Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/n2eIoVwNpTNiDxkFyD55jczqX_c.roa
File:                     n2eIoVwNpTNiDxkFyD55jczqX_c.roa (raw, json)
Hash identifier:          HSd5oXAxQy8HzobW0Lx3a47aN+kCW3C8riaAZZsUSfI=
Subject key identifier:   9F:67:88:A1:5C:0D:A5:33:62:0F:19:05:C8:3E:79:8D:CC:EA:5F:F7
Certificate issuer:       /CN=e316318247d211841f9620a9a1130010ddb486f2
Certificate serial:       018EE876D5FC1859A4688457D3EBF834EFDD
Authority key identifier: E3:16:31:82:47:D2:11:84:1F:96:20:A9:A1:13:00:10:DD:B4:86:F2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4xYxgkfSEYQfliCpoRMAEN20hvI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/n2eIoVwNpTNiDxkFyD55jczqX_c.roa
Signing time:             Tue 16 Apr 2024 19:51:25 +0000
ROA not before:           Tue 16 Apr 2024 19:51:25 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        91.232.103.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/4xYxgkfSEYQfliCpoRMAEN20hvI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/4xYxgkfSEYQfliCpoRMAEN20hvI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4xYxgkfSEYQfliCpoRMAEN20hvI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 26 Apr 2024 10:00:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:e8:76:d5:fc:18:59:a4:68:84:57:d3:eb:f8:34:ef:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e316318247d211841f9620a9a1130010ddb486f2
        Validity
            Not Before: Apr 16 19:51:25 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=9f6788a15c0da533620f1905c83e798dccea5ff7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:2f:2b:ba:f2:ee:07:94:f2:f3:0e:91:d6:69:
                    3d:8e:20:70:88:53:59:f3:72:c8:56:94:8b:18:42:
                    54:9f:7b:f7:74:45:6f:22:23:4f:5a:78:19:fc:f1:
                    fd:6a:ec:06:b1:34:86:61:0f:b9:b0:c5:dc:48:ac:
                    a0:7a:32:a2:42:09:83:94:13:0d:7b:5d:e9:e3:a3:
                    8e:87:52:90:bc:ed:70:44:6a:d8:15:d0:74:69:61:
                    d5:f8:60:77:1d:88:a7:3e:0e:2f:c7:6c:88:41:99:
                    84:76:6b:fb:57:90:31:ba:f9:15:da:4e:65:c2:76:
                    d4:13:f7:e4:d1:dd:40:64:69:a3:0c:a0:92:cf:60:
                    7a:0e:3c:68:73:ba:8c:17:3c:26:6a:f6:73:ca:74:
                    f2:d0:5a:c7:53:ee:49:95:a7:ae:41:69:f2:15:aa:
                    7e:0b:06:e4:af:68:43:8f:5c:d3:5f:ee:a1:af:df:
                    42:6f:8a:1c:aa:df:ca:95:51:05:33:42:82:cb:88:
                    38:47:2b:da:fb:7a:8c:47:f1:11:58:b8:fa:f1:2e:
                    b5:94:96:03:f7:c6:a7:f3:8e:45:9c:0f:20:49:64:
                    85:57:1c:9f:e6:15:25:29:26:54:e7:aa:d9:b7:61:
                    ad:fe:d7:fe:b4:9f:47:c4:b9:39:79:4e:e6:c8:9c:
                    80:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:67:88:A1:5C:0D:A5:33:62:0F:19:05:C8:3E:79:8D:CC:EA:5F:F7
            X509v3 Authority Key Identifier:
