Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/0aeda7-6d3a-418e-96d5-1ca2d55e2061/1/EBtBV7UrwVXmkyvzxS0z9vQfx0A.roa
File:                     EBtBV7UrwVXmkyvzxS0z9vQfx0A.roa (raw, json)
Hash identifier:          FkwHMiiwul2LJpS4PfQ3qpF7K64HbhtoogwVA485q3Y=
Subject key identifier:   10:1B:41:57:B5:2B:C1:55:E6:93:2B:F3:C5:2D:33:F6:F4:1F:C7:40
Certificate issuer:       /CN=d4459dd6f7ccecfebeb434fc08db8e22d4569c23
Certificate serial:       018E507CE0E0FCD3D15F0C63F5D7B64F6624
Authority key identifier: D4:45:9D:D6:F7:CC:EC:FE:BE:B4:34:FC:08:DB:8E:22:D4:56:9C:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1EWd1vfM7P6-tDT8CNuOItRWnCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/0aeda7-6d3a-418e-96d5-1ca2d55e2061/1/EBtBV7UrwVXmkyvzxS0z9vQfx0A.roa
Signing time:             Mon 18 Mar 2024 07:35:45 +0000
ROA not before:           Mon 18 Mar 2024 07:35:45 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64267
IP address blocks:        91.223.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/0aeda7-6d3a-418e-96d5-1ca2d55e2061/1/1EWd1vfM7P6-tDT8CNuOItRWnCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/0aeda7-6d3a-418e-96d5-1ca2d55e2061/1/1EWd1vfM7P6-tDT8CNuOItRWnCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1EWd1vfM7P6-tDT8CNuOItRWnCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 17 May 2024 23:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:50:7c:e0:e0:fc:d3:d1:5f:0c:63:f5:d7:b6:4f:66:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d4459dd6f7ccecfebeb434fc08db8e22d4569c23
        Validity
            Not Before: Mar 18 07:35:45 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=101b4157b52bc155e6932bf3c52d33f6f41fc740
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:10:d1:ae:29:20:9c:81:5e:a0:7f:d0:b5:53:
                    43:85:e7:ee:d9:75:08:f9:52:06:d6:9e:38:7c:95:
                    08:4c:18:47:ad:75:0f:d7:3b:56:f1:8b:e2:06:ee:
                    f2:ab:61:0c:55:72:93:90:86:d1:de:87:46:50:5b:
                    2d:63:fa:59:f6:a1:be:25:d8:26:9a:1d:88:2c:c7:
                    e8:3e:15:5a:02:c2:82:60:3f:1e:6b:e1:2f:d4:0b:
                    c9:82:7f:25:68:39:9e:18:77:ac:da:b3:b6:6f:5c:
                    b2:65:87:8d:c2:eb:29:87:7b:73:29:7b:c6:c2:a8:
                    2e:53:56:ca:74:e7:8e:9a:ac:ce:27:aa:dc:23:ad:
                    8d:11:45:27:f8:3b:92:e0:db:8c:83:b4:42:41:65:
                    e6:8c:54:4e:af:41:30:36:cf:e3:ec:ce:be:b9:b9:
                    42:e6:0a:92:d2:93:1c:9d:d9:a9:3f:e8:d5:c2:ec:
                    54:01:6a:7a:1a:51:92:49:37:22:21:85:34:42:fb:
                    55:38:b7:d7:28:02:33:df:55:15:ff:18:f4:51:b9:
                    eb:40:77:67:38:3f:a2:4b:24:1c:9d:e9:6e:54:cf:
                    96:46:53:25:b8:7b:12:48:05:e5:4c:cf:c1:82:0d:
                    e9:d4:12:95:6b:a1:fe:5b:1e:7b:87:ae:30:35:d3:
                    78:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:1B:41:57:B5:2B:C1:55:E6:93:2B:F3:C5:2D:33:F6:F4:1F:C7:40
            X509v3 Authority Key Identifier:
