Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/EnAVa0WDTPEIkgJTa_1akGAdRLU.roa
File:                     EnAVa0WDTPEIkgJTa_1akGAdRLU.roa (raw, json)
Hash identifier:          v6OPbdEQYEwg6e7stk3DD8/DXD2xGmjWZyBLYl4Is18=
Subject key identifier:   12:70:15:6B:45:83:4C:F1:08:92:02:53:6B:FD:5A:90:60:1D:44:B5
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       019863CF5827098E0839E708899143DA15EA
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/EnAVa0WDTPEIkgJTa_1akGAdRLU.roa
Signing time:             Fri 01 Aug 2025 04:06:29 +0000
ROA not before:           Fri 01 Aug 2025 04:06:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214079
IP address blocks:        5.231.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 14:37:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:63:cf:58:27:09:8e:08:39:e7:08:89:91:43:da:15:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Aug  1 04:06:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1270156b45834cf1089202536bfd5a90601d44b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:a0:55:bf:89:7b:9d:96:4f:47:9a:ac:b6:e9:
                    f1:60:49:e6:43:3e:4c:00:73:fc:b6:49:e5:39:d6:
                    3d:76:8c:41:3c:5d:ff:78:2b:be:58:40:77:9d:7c:
                    a7:fb:f3:e4:f9:40:8f:9d:e4:b5:31:4d:1f:0e:7a:
                    ac:3b:9e:dd:53:00:a2:04:ab:9d:22:05:cf:e8:2b:
                    65:9d:a1:16:4f:6c:11:1e:e5:0c:b6:6b:63:0b:6f:
                    39:ef:e9:a5:3d:39:f9:36:94:9d:fb:1b:59:b6:e4:
                    10:5d:73:a4:08:a5:87:fd:4a:ab:47:10:e8:0a:6e:
                    55:ac:3b:64:01:1b:dd:ec:ed:61:75:5d:9a:07:22:
                    0d:91:f1:77:af:3f:aa:76:b3:c2:fa:7e:55:1e:79:
                    e4:4b:4c:43:ad:bb:88:fb:28:4d:b7:cc:78:80:80:
                    91:c8:74:07:2f:13:50:5a:c3:ca:fb:2d:ed:b0:97:
                    ac:21:86:1c:9e:d2:1b:d6:63:1d:54:06:a8:a7:dc:
                    fd:8c:b4:ce:45:5d:2e:74:90:a6:8d:e2:fd:36:76:
                    e6:75:d1:af:49:87:65:84:0e:6f:14:81:b6:09:2e:
                    a4:00:de:7a:ac:7d:06:ff:d4:3d:c7:d5:0e:0a:24:
                    4e:a3:ef:60:fd:29:28:b4:ca:ee:55:d2:ee:48:3e:
                    87:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:70:15:6B:45:83:4C:F1:08:92:02:53:6B:FD:5A:90:60:1D:44:B5
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/EnAVa0WDTPEIkgJTa_1akGAdRLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.231.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7d:2c:39:c1:56:a8:e6:c1:af:bf:69:fa:d2:77:10:8a:16:6e:
         fa:c8:eb:af:f9:2f:03:5c:0c:3f:e0:d5:78:9c:59:82:7d:a2:
         cd:79:27:0c:44:6b:27:7a:00:68:df:ff:01:bf:3f:bb:96:f6:
         bc:ab:9a:57:f5:1e:c1:c7:27:b0:61:e9:aa:cc:88:6e:b4:d6:
         72:c0:f8:6a:e2:66:9f:8b:f8:83:70:ec:a4:63:6a:24:54:6c:
         0e:bd:a8:2f:3c:cb:c4:47:c2:10:24:a2:a8:f0:5d:63:8c:bf:
         dd:40:49:55:8a:ad:d2:88:43:c3:1f:a0:47:c8:e3:d8:ed:9a:
         3b:dc:ff:4f:35:0e:3f:b1:24:ce:f9:43:25:55:3d:74:0d:3b:
         45:23:c4:b1:c3:3d:c1:6a:94:83:83:1a:36:6e:97:53:77:37:
         53:52:62:ab:01:2c:c6:a1:86:06:8b:73:37:e5:2f:0a:3f:68:
         3d:4a:4e:96:0d:e3:87:e9:44:93:f1:d6:ee:87:b9:9b:d5:cc:
         8a:f4:fd:c3:89:01:e2:d5:07:d3:2e:e8:ea:86:c1:35:09:26:
         83:54:d4:ff:bb:51:df:a1:aa:66:0e:d3:63:b0:43:4b:bc:7a:
         0b:c2:bf:32:67:a6:c5:cb:5e:59:ed:b5:9b:8e:08:6d:a3:00:
         39:47:73:8f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhjz1gnCY4IOecIiZFD2hXqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwODAxMDQwNjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjcwMTU2YjQ1ODM0Y2YxMDg5MjAyNTM2YmZkNWE5MDYwMWQ0NGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmqBVv4l7nZZPR5qstunxYEnmQz5M
AHP8tknlOdY9doxBPF3/eCu+WEB3nXyn+/Pk+UCPneS1MU0fDnqsO57dUwCiBKud
IgXP6CtlnaEWT2wRHuUMtmtjC2857+mlPTn5NpSd+xtZtuQQXXOkCKWH/UqrRxDo
Cm5VrDtkARvd7O1hdV2aByINkfF3rz+qdrPC+n5VHnnkS0xDrbuI+yhNt8x4gICR
yHQHLxNQWsPK+y3tsJesIYYcntIb1mMdVAaop9z9jLTORV0udJCmjeL9NnbmddGv
SYdlhA5vFIG2CS6kAN56rH0G/9Q9x9UOCiROo+9g/SkotMruVdLuSD6HQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBJwFWtFg0zxCJICU2v9WpBgHUS1MB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEvRW5BVmEwV0RUUEVJa2dKVGFfMWFrR0FkUkxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABefmMA0G
CSqGSIb3DQEBCwUAA4IBAQB9LDnBVqjmwa+/afrSdxCKFm76yOuv+S8DXAw/4NV4
nFmCfaLNeScMRGsnegBo3/8Bvz+7lva8q5pX9R7BxyewYemqzIhutNZywPhq4maf
i/iDcOykY2okVGwOvagvPMvER8IQJKKo8F1jjL/dQElViq3SiEPDH6BHyOPY7Zo7
3P9PNQ4/sSTO+UMlVT10DTtFI8Sxwz3BapSDgxo2bpdTdzdTUmKrASzGoYYGi3M3
5S8KP2g9Sk6WDeOH6UST8dbuh7mb1cyK9P3DiQHi1QfTLujqhsE1CSaDVNT/u1Hf
oapmDtNjsENLvHoLwr8yZ6bFy15Z7bWbjghtowA5R3OP
-----END CERTIFICATE-----