Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/93/e4bb51-b963-4b46-aa27-26bf8ccd7b74/1/egtmxNDK9FDAgrarU-Xyuo-QkfI.roa
File:                     egtmxNDK9FDAgrarU-Xyuo-QkfI.roa (raw, json)
Hash identifier:          e278lOu7Zhdc/1PtGLzkkZXNU5WcrL6PKLI2BzSWdWQ=
Subject key identifier:   7A:0B:66:C4:D0:CA:F4:50:C0:82:B6:AB:53:E5:F2:BA:8F:90:91:F2
Certificate issuer:       /CN=0ede17b8caf02461bf54c0964ed38a2590062f94
Certificate serial:       01941FFAADD5ADF794E115AC877FC7B3EC09
Authority key identifier: 0E:DE:17:B8:CA:F0:24:61:BF:54:C0:96:4E:D3:8A:25:90:06:2F:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dt4XuMrwJGG_VMCWTtOKJZAGL5Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/93/e4bb51-b963-4b46-aa27-26bf8ccd7b74/1/egtmxNDK9FDAgrarU-Xyuo-QkfI.roa
Signing time:             Wed 01 Jan 2025 03:48:29 +0000
ROA not before:           Wed 01 Jan 2025 03:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        91.102.232.0/21 maxlen: 24
                          91.102.237.0/24 maxlen: 24
                          91.102.239.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/93/e4bb51-b963-4b46-aa27-26bf8ccd7b74/1/Dt4XuMrwJGG_VMCWTtOKJZAGL5Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/93/e4bb51-b963-4b46-aa27-26bf8ccd7b74/1/Dt4XuMrwJGG_VMCWTtOKJZAGL5Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dt4XuMrwJGG_VMCWTtOKJZAGL5Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:ad:d5:ad:f7:94:e1:15:ac:87:7f:c7:b3:ec:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0ede17b8caf02461bf54c0964ed38a2590062f94
        Validity
            Not Before: Jan  1 03:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a0b66c4d0caf450c082b6ab53e5f2ba8f9091f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:14:2b:ca:44:3d:29:23:8f:30:6b:53:26:8c:
                    c1:77:e9:5f:26:ed:fd:4e:94:ca:9e:62:2a:cd:da:
                    86:83:d5:4a:8a:f5:f8:9a:92:5d:c8:ac:22:44:05:
                    bb:81:1b:6b:8f:6d:68:9b:84:ee:c5:1b:45:23:a8:
                    bb:9f:42:6a:42:6b:96:2d:b9:3b:13:b3:6f:33:b5:
                    7f:8c:23:35:a1:f4:2f:a7:30:35:83:53:37:87:e4:
                    f9:df:2b:dc:94:8a:ef:cf:91:a1:c9:bc:9f:54:cd:
                    00:fe:31:47:2a:e8:a7:0e:25:50:e3:8a:53:6b:3c:
                    a9:fd:56:46:39:1e:b9:b7:cd:2e:68:37:9f:42:40:
                    68:fe:eb:1b:e4:1d:f8:95:b3:b9:72:1f:7f:7f:cc:
                    3d:34:a6:87:c4:2a:0f:e1:21:84:c1:d7:75:59:cf:
                    80:2d:d6:67:59:61:d2:fc:1d:44:96:bc:04:4c:2a:
                    c0:6f:a9:20:38:2c:9c:5c:ae:7d:b1:ad:4f:4b:95:
                    3a:a6:62:44:8d:a6:0e:04:ef:08:64:0b:c1:c6:74:
                    51:e1:31:d5:b9:a9:c0:fe:2d:af:cf:63:e3:7f:50:
                    db:24:c6:68:9c:05:76:e3:31:4e:25:f7:4e:0b:e0:
                    25:d9:b3:9c:34:02:85:d4:f7:3b:37:fb:cd:b3:c2:
                    4d:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:0B:66:C4:D0:CA:F4:50:C0:82:B6:AB:53:E5:F2:BA:8F:90:91:F2
            X509v3 Authority Key Identifier:
                keyid:0E:DE:17:B8:CA:F0:24:61:BF:54:C0:96:4E:D3:8A:25:90:06:2F:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dt4XuMrwJGG_VMCWTtOKJZAGL5Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/93/e4bb51-b963-4b46-aa27-26bf8ccd7b74/1/egtmxNDK9FDAgrarU-Xyuo-QkfI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/93/e4bb51-b963-4b46-aa27-26bf8ccd7b74/1/Dt4XuMrwJGG_VMCWTtOKJZAGL5Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.102.232.0/21

    Signature Algorithm: sha256WithRSAEncryption
         38:24:95:b5:fa:45:74:04:3b:60:d3:cb:35:68:07:25:ff:cd:
         32:a5:b6:26:fe:31:06:d7:0f:fe:d3:72:a9:55:07:1b:07:0d:
         65:d3:a8:9c:b2:16:4c:88:be:8a:0b:9d:fd:3b:f4:33:68:ae:
         4f:56:91:32:f0:c9:6a:15:1f:16:40:39:58:17:9a:94:55:72:
         64:90:4d:48:e6:f6:59:13:27:78:ce:96:8e:0c:09:26:0f:9e:
         aa:96:24:cb:cd:79:03:6d:40:8e:ac:3d:5f:92:d3:e5:b8:48:
         ce:f9:12:0a:62:da:93:71:cb:ec:ec:6b:2c:45:19:4b:a6:f1:
         37:81:ab:7c:1d:88:0a:a5:32:f0:24:2e:fb:41:e4:87:45:a8:
         b3:56:a1:76:0d:96:22:2e:45:5a:85:4e:a9:09:f7:7a:fa:3d:
         be:59:1d:68:06:0b:9e:94:43:2b:ad:66:dd:a2:e5:2d:b1:ba:
         f0:54:9e:be:f2:72:df:63:ad:53:b9:57:c9:06:2f:69:cd:bc:
         09:15:f3:79:fe:8e:00:a4:8f:f4:3c:35:e6:37:56:b6:1f:97:
         f0:58:b4:4f:b3:a8:7d:34:bd:c2:cb:06:5e:40:fc:b3:7d:c5:
         5a:44:51:ad:6c:ec:e9:1e:c0:94:ff:2d:04:ac:74:1d:3d:fc:
         1f:ad:8c:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+q3VrfeU4RWsh3/Hs+wJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlZGUxN2I4Y2FmMDI0NjFiZjU0YzA5NjRlZDM4YTI1OTAw
NjJmOTQwHhcNMjUwMTAxMDM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTBiNjZjNGQwY2FmNDUwYzA4MmI2YWI1M2U1ZjJiYThmOTA5MWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRQrykQ9KSOPMGtTJozBd+lfJu39
TpTKnmIqzdqGg9VKivX4mpJdyKwiRAW7gRtrj21om4TuxRtFI6i7n0JqQmuWLbk7
E7NvM7V/jCM1ofQvpzA1g1M3h+T53yvclIrvz5GhybyfVM0A/jFHKuinDiVQ44pT
azyp/VZGOR65t80uaDefQkBo/usb5B34lbO5ch9/f8w9NKaHxCoP4SGEwdd1Wc+A
LdZnWWHS/B1ElrwETCrAb6kgOCycXK59sa1PS5U6pmJEjaYOBO8IZAvBxnRR4THV
uanA/i2vz2Pjf1DbJMZonAV24zFOJfdOC+Al2bOcNAKF1Pc7N/vNs8JNLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHoLZsTQyvRQwIK2q1Pl8rqPkJHyMB8GA1UdIwQY
MBaAFA7eF7jK8CRhv1TAlk7TiiWQBi+UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHQ0WHVNcndKR0dfVk1DV1R0T0tKWkFHTDVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85My9lNGJiNTEtYjk2My00YjQ2LWFhMjct
MjZiZjhjY2Q3Yjc0LzEvZWd0bXhOREs5RkRBZ3JhclUtWHl1by1Ra2ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85My9lNGJiNTEtYjk2My00YjQ2LWFhMjctMjZiZjhjY2Q3Yjc0
LzEvRHQ0WHVNcndKR0dfVk1DV1R0T0tKWkFHTDVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDW2boMA0G
CSqGSIb3DQEBCwUAA4IBAQA4JJW1+kV0BDtg08s1aAcl/80ypbYm/jEG1w/+03Kp
VQcbBw1l06icshZMiL6KC539O/QzaK5PVpEy8MlqFR8WQDlYF5qUVXJkkE1I5vZZ
Eyd4zpaODAkmD56qliTLzXkDbUCOrD1fktPluEjO+RIKYtqTccvs7GssRRlLpvE3
gat8HYgKpTLwJC77QeSHRaizVqF2DZYiLkVahU6pCfd6+j2+WR1oBguelEMrrWbd
ouUtsbrwVJ6+8nLfY61TuVfJBi9pzbwJFfN5/o4ApI/0PDXmN1a2H5fwWLRPs6h9
NL3CywZeQPyzfcVaRFGtbOzpHsCU/y0ErHQdPfwfrYzv
-----END CERTIFICATE-----