAE2987D7FF2E88F6A96C788C
Authority key identifier: 71:86:E6:4B:58:23:C4:C6:12:87:85:8D:97:70:C7:0D:F7:06:B0:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cYbmS1gjxMYSh4WNl3DHDfcGsMw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/a20963-fad7-4e34-bf1e-658b800a5d61/1/EfjDLot0qCx04TlgjeP8FrkvziI.roa
Signing time:             Mon 01 Jan 2024 22:30:53 +0000
ROA not before:           Mon 01 Jan 2024 22:30:53 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30839
IP address blocks:        91.213.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/a20963-fad7-4e34-bf1e-658b800a5d61/1/cYbmS1gjxMYSh4WNl3DHDfcGsMw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/a20963-fad7-4e34-bf1e-658b800a5d61/1/cYbmS1gjxMYSh4WNl3DHDfcGsMw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cYbmS1gjxMYSh4WNl3DHDfcGsMw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 10:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:ba:ec:ae:29:87:d7:ff:2e:88:f6:a9:6c:78:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7186e64b5823c4c61287858d9770c70df706b0cc
        Validity
            Not Before: Jan  1 22:30:53 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11f8c32e8b74a82c74e139608de3fc16b92fce22
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:c5:ea:94:7a:06:fa:a1:5c:d0:97:8b:e4:44:
                    c0:d5:2a:56:79:e8:f2:15:8f:e2:45:00:6d:cd:68:
                    bf:e1:fb:51:d4:aa:62:55:58:e9:cf:46:11:29:c7:
                    bf:0b:f4:67:63:be:bc:b9:75:34:83:63:2e:0f:55:
                    97:95:5f:05:0a:72:2d:d9:e5:77:35:f1:8d:55:a6:
                    a5:30:8f:39:71:80:09:e7:e2:7c:18:e8:be:93:85:
                    1a:74:7b:8d:51:29:e0:c4:24:07:f2:7d:ad:99:f6:
                    e7:7a:f4:85:b0:7f:23:6d:81:2d:05:bb:2d:bf:2e:
                    7e:42:13:c2:90:1d:81:36:43:76:31:cd:92:02:0f:
                    82:88:0d:d7:31:7d:a3:48:20:12:a4:e1:da:11:8e:
                    0f:f8:be:07:96:8e:c1:91:7a:b0:9f:ad:99:b8:4a:
                    af:cf:18:3a:3a:8e:ba:4a:b6:37:80:1a:7f:68:6e:
                    10:9d:e8:91:44:11:a2:9d:34:cc:1d:f9:ab:b9:f2:
                    e2:4a:02:bc:42:1e:ed:fd:bb:a2:ac:19:3d:a4:fd:
                    ee:b8:3d:1d:71:aa:1f:18:3c:45:61:6c:61:2c:e4:
                    e4:04:32:b3:bd:76:ac:b4:cd:59:5d:91:2f:92:50:
                    39:9a:92:87:21:e3:d8:34:37:95:47:7a:c6:4b:2d:
                    a6:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:F8:C3:2E:8B:74:A8:2C:74:E1:39:60:8D:E3:FC:16:B9:2F:CE:22
            X509v3 Authority Key Identifier:
