Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/596791-53cf-4d09-aeec-5e6cf96f70cb/1/EMJgW5Ml8bFtnruUXvNSVN-xmhk.roa
File:                     EMJgW5Ml8bFtnruUXvNSVN-xmhk.roa (raw, json)
Hash identifier:          VEPf9uqgKy/e/x2KwoxiY33mDSBh1JBEqiBgay32LKQ=
Subject key identifier:   10:C2:60:5B:93:25:F1:B1:6D:9E:BB:94:5E:F3:52:54:DF:B1:9A:19
Certificate issuer:       /CN=e8428fc2da5b6563749ccb99775775e820b7733c
Certificate serial:       018CC8DF37B846C790B82C8E1E7821BBE07C
Authority key identifier: E8:42:8F:C2:DA:5B:65:63:74:9C:CB:99:77:57:75:E8:20:B7:73:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6EKPwtpbZWN0nMuZd1d16CC3czw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/596791-53cf-4d09-aeec-5e6cf96f70cb/1/EMJgW5Ml8bFtnruUXvNSVN-xmhk.roa
Signing time:             Tue 02 Jan 2024 06:32:01 +0000
ROA not before:           Tue 02 Jan 2024 06:32:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198670
IP address blocks:        91.237.252.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/596791-53cf-4d09-aeec-5e6cf96f70cb/1/6EKPwtpbZWN0nMuZd1d16CC3czw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/596791-53cf-4d09-aeec-5e6cf96f70cb/1/6EKPwtpbZWN0nMuZd1d16CC3czw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6EKPwtpbZWN0nMuZd1d16CC3czw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 04:53:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:df:37:b8:46:c7:90:b8:2c:8e:1e:78:21:bb:e0:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8428fc2da5b6563749ccb99775775e820b7733c
        Validity
            Not Before: Jan  2 06:32:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=10c2605b9325f1b16d9ebb945ef35254dfb19a19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:ec:4f:db:81:df:2e:ce:95:f7:dc:ed:03:cf:
                    e4:82:e0:57:64:5e:c6:88:99:91:bb:59:82:78:0d:
                    d1:e6:55:d5:a4:05:6a:98:ae:43:5f:a5:81:a3:c8:
                    1f:05:2c:9a:f2:e3:dc:5c:ae:64:42:8f:f9:42:4c:
                    24:03:94:16:b0:2d:89:b5:21:af:b3:d1:9d:3b:31:
                    47:6b:e2:7a:dc:fc:94:0b:bf:0c:24:ec:4d:c6:74:
                    f9:22:d9:1b:8e:3c:97:bb:a4:35:ec:ed:d2:01:3c:
                    e4:95:b7:86:cd:c0:c2:19:eb:27:81:69:55:b3:ee:
                    68:a7:74:76:c1:90:1c:a7:47:5b:61:9d:41:ea:47:
                    34:cb:d4:6a:88:bd:40:94:28:b2:a0:3f:5c:9f:20:
                    08:9f:ce:24:aa:39:4b:11:81:3e:16:f0:12:81:72:
                    e5:18:d0:f1:0d:1a:5c:ac:28:98:41:ce:ae:04:e6:
                    fe:22:d7:08:91:7c:a1:7c:c1:a6:69:78:31:f9:71:
                    6d:fe:f0:17:af:74:de:74:4e:6c:67:d0:3b:6e:43:
                    2d:ec:b7:5d:ac:27:02:1e:40:f5:37:8d:93:b7:a6:
                    47:8b:e9:5e:18:4e:47:77:14:f9:69:45:cb:f9:75:
                    0b:12:36:6d:ca:f0:e8:12:41:72:56:39:2c:e8:6e:
                    26:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:C2:60:5B:93:25:F1:B1:6D:9E:BB:94:5E:F3:52:54:DF:B1:9A:19
            X509v3 Authority Key Identifier:
