Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/8fef7f-d011-4cdb-ac0a-31700f0e1a61/1/eYAmpW8yK8US3wh_bCFik9x2ckU.roa
File:                     eYAmpW8yK8US3wh_bCFik9x2ckU.roa (raw, json)
Hash identifier:          3yGSu3+IRaitmSZrNkaUC/ny1XAlCPME0KtT4JWmAP8=
Subject key identifier:   79:80:26:A5:6F:32:2B:C5:12:DF:08:7F:6C:21:62:93:DC:76:72:45
Certificate issuer:       /CN=a6b689ddef58f0a3383e2ef5aa3a27c4fe45318e
Certificate serial:       018CC8DF4A1E70F1331591BE873C0E966AFC
Authority key identifier: A6:B6:89:DD:EF:58:F0:A3:38:3E:2E:F5:AA:3A:27:C4:FE:45:31:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/praJ3e9Y8KM4Pi71qjonxP5FMY4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/8fef7f-d011-4cdb-ac0a-31700f0e1a61/1/eYAmpW8yK8US3wh_bCFik9x2ckU.roa
Signing time:             Tue 02 Jan 2024 06:32:05 +0000
ROA not before:           Tue 02 Jan 2024 06:32:05 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     43125
IP address blocks:        91.194.83.0/24 maxlen: 24
                          91.194.82.0/23 maxlen: 23
                          91.194.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/8fef7f-d011-4cdb-ac0a-31700f0e1a61/1/praJ3e9Y8KM4Pi71qjonxP5FMY4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/8fef7f-d011-4cdb-ac0a-31700f0e1a61/1/praJ3e9Y8KM4Pi71qjonxP5FMY4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/praJ3e9Y8KM4Pi71qjonxP5FMY4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:4a:1e:70:f1:33:15:91:be:87:3c:0e:96:6a:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a6b689ddef58f0a3383e2ef5aa3a27c4fe45318e
        Validity
            Not Before: Jan  2 06:32:05 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=798026a56f322bc512df087f6c216293dc767245
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:4f:52:22:13:2b:10:96:ae:aa:a1:91:09:06:
                    98:88:ce:15:5b:be:a9:7b:e4:00:af:d3:58:af:ee:
                    cb:c2:93:4b:65:37:5d:e2:bb:24:f3:45:d3:af:12:
                    40:26:e4:a9:e0:6f:bc:f9:ad:f9:0c:4a:03:15:62:
                    0b:46:95:3d:8c:26:61:44:b0:ca:49:4c:d9:e8:5e:
                    9c:9c:91:db:e2:dd:5e:b8:42:1b:6f:b6:93:b3:b6:
                    13:80:40:1f:a2:25:6e:ed:67:02:a0:b2:02:81:ee:
                    fb:9e:6f:c7:68:89:aa:c2:13:48:ca:bd:9c:8a:7e:
                    30:29:22:31:8e:cb:55:de:bf:c0:f3:49:1a:f7:0c:
                    e8:1a:de:69:1f:e3:97:07:b6:d3:21:01:dd:d7:69:
                    00:23:67:1d:56:3a:7b:cb:c2:27:ed:e1:d4:4d:ba:
                    f8:9e:5d:6f:d9:c8:b8:11:6b:4a:df:37:fe:08:f5:
                    82:45:c6:f8:96:08:6c:7d:5e:7b:76:52:2f:53:56:
                    90:ea:a1:64:bd:4a:7f:9c:32:8a:d5:e6:69:df:79:
                    13:98:0d:88:60:aa:35:7e:8d:22:e2:67:63:b5:8b:
                    b9:2d:16:4e:84:ec:a8:c8:1e:82:de:c8:0a:85:b2:
                    31:b6:5c:68:d6:3c:40:c9:c7:3b:2f:13:bd:ae:8b:
                    75:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:80:26:A5:6F:32:2B:C5:12:DF:08:7F:6C:21:62:93:DC:76:72:45
            X509v3 Authority Key Identifier:
                keyid:A6:B6:89:DD:EF:58:F0:A3:38:3E:2E:F5:AA:3A:27:C4:FE:45:31:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/praJ3e9Y8KM4Pi71qjonxP5FMY4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8fef7f-d011-4cdb-ac0a-31700f0e1a61/1/eYAmpW8yK8US3wh_bCFik9x2ckU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8fef7f-d011-4cdb-ac0a-31700f0e1a61/1/praJ3e9Y8KM4Pi71qjonxP5FMY4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.194.82.0/23

    Signature Algorithm: sha256WithRSAEncryption
         86:d1:9d:f8:6d:c7:3b:aa:93:5d:c8:a3:28:e3:0e:fb:16:b0:
         a8:4b:f5:fd:bd:12:17:7d:fa:14:87:d7:39:2d:3e:ab:d0:e6:
         a1:96:de:e3:72:c2:05:77:30:6c:08:39:93:19:8b:e4:18:b2:
         8b:8b:34:50:c3:ae:d3:cb:ec:5d:f3:81:27:35:8e:e7:dd:b2:
         0e:65:71:51:06:8c:a9:b5:28:d0:14:30:89:01:ac:ad:b0:b2:
         c0:af:ae:ff:a1:95:dc:d9:28:11:c2:e5:47:89:9b:75:8b:ca:
         d9:69:f2:1a:a3:40:a5:28:b7:78:75:2b:5e:49:a5:82:30:1a:
         c1:94:9f:7f:46:e8:26:be:c1:e9:95:36:8f:d5:bb:b0:fe:5c:
         e5:56:a1:ff:b3:7b:9e:1c:c8:66:de:98:0b:6d:c6:a9:eb:22:
         eb:cb:8e:47:04:a8:54:ca:80:97:c1:34:18:86:03:e9:4f:11:
         8f:b2:08:b4:db:26:6c:30:3a:97:8e:86:a3:54:05:cb:2c:03:
         4a:a9:a6:3d:07:96:2d:f7:41:2e:58:dc:37:0e:73:a7:30:00:
         89:fa:4b:65:0f:70:d9:ff:d9:79:d2:55:0e:2a:e3:4b:6a:38:
         28:0a:42:2f:e5:3c:73:06:20:49:ea:3d:cb:ec:58:b2:7a:4c:
         36:42:38:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI30oecPEzFZG+hzwOlmr8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE2YjY4OWRkZWY1OGYwYTMzODNlMmVmNWFhM2EyN2M0ZmU0
NTMxOGUwHhcNMjQwMTAyMDYzMjA1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTgwMjZhNTZmMzIyYmM1MTJkZjA4N2Y2YzIxNjI5M2RjNzY3MjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmk9SIhMrEJauqqGRCQaYiM4VW76p
e+QAr9NYr+7LwpNLZTdd4rsk80XTrxJAJuSp4G+8+a35DEoDFWILRpU9jCZhRLDK
SUzZ6F6cnJHb4t1euEIbb7aTs7YTgEAfoiVu7WcCoLICge77nm/HaImqwhNIyr2c
in4wKSIxjstV3r/A80ka9wzoGt5pH+OXB7bTIQHd12kAI2cdVjp7y8In7eHUTbr4
nl1v2ci4EWtK3zf+CPWCRcb4lghsfV57dlIvU1aQ6qFkvUp/nDKK1eZp33kTmA2I
YKo1fo0i4mdjtYu5LRZOhOyoyB6C3sgKhbIxtlxo1jxAycc7LxO9rot1LQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmAJqVvMivFEt8If2whYpPcdnJFMB8GA1UdIwQY
MBaAFKa2id3vWPCjOD4u9ao6J8T+RTGOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcHJhSjNlOVk4S000UGk3MXFqb254UDVGTVk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC84ZmVmN2YtZDAxMS00Y2RiLWFjMGEt
MzE3MDBmMGUxYTYxLzEvZVlBbXBXOHlLOFVTM3doX2JDRmlrOXgyY2tVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC84ZmVmN2YtZDAxMS00Y2RiLWFjMGEtMzE3MDBmMGUxYTYx
LzEvcHJhSjNlOVk4S000UGk3MXFqb254UDVGTVk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW8JSMA0G
CSqGSIb3DQEBCwUAA4IBAQCG0Z34bcc7qpNdyKMo4w77FrCoS/X9vRIXffoUh9c5
LT6r0Oahlt7jcsIFdzBsCDmTGYvkGLKLizRQw67Ty+xd84EnNY7n3bIOZXFRBoyp
tSjQFDCJAaytsLLAr67/oZXc2SgRwuVHiZt1i8rZafIao0ClKLd4dSteSaWCMBrB
lJ9/RugmvsHplTaP1buw/lzlVqH/s3ueHMhm3pgLbcap6yLry45HBKhUyoCXwTQY
hgPpTxGPsgi02yZsMDqXjoajVAXLLANKqaY9B5Yt90EuWNw3DnOnMACJ+ktlD3DZ
/9l50lUOKuNLajgoCkIv5TxzBiBJ6j3L7Fiyekw2QjiN
-----END CERTIFICATE-----