Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/39f1e0-3627-492f-ae93-8b07acd07c94/1/EGfTTprQMt-GEnaway1W9-FlXtw.roa
File:                     EGfTTprQMt-GEnaway1W9-FlXtw.roa (raw, json)
Hash identifier:          UQIAUNq+I7sfRCUHcwhg5FjLWCUrSnEOiuCrjeo6ZSQ=
Subject key identifier:   10:67:D3:4E:9A:D0:32:DF:86:12:76:B0:6B:2D:56:F7:E1:65:5E:DC
Certificate issuer:       /CN=6b5cceaa974b2905acb262af452c02280316aabb
Certificate serial:       018F151DEA05AF7FA0B14F231547DD344110
Authority key identifier: 6B:5C:CE:AA:97:4B:29:05:AC:B2:62:AF:45:2C:02:28:03:16:AA:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a1zOqpdLKQWssmKvRSwCKAMWqrs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/39f1e0-3627-492f-ae93-8b07acd07c94/1/EGfTTprQMt-GEnaway1W9-FlXtw.roa
Signing time:             Thu 25 Apr 2024 11:57:13 +0000
ROA not before:           Thu 25 Apr 2024 11:57:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39637
IP address blocks:        45.91.122.0/24 maxlen: 24
                          2a13:9b40::/29 maxlen: 29

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/39f1e0-3627-492f-ae93-8b07acd07c94/1/a1zOqpdLKQWssmKvRSwCKAMWqrs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/39f1e0-3627-492f-ae93-8b07acd07c94/1/a1zOqpdLKQWssmKvRSwCKAMWqrs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a1zOqpdLKQWssmKvRSwCKAMWqrs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 21 Jun 2024 03:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:15:1d:ea:05:af:7f:a0:b1:4f:23:15:47:dd:34:41:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b5cceaa974b2905acb262af452c02280316aabb
        Validity
            Not Before: Apr 25 11:57:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1067d34e9ad032df861276b06b2d56f7e1655edc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b9:42:05:0a:19:fd:22:1a:58:f5:25:66:02:
                    dd:78:58:71:83:b1:87:49:f3:89:be:83:28:11:54:
                    aa:2a:02:13:c5:41:a3:c9:6f:78:76:4f:c2:e8:23:
                    91:64:87:73:92:0e:84:f5:29:e0:56:91:d4:d3:e2:
                    01:3a:48:1a:af:1b:47:88:76:b6:d1:43:fc:71:90:
                    d3:10:44:60:b8:fa:74:b0:4b:db:65:8a:c0:ce:07:
                    5f:bb:57:36:51:69:f8:39:65:20:13:35:87:e7:5c:
                    86:bc:64:2b:cc:91:39:f7:8e:cc:54:95:bc:dd:d4:
                    80:1c:9f:5a:d2:5c:74:da:d8:4e:92:0b:49:e1:0d:
                    e9:ff:1d:46:b8:c2:e9:27:07:10:1a:42:10:35:b1:
                    2c:01:d6:93:dc:b8:32:39:73:5f:9b:c6:c8:83:68:
                    70:d6:80:a7:1c:32:bc:9a:83:12:73:61:d8:a8:cd:
                    cb:0c:88:6c:83:26:1d:7d:35:cb:cc:31:be:cb:aa:
                    75:4d:6e:49:24:0a:c3:fa:7c:20:22:16:f5:ae:93:
                    38:46:50:44:e7:a4:01:d2:69:1e:3d:8c:aa:99:b1:
                    6f:e2:d1:a4:50:05:f3:ae:7c:12:7d:f0:5b:56:2b:
                    98:eb:c1:75:77:76:38:94:64:c6:ea:e2:bd:94:d6:
                    dd:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:67:D3:4E:9A:D0:32:DF:86:12:76:B0:6B:2D:56:F7:E1:65:5E:DC
            X509v3 Authority Key Identifier:
                keyid:6B:5C:CE:AA:97:4B:29:05:AC:B2:62:AF:45:2C:02:28:03:16:AA:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1zOqpdLKQWssmKvRSwCKAMWqrs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/39f1e0-3627-492f-ae93-8b07acd07c94/1/EGfTTprQMt-GEnaway1W9-FlXtw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/39f1e0-3627-492f-ae93-8b07acd07c94/1/a1zOqpdLKQWssmKvRSwCKAMWqrs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.91.122.0/24
                IPv6:
                  2a13:9b40::/29

    Signature Algorithm: sha256WithRSAEncryption
         07:00:0b:7d:67:c6:ad:a1:27:1f:ba:31:b9:7b:fd:d6:75:2f:
         59:d2:1d:42:d1:db:9c:20:6a:5a:bd:ae:3e:07:3e:92:66:1b:
         1d:f7:48:74:de:be:0c:55:04:26:80:92:0d:fe:26:6f:56:18:
         81:fa:34:78:dc:e6:5c:c2:e1:f4:e3:60:d6:f7:26:8b:9e:08:
         ce:46:1f:ff:48:ca:85:90:16:4d:a8:94:4c:34:9e:84:e3:d7:
         e9:92:3e:00:c7:29:71:3b:56:14:61:f5:64:4d:8a:3d:b4:c1:
         2a:d5:61:83:06:0d:06:a3:99:59:9a:e6:1f:22:62:0e:7c:30:
         fc:aa:78:ab:68:8c:78:44:31:5f:1c:fa:da:ac:17:1d:de:7e:
         7b:f2:29:a8:fb:0b:6f:4b:c0:1b:23:6b:0d:a4:bf:af:53:23:
         98:4e:17:40:bb:45:b6:a9:97:6e:e9:10:d7:08:d4:bd:0d:71:
         6e:c4:20:b2:65:34:bb:d0:96:e8:03:f0:98:6b:7e:6c:13:cb:
         94:c4:2a:f0:ce:2d:17:14:8b:62:be:90:ea:3c:87:5f:b7:16:
         44:cb:78:ab:3a:3a:59:06:3f:96:0a:b7:dc:e6:66:4f:d7:b2:
         20:d4:59:42:27:77:76:19:b2:c1:bc:b2:69:2c:56:75:b6:55:
         0c:eb:d8:18
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAY8VHeoFr3+gsU8jFUfdNEEQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNWNjZWFhOTc0YjI5MDVhY2IyNjJhZjQ1MmMwMjI4MDMx
NmFhYmIwHhcNMjQwNDI1MTE1NzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDY3ZDM0ZTlhZDAzMmRmODYxMjc2YjA2YjJkNTZmN2UxNjU1ZWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLlCBQoZ/SIaWPUlZgLdeFhxg7GH
SfOJvoMoEVSqKgITxUGjyW94dk/C6CORZIdzkg6E9SngVpHU0+IBOkgarxtHiHa2
0UP8cZDTEERguPp0sEvbZYrAzgdfu1c2UWn4OWUgEzWH51yGvGQrzJE5947MVJW8
3dSAHJ9a0lx02thOkgtJ4Q3p/x1GuMLpJwcQGkIQNbEsAdaT3LgyOXNfm8bIg2hw
1oCnHDK8moMSc2HYqM3LDIhsgyYdfTXLzDG+y6p1TW5JJArD+nwgIhb1rpM4RlBE
56QB0mkePYyqmbFv4tGkUAXzrnwSffBbViuY68F1d3Y4lGTG6uK9lNbdrwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBBn006a0DLfhhJ2sGstVvfhZV7cMB8GA1UdIwQY
MBaAFGtczqqXSykFrLJir0UsAigDFqq7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTF6T3FwZExLUVdzc21LdlJTd0NLQU1XcXJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8zOWYxZTAtMzYyNy00OTJmLWFlOTMt
OGIwN2FjZDA3Yzk0LzEvRUdmVFRwclFNdC1HRW5hd2F5MVc5LUZsWHR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8zOWYxZTAtMzYyNy00OTJmLWFlOTMtOGIwN2FjZDA3Yzk0
LzEvYTF6T3FwZExLUVdzc21LdlJTd0NLQU1XcXJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQALVt6MA0E
AgACMAcDBQMqE5tAMA0GCSqGSIb3DQEBCwUAA4IBAQAHAAt9Z8atoScfujG5e/3W
dS9Z0h1C0ducIGpava4+Bz6SZhsd90h03r4MVQQmgJIN/iZvVhiB+jR43OZcwuH0
42DW9yaLngjORh//SMqFkBZNqJRMNJ6E49fpkj4AxylxO1YUYfVkTYo9tMEq1WGD
Bg0Go5lZmuYfImIOfDD8qniraIx4RDFfHPrarBcd3n578imo+wtvS8AbI2sNpL+v
UyOYThdAu0W2qZdu6RDXCNS9DXFuxCCyZTS70JboA/CYa35sE8uUxCrwzi0XFIti
vpDqPIdftxZEy3irOjpZBj+WCrfc5mZP17Ig1FlCJ3d2GbLBvLJpLFZ1tlUM69gY
-----END CERTIFICATE-----