Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/e3c971-5324-4134-bead-597c43598577/1/EBHjm8uQ-LmD4evvwOZ6E0JwNQA.roa
File:                     EBHjm8uQ-LmD4evvwOZ6E0JwNQA.roa (raw, json)
Hash identifier:          Tk02eWTtsJNpE3RvUJnaO0ovgb/O/tJmPY6vH9oMVtQ=
Subject key identifier:   10:11:E3:9B:CB:90:F8:B9:83:E1:EB:EF:C0:E6:7A:13:42:70:35:00
Certificate issuer:       /CN=bf1f6cd6fab95d241cd9ac5f85f4d05f9de58f9b
Certificate serial:       0194214455B2DC2F870CDCBD01CD5638222B
Authority key identifier: BF:1F:6C:D6:FA:B9:5D:24:1C:D9:AC:5F:85:F4:D0:5F:9D:E5:8F:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vx9s1vq5XSQc2axfhfTQX53lj5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/e3c971-5324-4134-bead-597c43598577/1/EBHjm8uQ-LmD4evvwOZ6E0JwNQA.roa
Signing time:             Wed 01 Jan 2025 09:48:33 +0000
ROA not before:           Wed 01 Jan 2025 09:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213172
IP address blocks:        91.217.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/e3c971-5324-4134-bead-597c43598577/1/vx9s1vq5XSQc2axfhfTQX53lj5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/e3c971-5324-4134-bead-597c43598577/1/vx9s1vq5XSQc2axfhfTQX53lj5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vx9s1vq5XSQc2axfhfTQX53lj5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:55:b2:dc:2f:87:0c:dc:bd:01:cd:56:38:22:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf1f6cd6fab95d241cd9ac5f85f4d05f9de58f9b
        Validity
            Not Before: Jan  1 09:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1011e39bcb90f8b983e1ebefc0e67a1342703500
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:08:5b:43:4a:ab:8a:9b:9e:41:59:5b:08:62:
                    78:64:1c:bd:25:a2:d5:7b:af:a9:05:e6:14:1d:00:
                    d1:61:b5:83:fc:e9:cc:e6:68:7b:60:8f:dd:2b:f3:
                    54:c5:e1:db:fd:d2:99:59:74:ee:fd:cc:65:c2:3c:
                    ce:91:ed:f3:35:44:37:3e:a5:70:12:e5:e8:0d:a4:
                    3b:72:7f:57:0f:ad:ab:84:65:37:92:c5:7f:30:0d:
                    11:b3:e9:e3:95:2b:4d:25:d1:8c:9d:9d:35:0d:3d:
                    bb:67:77:de:cc:e3:4e:35:dc:11:45:3e:06:db:6e:
                    70:e6:ff:77:64:1e:f7:8d:34:fa:ed:8a:bb:03:ee:
                    26:c0:94:8c:2a:2a:e7:09:b7:f1:39:06:ec:a3:cd:
                    d3:aa:44:8c:03:de:47:23:f0:d9:10:ca:67:b2:03:
                    4f:24:82:f5:f3:fd:6b:5b:8d:09:93:a2:60:54:68:
                    a4:f5:e2:0d:46:7b:17:4e:fe:6f:84:ba:31:70:62:
                    3a:fa:07:5f:7a:c9:dd:de:c5:03:15:2a:ae:96:4e:
                    6a:8a:e5:a9:6f:17:e8:cc:79:66:d6:23:6c:1d:85:
                    54:b0:66:5e:98:dd:f5:9a:55:63:78:0c:4f:c1:7f:
                    d2:fc:11:e0:55:52:b4:c0:11:72:bf:99:d1:40:f8:
                    cd:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:11:E3:9B:CB:90:F8:B9:83:E1:EB:EF:C0:E6:7A:13:42:70:35:00
            X509v3 Authority Key Identifier:
                keyid:BF:1F:6C:D6:FA:B9:5D:24:1C:D9:AC:5F:85:F4:D0:5F:9D:E5:8F:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vx9s1vq5XSQc2axfhfTQX53lj5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e3c971-5324-4134-bead-597c43598577/1/EBHjm8uQ-LmD4evvwOZ6E0JwNQA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/e3c971-5324-4134-bead-597c43598577/1/vx9s1vq5XSQc2axfhfTQX53lj5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.217.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         14:3e:2c:d8:73:3f:63:96:25:93:cd:a2:9c:75:93:40:df:58:
         84:f9:4f:f2:48:89:55:41:82:13:5c:28:cf:d8:27:54:5d:30:
         1e:31:a7:7f:6e:e6:02:72:f3:9d:c4:50:d7:5e:a2:f7:50:12:
         b0:fa:af:0e:74:da:3c:a4:69:67:e0:ac:77:2d:ac:14:ba:00:
         a6:32:09:3a:20:c1:1a:c1:93:11:a5:40:4e:1b:a5:61:f4:a8:
         9d:f1:b3:bd:be:ef:b7:85:7e:39:2c:32:06:f6:7a:f4:f8:0a:
         99:40:9d:57:85:df:6f:4d:0f:46:de:0b:e4:7b:22:9c:58:91:
         1e:b2:43:33:2b:cb:91:a7:8e:fd:86:b8:83:c5:17:9e:5b:34:
         1c:59:81:6d:e1:5d:2c:eb:f6:86:22:f7:06:a8:45:3a:6b:ef:
         0b:43:c3:df:6e:35:6d:1d:ea:e9:27:8e:8a:c4:0a:22:b9:44:
         ff:fb:86:df:d5:8c:12:fb:4c:b9:b3:04:9b:ef:de:15:08:20:
         1f:ce:e3:99:34:0b:cd:d4:ee:23:52:d2:08:7f:f3:ac:13:41:
         34:cf:f7:3d:da:72:1b:25:d6:51:6f:0f:08:b6:d5:e2:6b:55:
         3c:7e:ec:52:c7:05:06:41:46:af:68:4a:5f:4b:88:85:a8:b4:
         e9:f5:da:9c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRFWy3C+HDNy9Ac1WOCIrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmMWY2Y2Q2ZmFiOTVkMjQxY2Q5YWM1Zjg1ZjRkMDVmOWRl
NThmOWIwHhcNMjUwMTAxMDk0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDExZTM5YmNiOTBmOGI5ODNlMWViZWZjMGU2N2ExMzQyNzAzNTAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0AhbQ0qripueQVlbCGJ4ZBy9JaLV
e6+pBeYUHQDRYbWD/OnM5mh7YI/dK/NUxeHb/dKZWXTu/cxlwjzOke3zNUQ3PqVw
EuXoDaQ7cn9XD62rhGU3ksV/MA0Rs+njlStNJdGMnZ01DT27Z3fezONONdwRRT4G
225w5v93ZB73jTT67Yq7A+4mwJSMKirnCbfxOQbso83TqkSMA95HI/DZEMpnsgNP
JIL18/1rW40Jk6JgVGik9eINRnsXTv5vhLoxcGI6+gdfesnd3sUDFSqulk5qiuWp
bxfozHlm1iNsHYVUsGZemN31mlVjeAxPwX/S/BHgVVK0wBFyv5nRQPjNiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBAR45vLkPi5g+Hr78DmehNCcDUAMB8GA1UdIwQY
MBaAFL8fbNb6uV0kHNmsX4X00F+d5Y+bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdng5czF2cTVYU1FjMmF4ZmhmVFFYNTNsajVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9lM2M5NzEtNTMyNC00MTM0LWJlYWQt
NTk3YzQzNTk4NTc3LzEvRUJIam04dVEtTG1ENGV2dndPWjZFMEp3TlFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9lM2M5NzEtNTMyNC00MTM0LWJlYWQtNTk3YzQzNTk4NTc3
LzEvdng5czF2cTVYU1FjMmF4ZmhmVFFYNTNsajVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9nwMA0G
CSqGSIb3DQEBCwUAA4IBAQAUPizYcz9jliWTzaKcdZNA31iE+U/ySIlVQYITXCjP
2CdUXTAeMad/buYCcvOdxFDXXqL3UBKw+q8OdNo8pGln4Kx3LawUugCmMgk6IMEa
wZMRpUBOG6Vh9Kid8bO9vu+3hX45LDIG9nr0+AqZQJ1Xhd9vTQ9G3gvkeyKcWJEe
skMzK8uRp479hriDxReeWzQcWYFt4V0s6/aGIvcGqEU6a+8LQ8PfbjVtHerpJ46K
xAoiuUT/+4bf1YwS+0y5swSb794VCCAfzuOZNAvN1O4jUtIIf/OsE0E0z/c92nIb
JdZRbw8IttXia1U8fuxSxwUGQUavaEpfS4iFqLTp9dqc
-----END CERTIFICATE-----