Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/b75d64-9a55-490c-8c58-3fe17481f608/1/eTegKKWykQ4-sDOJeb1pYFLKTa8.roa
File:                     eTegKKWykQ4-sDOJeb1pYFLKTa8.roa (raw, json)
Hash identifier:          9I2wxHAbDXXYlH8CY6WxacpdbeKpuf9f3m1ejW5UZek=
Subject key identifier:   79:37:A0:28:A5:B2:91:0E:3E:B0:33:89:79:BD:69:60:52:CA:4D:AF
Certificate issuer:       /CN=d6f807660bf2cd92aee391442a5343af718c18c7
Certificate serial:       018CC3490FAAA2A16F6CDB7F9F4707C4EF4D
Authority key identifier: D6:F8:07:66:0B:F2:CD:92:AE:E3:91:44:2A:53:43:AF:71:8C:18:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1vgHZgvyzZKu45FEKlNDr3GMGMc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/b75d64-9a55-490c-8c58-3fe17481f608/1/eTegKKWykQ4-sDOJeb1pYFLKTa8.roa
Signing time:             Mon 01 Jan 2024 04:29:54 +0000
ROA not before:           Mon 01 Jan 2024 04:29:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     59676
IP address blocks:        91.212.90.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/b75d64-9a55-490c-8c58-3fe17481f608/1/1vgHZgvyzZKu45FEKlNDr3GMGMc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/b75d64-9a55-490c-8c58-3fe17481f608/1/1vgHZgvyzZKu45FEKlNDr3GMGMc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1vgHZgvyzZKu45FEKlNDr3GMGMc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c3:49:0f:aa:a2:a1:6f:6c:db:7f:9f:47:07:c4:ef:4d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6f807660bf2cd92aee391442a5343af718c18c7
        Validity
            Not Before: Jan  1 04:29:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7937a028a5b2910e3eb0338979bd696052ca4daf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:2b:02:da:db:bf:63:9b:eb:e8:ea:0e:3a:44:
                    39:8f:29:30:76:b4:b5:7e:0d:86:be:84:8e:b3:8c:
                    8e:4e:85:fe:de:0b:b8:35:25:f8:bc:74:d4:67:85:
                    bd:d2:7d:43:3f:fc:f0:27:97:5e:7b:1b:88:20:5b:
                    02:9f:b2:51:5d:05:f7:60:12:51:07:50:8d:09:3b:
                    11:2b:9a:0f:f0:c5:d4:da:1a:c7:66:29:a1:9f:d5:
                    88:fd:ef:3d:b5:53:0f:bd:65:8e:c6:61:c2:c2:dd:
                    1f:62:ea:49:ee:ca:8f:9d:76:90:52:44:bc:51:29:
                    6d:45:8a:ca:50:9a:52:07:0c:0e:e1:98:31:4c:ff:
                    2b:43:26:e1:c0:36:92:f0:8c:0e:be:e2:a7:e4:4f:
                    29:18:d7:fe:6f:38:2d:30:3d:97:64:ad:31:2b:b4:
                    40:62:28:a4:1b:66:a2:c0:b4:28:18:33:bd:7a:47:
                    cc:61:21:23:3e:c5:8a:99:1d:39:8c:f7:e6:1b:ef:
                    ed:9e:26:9d:3f:e7:da:f0:fa:2d:3c:03:0a:81:9c:
                    2e:ed:b4:79:de:1c:d5:e6:67:30:aa:6b:b8:aa:22:
                    5f:6a:80:83:4a:ef:7b:62:ae:10:00:3b:dc:ba:2a:
                    d0:21:58:c5:63:ec:4a:3d:82:ba:ac:de:c1:05:ef:
                    46:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:37:A0:28:A5:B2:91:0E:3E:B0:33:89:79:BD:69:60:52:CA:4D:AF
            X509v3 Authority Key Identifier:
