Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ef/213464-1ddb-4c60-b57e-9c724f7d1265/1/EIQmiVCCJR8neXFx-ZNiVMHoH6o.roa
File:                     EIQmiVCCJR8neXFx-ZNiVMHoH6o.roa (raw, json)
Hash identifier:          xz2x2oC3t/IcxC5P9zZi0nB0f1NmJpkYrX7eOYZRVyM=
Subject key identifier:   10:84:26:89:50:82:25:1F:27:79:71:71:F9:93:62:54:C1:E8:1F:AA
Certificate issuer:       /CN=c97ec9a2a4d9d3a2c1c05dabd41a5f9212e2d6cf
Certificate serial:       018CC5DC598F28095EDC884516D4EAEA4AC0
Authority key identifier: C9:7E:C9:A2:A4:D9:D3:A2:C1:C0:5D:AB:D4:1A:5F:92:12:E2:D6:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yX7JoqTZ06LBwF2r1BpfkhLi1s8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ef/213464-1ddb-4c60-b57e-9c724f7d1265/1/EIQmiVCCJR8neXFx-ZNiVMHoH6o.roa
Signing time:             Mon 01 Jan 2024 16:30:01 +0000
ROA not before:           Mon 01 Jan 2024 16:30:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59989
IP address blocks:        185.111.6.0/24 maxlen: 24
                          185.111.5.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ef/213464-1ddb-4c60-b57e-9c724f7d1265/1/yX7JoqTZ06LBwF2r1BpfkhLi1s8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ef/213464-1ddb-4c60-b57e-9c724f7d1265/1/yX7JoqTZ06LBwF2r1BpfkhLi1s8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yX7JoqTZ06LBwF2r1BpfkhLi1s8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 21:03:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:dc:59:8f:28:09:5e:dc:88:45:16:d4:ea:ea:4a:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c97ec9a2a4d9d3a2c1c05dabd41a5f9212e2d6cf
        Validity
            Not Before: Jan  1 16:30:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=108426895082251f27797171f9936254c1e81faa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:77:f6:6f:67:48:e0:f5:e3:4b:bf:22:a8:3f:
                    e2:da:d9:1f:d0:3e:0d:21:36:65:fa:65:10:84:eb:
                    c6:10:ea:02:4a:db:23:68:1d:c0:ac:96:8a:f0:15:
                    cd:5e:e3:21:f0:37:5d:59:f3:f4:1d:64:8a:55:92:
                    c4:5e:bc:9c:b4:66:33:8e:c2:58:72:9e:74:4a:da:
                    46:25:88:61:ad:0d:d4:60:b3:15:7e:e2:4e:8b:b1:
                    90:a9:bf:27:26:b8:dd:a8:45:6f:18:82:92:4b:bb:
                    f8:84:d7:5b:4b:96:bb:02:51:d4:4a:7e:aa:12:a2:
                    eb:5b:40:88:6b:78:56:df:52:80:71:9b:db:c2:a3:
                    f7:60:1d:58:14:fe:cc:8c:67:39:d3:7a:b4:52:b7:
                    2c:4b:46:87:4e:55:18:0a:73:89:03:67:6d:5d:b9:
                    95:73:cc:1a:9a:1c:47:f5:12:29:0f:6e:5b:6f:d4:
                    e1:15:bb:ed:d2:dd:82:65:00:e3:c3:3a:a9:19:eb:
                    db:cf:01:97:94:33:ae:61:b4:f4:37:30:ad:a4:0e:
                    32:43:d6:a6:70:ea:eb:d8:12:f2:0d:b6:58:b4:98:
                    5f:5d:ef:4c:74:99:66:c8:19:35:6f:9f:74:c2:d2:
                    c6:87:62:3d:c0:ab:4e:1b:e1:27:01:a8:dc:04:73:
                    33:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:84:26:89:50:82:25:1F:27:79:71:71:F9:93:62:54:C1:E8:1F:AA
            X509v3 Authority Key Identifier:
                keyid:C9:7E:C9:A2:A4:D9:D3:A2:C1:C0:5D:AB:D4:1A:5F:92:12:E2:D6:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yX7JoqTZ06LBwF2r1BpfkhLi1s8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/213464-1ddb-4c60-b57e-9c724f7d1265/1/EIQmiVCCJR8neXFx-ZNiVMHoH6o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ef/213464-1ddb-4c60-b57e-9c724f7d1265/1/yX7JoqTZ06LBwF2r1BpfkhLi1s8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.111.5.0-185.111.6.255

    Signature Algorithm: sha256WithRSAEncryption
         2d:76:89:83:e1:ea:f6:6a:a8:9f:13:46:68:5a:7d:01:d8:32:
         a1:ff:b3:fb:df:97:ac:fb:13:19:67:e1:34:ad:34:ac:ed:d5:
         82:dc:18:e9:91:06:a9:37:15:f9:b6:ed:ac:64:19:2c:9a:03:
         24:2b:2d:53:88:38:44:fd:0d:95:73:ed:b2:fd:2b:e9:0b:16:
         15:f1:96:07:d2:3a:32:9c:fe:48:47:20:3f:ec:d3:f5:b9:d0:
         17:6b:54:d6:7a:8a:94:f7:a2:52:c0:0f:be:b6:3e:cf:a4:ba:
         f3:e2:fd:40:5c:18:84:eb:c2:0e:ff:a1:ef:4e:40:79:34:fa:
         8f:b9:23:e1:b6:b8:e0:71:d9:16:11:2e:d2:f4:3f:e5:81:c5:
         13:fd:54:e6:07:0b:00:e0:b8:2c:2e:62:c5:5d:70:c5:f5:52:
         f3:e7:40:b7:73:cb:b5:97:62:5e:59:0b:cb:0e:1e:4b:2a:29:
         8c:da:c6:43:b7:2a:8e:40:91:ee:21:b5:f7:a9:a7:2c:c7:91:
         a5:15:3a:d3:52:bc:e2:0d:4c:90:38:41:a1:5c:2f:ad:4d:ac:
         b8:c3:3a:48:f4:f0:0e:e7:af:c1:58:2e:b6:20:6d:61:9c:a4:
         53:12:3b:70:25:63:19:e6:47:8e:98:f6:8a:e5:ac:dc:7e:70:
         4b:d3:ca:5d
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzF3FmPKAle3IhFFtTq6krAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5N2VjOWEyYTRkOWQzYTJjMWMwNWRhYmQ0MWE1ZjkyMTJl
MmQ2Y2YwHhcNMjQwMTAxMTYzMDAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDg0MjY4OTUwODIyNTFmMjc3OTcxNzFmOTkzNjI1NGMxZTgxZmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm3f2b2dI4PXjS78iqD/i2tkf0D4N
ITZl+mUQhOvGEOoCStsjaB3ArJaK8BXNXuMh8DddWfP0HWSKVZLEXryctGYzjsJY
cp50StpGJYhhrQ3UYLMVfuJOi7GQqb8nJrjdqEVvGIKSS7v4hNdbS5a7AlHUSn6q
EqLrW0CIa3hW31KAcZvbwqP3YB1YFP7MjGc503q0UrcsS0aHTlUYCnOJA2dtXbmV
c8wamhxH9RIpD25bb9ThFbvt0t2CZQDjwzqpGevbzwGXlDOuYbT0NzCtpA4yQ9am
cOrr2BLyDbZYtJhfXe9MdJlmyBk1b590wtLGh2I9wKtOG+EnAajcBHMziwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBCEJolQgiUfJ3lxcfmTYlTB6B+qMB8GA1UdIwQY
MBaAFMl+yaKk2dOiwcBdq9QaX5IS4tbPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVg3Sm9xVFowNkxCd0YycjFCcGZraExpMXM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZi8yMTM0NjQtMWRkYi00YzYwLWI1N2Ut
OWM3MjRmN2QxMjY1LzEvRUlRbWlWQ0NKUjhuZVhGeC1aTmlWTUhvSDZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZi8yMTM0NjQtMWRkYi00YzYwLWI1N2UtOWM3MjRmN2QxMjY1
LzEveVg3Sm9xVFowNkxCd0YycjFCcGZraExpMXM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5bwUD
BAC5bwYwDQYJKoZIhvcNAQELBQADggEBAC12iYPh6vZqqJ8TRmhafQHYMqH/s/vf
l6z7Exln4TStNKzt1YLcGOmRBqk3Ffm27axkGSyaAyQrLVOIOET9DZVz7bL9K+kL
FhXxlgfSOjKc/khHID/s0/W50BdrVNZ6ipT3olLAD762Ps+kuvPi/UBcGITrwg7/
oe9OQHk0+o+5I+G2uOBx2RYRLtL0P+WBxRP9VOYHCwDguCwuYsVdcMX1UvPnQLdz
y7WXYl5ZC8sOHksqKYzaxkO3Ko5Ake4htfeppyzHkaUVOtNSvOINTJA4QaFcL61N
rLjDOkj08A7nr8FYLrYgbWGcpFMSO3AlYxnmR46Y9orlrNx+cEvTyl0=
-----END CERTIFICATE-----