Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f4/24d1eb-2ce1-4e6f-83c2-15a9f21caa85/1/EaJ8EePaG--qHBUNCdAIsTBw87g.roa
File:                     EaJ8EePaG--qHBUNCdAIsTBw87g.roa (raw, json)
Hash identifier:          IAf05gz6+tNnIP8Cs+6TEY2g2pE0wKA4SBgXDZGW8do=
Subject key identifier:   11:A2:7C:11:E3:DA:1B:EF:AA:1C:15:0D:09:D0:08:B1:30:70:F3:B8
Certificate issuer:       /CN=127e9f9d5fd45da010695cc4212af7e67b7b348f
Certificate serial:       018CC726FBFC424CFF70E5359591E5F31CF6
Authority key identifier: 12:7E:9F:9D:5F:D4:5D:A0:10:69:5C:C4:21:2A:F7:E6:7B:7B:34:8F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/En6fnV_UXaAQaVzEISr35nt7NI8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f4/24d1eb-2ce1-4e6f-83c2-15a9f21caa85/1/EaJ8EePaG--qHBUNCdAIsTBw87g.roa
Signing time:             Mon 01 Jan 2024 22:31:09 +0000
ROA not before:           Mon 01 Jan 2024 22:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     198955
IP address blocks:        91.240.155.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f4/24d1eb-2ce1-4e6f-83c2-15a9f21caa85/1/En6fnV_UXaAQaVzEISr35nt7NI8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f4/24d1eb-2ce1-4e6f-83c2-15a9f21caa85/1/En6fnV_UXaAQaVzEISr35nt7NI8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/En6fnV_UXaAQaVzEISr35nt7NI8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c7:26:fb:fc:42:4c:ff:70:e5:35:95:91:e5:f3:1c:f6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=127e9f9d5fd45da010695cc4212af7e67b7b348f
        Validity
            Not Before: Jan  1 22:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=11a27c11e3da1befaa1c150d09d008b13070f3b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:23:ed:4c:d7:58:46:6a:da:97:23:37:9d:7d:
                    ac:8a:77:16:7a:aa:ab:c9:45:cf:b0:25:9f:19:ed:
                    ff:94:46:26:b3:a3:af:26:f0:7f:11:35:46:db:51:
                    42:d0:21:f5:66:93:8c:66:23:2f:7e:78:d0:ce:41:
                    51:6d:42:c4:8d:e3:2c:ef:2b:ea:bb:66:53:5c:ae:
                    ca:66:f3:2b:f5:97:7e:76:8e:ad:ab:48:60:15:ed:
                    78:9b:d0:15:d3:0c:3d:64:30:7c:85:fc:89:73:57:
                    1d:20:5c:e3:b6:af:bb:75:dd:38:98:bb:11:18:df:
                    69:7e:f3:f3:36:f7:87:3f:ad:8e:0d:ff:d2:e5:3e:
                    75:75:a7:b4:53:4e:83:16:fd:da:3b:e6:e5:8d:c2:
                    3e:95:ba:82:69:2e:3b:4c:0d:cf:c5:7e:fe:04:9f:
                    8e:01:23:a0:7b:86:61:c4:42:d7:8c:bb:c8:53:e0:
                    a3:59:72:93:9b:f2:05:86:9d:23:52:3e:3c:97:ab:
                    37:81:12:f8:7c:8d:79:0b:36:c7:4f:45:5f:63:33:
                    22:34:eb:45:5a:86:a6:32:bf:3c:5f:b6:b3:e2:90:
                    58:39:79:91:34:76:89:dd:2f:32:06:b9:30:6a:c4:
                    7e:88:8e:e2:2c:f8:7c:cc:04:8f:37:e6:cb:f5:d2:
                    49:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:A2:7C:11:E3:DA:1B:EF:AA:1C:15:0D:09:D0:08:B1:30:70:F3:B8
            X509v3 Authority Key Identifier:
                keyid:12:7E:9F:9D:5F:D4:5D:A0:10:69:5C:C4:21:2A:F7:E6:7B:7B:34:8F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/En6fnV_UXaAQaVzEISr35nt7NI8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/24d1eb-2ce1-4e6f-83c2-15a9f21caa85/1/EaJ8EePaG--qHBUNCdAIsTBw87g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f4/24d1eb-2ce1-4e6f-83c2-15a9f21caa85/1/En6fnV_UXaAQaVzEISr35nt7NI8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.155.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:23:33:18:6e:e4:c4:e0:97:94:59:1c:14:8d:68:cf:58:89:
         b4:b3:5e:48:1e:f0:71:d5:d4:b7:d3:c3:f2:96:8a:a9:1a:0c:
         ea:ef:e0:a9:3d:29:ef:21:a7:3d:64:96:2a:04:98:1c:6f:f3:
         36:10:0e:47:64:8b:1e:a9:69:a6:73:6c:15:eb:60:a7:b8:2c:
         20:c0:00:ea:48:b9:9c:01:9c:95:e1:79:79:de:13:be:55:8b:
         c4:f1:88:61:45:3b:50:3f:18:5a:5c:d3:e0:63:4a:65:a9:6e:
         7f:4c:9f:13:93:4b:51:b6:d3:45:4f:00:05:ba:b0:cc:80:87:
         0f:b7:88:22:bc:a6:33:44:25:f1:11:e3:fc:91:d9:9d:2e:42:
         2e:c0:12:ff:bf:20:ce:a3:b4:77:d4:96:63:6e:59:cc:81:45:
         15:71:9d:cb:5e:2d:21:fb:35:eb:a1:f5:88:61:34:fd:2c:83:
         51:ee:d9:0b:2a:06:e7:8b:b3:07:da:11:30:68:65:83:f4:c5:
         49:49:de:0e:e0:a8:df:db:43:1d:6c:ab:0a:63:c0:d5:a5:7c:
         3f:51:32:cc:0f:39:32:6b:df:ee:a7:22:7b:9b:dd:10:ed:78:
         9d:26:a3:40:0c:ea:fe:72:d3:8f:1b:62:26:ff:5e:dc:2b:35:
         00:6f:c3:54
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzHJvv8Qkz/cOU1lZHl8xz2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyN2U5ZjlkNWZkNDVkYTAxMDY5NWNjNDIxMmFmN2U2N2I3
YjM0OGYwHhcNMjQwMTAxMjIzMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWEyN2MxMWUzZGExYmVmYWExYzE1MGQwOWQwMDhiMTMwNzBmM2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSPtTNdYRmralyM3nX2sincWeqqr
yUXPsCWfGe3/lEYms6OvJvB/ETVG21FC0CH1ZpOMZiMvfnjQzkFRbULEjeMs7yvq
u2ZTXK7KZvMr9Zd+do6tq0hgFe14m9AV0ww9ZDB8hfyJc1cdIFzjtq+7dd04mLsR
GN9pfvPzNveHP62ODf/S5T51dae0U06DFv3aO+bljcI+lbqCaS47TA3PxX7+BJ+O
ASOge4ZhxELXjLvIU+CjWXKTm/IFhp0jUj48l6s3gRL4fI15CzbHT0VfYzMiNOtF
WoamMr88X7az4pBYOXmRNHaJ3S8yBrkwasR+iI7iLPh8zASPN+bL9dJJ3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGifBHj2hvvqhwVDQnQCLEwcPO4MB8GA1UdIwQY
MBaAFBJ+n51f1F2gEGlcxCEq9+Z7ezSPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRW42Zm5WX1VYYUFRYVZ6RUlTcjM1bnQ3Tkk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNC8yNGQxZWItMmNlMS00ZTZmLTgzYzIt
MTVhOWYyMWNhYTg1LzEvRWFKOEVlUGFHLS1xSEJVTkNkQUlzVEJ3ODdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNC8yNGQxZWItMmNlMS00ZTZmLTgzYzItMTVhOWYyMWNhYTg1
LzEvRW42Zm5WX1VYYUFRYVZ6RUlTcjM1bnQ3Tkk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW/CbMA0G
CSqGSIb3DQEBCwUAA4IBAQCoIzMYbuTE4JeUWRwUjWjPWIm0s15IHvBx1dS308Py
loqpGgzq7+CpPSnvIac9ZJYqBJgcb/M2EA5HZIseqWmmc2wV62CnuCwgwADqSLmc
AZyV4Xl53hO+VYvE8YhhRTtQPxhaXNPgY0plqW5/TJ8Tk0tRttNFTwAFurDMgIcP
t4givKYzRCXxEeP8kdmdLkIuwBL/vyDOo7R31JZjblnMgUUVcZ3LXi0h+zXrofWI
YTT9LINR7tkLKgbni7MH2hEwaGWD9MVJSd4O4Kjf20MdbKsKY8DVpXw/UTLMDzky
a9/upyJ7m90Q7XidJqNADOr+ctOPG2Im/17cKzUAb8NU
-----END CERTIFICATE-----