                keyid:D6:F8:07:66:0B:F2:CD:92:AE:E3:91:44:2A:53:43:AF:71:8C:18:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1vgHZgvyzZKu45FEKlNDr3GMGMc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/b75d64-9a55-490c-8c58-3fe17481f608/1/eTegKKWykQ4-sDOJeb1pYFLKTa8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/b75d64-9a55-490c-8c58-3fe17481f608/1/1vgHZgvyzZKu45FEKlNDr3GMGMc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.212.90.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:ff:d7:1c:30:95:d3:40:eb:56:b2:b7:9f:cd:fd:91:1b:8a:
         a6:2b:66:15:5b:a0:0d:06:d3:22:ba:98:f8:e9:28:5b:ac:9a:
         62:d0:a6:ea:6e:1d:1d:95:00:cc:4b:63:8e:17:dd:90:9a:d2:
         44:8e:cb:6f:d7:6f:42:a4:b3:0e:47:2d:80:4a:bb:41:7e:a1:
         d1:46:76:42:2a:62:66:ea:18:44:72:a7:f0:25:46:21:6b:15:
         89:44:5e:92:00:9b:ef:4d:aa:44:71:09:2d:5d:ff:37:c2:58:
         83:f8:70:c2:ac:0c:9d:04:39:6a:55:08:ed:eb:c5:7a:39:8f:
         03:68:2a:e2:fa:e2:11:a4:dd:cb:71:59:9a:bf:d7:d7:96:76:
         92:2b:e8:b0:af:fc:2f:ae:26:79:33:85:c0:26:42:aa:35:81:
         78:3d:9c:35:13:05:a1:e2:71:0f:f0:7b:b2:93:b2:cd:e9:4b:
         8a:02:1e:3e:cd:64:b2:5a:a0:9b:c4:2b:54:eb:f7:71:87:22:
         3d:17:3a:37:cb:bc:95:ff:6a:74:d9:a6:66:a1:b1:e5:30:4e:
         03:9e:47:3d:8d:15:aa:f1:c5:e0:6f:b4:45:ac:cd:de:ae:bf:
         fd:eb:7c:27:72:4a:a4:6d:4b:69:7b:8f:93:4d:ec:0a:34:de:
         de:03:23:f0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzDSQ+qoqFvbNt/n0cHxO9NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZjgwNzY2MGJmMmNkOTJhZWUzOTE0NDJhNTM0M2FmNzE4
YzE4YzcwHhcNMjQwMTAxMDQyOTU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTM3YTAyOGE1YjI5MTBlM2ViMDMzODk3OWJkNjk2MDUyY2E0ZGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhisC2tu/Y5vr6OoOOkQ5jykwdrS1
fg2GvoSOs4yOToX+3gu4NSX4vHTUZ4W90n1DP/zwJ5deexuIIFsCn7JRXQX3YBJR
B1CNCTsRK5oP8MXU2hrHZimhn9WI/e89tVMPvWWOxmHCwt0fYupJ7sqPnXaQUkS8
USltRYrKUJpSBwwO4ZgxTP8rQybhwDaS8IwOvuKn5E8pGNf+bzgtMD2XZK0xK7RA
YiikG2aiwLQoGDO9ekfMYSEjPsWKmR05jPfmG+/tniadP+fa8PotPAMKgZwu7bR5
3hzV5mcwqmu4qiJfaoCDSu97Yq4QADvcuirQIVjFY+xKPYK6rN7BBe9GrwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHk3oCilspEOPrAziXm9aWBSyk2vMB8GA1UdIwQY
MBaAFNb4B2YL8s2SruORRCpTQ69xjBjHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXZnSFpndnl6Wkt1NDVGRUtsTkRyM0dNR01jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9iNzVkNjQtOWE1NS00OTBjLThjNTgt
M2ZlMTc0ODFmNjA4LzEvZVRlZ0tLV3lrUTQtc0RPSmViMXBZRkxLVGE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9iNzVkNjQtOWE1NS00OTBjLThjNTgtM2ZlMTc0ODFmNjA4
LzEvMXZnSFpndnl6Wkt1NDVGRUtsTkRyM0dNR01jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9RaMA0G
CSqGSIb3DQEBCwUAA4IBAQAc/9ccMJXTQOtWsrefzf2RG4qmK2YVW6ANBtMiupj4
6ShbrJpi0Kbqbh0dlQDMS2OOF92QmtJEjstv129CpLMORy2ASrtBfqHRRnZCKmJm
6hhEcqfwJUYhaxWJRF6SAJvvTapEcQktXf83wliD+HDCrAydBDlqVQjt68V6OY8D
aCri+uIRpN3LcVmav9fXlnaSK+iwr/wvriZ5M4XAJkKqNYF4PZw1EwWh4nEP8Huy
k7LN6UuKAh4+zWSyWqCbxCtU6/dxhyI9Fzo3y7yV/2p02aZmobHlME4Dnkc9jRWq
8cXgb7RFrM3err/963wnckqkbUtpe4+TTewKNN7eAyPw
-----END CERTIFICATE-----