Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/EwuhEeBAQURVtdibRr3x7ZkGuoM.roa
File:                     EwuhEeBAQURVtdibRr3x7ZkGuoM.roa (raw, json)
Hash identifier:          73d9ZaW56zvdOokmC2Ih1rABWWHWAa8LEOTXQM3puXo=
Subject key identifier:   13:0B:A1:11:E0:40:41:44:55:B5:D8:9B:46:BD:F1:ED:99:06:BA:83
Certificate issuer:       /CN=3389e0b8a2ff82a23b48dd6e6e76176b4cd3832e
Certificate serial:       018CC8014B0E003AC47BA631276B4445C5E7
Authority key identifier: 33:89:E0:B8:A2:FF:82:A2:3B:48:DD:6E:6E:76:17:6B:4C:D3:83:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/M4nguKL_gqI7SN1ubnYXa0zTgy4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/EwuhEeBAQURVtdibRr3x7ZkGuoM.roa
Signing time:             Tue 02 Jan 2024 02:29:37 +0000
ROA not before:           Tue 02 Jan 2024 02:29:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     20712
IP address blocks:        91.240.176.0/24 maxlen: 24
                          2001:67c:2a40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/M4nguKL_gqI7SN1ubnYXa0zTgy4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/M4nguKL_gqI7SN1ubnYXa0zTgy4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/M4nguKL_gqI7SN1ubnYXa0zTgy4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 05:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:01:4b:0e:00:3a:c4:7b:a6:31:27:6b:44:45:c5:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3389e0b8a2ff82a23b48dd6e6e76176b4cd3832e
        Validity
            Not Before: Jan  2 02:29:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=130ba111e040414455b5d89b46bdf1ed9906ba83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ae:b8:a3:6f:5c:e0:44:8d:c1:03:70:b9:fd:
                    12:e6:8a:a7:f3:90:f5:f6:18:92:ad:3f:bc:65:99:
                    d4:93:8d:f1:dd:e3:6a:cc:a1:24:3a:67:a3:36:27:
                    d4:4c:0f:73:39:77:e5:4f:39:d8:70:0c:a4:08:15:
                    2c:d9:5a:dc:d0:89:ce:e7:54:c5:7e:dc:34:17:e7:
                    4e:46:2a:e8:57:00:20:4c:bc:bb:2d:d3:42:9d:69:
                    44:a9:11:8c:a3:2a:17:9a:16:9b:13:78:df:6b:b3:
                    d4:a0:69:40:17:02:d1:24:9a:6a:b5:88:57:d9:72:
                    6b:55:b1:8a:7a:e7:00:01:8b:37:a3:5b:b8:58:22:
                    6b:68:36:5e:31:66:0a:10:2d:bc:aa:28:c9:07:ce:
                    f7:81:f2:c4:91:e3:3a:02:1f:d5:39:14:78:ed:e9:
                    c3:80:0d:0c:2c:d2:d9:0f:02:00:08:8c:82:17:94:
                    54:78:d6:c3:eb:29:82:0d:0c:bc:1c:e9:fe:00:ed:
                    9c:31:7b:19:7c:a0:84:e4:60:b9:6d:29:10:d4:32:
                    d5:41:7e:36:5e:9e:e5:87:a7:2d:8c:c3:af:c6:f7:
                    29:e8:6d:34:50:6a:0f:d5:f0:a1:a5:db:ae:77:dd:
                    90:e0:e4:e8:53:75:cd:b9:0b:16:db:c6:49:98:1b:
                    2b:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:0B:A1:11:E0:40:41:44:55:B5:D8:9B:46:BD:F1:ED:99:06:BA:83
            X509v3 Authority Key Identifier:
                keyid:33:89:E0:B8:A2:FF:82:A2:3B:48:DD:6E:6E:76:17:6B:4C:D3:83:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/M4nguKL_gqI7SN1ubnYXa0zTgy4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/EwuhEeBAQURVtdibRr3x7ZkGuoM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/7a4402-f3f5-4f3a-98a8-2337a81b1f78/1/M4nguKL_gqI7SN1ubnYXa0zTgy4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.240.176.0/24
                IPv6:
                  2001:67c:2a40::/48

    Signature Algorithm: sha256WithRSAEncryption
         8c:eb:5b:6a:af:b8:35:d3:a7:40:25:c0:c7:5c:e2:2b:f4:4b:
         85:b2:23:76:87:0e:18:55:e7:25:10:b7:f5:d8:e4:86:1c:0c:
         78:5d:e3:99:58:45:a9:37:62:e5:30:32:73:99:10:53:02:98:
         e6:ed:a2:fc:60:e4:dd:f7:94:d4:5d:aa:00:c3:b6:ea:19:94:
         e7:fa:f9:72:f8:63:32:08:c5:d5:d0:59:b7:d8:d6:15:93:36:
         48:21:1c:58:92:62:4b:64:4e:ca:cf:26:32:d0:c6:03:d6:56:
         b0:d4:7d:4b:68:f2:02:e6:a4:15:c0:65:66:ca:f5:ff:cf:7e:
         80:6f:8c:32:65:6e:aa:6e:a6:c7:a1:17:54:78:bd:4b:08:db:
         14:94:b0:eb:00:69:46:86:58:4f:22:6c:1a:fc:64:83:49:aa:
         ed:43:1a:ab:52:33:7e:50:2c:9a:10:a6:c6:cb:d1:c9:da:93:
         6c:b6:fc:ae:4e:a0:37:75:05:f2:bf:aa:c9:70:3b:a0:06:81:
         b7:34:80:05:cd:b8:f8:70:51:7c:37:f7:46:6b:64:b8:9f:c6:
         78:a9:69:1c:17:38:e9:0e:b1:0f:32:a7:47:45:20:f8:2c:2e:
         22:04:19:dd:b9:21:a5:b2:76:99:8a:6a:7a:df:87:f8:5a:23:
         4a:17:b1:ee
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAYzIAUsOADrEe6YxJ2tERcXnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzODllMGI4YTJmZjgyYTIzYjQ4ZGQ2ZTZlNzYxNzZiNGNk
MzgzMmUwHhcNMjQwMTAyMDIyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzBiYTExMWUwNDA0MTQ0NTViNWQ4OWI0NmJkZjFlZDk5MDZiYTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn664o29c4ESNwQNwuf0S5oqn85D1
9hiSrT+8ZZnUk43x3eNqzKEkOmejNifUTA9zOXflTznYcAykCBUs2Vrc0InO51TF
ftw0F+dORiroVwAgTLy7LdNCnWlEqRGMoyoXmhabE3jfa7PUoGlAFwLRJJpqtYhX
2XJrVbGKeucAAYs3o1u4WCJraDZeMWYKEC28qijJB873gfLEkeM6Ah/VORR47enD
gA0MLNLZDwIACIyCF5RUeNbD6ymCDQy8HOn+AO2cMXsZfKCE5GC5bSkQ1DLVQX42
Xp7lh6ctjMOvxvcp6G00UGoP1fChpduud92Q4OToU3XNuQsW28ZJmBsrfwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFBMLoRHgQEFEVbXYm0a98e2ZBrqDMB8GA1UdIwQY
MBaAFDOJ4Lii/4KiO0jdbm52F2tM04MuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTTRuZ3VLTF9ncUk3U04xdWJuWVhhMHpUZ3k0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS83YTQ0MDItZjNmNS00ZjNhLTk4YTgt
MjMzN2E4MWIxZjc4LzEvRXd1aEVlQkFRVVJWdGRpYlJyM3g3WmtHdW9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS83YTQ0MDItZjNmNS00ZjNhLTk4YTgtMjMzN2E4MWIxZjc4
LzEvTTRuZ3VLTF9ncUk3U04xdWJuWVhhMHpUZ3k0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAW/CwMA8E
AgACMAkDBwAgAQZ8KkAwDQYJKoZIhvcNAQELBQADggEBAIzrW2qvuDXTp0AlwMdc
4iv0S4WyI3aHDhhV5yUQt/XY5IYcDHhd45lYRak3YuUwMnOZEFMCmObtovxg5N33
lNRdqgDDtuoZlOf6+XL4YzIIxdXQWbfY1hWTNkghHFiSYktkTsrPJjLQxgPWVrDU
fUto8gLmpBXAZWbK9f/PfoBvjDJlbqpupsehF1R4vUsI2xSUsOsAaUaGWE8ibBr8
ZINJqu1DGqtSM35QLJoQpsbL0cnak2y2/K5OoDd1BfK/qslwO6AGgbc0gAXNuPhw
UXw390ZrZLifxnipaRwXOOkOsQ8yp0dFIPgsLiIEGd25IaWydpmKanrfh/haI0oX
se4=
-----END CERTIFICATE-----