Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/eEl_1mYwR1yVr3DQHR2RLiYRLJI.roa
File:                     eEl_1mYwR1yVr3DQHR2RLiYRLJI.roa (raw, json)
Hash identifier:          Itrvz//iN3iI/25rSpHB5Y6mBOTyW44S5q4oupqsuCA=
Subject key identifier:   78:49:7F:D6:66:30:47:5C:95:AF:70:D0:1D:1D:91:2E:26:11:2C:92
Certificate issuer:       /CN=291d83c3f4b877cf7d084cb530c4a9e36fcf7ad0
Certificate serial:       018CC5001D37B5DA37DACDA37903610B83F7
Authority key identifier: 29:1D:83:C3:F4:B8:77:CF:7D:08:4C:B5:30:C4:A9:E3:6F:CF:7A:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KR2Dw_S4d899CEy1MMSp42_PetA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/eEl_1mYwR1yVr3DQHR2RLiYRLJI.roa
Signing time:             Mon 01 Jan 2024 12:29:28 +0000
ROA not before:           Mon 01 Jan 2024 12:29:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     30367
IP address blocks:        91.213.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/KR2Dw_S4d899CEy1MMSp42_PetA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/KR2Dw_S4d899CEy1MMSp42_PetA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KR2Dw_S4d899CEy1MMSp42_PetA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 09:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:1d:37:b5:da:37:da:cd:a3:79:03:61:0b:83:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=291d83c3f4b877cf7d084cb530c4a9e36fcf7ad0
        Validity
            Not Before: Jan  1 12:29:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=78497fd66630475c95af70d01d1d912e26112c92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:d2:ff:87:36:89:2e:b0:e3:7a:12:f2:cb:70:
                    47:c6:cd:03:ad:a1:dd:4f:2c:dd:84:af:7e:6d:8b:
                    c5:87:d3:35:54:53:98:dc:66:bc:ad:1e:b8:6e:6f:
                    e4:ce:eb:9a:7a:9e:93:48:f7:f8:44:61:3a:e3:38:
                    7c:6d:c5:44:fd:e9:c5:44:82:4e:86:b3:29:11:75:
                    88:d8:d0:1e:08:05:b2:32:33:bd:c6:be:8f:c8:6b:
                    de:71:a3:7c:9e:b4:97:a0:81:c6:a1:71:0a:5f:ed:
                    60:75:e1:3a:b3:cd:44:b8:b2:98:46:37:1e:e9:16:
                    b5:6b:11:b1:80:84:04:09:24:61:e4:63:92:7b:a8:
                    24:a5:d3:7d:25:44:28:cb:e1:83:57:cb:eb:02:f0:
                    1d:df:3d:82:6f:b8:10:44:9d:1b:23:d3:c0:e6:fa:
                    89:e6:63:34:ad:ce:4f:5e:cf:c5:57:f8:23:e7:5f:
                    34:11:4e:ff:51:3e:66:d2:ee:23:48:94:41:66:15:
                    63:87:b8:7a:4f:a8:ae:30:1b:37:7f:71:c9:94:42:
                    48:bb:5b:f6:05:88:8e:2c:52:51:6a:e9:fc:87:bf:
                    03:7f:f1:39:63:7c:62:56:47:e2:f0:95:9b:88:85:
                    a7:41:d6:8e:a3:83:f0:62:3e:71:75:44:bc:c9:0a:
                    4a:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:49:7F:D6:66:30:47:5C:95:AF:70:D0:1D:1D:91:2E:26:11:2C:92
            X509v3 Authority Key Identifier:
