Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/a564e9-3a4e-4d4a-807d-7055c2e0476f/1/eyQvK29JgahCGAgYcLb6YNe3-Jc.roa
File:                     eyQvK29JgahCGAgYcLb6YNe3-Jc.roa (raw, json)
Hash identifier:          RabhGqIatcoajOJCb3/HGCvkcqMo8FBFAtZfifKFyAw=
Subject key identifier:   7B:24:2F:2B:6F:49:81:A8:42:18:08:18:70:B6:FA:60:D7:B7:F8:97
Certificate issuer:       /CN=63636c3bef55d12a64536b70130a74f53f44d6d0
Certificate serial:       018CCA2A4B732793A360EC59DF2394A2777D
Authority key identifier: 63:63:6C:3B:EF:55:D1:2A:64:53:6B:70:13:0A:74:F5:3F:44:D6:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2NsO-9V0SpkU2twEwp09T9E1tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/a564e9-3a4e-4d4a-807d-7055c2e0476f/1/eyQvK29JgahCGAgYcLb6YNe3-Jc.roa
Signing time:             Tue 02 Jan 2024 12:33:38 +0000
ROA not before:           Tue 02 Jan 2024 12:33:38 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     197946
IP address blocks:        91.208.163.0/24 maxlen: 24
                          185.105.237.0/24 maxlen: 24
                          185.231.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/a564e9-3a4e-4d4a-807d-7055c2e0476f/1/Y2NsO-9V0SpkU2twEwp09T9E1tA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/a564e9-3a4e-4d4a-807d-7055c2e0476f/1/Y2NsO-9V0SpkU2twEwp09T9E1tA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2NsO-9V0SpkU2twEwp09T9E1tA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Jun 2024 09:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:4b:73:27:93:a3:60:ec:59:df:23:94:a2:77:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63636c3bef55d12a64536b70130a74f53f44d6d0
        Validity
            Not Before: Jan  2 12:33:38 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7b242f2b6f4981a84218081870b6fa60d7b7f897
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:31:83:f5:c3:41:bf:95:3a:05:52:7b:d0:40:
                    c0:da:09:d5:ca:1f:bd:07:27:fa:27:11:0c:d7:99:
                    43:7f:a1:3e:6f:db:db:39:9b:a1:ca:57:fe:35:09:
                    79:20:7a:38:df:c1:55:bf:f3:de:d5:b6:73:a0:f0:
                    d9:da:49:2f:00:05:61:e6:3a:5f:da:0e:08:e2:8d:
                    d5:fb:24:e7:59:42:87:96:c9:b0:75:a5:5a:54:5c:
                    c9:c8:07:b8:a3:45:e2:ff:5f:3e:e2:e8:b1:72:68:
                    80:73:27:58:0e:87:16:5b:89:d9:ad:89:5c:b0:0a:
                    1e:95:20:3b:de:46:43:71:f7:58:21:4c:31:00:11:
                    aa:87:53:6d:e8:f4:f1:c8:9e:31:38:eb:b3:2c:df:
                    2b:94:5f:df:81:31:a2:9f:88:4f:8f:ef:a9:30:93:
                    ea:c2:0e:01:eb:95:f8:c9:a4:50:88:8d:bd:a8:44:
                    4f:51:53:c5:9b:87:95:07:68:f0:65:c6:72:af:41:
                    03:79:61:67:55:ce:37:21:37:6d:5c:a3:9f:9e:57:
                    30:45:f8:db:3f:86:92:92:a5:3c:fd:86:9d:a5:dd:
                    5e:1e:d9:6c:db:bd:10:9d:6e:99:1c:2e:31:87:7a:
                    6b:e7:bd:7f:a5:5b:51:20:06:42:f7:f7:2a:9d:32:
                    73:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:24:2F:2B:6F:49:81:A8:42:18:08:18:70:B6:FA:60:D7:B7:F8:97
            X509v3 Authority Key Identifier:
