Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/d93153-4609-4672-85b4-974fd239b0ed/1/0eEbXaLT72xMShRX80ks6Q4d5oI.roa
File:                     0eEbXaLT72xMShRX80ks6Q4d5oI.roa (raw, json)
Hash identifier:          qA3gKPtC1PDR4pbDhy0QBVS9nz5AKV5Uc6LznPWBGvQ=
Subject key identifier:   D1:E1:1B:5D:A2:D3:EF:6C:4C:4A:14:57:F3:49:2C:E9:0E:1D:E6:82
Certificate issuer:       /CN=05c81c8097437cd179f319183c0282ea6cd1ca51
Certificate serial:       01942444A32EE8284948F9C4D8E880FE472D
Authority key identifier: 05:C8:1C:80:97:43:7C:D1:79:F3:19:18:3C:02:82:EA:6C:D1:CA:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BcgcgJdDfNF58xkYPAKC6mzRylE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/d93153-4609-4672-85b4-974fd239b0ed/1/0eEbXaLT72xMShRX80ks6Q4d5oI.roa
Signing time:             Wed 01 Jan 2025 23:47:45 +0000
ROA not before:           Wed 01 Jan 2025 23:47:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58006
IP address blocks:        91.247.155.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/d93153-4609-4672-85b4-974fd239b0ed/1/BcgcgJdDfNF58xkYPAKC6mzRylE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/d93153-4609-4672-85b4-974fd239b0ed/1/BcgcgJdDfNF58xkYPAKC6mzRylE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BcgcgJdDfNF58xkYPAKC6mzRylE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 11 Mar 2025 00:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:a3:2e:e8:28:49:48:f9:c4:d8:e8:80:fe:47:2d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05c81c8097437cd179f319183c0282ea6cd1ca51
        Validity
            Not Before: Jan  1 23:47:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d1e11b5da2d3ef6c4c4a1457f3492ce90e1de682
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:e7:e2:50:c0:15:2c:b1:8b:40:e9:be:0e:44:
                    5f:5e:6c:73:b8:4c:7e:0a:67:4e:a1:25:4f:8a:73:
                    b2:9b:1b:b2:83:d1:4b:af:f4:aa:97:4c:89:b9:98:
                    f8:c5:47:d9:ac:57:54:7d:f4:6a:24:2b:81:00:5e:
                    d4:ce:20:3b:a4:15:b7:17:64:38:ba:5c:1f:ac:79:
                    34:b2:8e:98:fd:1b:f1:c9:c7:8a:2d:22:bc:1e:e5:
                    eb:f9:99:dc:ff:9d:f5:b2:d3:6c:c9:0e:47:cb:06:
                    9b:69:1e:6a:67:d0:ea:67:30:bb:6a:d0:2a:24:14:
                    63:c4:bb:7d:29:3c:a9:b2:49:cd:28:36:63:20:1d:
                    98:03:fe:c6:fb:ce:b1:71:58:e6:93:64:bc:5a:d2:
                    24:25:56:ed:8e:b3:ad:94:d2:c9:71:83:75:8b:55:
                    6f:32:58:7f:15:ee:67:7f:07:a3:fe:d3:fd:fd:46:
                    c9:5d:92:ca:84:6f:3f:27:da:93:7c:23:26:fa:50:
                    13:b4:b9:25:38:19:43:95:c9:f3:f5:36:a0:cb:c8:
                    b7:ca:6b:46:1c:f7:72:60:df:bb:40:40:d6:1e:8e:
                    30:3d:5f:25:e1:69:e7:d3:77:37:a5:65:23:4c:2d:
                    44:1a:58:ab:65:6e:43:5d:3d:cb:a9:47:f7:1f:57:
                    4c:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:E1:1B:5D:A2:D3:EF:6C:4C:4A:14:57:F3:49:2C:E9:0E:1D:E6:82
            X509v3 Authority Key Identifier:
