Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/856c05-d7b2-499a-af39-39dfa48ea6b9/1/eVWj75QB5-NY5cip7EaAMqsD3_Q.roa
File:                     eVWj75QB5-NY5cip7EaAMqsD3_Q.roa (raw, json)
Hash identifier:          R8SYABsszbTf/c1Z91aXqCMR7hgNS09va3LcQa+6Zyg=
Subject key identifier:   79:55:A3:EF:94:01:E7:E3:58:E5:C8:A9:EC:46:80:32:AB:03:DF:F4
Certificate issuer:       /CN=ca231a4362bc1ec0fdb4349901b61ccf9d679d65
Certificate serial:       0194236A3EE9D426DED30C039D39496D8ECE
Authority key identifier: CA:23:1A:43:62:BC:1E:C0:FD:B4:34:99:01:B6:1C:CF:9D:67:9D:65
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yiMaQ2K8HsD9tDSZAbYcz51nnWU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/95/856c05-d7b2-499a-af39-39dfa48ea6b9/1/eVWj75QB5-NY5cip7EaAMqsD3_Q.roa
Signing time:             Wed 01 Jan 2025 19:49:12 +0000
ROA not before:           Wed 01 Jan 2025 19:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44842
IP address blocks:        91.199.234.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/95/856c05-d7b2-499a-af39-39dfa48ea6b9/1/yiMaQ2K8HsD9tDSZAbYcz51nnWU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/95/856c05-d7b2-499a-af39-39dfa48ea6b9/1/yiMaQ2K8HsD9tDSZAbYcz51nnWU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yiMaQ2K8HsD9tDSZAbYcz51nnWU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:3e:e9:d4:26:de:d3:0c:03:9d:39:49:6d:8e:ce
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca231a4362bc1ec0fdb4349901b61ccf9d679d65
        Validity
            Not Before: Jan  1 19:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7955a3ef9401e7e358e5c8a9ec468032ab03dff4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:33:83:97:a2:76:ed:71:da:5b:63:b2:0f:a1:
                    3c:e7:32:36:e2:7c:23:b7:6f:a6:10:f5:8b:7e:b5:
                    1d:24:2a:f5:6a:53:11:60:eb:f6:5b:5a:df:aa:8d:
                    d7:41:aa:2b:27:5e:6d:34:bf:ba:85:c2:cc:ce:cb:
                    2d:2d:95:4e:4c:2a:75:ce:56:b0:4d:0d:01:4b:61:
                    e6:e4:a7:81:c1:b8:6f:b0:c1:0c:36:be:d7:fd:c2:
                    0e:4d:f7:93:73:1c:56:53:a8:3b:f9:c0:19:1f:09:
                    00:31:f1:e3:5d:77:88:bc:97:c0:a9:0a:42:06:1a:
                    ed:92:ec:26:dc:02:a0:e5:2c:c6:84:6c:56:0b:3a:
                    aa:85:80:c7:c9:4f:62:1e:af:65:1c:e2:d8:fa:ed:
                    fb:cd:29:39:34:8e:9e:9f:8e:f3:65:2d:f3:f7:cc:
                    59:64:fb:2e:1c:6f:69:6d:42:e4:7a:40:01:69:7a:
                    20:71:b3:b6:84:c3:92:e9:a7:23:25:98:da:8e:02:
                    cb:cc:b7:79:b6:11:a0:7c:f5:df:52:c1:e5:2c:ef:
                    56:48:86:9f:56:5a:cb:37:0c:93:bc:b7:37:16:1c:
                    f9:f2:e2:91:a4:36:ba:32:f9:bc:5a:a7:91:cc:8b:
                    99:ab:3f:18:8f:48:71:d8:58:da:1a:e9:7d:d1:9f:
                    c8:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:55:A3:EF:94:01:E7:E3:58:E5:C8:A9:EC:46:80:32:AB:03:DF:F4
            X509v3 Authority Key Identifier:
                keyid:CA:23:1A:43:62:BC:1E:C0:FD:B4:34:99:01:B6:1C:CF:9D:67:9D:65