                keyid:E8:42:8F:C2:DA:5B:65:63:74:9C:CB:99:77:57:75:E8:20:B7:73:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EKPwtpbZWN0nMuZd1d16CC3czw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/596791-53cf-4d09-aeec-5e6cf96f70cb/1/EMJgW5Ml8bFtnruUXvNSVN-xmhk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/596791-53cf-4d09-aeec-5e6cf96f70cb/1/6EKPwtpbZWN0nMuZd1d16CC3czw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.237.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         87:4c:18:e8:e9:4f:b0:ac:97:f4:84:12:5d:a9:2a:28:2a:e6:
         cb:0a:bb:74:24:b1:43:2f:e4:36:bc:a7:85:c6:b8:0b:73:b3:
         a8:60:20:46:15:77:76:e8:12:2b:6c:31:ab:5a:bf:91:28:c5:
         50:e8:5b:a6:08:21:8e:57:16:99:3b:d4:e9:09:d1:23:ca:e0:
         08:6a:cd:81:68:25:35:3b:44:27:49:6e:b9:de:10:ac:4c:73:
         19:80:f6:78:91:b8:2a:f6:d2:ea:68:af:fa:f2:5c:6c:a9:33:
         de:58:27:2d:52:17:16:e0:ba:05:40:5a:b6:0d:74:5a:33:30:
         45:1b:7e:c1:06:52:4a:4d:d7:6f:df:74:fc:ff:9b:b2:ef:f1:
         12:e7:8b:a8:b7:74:b4:f1:f3:ec:52:8c:fc:f9:05:30:ed:05:
         44:29:57:23:7c:bc:63:dd:47:c2:10:2a:f1:e1:7d:00:1a:ac:
         9c:55:16:c2:26:f1:32:43:36:f0:d1:e2:ef:2b:c1:e6:53:80:
         d8:44:3d:ae:b8:d0:ac:0d:85:1b:6b:c5:29:01:5e:c7:c4:a3:
         64:d8:27:2b:22:f5:27:5b:16:3d:4c:a4:11:12:1d:3e:dd:7d:
         a9:39:0d:7c:e6:2e:14:0c:b0:cf:24:c8:f0:9f:23:33:b8:dd:
         6b:83:8f:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzI3ze4RseQuCyOHnghu+B8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDI4ZmMyZGE1YjY1NjM3NDljY2I5OTc3NTc3NWU4MjBi
NzczM2MwHhcNMjQwMTAyMDYzMjAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGMyNjA1YjkzMjVmMWIxNmQ5ZWJiOTQ1ZWYzNTI1NGRmYjE5YTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5uxP24HfLs6V99ztA8/kguBXZF7G
iJmRu1mCeA3R5lXVpAVqmK5DX6WBo8gfBSya8uPcXK5kQo/5QkwkA5QWsC2JtSGv
s9GdOzFHa+J63PyUC78MJOxNxnT5ItkbjjyXu6Q17O3SATzklbeGzcDCGesngWlV
s+5op3R2wZAcp0dbYZ1B6kc0y9RqiL1AlCiyoD9cnyAIn84kqjlLEYE+FvASgXLl
GNDxDRpcrCiYQc6uBOb+ItcIkXyhfMGmaXgx+XFt/vAXr3TedE5sZ9A7bkMt7Ldd
rCcCHkD1N42Tt6ZHi+leGE5HdxT5aUXL+XULEjZtyvDoEkFyVjks6G4mIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBDCYFuTJfGxbZ67lF7zUlTfsZoZMB8GA1UdIwQY
MBaAFOhCj8LaW2VjdJzLmXdXdeggt3M8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVLUHd0cGJaV04wbk11WmQxZDE2Q0MzY3p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy81OTY3OTEtNTNjZi00ZDA5LWFlZWMt
NWU2Y2Y5NmY3MGNiLzEvRU1KZ1c1TWw4YkZ0bnJ1VVh2TlNWTi14bWhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy81OTY3OTEtNTNjZi00ZDA5LWFlZWMtNWU2Y2Y5NmY3MGNi
LzEvNkVLUHd0cGJaV04wbk11WmQxZDE2Q0MzY3p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBW+38MA0G
CSqGSIb3DQEBCwUAA4IBAQCHTBjo6U+wrJf0hBJdqSooKubLCrt0JLFDL+Q2vKeF
xrgLc7OoYCBGFXd26BIrbDGrWr+RKMVQ6FumCCGOVxaZO9TpCdEjyuAIas2BaCU1
O0QnSW653hCsTHMZgPZ4kbgq9tLqaK/68lxsqTPeWCctUhcW4LoFQFq2DXRaMzBF
G37BBlJKTddv33T8/5uy7/ES54uot3S08fPsUoz8+QUw7QVEKVcjfLxj3UfCECrx
4X0AGqycVRbCJvEyQzbw0eLvK8HmU4DYRD2uuNCsDYUba8UpAV7HxKNk2CcrIvUn
WxY9TKQREh0+3X2pOQ185i4UDLDPJMjwnyMzuN1rg4/H
-----END CERTIFICATE-----