                keyid:05:C8:1C:80:97:43:7C:D1:79:F3:19:18:3C:02:82:EA:6C:D1:CA:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BcgcgJdDfNF58xkYPAKC6mzRylE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/d93153-4609-4672-85b4-974fd239b0ed/1/0eEbXaLT72xMShRX80ks6Q4d5oI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/d93153-4609-4672-85b4-974fd239b0ed/1/BcgcgJdDfNF58xkYPAKC6mzRylE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.247.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:09:75:0b:65:03:65:f9:bb:8a:d0:ab:ca:41:34:95:51:70:
         dd:5c:0c:f2:d1:4c:56:71:63:9d:97:eb:0a:b5:e9:09:a2:27:
         98:41:68:1f:93:76:d8:50:9f:b9:85:a6:eb:a0:68:e4:de:b4:
         35:03:de:49:59:c0:6c:0f:1d:f1:40:a5:c2:25:96:3f:2f:07:
         b6:1d:92:43:95:9f:c3:82:9c:20:c7:1b:cc:fd:83:6c:ca:99:
         b7:c3:62:a4:6d:10:f1:17:95:23:c1:a3:99:78:f3:e2:f7:6d:
         65:06:51:37:53:9f:7a:8b:ed:69:d7:d7:7d:e1:be:60:00:2f:
         4d:1a:4b:d9:f4:36:e1:b9:2c:c4:9a:5d:94:c4:fd:f3:06:1d:
         c7:56:38:20:e5:cf:65:ac:96:b6:b8:b0:b6:3d:f1:f4:64:06:
         82:f6:27:c4:1f:fe:43:6a:a4:cb:c6:73:75:e2:02:f2:2e:d4:
         59:13:88:86:d2:e4:c7:aa:06:a6:32:12:61:cd:2b:15:f1:ae:
         49:31:13:dd:7e:22:5e:53:66:3b:08:ff:ed:fd:2c:6d:05:0e:
         82:9f:76:c3:c6:d0:15:f3:27:44:d0:ba:6a:41:ad:33:f8:22:
         fe:74:02:d9:5d:76:39:ca:fa:ce:c2:8a:03:49:ee:a7:5a:0a:
         6c:c4:cf:5a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRKMu6ChJSPnE2OiA/kctMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YzgxYzgwOTc0MzdjZDE3OWYzMTkxODNjMDI4MmVhNmNk
MWNhNTEwHhcNMjUwMTAxMjM0NzQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMWUxMWI1ZGEyZDNlZjZjNGM0YTE0NTdmMzQ5MmNlOTBlMWRlNjgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuefiUMAVLLGLQOm+DkRfXmxzuEx+
CmdOoSVPinOymxuyg9FLr/Sql0yJuZj4xUfZrFdUffRqJCuBAF7UziA7pBW3F2Q4
ulwfrHk0so6Y/RvxyceKLSK8HuXr+Znc/531stNsyQ5HywabaR5qZ9DqZzC7atAq
JBRjxLt9KTypsknNKDZjIB2YA/7G+86xcVjmk2S8WtIkJVbtjrOtlNLJcYN1i1Vv
Mlh/Fe5nfwej/tP9/UbJXZLKhG8/J9qTfCMm+lATtLklOBlDlcnz9Tagy8i3ymtG
HPdyYN+7QEDWHo4wPV8l4Wnn03c3pWUjTC1EGlirZW5DXT3LqUf3H1dMgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNHhG12i0+9sTEoUV/NJLOkOHeaCMB8GA1UdIwQY
MBaAFAXIHICXQ3zRefMZGDwCgups0cpRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmNnY2dKZERmTkY1OHhrWVBBS0M2bXpSeWxFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS9kOTMxNTMtNDYwOS00NjcyLTg1YjQt
OTc0ZmQyMzliMGVkLzEvMGVFYlhhTFQ3MnhNU2hSWDgwa3M2UTRkNW9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS9kOTMxNTMtNDYwOS00NjcyLTg1YjQtOTc0ZmQyMzliMGVk
LzEvQmNnY2dKZERmTkY1OHhrWVBBS0M2bXpSeWxFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/ebMA0G
CSqGSIb3DQEBCwUAA4IBAQBnCXULZQNl+buK0KvKQTSVUXDdXAzy0UxWcWOdl+sK
tekJoieYQWgfk3bYUJ+5habroGjk3rQ1A95JWcBsDx3xQKXCJZY/Lwe2HZJDlZ/D
gpwgxxvM/YNsypm3w2KkbRDxF5UjwaOZePPi921lBlE3U596i+1p19d94b5gAC9N
GkvZ9DbhuSzEml2UxP3zBh3HVjgg5c9lrJa2uLC2PfH0ZAaC9ifEH/5DaqTLxnN1
4gLyLtRZE4iG0uTHqgamMhJhzSsV8a5JMRPdfiJeU2Y7CP/t/SxtBQ6Cn3bDxtAV
8ydE0LpqQa0z+CL+dALZXXY5yvrOwooDSe6nWgpsxM9a
-----END CERTIFICATE-----