Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/6xPzYTNaFkRPCBu-FlavC2B5ovI.roa
File:                     6xPzYTNaFkRPCBu-FlavC2B5ovI.roa (raw, json)
Hash identifier:          J/k+QoAOkK2gYKQf3Ain49qV33xbuauQ9HI1CE3DOTM=
Subject key identifier:   EB:13:F3:61:33:5A:16:44:4F:08:1B:BE:16:56:AF:0B:60:79:A2:F2
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019422201017460E24FFA6ACCD30CF6393C3
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/6xPzYTNaFkRPCBu-FlavC2B5ovI.roa
Signing time:             Wed 01 Jan 2025 13:48:34 +0000
ROA not before:           Wed 01 Jan 2025 13:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31715
IP address blocks:        77.111.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:10:17:46:0e:24:ff:a6:ac:cd:30:cf:63:93:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jan  1 13:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb13f361335a16444f081bbe1656af0b6079a2f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:1f:29:85:97:62:fd:88:f6:85:18:d9:d6:ad:
                    78:46:b3:29:b1:ec:15:32:68:ec:21:15:3e:d8:9b:
                    12:03:01:3c:12:45:9a:36:ad:b1:49:14:66:f4:23:
                    ed:f4:d5:d2:71:67:f2:eb:04:fd:9e:f5:e1:a9:78:
                    5b:ca:c0:3a:04:a6:88:6c:f0:64:5f:e1:be:b3:cf:
                    09:7d:58:d5:2f:f6:59:ac:88:f3:56:42:44:41:8e:
                    a3:b9:ab:67:9b:2a:16:5d:9e:51:97:62:f6:f0:71:
                    2a:9f:eb:99:89:16:05:61:d5:9f:68:e3:50:bd:86:
                    ed:6d:cf:60:f8:c7:05:a0:26:73:1b:6d:65:c6:06:
                    2b:f5:7c:ec:58:99:95:9b:0a:a0:a2:48:c3:43:f7:
                    22:e3:74:08:46:7d:89:44:49:54:82:48:70:ef:9b:
                    81:a7:94:94:52:b2:79:ff:53:69:94:8e:09:62:27:
                    20:3e:f8:0a:c0:73:56:23:96:10:6e:66:45:74:f2:
                    5c:d0:48:fa:95:12:8e:68:01:0f:71:74:12:ae:10:
                    5e:0a:c4:18:21:b9:30:33:cd:7a:9c:08:f7:9e:9f:
                    a3:6a:c5:92:72:76:46:c4:1b:dd:1d:40:48:f0:e4:
                    4d:16:28:b6:50:45:39:99:4f:70:ff:55:7a:db:78:
                    44:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:13:F3:61:33:5A:16:44:4F:08:1B:BE:16:56:AF:0B:60:79:A2:F2
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/6xPzYTNaFkRPCBu-FlavC2B5ovI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.111.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         16:f4:9a:bf:55:ab:8b:94:36:02:8d:7c:63:0e:43:33:03:84:
         e3:d2:89:9f:c1:20:c2:7f:d5:7e:4a:65:c8:dd:d9:67:55:a2:
         ab:c8:cb:6e:fa:f6:5e:aa:da:5e:6f:ad:d1:0d:d3:53:3c:10:
         25:a9:77:8d:8a:a8:62:b5:ec:ec:00:69:97:b4:78:bc:6c:e8:
         88:a9:3e:43:2a:75:87:e5:c5:0e:f6:a4:c8:75:ec:81:7d:bc:
         8c:cd:41:82:a7:1d:57:61:c6:e3:31:26:a3:8b:9e:21:8e:d6:
         2d:5d:fa:97:85:f9:5a:ad:d0:71:ea:ee:ad:4f:c3:d8:03:46:
         0a:a3:3b:fb:2b:42:e6:db:3b:81:97:68:92:24:4e:3f:2c:3d:
         df:3b:ef:0e:0d:f2:fe:a7:df:f8:61:81:db:6d:63:38:dd:40:
         4d:34:32:90:94:d4:16:fe:da:d7:9f:ec:43:7d:ac:a8:74:31:
         28:7c:b2:44:c8:97:22:49:80:99:ba:4e:b8:cb:77:fe:11:cc:
         35:98:bc:a9:93:51:c1:32:34:8f:9c:e6:24:ce:6a:28:b3:01:
         7f:80:03:87:e1:5f:25:08:3d:8d:c9:9c:c8:86:db:ec:aa:98:
         1d:76:90:90:ca:ac:b7:9f:36:4e:27:b6:ae:27:31:72:68:f9:
         f8:e6:63:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIBAXRg4k/6aszTDPY5PDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwMTAxMTM0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjEzZjM2MTMzNWExNjQ0NGYwODFiYmUxNjU2YWYwYjYwNzlhMmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8h8phZdi/Yj2hRjZ1q14RrMpsewV
MmjsIRU+2JsSAwE8EkWaNq2xSRRm9CPt9NXScWfy6wT9nvXhqXhbysA6BKaIbPBk
X+G+s88JfVjVL/ZZrIjzVkJEQY6juatnmyoWXZ5Rl2L28HEqn+uZiRYFYdWfaONQ
vYbtbc9g+McFoCZzG21lxgYr9XzsWJmVmwqgokjDQ/ci43QIRn2JRElUgkhw75uB
p5SUUrJ5/1NplI4JYicgPvgKwHNWI5YQbmZFdPJc0Ej6lRKOaAEPcXQSrhBeCsQY
IbkwM816nAj3np+jasWScnZGxBvdHUBI8ORNFii2UEU5mU9w/1V623hECwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOsT82EzWhZETwgbvhZWrwtgeaLyMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvNnhQellUTmFGa1JQQ0J1LUZsYXZDMkI1b3ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATW9tMA0G
CSqGSIb3DQEBCwUAA4IBAQAW9Jq/VauLlDYCjXxjDkMzA4Tj0omfwSDCf9V+SmXI
3dlnVaKryMtu+vZeqtpeb63RDdNTPBAlqXeNiqhitezsAGmXtHi8bOiIqT5DKnWH
5cUO9qTIdeyBfbyMzUGCpx1XYcbjMSaji54hjtYtXfqXhflardBx6u6tT8PYA0YK
ozv7K0Lm2zuBl2iSJE4/LD3fO+8ODfL+p9/4YYHbbWM43UBNNDKQlNQW/trXn+xD
fayodDEofLJEyJciSYCZuk64y3f+Ecw1mLypk1HBMjSPnOYkzmooswF/gAOH4V8l
CD2NyZzIhtvsqpgddpCQyqy3nzZOJ7auJzFyaPn45mMn
-----END CERTIFICATE-----