Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/be2236-c2ba-478a-abc3-b4cea51456b4/1/ojyzS_rG70nXjeYzHhKe6Yv_rLk.roa
File:                     ojyzS_rG70nXjeYzHhKe6Yv_rLk.roa (raw, json)
Hash identifier:          NcBgmbId0LEwWwWrmUi+AIhp+zHKkfNfoY/WglP/0wU=
Subject key identifier:   A2:3C:B3:4B:FA:C6:EF:49:D7:8D:E6:33:1E:12:9E:E9:8B:FF:AC:B9
Certificate issuer:       /CN=dceb548762c7d4caccb616d819ce95cf627b2021
Certificate serial:       018CC86FA567FA8B5FFDA4F5FBC243E1AF8A
Authority key identifier: DC:EB:54:87:62:C7:D4:CA:CC:B6:16:D8:19:CE:95:CF:62:7B:20:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3OtUh2LH1MrMthbYGc6Vz2J7ICE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/be2236-c2ba-478a-abc3-b4cea51456b4/1/ojyzS_rG70nXjeYzHhKe6Yv_rLk.roa
Signing time:             Tue 02 Jan 2024 04:30:09 +0000
ROA not before:           Tue 02 Jan 2024 04:30:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212011
IP address blocks:        91.206.70.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/be2236-c2ba-478a-abc3-b4cea51456b4/1/3OtUh2LH1MrMthbYGc6Vz2J7ICE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/be2236-c2ba-478a-abc3-b4cea51456b4/1/3OtUh2LH1MrMthbYGc6Vz2J7ICE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3OtUh2LH1MrMthbYGc6Vz2J7ICE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 May 2024 14:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:a5:67:fa:8b:5f:fd:a4:f5:fb:c2:43:e1:af:8a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dceb548762c7d4caccb616d819ce95cf627b2021
        Validity
            Not Before: Jan  2 04:30:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a23cb34bfac6ef49d78de6331e129ee98bffacb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:34:9b:2e:4d:09:6b:72:12:d5:a7:be:81:bd:
                    bf:2e:8d:58:93:c9:ac:bc:ff:e2:62:72:b2:9a:ea:
                    51:63:05:d9:f0:68:6a:5c:34:3c:d4:71:5d:ac:a6:
                    b9:49:9d:12:14:dc:37:d6:65:0c:ff:ac:6c:6d:cc:
                    60:17:b2:ec:50:3f:03:6d:92:16:70:ac:9d:dc:47:
                    30:f7:1c:80:45:af:55:c3:01:ee:0d:4f:1d:82:84:
                    0f:59:62:ae:cf:15:bd:49:49:b9:79:21:fe:c6:64:
                    3b:26:e8:37:04:14:e1:92:e1:4f:14:f0:92:32:6e:
                    0d:a3:47:ac:d0:19:23:c8:e9:5f:cc:1e:a1:d8:34:
                    4b:26:96:83:2f:c8:07:a1:b0:a5:2b:54:df:88:5d:
                    de:bc:b0:6b:68:d2:7d:d3:35:2d:38:2a:3d:e7:83:
                    f5:57:34:91:e8:e3:27:0d:ec:ba:9c:24:25:b5:d9:
                    9d:8e:9f:b2:fa:fe:dc:9a:92:af:2f:ab:84:9d:55:
                    50:cb:76:4d:5d:2f:7b:95:10:15:bc:9c:78:c0:0f:
                    ba:b1:f8:e0:c3:8a:23:2b:97:41:d2:6d:db:3a:32:
                    86:84:db:bb:16:a5:d0:e4:14:94:3f:c0:2e:59:a3:
                    c3:0a:a2:88:5f:65:04:e4:bb:ef:39:5d:de:12:4b:
                    cd:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:3C:B3:4B:FA:C6:EF:49:D7:8D:E6:33:1E:12:9E:E9:8B:FF:AC:B9
            X509v3 Authority Key Identifier:
                keyid:DC:EB:54:87:62:C7:D4:CA:CC:B6:16:D8:19:CE:95:CF:62:7B:20:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3OtUh2LH1MrMthbYGc6Vz2J7ICE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/be2236-c2ba-478a-abc3-b4cea51456b4/1/ojyzS_rG70nXjeYzHhKe6Yv_rLk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/be2236-c2ba-478a-abc3-b4cea51456b4/1/3OtUh2LH1MrMthbYGc6Vz2J7ICE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.206.70.0/24

    Signature Algorithm: sha256WithRSAEncryption
         12:26:2f:81:42:4e:5a:55:bd:6c:c5:f0:26:5c:7a:92:bb:2d:
         5d:02:57:b4:d9:8f:e2:0f:8b:2f:bd:5e:8c:5c:a8:2b:68:5c:
         97:03:5d:86:36:f5:ee:01:1e:86:76:80:1a:09:13:6d:3b:0e:
         52:91:cb:4e:34:a6:a7:ee:0a:35:65:31:17:b4:2c:b6:92:75:
         8b:e9:64:e1:ea:5a:5e:65:28:f0:e2:e8:00:d9:4f:9f:f2:75:
         2a:e2:52:de:e8:fb:30:75:18:6b:8b:90:81:9d:4d:36:2d:1b:
         44:de:81:01:c3:04:ec:34:b2:b2:ee:15:a7:7b:5a:ac:74:aa:
         07:5e:7d:ea:5e:a1:e8:b5:fb:ba:8c:1a:14:d1:1e:59:41:3f:
         5e:e5:26:c4:bc:98:d0:c8:d1:a0:99:b8:ce:b1:f4:f7:b3:58:
         fa:a3:6a:d1:c6:35:a8:86:88:92:e0:1c:c3:39:17:5a:cb:c3:
         4a:d2:0f:7f:61:23:3c:b5:12:0f:f7:a6:d2:18:30:ea:86:1d:
         2d:65:50:f4:d7:c9:0b:0b:4b:49:dd:db:ac:79:0d:85:d4:67:
         8b:a2:1b:2d:62:21:e9:61:16:40:65:07:9a:b0:f2:da:9a:08:
         60:8a:4e:55:7f:86:af:6d:47:94:3e:1d:46:69:27:13:b9:4c:
         eb:3c:d1:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb6Vn+otf/aT1+8JD4a+KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjZWI1NDg3NjJjN2Q0Y2FjY2I2MTZkODE5Y2U5NWNmNjI3
YjIwMjEwHhcNMjQwMTAyMDQzMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjNjYjM0YmZhYzZlZjQ5ZDc4ZGU2MzMxZTEyOWVlOThiZmZhY2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjSbLk0Ja3IS1ae+gb2/Lo1Yk8ms
vP/iYnKymupRYwXZ8GhqXDQ81HFdrKa5SZ0SFNw31mUM/6xsbcxgF7LsUD8DbZIW
cKyd3Ecw9xyARa9VwwHuDU8dgoQPWWKuzxW9SUm5eSH+xmQ7Jug3BBThkuFPFPCS
Mm4No0es0BkjyOlfzB6h2DRLJpaDL8gHobClK1TfiF3evLBraNJ90zUtOCo954P1
VzSR6OMnDey6nCQltdmdjp+y+v7cmpKvL6uEnVVQy3ZNXS97lRAVvJx4wA+6sfjg
w4ojK5dB0m3bOjKGhNu7FqXQ5BSUP8AuWaPDCqKIX2UE5LvvOV3eEkvNZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKI8s0v6xu9J143mMx4SnumL/6y5MB8GA1UdIwQY
MBaAFNzrVIdix9TKzLYW2BnOlc9ieyAhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM090VWgyTEgxTXJNdGhiWUdjNlZ6Mko3SUNFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi9iZTIyMzYtYzJiYS00NzhhLWFiYzMt
YjRjZWE1MTQ1NmI0LzEvb2p5elNfckc3MG5YamVZekhoS2U2WXZfckxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi9iZTIyMzYtYzJiYS00NzhhLWFiYzMtYjRjZWE1MTQ1NmI0
LzEvM090VWgyTEgxTXJNdGhiWUdjNlZ6Mko3SUNFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW85GMA0G
CSqGSIb3DQEBCwUAA4IBAQASJi+BQk5aVb1sxfAmXHqSuy1dAle02Y/iD4svvV6M
XKgraFyXA12GNvXuAR6GdoAaCRNtOw5SkctONKan7go1ZTEXtCy2knWL6WTh6lpe
ZSjw4ugA2U+f8nUq4lLe6PswdRhri5CBnU02LRtE3oEBwwTsNLKy7hWne1qsdKoH
Xn3qXqHotfu6jBoU0R5ZQT9e5SbEvJjQyNGgmbjOsfT3s1j6o2rRxjWohoiS4BzD
ORday8NK0g9/YSM8tRIP96bSGDDqhh0tZVD018kLC0tJ3duseQ2F1GeLohstYiHp
YRZAZQeasPLamghgik5Vf4avbUeUPh1GaScTuUzrPNEw
-----END CERTIFICATE-----