                keyid:D4:45:9D:D6:F7:CC:EC:FE:BE:B4:34:FC:08:DB:8E:22:D4:56:9C:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1EWd1vfM7P6-tDT8CNuOItRWnCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/0aeda7-6d3a-418e-96d5-1ca2d55e2061/1/EBtBV7UrwVXmkyvzxS0z9vQfx0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/0aeda7-6d3a-418e-96d5-1ca2d55e2061/1/1EWd1vfM7P6-tDT8CNuOItRWnCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:63:02:a4:b7:08:36:cd:e2:15:ff:67:86:4d:d9:41:b7:23:
         df:dd:2c:09:52:13:b8:bf:4b:ee:e7:64:33:9a:d6:44:c3:30:
         2d:b6:47:fc:cb:1a:53:16:c1:80:7a:c2:12:ee:bb:e3:f7:ce:
         24:59:93:bd:dc:6a:d0:48:af:ea:84:d6:c0:8b:8c:e0:9d:ea:
         e6:07:43:3b:32:00:40:fc:67:6b:5c:f3:de:84:9f:d4:6b:fd:
         43:ba:f2:f3:99:f6:ef:43:ec:e9:5b:48:4d:d6:66:12:ec:d5:
         4f:9f:d2:f3:72:36:a8:bb:cb:0f:ea:b8:c0:92:8e:ad:20:70:
         a6:9a:b3:cf:33:4e:f3:f5:0f:6e:02:39:25:93:e5:54:38:79:
         9a:d2:0b:4d:50:c1:e3:3e:91:8f:3d:4e:97:10:b1:1e:e5:9d:
         3a:88:51:b7:9d:16:d9:fd:40:2d:65:ba:bf:d8:1a:c7:ae:e6:
         1d:a7:f3:c6:2a:e3:3c:fd:8c:a7:ed:1d:44:cb:2e:b4:f5:ca:
         01:bc:db:54:c5:2a:2a:78:5d:26:5f:64:64:91:d9:d4:5d:36:
         a3:dd:a9:62:0b:fc:ee:ef:4f:48:8f:a6:90:93:f8:5e:de:8c:
         dc:96:92:4d:f6:31:4f:7f:8c:86:38:86:a8:f2:af:d5:17:bf:
         8a:3b:6f:38
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY5QfODg/NPRXwxj9de2T2YkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0NDU5ZGQ2ZjdjY2VjZmViZWI0MzRmYzA4ZGI4ZTIyZDQ1
NjljMjMwHhcNMjQwMzE4MDczNTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDFiNDE1N2I1MmJjMTU1ZTY5MzJiZjNjNTJkMzNmNmY0MWZjNzQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5hDRrikgnIFeoH/QtVNDhefu2XUI
+VIG1p44fJUITBhHrXUP1ztW8YviBu7yq2EMVXKTkIbR3odGUFstY/pZ9qG+Jdgm
mh2ILMfoPhVaAsKCYD8ea+Ev1AvJgn8laDmeGHes2rO2b1yyZYeNwusph3tzKXvG
wqguU1bKdOeOmqzOJ6rcI62NEUUn+DuS4NuMg7RCQWXmjFROr0EwNs/j7M6+ublC
5gqS0pMcndmpP+jVwuxUAWp6GlGSSTciIYU0QvtVOLfXKAIz31UV/xj0UbnrQHdn
OD+iSyQcneluVM+WRlMluHsSSAXlTM/Bgg3p1BKVa6H+Wx57h64wNdN4ewIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBAbQVe1K8FV5pMr88UtM/b0H8dAMB8GA1UdIwQY
MBaAFNRFndb3zOz+vrQ0/AjbjiLUVpwjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUVXZDF2Zk03UDYtdERUOENOdU9JdFJXbkNNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS8wYWVkYTctNmQzYS00MThlLTk2ZDUt
MWNhMmQ1NWUyMDYxLzEvRUJ0QlY3VXJ3Vlhta3l2enhTMHo5dlFmeDBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS8wYWVkYTctNmQzYS00MThlLTk2ZDUtMWNhMmQ1NWUyMDYx
LzEvMUVXZDF2Zk03UDYtdERUOENOdU9JdFJXbkNNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW99DMA0G
CSqGSIb3DQEBCwUAA4IBAQAMYwKktwg2zeIV/2eGTdlBtyPf3SwJUhO4v0vu52Qz
mtZEwzAttkf8yxpTFsGAesIS7rvj984kWZO93GrQSK/qhNbAi4zgnermB0M7MgBA
/GdrXPPehJ/Ua/1DuvLzmfbvQ+zpW0hN1mYS7NVPn9Lzcjaou8sP6rjAko6tIHCm
mrPPM07z9Q9uAjklk+VUOHma0gtNUMHjPpGPPU6XELEe5Z06iFG3nRbZ/UAtZbq/
2BrHruYdp/PGKuM8/Yyn7R1Eyy609coBvNtUxSoqeF0mX2RkkdnUXTaj3aliC/zu
709Ij6aQk/he3ozclpJN9jFPf4yGOIao8q/VF7+KO284
-----END CERTIFICATE-----