Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/3ed97d-e867-425f-8743-0daed3aa6249/1/EdLZcuUoPIggdSjFqbcY9A2Zww8.roa
File:                     EdLZcuUoPIggdSjFqbcY9A2Zww8.roa (raw, json)
Hash identifier:          4OCPDPJjqE9tjOZS/qChZOMSj0voQLSo3u5rgABTUHM=
Subject key identifier:   11:D2:D9:72:E5:28:3C:88:20:75:28:C5:A9:B7:18:F4:0D:99:C3:0F
Certificate issuer:       /CN=2776d64ea8fd028b6888e374557bb91f05ee0ec6
Certificate serial:       018CCA29D43CE625CD22BBE5FB1620720CBA
Authority key identifier: 27:76:D6:4E:A8:FD:02:8B:68:88:E3:74:55:7B:B9:1F:05:EE:0E:C6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J3bWTqj9AotoiON0VXu5HwXuDsY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/3ed97d-e867-425f-8743-0daed3aa6249/1/EdLZcuUoPIggdSjFqbcY9A2Zww8.roa
Signing time:             Tue 02 Jan 2024 12:33:08 +0000
ROA not before:           Tue 02 Jan 2024 12:33:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     48719
IP address blocks:        91.211.210.0/24 maxlen: 24
                          91.211.208.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/97/3ed97d-e867-425f-8743-0daed3aa6249/1/J3bWTqj9AotoiON0VXu5HwXuDsY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/97/3ed97d-e867-425f-8743-0daed3aa6249/1/J3bWTqj9AotoiON0VXu5HwXuDsY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J3bWTqj9AotoiON0VXu5HwXuDsY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 16:03:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:29:d4:3c:e6:25:cd:22:bb:e5:fb:16:20:72:0c:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2776d64ea8fd028b6888e374557bb91f05ee0ec6
        Validity
            Not Before: Jan  2 12:33:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11d2d972e5283c88207528c5a9b718f40d99c30f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:3d:57:c0:83:4c:97:a6:7d:47:0b:e3:df:27:
                    99:22:18:57:64:25:23:7a:23:90:4a:16:00:d8:a0:
                    ab:22:1d:bd:5b:f1:1d:03:ea:5d:09:72:89:32:a6:
                    2b:35:40:e7:73:a8:81:f9:47:7a:6c:cf:13:24:f6:
                    37:2e:a7:29:7b:67:61:ca:a9:e2:ea:0a:4e:8d:33:
                    b5:ed:ed:a3:e8:53:01:08:8f:c4:87:fc:21:87:7a:
                    21:58:d1:40:ff:b0:a0:80:40:5c:d1:90:47:bc:a5:
                    0c:16:96:22:b9:01:63:78:93:09:d8:ae:9c:16:72:
                    da:77:db:3d:23:7f:c2:43:ce:c4:fa:9b:a8:ed:43:
                    18:c9:59:5b:54:55:b3:b3:bd:34:64:28:6e:27:18:
                    b1:43:16:4d:e3:8d:cd:eb:75:a8:a9:9a:2c:75:6c:
                    dd:db:fb:61:b0:cf:5b:b1:62:91:c6:76:4e:c5:dd:
                    51:7a:f2:fc:65:fb:54:c8:45:6a:a8:1f:9a:53:d8:
                    52:d9:24:6d:bf:04:6e:25:f1:86:ec:6a:fb:9e:9b:
                    f9:38:8a:b2:f7:d0:e4:00:9a:c1:62:13:4b:67:28:
                    d4:73:44:08:1b:32:09:b9:a9:61:cf:cc:ab:a4:b0:
                    87:85:b0:2c:4d:1f:94:68:41:a0:95:15:91:20:0c:
                    46:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:D2:D9:72:E5:28:3C:88:20:75:28:C5:A9:B7:18:F4:0D:99:C3:0F
            X509v3 Authority Key Identifier:
                keyid:27:76:D6:4E:A8:FD:02:8B:68:88:E3:74:55:7B:B9:1F:05:EE:0E:C6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J3bWTqj9AotoiON0VXu5HwXuDsY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/3ed97d-e867-425f-8743-0daed3aa6249/1/EdLZcuUoPIggdSjFqbcY9A2Zww8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/3ed97d-e867-425f-8743-0daed3aa6249/1/J3bWTqj9AotoiON0VXu5HwXuDsY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.211.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         36:85:ba:ff:a1:06:63:7c:1c:6a:1e:01:48:51:99:2f:90:08:
         ff:c5:9c:37:a5:0b:16:82:51:db:02:30:ad:a9:9f:e4:4b:bd:
         93:21:28:aa:97:4a:b1:27:d5:ed:ad:66:6f:28:a0:5d:25:5c:
         c7:c6:44:9f:95:34:f8:f7:b4:ee:9d:de:16:6f:3b:c0:57:d1:
         c4:27:d5:b6:a6:9b:78:67:4c:8f:cc:94:be:34:cc:de:20:ab:
         1c:26:e1:93:bf:29:19:d0:62:ca:b4:95:16:a3:f0:d1:39:46:
         32:eb:8f:33:4a:83:0d:29:3a:c2:3f:81:79:6c:6c:f4:c9:ea:
         7d:ff:35:e8:7d:de:c4:33:79:e8:bc:33:3d:07:a3:26:c3:dd:
         09:fe:53:c9:69:ce:2e:22:f9:03:f7:f4:7a:18:1f:e9:85:6b:
         db:c9:e2:32:bb:f9:c7:ee:65:4d:e7:cd:a8:73:a6:a8:5c:69:
         37:1b:05:6f:0c:0c:3f:29:87:61:45:91:ac:3a:e1:48:7b:00:
         70:39:f6:61:47:c5:0f:76:55:11:ea:48:25:5c:b1:b1:f2:f3:
         ac:8c:ca:41:9d:7d:f4:d8:65:21:74:dd:74:1f:87:df:e9:bc:
         c2:13:dd:17:10:88:f0:36:1c:12:41:e5:df:3f:d2:e3:bb:54:
         54:24:d6:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKdQ85iXNIrvl+xYgcgy6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NzZkNjRlYThmZDAyOGI2ODg4ZTM3NDU1N2JiOTFmMDVl
ZTBlYzYwHhcNMjQwMTAyMTIzMzA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWQyZDk3MmU1MjgzYzg4MjA3NTI4YzVhOWI3MThmNDBkOTljMzBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4j1XwINMl6Z9Rwvj3yeZIhhXZCUj
eiOQShYA2KCrIh29W/EdA+pdCXKJMqYrNUDnc6iB+Ud6bM8TJPY3Lqcpe2dhyqni
6gpOjTO17e2j6FMBCI/Eh/whh3ohWNFA/7CggEBc0ZBHvKUMFpYiuQFjeJMJ2K6c
FnLad9s9I3/CQ87E+puo7UMYyVlbVFWzs700ZChuJxixQxZN443N63WoqZosdWzd
2/thsM9bsWKRxnZOxd1RevL8ZftUyEVqqB+aU9hS2SRtvwRuJfGG7Gr7npv5OIqy
99DkAJrBYhNLZyjUc0QIGzIJualhz8yrpLCHhbAsTR+UaEGglRWRIAxGAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBHS2XLlKDyIIHUoxam3GPQNmcMPMB8GA1UdIwQY
MBaAFCd21k6o/QKLaIjjdFV7uR8F7g7GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjNiV1RxajlBb3RvaU9OMFZYdTVId1h1RHNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8zZWQ5N2QtZTg2Ny00MjVmLTg3NDMt
MGRhZWQzYWE2MjQ5LzEvRWRMWmN1VW9QSWdnZFNqRnFiY1k5QTJad3c4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8zZWQ5N2QtZTg2Ny00MjVmLTg3NDMtMGRhZWQzYWE2MjQ5
LzEvSjNiV1RxajlBb3RvaU9OMFZYdTVId1h1RHNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW9PQMA0G
CSqGSIb3DQEBCwUAA4IBAQA2hbr/oQZjfBxqHgFIUZkvkAj/xZw3pQsWglHbAjCt
qZ/kS72TISiql0qxJ9XtrWZvKKBdJVzHxkSflTT497Tund4WbzvAV9HEJ9W2ppt4
Z0yPzJS+NMzeIKscJuGTvykZ0GLKtJUWo/DROUYy648zSoMNKTrCP4F5bGz0yep9
/zXofd7EM3novDM9B6Mmw90J/lPJac4uIvkD9/R6GB/phWvbyeIyu/nH7mVN582o
c6aoXGk3GwVvDAw/KYdhRZGsOuFIewBwOfZhR8UPdlUR6kglXLGx8vOsjMpBnX30
2GUhdN10H4ff6bzCE90XEIjwNhwSQeXfP9Lju1RUJNYr
-----END CERTIFICATE-----