Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/b66125-6844-4a87-9bb5-af42623ea431/1/eJvxqWQVuJlIAcOu0zuhq-FEIwc.roa
File:                     eJvxqWQVuJlIAcOu0zuhq-FEIwc.roa (raw, json)
Hash identifier:          T9Btt+1WHrBsFsD5c6tC5d0RHMAv0qfav0ae3k59Hwg=
Subject key identifier:   78:9B:F1:A9:64:15:B8:99:48:01:C3:AE:D3:3B:A1:AB:E1:44:23:07
Certificate issuer:       /CN=ba7d4ac1344ec38dce99768d78a114ebf7f17d85
Certificate serial:       019421B1B516799F7664E465950BE0D9276D
Authority key identifier: BA:7D:4A:C1:34:4E:C3:8D:CE:99:76:8D:78:A1:14:EB:F7:F1:7D:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/un1KwTROw43OmXaNeKEU6_fxfYU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/b66125-6844-4a87-9bb5-af42623ea431/1/eJvxqWQVuJlIAcOu0zuhq-FEIwc.roa
Signing time:             Wed 01 Jan 2025 11:48:01 +0000
ROA not before:           Wed 01 Jan 2025 11:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198851
IP address blocks:        91.239.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/b66125-6844-4a87-9bb5-af42623ea431/1/un1KwTROw43OmXaNeKEU6_fxfYU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/b66125-6844-4a87-9bb5-af42623ea431/1/un1KwTROw43OmXaNeKEU6_fxfYU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/un1KwTROw43OmXaNeKEU6_fxfYU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 02:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:b5:16:79:9f:76:64:e4:65:95:0b:e0:d9:27:6d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba7d4ac1344ec38dce99768d78a114ebf7f17d85
        Validity
            Not Before: Jan  1 11:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=789bf1a96415b8994801c3aed33ba1abe1442307
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:93:1c:29:75:48:c9:28:f6:2c:f7:21:2e:db:
                    8c:85:1e:29:dc:d3:0c:33:cc:f0:ee:e3:bc:d1:6a:
                    51:dd:0c:61:c2:c5:9a:aa:11:69:ee:3a:13:6e:94:
                    1b:37:52:1e:8b:59:78:84:16:99:96:42:42:2d:87:
                    9c:a0:a1:77:4c:39:31:69:d9:86:5e:8e:7d:f0:de:
                    67:2b:25:03:7a:30:75:1a:c7:27:4c:12:5e:b3:48:
                    af:76:15:59:b8:34:b8:89:32:9f:29:ef:a8:77:be:
                    fd:61:4f:24:b8:be:ac:c2:97:e6:30:54:ba:9e:db:
                    e5:1d:2d:0b:f3:35:1e:c8:82:bf:6b:44:08:ac:57:
                    ba:17:9e:8a:6f:74:f8:f1:14:ed:b1:af:74:2e:8d:
                    a7:73:a8:15:84:57:70:89:f8:f5:04:85:ea:9a:2e:
                    06:cc:02:c1:ef:5f:63:46:1b:dd:ec:44:2e:95:a9:
                    ed:f9:a3:ca:99:e6:b2:59:77:7c:7b:b5:1e:00:d1:
                    86:06:a0:9f:51:ea:63:57:82:5b:cf:42:70:90:7c:
                    6f:be:19:42:40:ac:88:fd:26:3e:e9:02:23:8a:3a:
                    40:0f:ca:1d:1f:7e:35:0d:61:2f:fb:2b:62:ed:6a:
                    03:84:0d:0f:84:7e:e5:d6:8c:8f:d7:60:9c:41:5f:
                    fa:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:9B:F1:A9:64:15:B8:99:48:01:C3:AE:D3:3B:A1:AB:E1:44:23:07
            X509v3 Authority Key Identifier:
                keyid:BA:7D:4A:C1:34:4E:C3:8D:CE:99:76:8D:78:A1:14:EB:F7:F1:7D:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/un1KwTROw43OmXaNeKEU6_fxfYU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b66125-6844-4a87-9bb5-af42623ea431/1/eJvxqWQVuJlIAcOu0zuhq-FEIwc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/b66125-6844-4a87-9bb5-af42623ea431/1/un1KwTROw43OmXaNeKEU6_fxfYU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.239.254.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:f0:b6:54:65:fe:c6:1a:a1:dc:cb:fc:4c:9e:96:9f:79:1d:
         b0:dc:7a:ae:41:aa:03:82:24:13:5d:bd:f1:65:57:dd:1b:12:
         93:3f:3d:39:9e:08:0b:09:38:e1:74:69:d2:68:93:9d:f9:5f:
         40:ad:57:3b:1e:fb:05:9f:b4:60:8c:20:94:f6:c3:51:75:f8:
         42:2f:b7:d2:09:25:29:36:db:d0:e8:08:3a:ab:c8:4e:f5:e9:
         3a:fa:43:9c:4c:ac:2c:a3:8e:e1:9f:18:7a:f0:cd:0e:0e:f9:
         de:23:30:94:33:53:3a:d0:b2:07:ac:d7:f0:d9:7d:81:ea:72:
         89:0f:0d:64:c8:ee:b5:55:b6:d0:82:2e:b8:9d:79:d8:9d:f1:
         35:fc:d1:fc:7d:cd:27:c1:d3:85:a8:af:00:c2:81:e1:d2:a5:
         21:76:3b:ec:e6:c6:5c:5c:de:e4:06:82:2e:cd:19:3d:a8:c6:
         02:2b:06:f3:88:97:17:ca:44:e3:61:c6:3b:0b:ff:ea:e2:07:
         f9:c5:0f:f1:5a:5a:37:26:58:fd:b4:43:50:c8:62:f0:9f:08:
         eb:4e:66:99:80:1d:a2:f8:62:58:05:d1:88:33:98:48:a3:16:
         4f:25:4d:c2:ab:a5:b0:4b:bc:93:03:f8:32:0d:75:1a:06:e3:
         4f:50:6d:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsbUWeZ92ZORllQvg2SdtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhN2Q0YWMxMzQ0ZWMzOGRjZTk5NzY4ZDc4YTExNGViZjdm
MTdkODUwHhcNMjUwMTAxMTE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODliZjFhOTY0MTViODk5NDgwMWMzYWVkMzNiYTFhYmUxNDQyMzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApZMcKXVIySj2LPchLtuMhR4p3NMM
M8zw7uO80WpR3QxhwsWaqhFp7joTbpQbN1Iei1l4hBaZlkJCLYecoKF3TDkxadmG
Xo598N5nKyUDejB1GscnTBJes0ivdhVZuDS4iTKfKe+od779YU8kuL6swpfmMFS6
ntvlHS0L8zUeyIK/a0QIrFe6F56Kb3T48RTtsa90Lo2nc6gVhFdwifj1BIXqmi4G
zALB719jRhvd7EQulant+aPKmeayWXd8e7UeANGGBqCfUepjV4Jbz0JwkHxvvhlC
QKyI/SY+6QIjijpAD8odH341DWEv+yti7WoDhA0PhH7l1oyP12CcQV/6NwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHib8alkFbiZSAHDrtM7oavhRCMHMB8GA1UdIwQY
MBaAFLp9SsE0TsONzpl2jXihFOv38X2FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdW4xS3dUUk93NDNPbVhhTmVLRVU2X2Z4ZllVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9iNjYxMjUtNjg0NC00YTg3LTliYjUt
YWY0MjYyM2VhNDMxLzEvZUp2eHFXUVZ1SmxJQWNPdTB6dWhxLUZFSXdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9iNjYxMjUtNjg0NC00YTg3LTliYjUtYWY0MjYyM2VhNDMx
LzEvdW4xS3dUUk93NDNPbVhhTmVLRVU2X2Z4ZllVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW+/+MA0G
CSqGSIb3DQEBCwUAA4IBAQCF8LZUZf7GGqHcy/xMnpafeR2w3HquQaoDgiQTXb3x
ZVfdGxKTPz05nggLCTjhdGnSaJOd+V9ArVc7HvsFn7RgjCCU9sNRdfhCL7fSCSUp
NtvQ6Ag6q8hO9ek6+kOcTKwso47hnxh68M0ODvneIzCUM1M60LIHrNfw2X2B6nKJ
Dw1kyO61VbbQgi64nXnYnfE1/NH8fc0nwdOFqK8AwoHh0qUhdjvs5sZcXN7kBoIu
zRk9qMYCKwbziJcXykTjYcY7C//q4gf5xQ/xWlo3Jlj9tENQyGLwnwjrTmaZgB2i
+GJYBdGIM5hIoxZPJU3Cq6WwS7yTA/gyDXUaBuNPUG15
-----END CERTIFICATE-----