                keyid:63:63:6C:3B:EF:55:D1:2A:64:53:6B:70:13:0A:74:F5:3F:44:D6:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2NsO-9V0SpkU2twEwp09T9E1tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/a564e9-3a4e-4d4a-807d-7055c2e0476f/1/eyQvK29JgahCGAgYcLb6YNe3-Jc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/a564e9-3a4e-4d4a-807d-7055c2e0476f/1/Y2NsO-9V0SpkU2twEwp09T9E1tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.208.163.0/24
                  185.105.237.0/24
                  185.231.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:02:76:8f:a3:d4:95:df:28:da:19:7a:ce:9d:73:d2:8c:50:
         5e:74:79:03:fe:95:37:e0:96:01:b2:90:97:b3:03:c6:0a:fd:
         38:1f:58:27:23:c8:3b:28:53:28:a3:8a:02:a2:2b:8f:09:5d:
         5e:68:ca:d5:2e:1d:b2:40:ed:78:2a:65:7d:be:f5:4b:4c:19:
         26:5a:ad:87:f7:a8:50:bd:f4:5a:65:10:b7:64:b5:c2:93:18:
         1d:6d:06:2a:73:f3:74:fd:c2:09:0c:e0:7e:cc:b0:19:06:4d:
         6a:f5:6b:86:e8:3f:bb:1c:82:d5:d1:37:30:79:ca:93:7c:7e:
         4e:b9:af:96:16:41:98:31:66:0b:34:4f:03:3d:1d:33:a4:91:
         e2:94:74:26:25:0a:d8:79:bf:32:f4:d6:76:34:f2:2e:5f:dc:
         75:59:57:d0:9d:43:de:0c:5d:e9:f9:eb:ea:21:73:07:71:22:
         97:f7:07:26:d2:db:e4:c0:15:7f:d9:f9:c8:3d:88:ca:01:18:
         82:30:dc:d3:76:6f:2f:e6:ab:e9:53:d5:62:f7:0b:6d:53:ba:
         5a:f8:6d:c2:46:d0:4c:b0:35:4f:95:02:39:68:f4:d6:e3:14:
         0d:1e:47:b5:66:0b:15:8a:2d:66:d5:83:78:47:84:e3:e2:d7:
         b4:05:93:09
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzKKktzJ5OjYOxZ3yOUond9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjM2YzNiZWY1NWQxMmE2NDUzNmI3MDEzMGE3NGY1M2Y0
NGQ2ZDAwHhcNMjQwMTAyMTIzMzM4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjI0MmYyYjZmNDk4MWE4NDIxODA4MTg3MGI2ZmE2MGQ3YjdmODk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkDGD9cNBv5U6BVJ70EDA2gnVyh+9
Byf6JxEM15lDf6E+b9vbOZuhylf+NQl5IHo438FVv/Pe1bZzoPDZ2kkvAAVh5jpf
2g4I4o3V+yTnWUKHlsmwdaVaVFzJyAe4o0Xi/18+4uixcmiAcydYDocWW4nZrYlc
sAoelSA73kZDcfdYIUwxABGqh1Nt6PTxyJ4xOOuzLN8rlF/fgTGin4hPj++pMJPq
wg4B65X4yaRQiI29qERPUVPFm4eVB2jwZcZyr0EDeWFnVc43ITdtXKOfnlcwRfjb
P4aSkqU8/Yadpd1eHtls270QnW6ZHC4xh3pr571/pVtRIAZC9/cqnTJzxwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHskLytvSYGoQhgIGHC2+mDXt/iXMB8GA1UdIwQY
MBaAFGNjbDvvVdEqZFNrcBMKdPU/RNbQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJOc08tOVYwU3BrVTJ0d0V3cDA5VDlFMXRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9hNTY0ZTktM2E0ZS00ZDRhLTgwN2Qt
NzA1NWMyZTA0NzZmLzEvZXlRdksyOUpnYWhDR0FnWWNMYjZZTmUzLUpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9hNTY0ZTktM2E0ZS00ZDRhLTgwN2QtNzA1NWMyZTA0NzZm
LzEvWTJOc08tOVYwU3BrVTJ0d0V3cDA5VDlFMXRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW9CjAwQA
uWntAwQAuedyMA0GCSqGSIb3DQEBCwUAA4IBAQCTAnaPo9SV3yjaGXrOnXPSjFBe
dHkD/pU34JYBspCXswPGCv04H1gnI8g7KFMoo4oCoiuPCV1eaMrVLh2yQO14KmV9
vvVLTBkmWq2H96hQvfRaZRC3ZLXCkxgdbQYqc/N0/cIJDOB+zLAZBk1q9WuG6D+7
HILV0TcwecqTfH5Oua+WFkGYMWYLNE8DPR0zpJHilHQmJQrYeb8y9NZ2NPIuX9x1
WVfQnUPeDF3p+evqIXMHcSKX9wcm0tvkwBV/2fnIPYjKARiCMNzTdm8v5qvpU9Vi
9wttU7pa+G3CRtBMsDVPlQI5aPTW4xQNHke1ZgsVii1m1YN4R4Tj4te0BZMJ
-----END CERTIFICATE-----