                keyid:71:86:E6:4B:58:23:C4:C6:12:87:85:8D:97:70:C7:0D:F7:06:B0:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cYbmS1gjxMYSh4WNl3DHDfcGsMw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/a20963-fad7-4e34-bf1e-658b800a5d61/1/EfjDLot0qCx04TlgjeP8FrkvziI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/a20963-fad7-4e34-bf1e-658b800a5d61/1/cYbmS1gjxMYSh4WNl3DHDfcGsMw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:5a:4f:11:b4:86:34:7c:d8:f1:61:a1:e4:1f:54:fd:9e:3e:
         65:6b:2a:cd:b8:74:a9:0c:dd:23:f5:c3:6e:6e:15:2e:bc:f3:
         05:d9:e5:cf:8b:6b:62:f4:01:05:85:95:77:bd:1b:58:06:02:
         e4:af:b0:54:81:9b:e8:2d:e4:42:c2:9c:fc:49:22:90:a6:54:
         fb:c5:50:f8:99:2c:bf:cd:b4:5c:56:3a:09:b8:d6:eb:33:1f:
         e1:54:f7:fd:6d:31:2e:c9:13:68:98:3f:f1:41:c7:f7:5a:e0:
         3b:64:ff:84:f4:9a:85:a3:79:82:92:be:3c:e3:67:be:c8:73:
         3f:4f:eb:6b:04:88:69:b9:2b:98:82:97:f1:06:44:fe:91:4c:
         86:15:ff:b7:0c:d1:4b:4f:da:dd:02:6d:f2:27:bb:f2:1e:8d:
         65:61:20:98:7f:24:fc:4d:f8:6d:30:79:af:2f:a9:dd:24:11:
         f6:c2:58:2f:1c:01:7a:65:f6:a4:82:81:7c:ee:b5:b8:e5:ba:
         b8:9d:11:fc:98:e6:1b:59:92:2e:2e:13:f7:69:f7:cd:77:61:
         62:5a:07:f3:0e:0e:c4:95:0b:a6:cb:19:55:6b:4c:92:de:a2:
         f9:8a:e2:3b:7b:48:9a:55:43:c2:12:48:8c:e4:53:43:3b:a7:
         fd:79:8d:ac
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJrrsrimH1/8uiPapbHiMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcxODZlNjRiNTgyM2M0YzYxMjg3ODU4ZDk3NzBjNzBkZjcw
NmIwY2MwHhcNMjQwMTAxMjIzMDUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWY4YzMyZThiNzRhODJjNzRlMTM5NjA4ZGUzZmMxNmI5MmZjZTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA48XqlHoG+qFc0JeL5ETA1SpWeejy
FY/iRQBtzWi/4ftR1KpiVVjpz0YRKce/C/RnY768uXU0g2MuD1WXlV8FCnIt2eV3
NfGNVaalMI85cYAJ5+J8GOi+k4UadHuNUSngxCQH8n2tmfbnevSFsH8jbYEtBbst
vy5+QhPCkB2BNkN2Mc2SAg+CiA3XMX2jSCASpOHaEY4P+L4Hlo7BkXqwn62ZuEqv
zxg6Oo66SrY3gBp/aG4QneiRRBGinTTMHfmrufLiSgK8Qh7t/buirBk9pP3uuD0d
caofGDxFYWxhLOTkBDKzvXastM1ZXZEvklA5mpKHIePYNDeVR3rGSy2muwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBH4wy6LdKgsdOE5YI3j/Ba5L84iMB8GA1UdIwQY
MBaAFHGG5ktYI8TGEoeFjZdwxw33BrDMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1libVMxZ2p4TVlTaDRXTmwzREhEZmNHc013LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9hMjA5NjMtZmFkNy00ZTM0LWJmMWUt
NjU4YjgwMGE1ZDYxLzEvRWZqRExvdDBxQ3gwNFRsZ2plUDhGcmt2emlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9hMjA5NjMtZmFkNy00ZTM0LWJmMWUtNjU4YjgwMGE1ZDYx
LzEvY1libVMxZ2p4TVlTaDRXTmwzREhEZmNHc013LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9VaMA0G
CSqGSIb3DQEBCwUAA4IBAQBDWk8RtIY0fNjxYaHkH1T9nj5layrNuHSpDN0j9cNu
bhUuvPMF2eXPi2ti9AEFhZV3vRtYBgLkr7BUgZvoLeRCwpz8SSKQplT7xVD4mSy/
zbRcVjoJuNbrMx/hVPf9bTEuyRNomD/xQcf3WuA7ZP+E9JqFo3mCkr4842e+yHM/
T+trBIhpuSuYgpfxBkT+kUyGFf+3DNFLT9rdAm3yJ7vyHo1lYSCYfyT8TfhtMHmv
L6ndJBH2wlgvHAF6ZfakgoF87rW45bq4nRH8mOYbWZIuLhP3affNd2FiWgfzDg7E
lQumyxlVa0yS3qL5iuI7e0iaVUPCEkiM5FNDO6f9eY2s
-----END CERTIFICATE-----