                keyid:29:1D:83:C3:F4:B8:77:CF:7D:08:4C:B5:30:C4:A9:E3:6F:CF:7A:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KR2Dw_S4d899CEy1MMSp42_PetA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/eEl_1mYwR1yVr3DQHR2RLiYRLJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9e/594569-6f18-460a-a196-ffcd477349fc/1/KR2Dw_S4d899CEy1MMSp42_PetA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4e:f9:fb:19:73:d7:71:ec:84:3b:62:2e:8f:91:71:9a:19:ae:
         db:06:60:33:75:19:d4:56:d3:37:73:8d:7f:9c:a3:99:8d:a5:
         f1:ee:c8:0e:df:fb:90:be:2c:03:68:e4:35:76:20:1b:e8:08:
         84:5e:3c:5e:73:00:a6:72:4c:20:c8:4f:2f:0a:1b:3a:9c:d1:
         6d:fe:32:e5:51:e5:7d:7f:75:69:02:d0:be:9d:a0:bc:8b:24:
         5e:35:27:15:03:73:83:d1:7d:b0:59:f5:06:4c:1d:d1:95:a4:
         d3:5d:5c:4f:a4:6e:69:a6:aa:37:07:f2:0b:bd:ed:59:d1:0c:
         01:a6:60:99:49:48:79:e7:be:74:69:bc:43:7b:7e:3c:35:97:
         19:2e:07:bc:e9:6e:b1:2e:5a:45:d0:0d:fd:25:9c:df:65:ad:
         03:4e:4f:d9:01:7b:30:92:45:8c:a2:6e:4c:cc:d5:a9:92:df:
         02:be:a5:8e:36:f3:ac:d8:2e:36:ef:0c:84:cb:b5:66:eb:5f:
         2a:cf:37:d1:62:f8:3e:36:31:50:ee:8f:96:bf:41:12:cc:0e:
         e7:69:e1:bd:d7:8b:47:52:98:53:45:74:43:5f:d7:f3:f8:62:
         c5:63:37:1a:cc:bd:07:ac:52:8f:7d:c0:38:60:72:bc:93:6b:
         5d:35:e1:96
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFAB03tdo32s2jeQNhC4P3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5MWQ4M2MzZjRiODc3Y2Y3ZDA4NGNiNTMwYzRhOWUzNmZj
ZjdhZDAwHhcNMjQwMTAxMTIyOTI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODQ5N2ZkNjY2MzA0NzVjOTVhZjcwZDAxZDFkOTEyZTI2MTEyYzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmtL/hzaJLrDjehLyy3BHxs0DraHd
TyzdhK9+bYvFh9M1VFOY3Ga8rR64bm/kzuuaep6TSPf4RGE64zh8bcVE/enFRIJO
hrMpEXWI2NAeCAWyMjO9xr6PyGvecaN8nrSXoIHGoXEKX+1gdeE6s81EuLKYRjce
6Ra1axGxgIQECSRh5GOSe6gkpdN9JUQoy+GDV8vrAvAd3z2Cb7gQRJ0bI9PA5vqJ
5mM0rc5PXs/FV/gj5180EU7/UT5m0u4jSJRBZhVjh7h6T6iuMBs3f3HJlEJIu1v2
BYiOLFJRaun8h78Df/E5Y3xiVkfi8JWbiIWnQdaOo4PwYj5xdUS8yQpKcQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhJf9ZmMEdcla9w0B0dkS4mESySMB8GA1UdIwQY
MBaAFCkdg8P0uHfPfQhMtTDEqeNvz3rQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1IyRHdfUzRkODk5Q0V5MU1NU3A0Ml9QZXRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZS81OTQ1NjktNmYxOC00NjBhLWExOTYt
ZmZjZDQ3NzM0OWZjLzEvZUVsXzFtWXdSMXlWcjNEUUhSMlJMaVlSTEpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZS81OTQ1NjktNmYxOC00NjBhLWExOTYtZmZjZDQ3NzM0OWZj
LzEvS1IyRHdfUzRkODk5Q0V5MU1NU3A0Ml9QZXRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9UDMA0G
CSqGSIb3DQEBCwUAA4IBAQBO+fsZc9dx7IQ7Yi6PkXGaGa7bBmAzdRnUVtM3c41/
nKOZjaXx7sgO3/uQviwDaOQ1diAb6AiEXjxecwCmckwgyE8vChs6nNFt/jLlUeV9
f3VpAtC+naC8iyReNScVA3OD0X2wWfUGTB3RlaTTXVxPpG5ppqo3B/ILve1Z0QwB
pmCZSUh55750abxDe348NZcZLge86W6xLlpF0A39JZzfZa0DTk/ZAXswkkWMom5M
zNWpkt8CvqWONvOs2C427wyEy7Vm618qzzfRYvg+NjFQ7o+Wv0ESzA7naeG914tH
UphTRXRDX9fz+GLFYzcazL0HrFKPfcA4YHK8k2tdNeGW
-----END CERTIFICATE-----