Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/EEtb4TiNqzBjwQIPlNW_KOcQ-Jo.roa
File:                     EEtb4TiNqzBjwQIPlNW_KOcQ-Jo.roa (raw, json)
Hash identifier:          M0luZGShB2ax1sxRo/QssU8MfAYnldY3AvWtzEVrH18=
Subject key identifier:   10:4B:5B:E1:38:8D:AB:30:63:C1:02:0F:94:D5:BF:28:E7:10:F8:9A
Certificate issuer:       /CN=c2778de2a9be9802120382e750d159e95872c2ae
Certificate serial:       01932AD8791E1BEBE71C0EC58D2D05F9337C
Authority key identifier: C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/EEtb4TiNqzBjwQIPlNW_KOcQ-Jo.roa
Signing time:             Thu 14 Nov 2024 13:24:09 +0000
ROA not before:           Thu 14 Nov 2024 13:24:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     0
IP address blocks:        91.186.216.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 16:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2a:d8:79:1e:1b:eb:e7:1c:0e:c5:8d:2d:05:f9:33:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c2778de2a9be9802120382e750d159e95872c2ae
        Validity
            Not Before: Nov 14 13:24:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=104b5be1388dab3063c1020f94d5bf28e710f89a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:64:90:19:b7:5d:bf:10:8b:9f:da:cf:ee:18:
                    17:f6:a0:71:1d:56:f2:2e:ed:72:fc:94:65:f4:73:
                    e6:70:7a:61:d1:1a:5a:dc:13:03:e3:8b:ff:20:b3:
                    5f:3e:b8:89:cd:49:fa:40:82:5f:62:ac:a6:2f:43:
                    3a:bb:e6:0c:e7:38:47:56:f0:4a:d1:0e:41:b2:2b:
                    89:ad:b8:36:aa:bf:bd:89:e3:ce:d5:4c:1e:b6:8e:
                    f9:7c:8e:91:c0:6c:96:a9:93:ec:e0:b4:5d:67:1a:
                    b4:68:41:20:5f:ea:9c:11:b5:9e:36:55:24:b4:2b:
                    23:c8:1e:ea:33:b5:25:59:1e:e0:32:67:84:7f:bc:
                    b2:27:c2:67:14:bd:da:98:3c:f2:00:1a:9d:f7:c5:
                    f8:34:6d:76:b5:34:89:b9:64:2b:85:0e:d1:59:f6:
                    29:5b:d2:58:b9:7a:1a:61:3b:82:8b:43:08:09:8d:
                    5c:b2:86:ae:96:05:59:45:84:ba:e0:4f:ef:74:e9:
                    de:c2:00:9b:df:0a:c1:65:32:69:2e:09:3e:4a:6d:
                    f1:cd:86:89:12:e0:db:67:18:8f:63:3d:ad:90:f9:
                    3c:1a:4d:da:e9:23:c7:8d:2c:5b:18:d8:b4:8b:90:
                    f4:0e:dc:a0:35:8c:1c:36:ce:6a:fb:95:c7:e0:7a:
                    79:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:4B:5B:E1:38:8D:AB:30:63:C1:02:0F:94:D5:BF:28:E7:10:F8:9A
            X509v3 Authority Key Identifier:
                keyid:C2:77:8D:E2:A9:BE:98:02:12:03:82:E7:50:D1:59:E9:58:72:C2:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wneN4qm-mAISA4LnUNFZ6Vhywq4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/EEtb4TiNqzBjwQIPlNW_KOcQ-Jo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/410930-9d65-4be8-9eba-f98da54af434/1/wneN4qm-mAISA4LnUNFZ6Vhywq4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.186.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         33:35:9e:b6:44:96:de:31:20:8d:40:f6:ec:dd:d0:b7:8d:cf:
         21:9d:99:3b:9c:97:bc:44:5a:ad:ce:20:20:67:e3:9a:6b:56:
         37:d3:e3:cd:ea:21:2e:f7:ed:5c:e5:ba:3b:c6:04:71:d3:05:
         6a:ae:6f:d1:0a:18:66:af:2a:76:09:46:88:bc:43:e3:4f:d8:
         12:36:47:dd:d1:85:fb:14:93:59:3a:37:d3:bc:62:b1:1d:26:
         b5:12:84:68:e9:4c:a1:03:69:19:41:13:34:f9:05:0a:c0:70:
         27:dd:e4:dc:61:5f:2e:b8:39:f1:c9:f2:38:77:6f:78:fd:79:
         b3:3b:bc:f2:58:c4:10:87:94:fa:df:82:73:58:c1:9b:ec:cf:
         79:9b:03:d2:a0:b3:f0:75:0f:71:56:33:ee:56:5f:dd:28:4a:
         7a:7e:f3:18:49:ad:67:f3:44:56:e6:0d:8c:85:07:e1:34:95:
         ad:ca:96:32:ad:2b:06:9f:39:fb:20:22:63:19:1f:ee:1b:ba:
         27:f0:4a:1f:00:e0:a8:6a:7a:67:38:b6:7e:81:a6:45:5f:f7:
         4f:e5:85:7f:36:55:fc:24:ea:49:97:94:f2:e5:55:d0:76:2c:
         f1:5d:d6:94:b1:aa:9b:b3:ef:59:ba:86:8a:db:33:06:8c:cf:
         5f:e5:19:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMq2HkeG+vnHA7FjS0F+TN8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMyNzc4ZGUyYTliZTk4MDIxMjAzODJlNzUwZDE1OWU5NTg3
MmMyYWUwHhcNMjQxMTE0MTMyNDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDRiNWJlMTM4OGRhYjMwNjNjMTAyMGY5NGQ1YmYyOGU3MTBmODlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02SQGbddvxCLn9rP7hgX9qBxHVby
Lu1y/JRl9HPmcHph0Rpa3BMD44v/ILNfPriJzUn6QIJfYqymL0M6u+YM5zhHVvBK
0Q5BsiuJrbg2qr+9iePO1Uweto75fI6RwGyWqZPs4LRdZxq0aEEgX+qcEbWeNlUk
tCsjyB7qM7UlWR7gMmeEf7yyJ8JnFL3amDzyABqd98X4NG12tTSJuWQrhQ7RWfYp
W9JYuXoaYTuCi0MICY1csoaulgVZRYS64E/vdOnewgCb3wrBZTJpLgk+Sm3xzYaJ
EuDbZxiPYz2tkPk8Gk3a6SPHjSxbGNi0i5D0DtygNYwcNs5q+5XH4Hp59QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBBLW+E4jaswY8ECD5TVvyjnEPiaMB8GA1UdIwQY
MBaAFMJ3jeKpvpgCEgOC51DRWelYcsKuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEt
Zjk4ZGE1NGFmNDM0LzEvRUV0YjRUaU5xekJqd1FJUGxOV19LT2NRLUpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC80MTA5MzAtOWQ2NS00YmU4LTllYmEtZjk4ZGE1NGFmNDM0
LzEvd25lTjRxbS1tQUlTQTRMblVORlo2Vmh5d3E0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW7rYMA0G
CSqGSIb3DQEBCwUAA4IBAQAzNZ62RJbeMSCNQPbs3dC3jc8hnZk7nJe8RFqtziAg
Z+Oaa1Y30+PN6iEu9+1c5bo7xgRx0wVqrm/RChhmryp2CUaIvEPjT9gSNkfd0YX7
FJNZOjfTvGKxHSa1EoRo6UyhA2kZQRM0+QUKwHAn3eTcYV8uuDnxyfI4d294/Xmz
O7zyWMQQh5T634JzWMGb7M95mwPSoLPwdQ9xVjPuVl/dKEp6fvMYSa1n80RW5g2M
hQfhNJWtypYyrSsGnzn7ICJjGR/uG7on8EofAOCoanpnOLZ+gaZFX/dP5YV/NlX8
JOpJl5Ty5VXQdizxXdaUsaqbs+9ZuoaK2zMGjM9f5Rni
-----END CERTIFICATE-----