Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/19d090-103b-43db-b074-a4e37c867b09/1/EpeCh_PHvVwvR1jtfMGPQVrMsrQ.roa
File:                     EpeCh_PHvVwvR1jtfMGPQVrMsrQ.roa (raw, json)
Hash identifier:          XKVWPCeZYhwf3z1v0hUSbNv7x/hm4cVMh5YcJnXqtvg=
Subject key identifier:   12:97:82:87:F3:C7:BD:5C:2F:47:58:ED:7C:C1:8F:41:5A:CC:B2:B4
Certificate issuer:       /CN=41c96492c00408ad54d730c0eb629e3a0b50d80f
Certificate serial:       019425220FCB534F0A546EE26CB0597F394A
Authority key identifier: 41:C9:64:92:C0:04:08:AD:54:D7:30:C0:EB:62:9E:3A:0B:50:D8:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QclkksAECK1U1zDA62KeOgtQ2A8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/19d090-103b-43db-b074-a4e37c867b09/1/EpeCh_PHvVwvR1jtfMGPQVrMsrQ.roa
Signing time:             Thu 02 Jan 2025 03:49:36 +0000
ROA not before:           Thu 02 Jan 2025 03:49:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42755
IP address blocks:        91.213.112.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/19d090-103b-43db-b074-a4e37c867b09/1/QclkksAECK1U1zDA62KeOgtQ2A8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/19d090-103b-43db-b074-a4e37c867b09/1/QclkksAECK1U1zDA62KeOgtQ2A8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QclkksAECK1U1zDA62KeOgtQ2A8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:22:0f:cb:53:4f:0a:54:6e:e2:6c:b0:59:7f:39:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=41c96492c00408ad54d730c0eb629e3a0b50d80f
        Validity
            Not Before: Jan  2 03:49:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=12978287f3c7bd5c2f4758ed7cc18f415accb2b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:e1:46:19:8f:98:ab:7f:e0:17:f8:93:61:c2:
                    fd:e1:94:7f:44:36:36:9c:19:ad:5c:6d:1c:7d:bb:
                    bf:fb:7a:2c:7a:2c:9c:f2:62:46:0d:c0:95:e6:2b:
                    3a:0a:61:08:85:15:9d:d6:02:70:0d:b3:32:9b:9b:
                    e3:ed:73:0d:26:8e:ba:38:20:1b:c5:49:14:1f:fc:
                    d0:16:ba:f2:2f:73:c3:8e:b5:a0:e1:cf:d8:55:52:
                    a5:9a:4f:32:ea:98:8f:26:4a:1f:06:f4:75:f2:3c:
                    68:59:6b:3d:77:67:51:20:84:e5:f8:27:90:6f:de:
                    dd:b3:0a:c3:44:24:cf:12:40:16:2e:98:49:c4:62:
                    62:c1:10:22:76:cd:8d:b2:c0:df:0a:af:dc:a2:e0:
                    c2:7b:a0:77:a6:07:35:6a:89:66:a8:c3:98:a8:75:
                    ad:a5:4a:5b:da:b0:05:ad:49:3a:8a:2c:a7:e1:15:
                    09:e2:a3:39:df:cb:1e:ef:0f:d4:6c:9d:c0:ee:90:
                    42:fc:17:65:34:9b:7d:65:1b:a0:5d:d4:4d:ea:e4:
                    aa:ff:d9:d2:7c:b5:d1:28:c1:90:a3:7d:9a:d1:f3:
                    90:3e:dc:8f:06:2e:03:fc:d1:92:c0:13:50:0c:2d:
                    8b:a7:ba:1f:ae:6b:9a:b1:ae:99:8b:9a:57:99:f6:
                    ec:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:97:82:87:F3:C7:BD:5C:2F:47:58:ED:7C:C1:8F:41:5A:CC:B2:B4
            X509v3 Authority Key Identifier:
                keyid:41:C9:64:92:C0:04:08:AD:54:D7:30:C0:EB:62:9E:3A:0B:50:D8:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QclkksAECK1U1zDA62KeOgtQ2A8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/19d090-103b-43db-b074-a4e37c867b09/1/EpeCh_PHvVwvR1jtfMGPQVrMsrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/19d090-103b-43db-b074-a4e37c867b09/1/QclkksAECK1U1zDA62KeOgtQ2A8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.213.112.0/24

    Signature Algorithm: sha256WithRSAEncryption
         52:66:a2:e1:79:2f:e7:74:63:b7:f2:93:61:43:86:76:0b:9a:
         de:57:a0:d1:39:2d:f0:5e:d5:0c:f4:2b:2f:c7:e2:31:b9:bf:
         66:28:58:44:8a:ef:66:da:4c:57:b7:10:0e:d2:ab:1b:01:4a:
         24:36:91:8f:6e:59:e0:36:04:16:f2:e5:c2:4c:27:00:d1:df:
         19:29:ec:05:11:b1:43:8c:c0:f9:de:d4:0e:a7:8d:7b:29:db:
         80:7b:77:c3:33:9e:de:f3:a5:84:c4:f0:9e:21:16:09:36:1d:
         73:4d:8e:84:7b:e3:bd:2e:61:92:6e:80:dd:7f:37:d4:49:c8:
         f9:0e:72:0f:e0:24:3b:7a:d3:b1:bf:c2:b4:21:02:76:46:e3:
         e0:d0:31:d7:59:6d:4a:30:db:05:b2:a8:9c:da:a1:8b:e4:02:
         f2:67:e6:e1:49:0d:5c:d3:2c:a0:50:fa:64:c6:b3:d9:83:3c:
         ec:56:eb:ec:a4:9a:b9:fc:be:c0:6d:fa:03:24:f2:08:e1:15:
         1e:53:e6:63:2f:93:d0:7d:93:5d:6a:e9:8a:78:08:29:7d:5e:
         f5:97:83:73:63:67:bc:e8:b9:19:63:22:52:df:70:6d:09:f6:
         47:0d:09:b3:c7:9f:91:e0:1c:aa:e5:83:77:a4:e3:19:cd:2c:
         e2:23:08:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIg/LU08KVG7ibLBZfzlKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxYzk2NDkyYzAwNDA4YWQ1NGQ3MzBjMGViNjI5ZTNhMGI1
MGQ4MGYwHhcNMjUwMTAyMDM0OTM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjk3ODI4N2YzYzdiZDVjMmY0NzU4ZWQ3Y2MxOGY0MTVhY2NiMmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6eFGGY+Yq3/gF/iTYcL94ZR/RDY2
nBmtXG0cfbu/+3oseiyc8mJGDcCV5is6CmEIhRWd1gJwDbMym5vj7XMNJo66OCAb
xUkUH/zQFrryL3PDjrWg4c/YVVKlmk8y6piPJkofBvR18jxoWWs9d2dRIITl+CeQ
b97dswrDRCTPEkAWLphJxGJiwRAids2NssDfCq/couDCe6B3pgc1aolmqMOYqHWt
pUpb2rAFrUk6iiyn4RUJ4qM538se7w/UbJ3A7pBC/BdlNJt9ZRugXdRN6uSq/9nS
fLXRKMGQo32a0fOQPtyPBi4D/NGSwBNQDC2Lp7ofrmuasa6Zi5pXmfbs8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBKXgofzx71cL0dY7XzBj0FazLK0MB8GA1UdIwQY
MBaAFEHJZJLABAitVNcwwOtinjoLUNgPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWNsa2tzQUVDSzFVMXpEQTYyS2VPZ3RRMkE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS8xOWQwOTAtMTAzYi00M2RiLWIwNzQt
YTRlMzdjODY3YjA5LzEvRXBlQ2hfUEh2Vnd2UjFqdGZNR1BRVnJNc3JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS8xOWQwOTAtMTAzYi00M2RiLWIwNzQtYTRlMzdjODY3YjA5
LzEvUWNsa2tzQUVDSzFVMXpEQTYyS2VPZ3RRMkE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9VwMA0G
CSqGSIb3DQEBCwUAA4IBAQBSZqLheS/ndGO38pNhQ4Z2C5reV6DROS3wXtUM9Csv
x+Ixub9mKFhEiu9m2kxXtxAO0qsbAUokNpGPblngNgQW8uXCTCcA0d8ZKewFEbFD
jMD53tQOp417KduAe3fDM57e86WExPCeIRYJNh1zTY6Ee+O9LmGSboDdfzfUScj5
DnIP4CQ7etOxv8K0IQJ2RuPg0DHXWW1KMNsFsqic2qGL5ALyZ+bhSQ1c0yygUPpk
xrPZgzzsVuvspJq5/L7AbfoDJPII4RUeU+ZjL5PQfZNdaumKeAgpfV71l4NzY2e8
6LkZYyJS33BtCfZHDQmzx5+R4Byq5YN3pOMZzSziIwjf
-----END CERTIFICATE-----