Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/aca994-f3c0-45a4-a642-6d7602d24c83/1/ekK1eE5a32VySivOIvx2lxJnCKs.roa
File:                     ekK1eE5a32VySivOIvx2lxJnCKs.roa (raw, json)
Hash identifier:          R1iwy2ZxPxih68xnTXgeurMmYbkKLoEgJqs5giY8O4U=
Subject key identifier:   7A:42:B5:78:4E:5A:DF:65:72:4A:2B:CE:22:FC:76:97:12:67:08:AB
Certificate issuer:       /CN=8e6d75b4e4986faccb614b334e45d5e039352a9c
Certificate serial:       019426D921193AB2DB18A2A75C0D84857125
Authority key identifier: 8E:6D:75:B4:E4:98:6F:AC:CB:61:4B:33:4E:45:D5:E0:39:35:2A:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jm11tOSYb6zLYUszTkXV4Dk1Kpw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/aca994-f3c0-45a4-a642-6d7602d24c83/1/ekK1eE5a32VySivOIvx2lxJnCKs.roa
Signing time:             Thu 02 Jan 2025 11:49:11 +0000
ROA not before:           Thu 02 Jan 2025 11:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20691
IP address blocks:        91.209.188.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/aca994-f3c0-45a4-a642-6d7602d24c83/1/jm11tOSYb6zLYUszTkXV4Dk1Kpw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/aca994-f3c0-45a4-a642-6d7602d24c83/1/jm11tOSYb6zLYUszTkXV4Dk1Kpw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jm11tOSYb6zLYUszTkXV4Dk1Kpw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:21:19:3a:b2:db:18:a2:a7:5c:0d:84:85:71:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e6d75b4e4986faccb614b334e45d5e039352a9c
        Validity
            Not Before: Jan  2 11:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a42b5784e5adf65724a2bce22fc7697126708ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:60:06:9b:f9:fe:0b:73:91:00:0b:c4:e7:57:
                    f6:25:1f:b8:36:b8:04:71:a1:e8:bb:3c:88:fb:db:
                    da:db:9b:fb:34:d1:76:20:77:e1:71:e9:6c:72:e6:
                    17:6f:f6:e1:9b:a7:69:c2:66:df:58:7f:3b:01:79:
                    b3:2e:bf:01:b3:4e:89:82:4a:79:34:f7:4f:e7:05:
                    44:23:9c:50:c6:b9:74:a1:d7:6c:da:36:46:09:f2:
                    cd:12:35:b9:33:8a:4d:d5:e7:a7:8a:06:7e:af:21:
                    7e:ef:d1:eb:f0:16:b8:f6:64:d8:bb:ad:52:09:c5:
                    01:af:09:6e:07:07:b3:fe:34:40:45:22:1f:db:79:
                    8f:8a:ac:7a:48:7f:17:b0:6a:0a:f9:1d:12:74:8a:
                    c3:da:6c:14:b5:57:33:4a:58:69:38:3f:ac:cc:f9:
                    2c:7c:ea:84:b3:ea:24:8b:67:b7:1c:22:27:5d:99:
                    46:bf:77:7a:7e:4c:4d:3f:2e:4e:17:af:db:3a:e1:
                    2a:18:10:06:f6:d6:f6:63:9a:af:b4:bf:db:e1:db:
                    b6:35:10:4a:96:b3:97:5b:7c:ef:4a:92:61:e1:cb:
                    62:bd:4f:f7:08:86:90:54:6c:9f:95:db:70:2f:18:
                    a4:5a:04:ed:0e:14:21:79:ed:5e:3d:ce:cb:b0:a5:
                    b3:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:42:B5:78:4E:5A:DF:65:72:4A:2B:CE:22:FC:76:97:12:67:08:AB
            X509v3 Authority Key Identifier:
                keyid:8E:6D:75:B4:E4:98:6F:AC:CB:61:4B:33:4E:45:D5:E0:39:35:2A:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jm11tOSYb6zLYUszTkXV4Dk1Kpw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/aca994-f3c0-45a4-a642-6d7602d24c83/1/ekK1eE5a32VySivOIvx2lxJnCKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/aca994-f3c0-45a4-a642-6d7602d24c83/1/jm11tOSYb6zLYUszTkXV4Dk1Kpw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.209.188.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:01:3e:5b:1a:24:d0:7a:58:f4:3e:54:b7:13:b9:b4:af:16:
         a2:74:a3:01:5c:14:77:b8:f1:ad:c8:30:b9:a5:7d:b9:61:81:
         03:b7:00:e1:ef:0f:1b:24:ec:e7:ca:71:56:d7:6d:c9:e3:a2:
         11:fc:9e:22:d1:7a:44:79:d8:35:31:75:04:ea:28:c6:f5:05:
         9f:3a:05:bc:3a:0b:3d:b5:d0:e2:49:60:da:45:a1:2d:bd:28:
         99:f3:18:0e:9f:cf:6d:e1:7c:df:af:71:98:37:a8:c2:46:aa:
         9a:d3:d6:be:35:b7:80:e1:5c:e5:b8:0f:a6:8c:b4:53:f1:06:
         10:54:78:a6:bf:88:2f:0e:47:d2:44:ed:d0:01:0b:6e:c0:6e:
         16:fd:a8:29:2c:b0:6b:02:55:d6:1d:6d:17:6b:99:fa:2f:81:
         be:3b:4e:1b:22:ac:db:13:ef:3f:04:43:a5:63:ce:77:43:4c:
         02:2b:b3:fd:70:de:3b:7d:84:63:07:71:7d:e9:ee:f4:68:a3:
         a0:79:52:a4:28:be:1d:ec:2a:a6:a2:45:15:06:b3:2d:72:17:
         de:0a:f5:b8:99:70:4d:3e:74:12:7b:d7:0d:f9:94:28:35:cd:
         6b:8e:c9:c5:03:11:77:c6:7c:67:17:9f:e2:32:f9:41:80:85:
         02:2c:03:bf
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2SEZOrLbGKKnXA2EhXElMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNmQ3NWI0ZTQ5ODZmYWNjYjYxNGIzMzRlNDVkNWUwMzkz
NTJhOWMwHhcNMjUwMTAyMTE0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTQyYjU3ODRlNWFkZjY1NzI0YTJiY2UyMmZjNzY5NzEyNjcwOGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2AGm/n+C3ORAAvE51f2JR+4NrgE
caHouzyI+9va25v7NNF2IHfhcelscuYXb/bhm6dpwmbfWH87AXmzLr8Bs06Jgkp5
NPdP5wVEI5xQxrl0odds2jZGCfLNEjW5M4pN1eenigZ+ryF+79Hr8Ba49mTYu61S
CcUBrwluBwez/jRARSIf23mPiqx6SH8XsGoK+R0SdIrD2mwUtVczSlhpOD+szPks
fOqEs+oki2e3HCInXZlGv3d6fkxNPy5OF6/bOuEqGBAG9tb2Y5qvtL/b4du2NRBK
lrOXW3zvSpJh4ctivU/3CIaQVGyfldtwLxikWgTtDhQhee1ePc7LsKWz9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHpCtXhOWt9lckorziL8dpcSZwirMB8GA1UdIwQY
MBaAFI5tdbTkmG+sy2FLM05F1eA5NSqcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam0xMXRPU1liNnpMWVVzelRrWFY0RGsxS3B3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9hY2E5OTQtZjNjMC00NWE0LWE2NDIt
NmQ3NjAyZDI0YzgzLzEvZWtLMWVFNWEzMlZ5U2l2T0l2eDJseEpuQ0tzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9hY2E5OTQtZjNjMC00NWE0LWE2NDItNmQ3NjAyZDI0Yzgz
LzEvam0xMXRPU1liNnpMWVVzelRrWFY0RGsxS3B3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW9G8MA0G
CSqGSIb3DQEBCwUAA4IBAQB4AT5bGiTQelj0PlS3E7m0rxaidKMBXBR3uPGtyDC5
pX25YYEDtwDh7w8bJOznynFW123J46IR/J4i0XpEedg1MXUE6ijG9QWfOgW8Ogs9
tdDiSWDaRaEtvSiZ8xgOn89t4Xzfr3GYN6jCRqqa09a+NbeA4VzluA+mjLRT8QYQ
VHimv4gvDkfSRO3QAQtuwG4W/agpLLBrAlXWHW0Xa5n6L4G+O04bIqzbE+8/BEOl
Y853Q0wCK7P9cN47fYRjB3F96e70aKOgeVKkKL4d7CqmokUVBrMtchfeCvW4mXBN
PnQSe9cN+ZQoNc1rjsnFAxF3xnxnF5/iMvlBgIUCLAO/
-----END CERTIFICATE-----