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yiMaQ2K8HsD9tDSZAbYcz51nnWU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/856c05-d7b2-499a-af39-39dfa48ea6b9/1/eVWj75QB5-NY5cip7EaAMqsD3_Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/95/856c05-d7b2-499a-af39-39dfa48ea6b9/1/yiMaQ2K8HsD9tDSZAbYcz51nnWU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.199.234.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:cc:51:c9:dc:6a:8a:41:a2:bb:e1:3a:e6:ff:d6:2e:dd:9b:
         53:1e:a9:00:ac:a1:cf:e1:da:73:85:8d:dd:4f:37:3b:58:0e:
         be:da:f4:9c:12:fc:4e:8d:02:b8:98:4c:d7:67:1d:c7:7e:14:
         87:5a:05:a3:78:74:30:8d:3e:36:f6:7c:07:94:2b:cd:ee:25:
         a9:ed:32:9e:1b:0d:d1:1a:06:2e:84:c8:45:3d:52:cb:dc:c1:
         01:61:0a:6a:26:be:89:53:53:0f:19:06:b6:9f:3c:59:5b:ab:
         d8:e2:04:a6:83:0b:d5:a1:61:bf:54:18:c6:32:ad:07:2e:cc:
         62:29:bb:b8:53:c3:d8:16:33:d6:ee:f8:0b:3e:16:28:b4:05:
         67:c9:f7:e6:1c:ac:fe:af:f8:47:b0:a6:37:24:e1:93:4d:4f:
         75:e0:7d:1e:c1:b7:60:1e:0a:43:68:28:ed:18:13:70:71:1b:
         bd:05:dd:a0:4d:9e:bd:15:a7:bb:09:50:b5:68:a4:82:a4:5a:
         d8:5c:bd:a1:c1:11:2e:68:6d:6b:50:99:51:91:99:20:10:3b:
         35:9b:d5:48:be:98:dd:ff:46:89:e5:68:3c:04:73:24:c8:f5:
         be:c5:09:85:f9:59:fa:fc:0d:a6:d2:4c:8f:5f:20:ec:8d:f9:
         a6:82:74:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjaj7p1Cbe0wwDnTlJbY7OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhMjMxYTQzNjJiYzFlYzBmZGI0MzQ5OTAxYjYxY2NmOWQ2
NzlkNjUwHhcNMjUwMTAxMTk0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTU1YTNlZjk0MDFlN2UzNThlNWM4YTllYzQ2ODAzMmFiMDNkZmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxzODl6J27XHaW2OyD6E85zI24nwj
t2+mEPWLfrUdJCr1alMRYOv2W1rfqo3XQaorJ15tNL+6hcLMzsstLZVOTCp1zlaw
TQ0BS2Hm5KeBwbhvsMEMNr7X/cIOTfeTcxxWU6g7+cAZHwkAMfHjXXeIvJfAqQpC
Bhrtkuwm3AKg5SzGhGxWCzqqhYDHyU9iHq9lHOLY+u37zSk5NI6en47zZS3z98xZ
ZPsuHG9pbULkekABaXogcbO2hMOS6acjJZjajgLLzLd5thGgfPXfUsHlLO9WSIaf
VlrLNwyTvLc3Fhz58uKRpDa6Mvm8WqeRzIuZqz8Yj0hx2FjaGul90Z/I6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHlVo++UAefjWOXIqexGgDKrA9/0MB8GA1UdIwQY
MBaAFMojGkNivB7A/bQ0mQG2HM+dZ51lMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWlNYVEySzhIc0Q5dERTWkFiWWN6NTFubldVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS84NTZjMDUtZDdiMi00OTlhLWFmMzkt
MzlkZmE0OGVhNmI5LzEvZVZXajc1UUI1LU5ZNWNpcDdFYUFNcXNEM19RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS84NTZjMDUtZDdiMi00OTlhLWFmMzktMzlkZmE0OGVhNmI5
LzEveWlNYVEySzhIc0Q5dERTWkFiWWN6NTFubldVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW8fqMA0G
CSqGSIb3DQEBCwUAA4IBAQCVzFHJ3GqKQaK74Trm/9Yu3ZtTHqkArKHP4dpzhY3d
Tzc7WA6+2vScEvxOjQK4mEzXZx3HfhSHWgWjeHQwjT429nwHlCvN7iWp7TKeGw3R
GgYuhMhFPVLL3MEBYQpqJr6JU1MPGQa2nzxZW6vY4gSmgwvVoWG/VBjGMq0HLsxi
Kbu4U8PYFjPW7vgLPhYotAVnyffmHKz+r/hHsKY3JOGTTU914H0ewbdgHgpDaCjt
GBNwcRu9Bd2gTZ69Fae7CVC1aKSCpFrYXL2hwREuaG1rUJlRkZkgEDs1m9VIvpjd
/0aJ5Wg8BHMkyPW+xQmF+Vn6/A2m0kyPXyDsjfmmgnQA
-----END CERTIFICATE-----