                keyid:E3:16:31:82:47:D2:11:84:1F:96:20:A9:A1:13:00:10:DD:B4:86:F2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4xYxgkfSEYQfliCpoRMAEN20hvI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/n2eIoVwNpTNiDxkFyD55jczqX_c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/ee42bb-1e49-4c21-a4d6-ec287e1d37e5/1/4xYxgkfSEYQfliCpoRMAEN20hvI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.232.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         06:45:a5:71:6f:79:59:57:c4:bb:c5:e6:00:80:c3:eb:a5:8b:
         cd:c3:84:8f:ac:4c:56:c4:46:61:bb:a1:76:26:bd:3a:be:d5:
         a7:fa:2b:bb:85:66:a1:4f:c4:9d:9f:32:13:2e:8e:ce:60:ee:
         ec:7e:24:e4:19:b3:1b:7b:71:77:73:64:da:12:94:a7:c8:63:
         cf:38:81:86:0b:aa:97:f8:cf:57:dd:7b:17:09:52:54:b2:21:
         63:78:4d:68:86:c3:dc:27:63:ba:1e:b5:1c:45:0a:18:f6:23:
         32:8e:51:d2:e2:7e:30:be:88:c7:fa:de:c6:aa:31:b0:2d:b6:
         32:7d:41:67:39:ac:26:f2:1c:57:b2:62:4c:26:36:b0:fe:c7:
         95:46:9e:1d:b7:7f:5f:55:94:d2:e3:c7:ea:78:68:21:17:4b:
         d2:c2:d2:04:ca:03:c2:d0:dc:98:05:fd:00:f4:df:6a:ac:9a:
         a8:e2:22:e9:e8:2a:93:e2:c4:79:31:8e:b9:88:62:22:36:8d:
         9a:ce:24:52:2e:ce:49:16:84:ce:8e:9c:a1:a8:c8:01:9f:2e:
         9a:d1:6f:b6:52:17:ec:0b:62:f0:3c:8c:5e:71:4d:0b:c7:54:
         89:19:da:21:d5:4a:5b:b8:f1:e7:fc:17:f5:9f:22:98:ba:52:
         83:53:45:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY7odtX8GFmkaIRX0+v4NO/dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMTYzMTgyNDdkMjExODQxZjk2MjBhOWExMTMwMDEwZGRi
NDg2ZjIwHhcNMjQwNDE2MTk1MTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZjY3ODhhMTVjMGRhNTMzNjIwZjE5MDVjODNlNzk4ZGNjZWE1ZmY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgS8ruvLuB5Ty8w6R1mk9jiBwiFNZ
83LIVpSLGEJUn3v3dEVvIiNPWngZ/PH9auwGsTSGYQ+5sMXcSKygejKiQgmDlBMN
e13p46OOh1KQvO1wRGrYFdB0aWHV+GB3HYinPg4vx2yIQZmEdmv7V5AxuvkV2k5l
wnbUE/fk0d1AZGmjDKCSz2B6Djxoc7qMFzwmavZzynTy0FrHU+5JlaeuQWnyFap+
Cwbkr2hDj1zTX+6hr99Cb4ocqt/KlVEFM0KCy4g4Ryva+3qMR/ERWLj68S61lJYD
98an845FnA8gSWSFVxyf5hUlKSZU56rZt2Gt/tf+tJ9HxLk5eU7myJyA1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ9niKFcDaUzYg8ZBcg+eY3M6l/3MB8GA1UdIwQY
MBaAFOMWMYJH0hGEH5YgqaETABDdtIbyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHhZeGdrZlNFWVFmbGlDcG9STUFFTjIwaHZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS9lZTQyYmItMWU0OS00YzIxLWE0ZDYt
ZWMyODdlMWQzN2U1LzEvbjJlSW9Wd05wVE5pRHhrRnlENTVqY3pxWF9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS9lZTQyYmItMWU0OS00YzIxLWE0ZDYtZWMyODdlMWQzN2U1
LzEvNHhZeGdrZlNFWVFmbGlDcG9STUFFTjIwaHZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+hnMA0G
CSqGSIb3DQEBCwUAA4IBAQAGRaVxb3lZV8S7xeYAgMPrpYvNw4SPrExWxEZhu6F2
Jr06vtWn+iu7hWahT8SdnzITLo7OYO7sfiTkGbMbe3F3c2TaEpSnyGPPOIGGC6qX
+M9X3XsXCVJUsiFjeE1ohsPcJ2O6HrUcRQoY9iMyjlHS4n4wvojH+t7GqjGwLbYy
fUFnOawm8hxXsmJMJjaw/seVRp4dt39fVZTS48fqeGghF0vSwtIEygPC0NyYBf0A
9N9qrJqo4iLp6CqT4sR5MY65iGIiNo2aziRSLs5JFoTOjpyhqMgBny6a0W+2Uhfs
C2LwPIxecU0Lx1SJGdoh1UpbuPHn/Bf1nyKYulKDU0Wb
-----END CERTIFICATE-----