Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/eq_5z6SG5c127E8qBAWGRp_xPsY.roa
File:                     eq_5z6SG5c127E8qBAWGRp_xPsY.roa (raw, json)
Hash identifier:          9V3BXGz+1DpuZpqnSTtHqQ9/sLmVIuzNh9TCwi/UW6c=
Subject key identifier:   7A:AF:F9:CF:A4:86:E5:CD:76:EC:4F:2A:04:05:86:46:9F:F1:3E:C6
Certificate issuer:       /CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
Certificate serial:       01971347B1AD96DF6CE8D639521683057CD2
Authority key identifier: 8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/eq_5z6SG5c127E8qBAWGRp_xPsY.roa
Signing time:             Tue 27 May 2025 19:45:55 +0000
ROA not before:           Tue 27 May 2025 19:45:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34661
IP address blocks:        141.98.148.0/22 maxlen: 22
                          212.66.48.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:13:47:b1:ad:96:df:6c:e8:d6:39:52:16:83:05:7c:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8a01ab6cd44a7a3ea4002c106a96c427b52c81d5
        Validity
            Not Before: May 27 19:45:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7aaff9cfa486e5cd76ec4f2a040586469ff13ec6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:c9:2e:36:71:98:71:4d:9d:24:40:85:d9:de:
                    21:b4:b0:ed:60:af:4c:99:3e:dd:3d:5b:62:5e:f6:
                    e2:20:3d:80:8c:d3:ae:08:aa:36:26:13:c2:58:5d:
                    7e:a0:cb:36:90:60:25:0d:1e:5e:4e:f0:00:16:d6:
                    0a:fe:1c:cb:8f:fd:13:51:f3:b9:4c:29:c4:e5:ad:
                    02:55:0e:8c:d2:df:22:1e:e9:c3:61:b9:ee:01:84:
                    69:b3:f3:98:d8:85:9d:0f:c2:96:52:22:c3:d6:b7:
                    b3:ad:ff:cf:b9:fa:1d:8f:40:a9:fc:68:71:30:d9:
                    df:c6:00:63:4f:af:da:86:78:e8:13:d6:d8:66:6a:
                    c2:01:b9:98:93:94:92:56:5b:02:26:f4:fd:f3:c7:
                    37:a3:57:ff:5f:e5:e9:f7:00:f3:08:a6:91:93:07:
                    1b:f5:f5:87:dd:de:1d:52:93:9d:f1:a5:f3:84:a0:
                    37:ce:b6:0c:c6:26:0a:6c:b4:35:85:da:96:a3:e8:
                    35:81:54:68:70:a1:6b:cd:90:33:7c:ae:0c:ef:23:
                    9a:4b:7c:7b:93:00:4a:67:f0:09:f7:56:b4:41:ab:
                    92:2e:43:b2:a1:84:e5:ea:ae:0b:72:02:b4:75:80:
                    af:9a:a1:6a:ec:83:3d:55:0d:5f:e3:2c:27:a1:96:
                    41:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:AF:F9:CF:A4:86:E5:CD:76:EC:4F:2A:04:05:86:46:9F:F1:3E:C6
            X509v3 Authority Key Identifier:
                keyid:8A:01:AB:6C:D4:4A:7A:3E:A4:00:2C:10:6A:96:C4:27:B5:2C:81:D5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/igGrbNRKej6kACwQapbEJ7UsgdU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/eq_5z6SG5c127E8qBAWGRp_xPsY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/5832f4-e4e2-498b-a06a-9febf8c3e33f/1/igGrbNRKej6kACwQapbEJ7UsgdU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.98.148.0/22
                  212.66.48.0/21

    Signature Algorithm: sha256WithRSAEncryption
         e9:ae:4e:fe:38:6f:9c:a7:ea:bb:75:c3:01:8d:db:31:83:02:
         8b:54:7f:6d:2b:44:60:82:58:78:33:a7:bd:48:86:54:06:f7:
         37:8a:d8:d5:29:b0:5f:ba:b6:26:fa:81:51:7d:41:6a:b9:11:
         f8:54:30:63:b5:07:ee:f6:04:23:ab:fc:c8:c4:f0:6a:b1:e8:
         26:b9:0e:1d:ce:d2:a3:be:4e:e3:26:d7:91:b5:18:7e:4d:02:
         8c:56:85:38:51:d5:a8:bf:68:30:cd:49:8b:9c:82:a9:1d:d3:
         d8:98:a9:08:2c:48:a7:8f:9a:2a:1d:4c:a9:aa:9a:dc:8a:7b:
         0f:c8:cf:69:4b:dc:75:cb:29:a5:04:70:f2:a9:33:9b:5e:18:
         3f:fd:5e:ec:b9:9a:89:71:92:13:e8:12:ee:26:c0:aa:cd:43:
         2c:f7:f8:ac:85:7d:a3:e4:17:d2:b0:46:fe:12:07:fc:b2:3a:
         f0:6e:85:a2:0c:a0:b7:aa:cc:ad:4a:ed:16:b9:9e:b3:1e:5c:
         1b:75:9e:1c:b8:32:ed:54:d6:70:d6:af:e3:b0:10:8d:75:de:
         3f:24:f8:91:a2:f2:68:0d:53:74:f1:bf:09:5a:88:de:df:f5:
         5c:65:b2:66:f2:1f:b0:24:a6:90:26:c7:02:f3:d4:28:d2:f8:
         60:fd:3f:e7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcTR7Gtlt9s6NY5UhaDBXzSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhhMDFhYjZjZDQ0YTdhM2VhNDAwMmMxMDZhOTZjNDI3YjUy
YzgxZDUwHhcNMjUwNTI3MTk0NTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YWFmZjljZmE0ODZlNWNkNzZlYzRmMmEwNDA1ODY0NjlmZjEzZWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo8kuNnGYcU2dJECF2d4htLDtYK9M
mT7dPVtiXvbiID2AjNOuCKo2JhPCWF1+oMs2kGAlDR5eTvAAFtYK/hzLj/0TUfO5
TCnE5a0CVQ6M0t8iHunDYbnuAYRps/OY2IWdD8KWUiLD1rezrf/Pufodj0Cp/Ghx
MNnfxgBjT6/ahnjoE9bYZmrCAbmYk5SSVlsCJvT988c3o1f/X+Xp9wDzCKaRkwcb
9fWH3d4dUpOd8aXzhKA3zrYMxiYKbLQ1hdqWo+g1gVRocKFrzZAzfK4M7yOaS3x7
kwBKZ/AJ91a0QauSLkOyoYTl6q4LcgK0dYCvmqFq7IM9VQ1f4ywnoZZBnQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHqv+c+khuXNduxPKgQFhkaf8T7GMB8GA1UdIwQY
MBaAFIoBq2zUSno+pAAsEGqWxCe1LIHVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEt
OWZlYmY4YzNlMzNmLzEvZXFfNXo2U0c1YzEyN0U4cUJBV0dScF94UHNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi81ODMyZjQtZTRlMi00OThiLWEwNmEtOWZlYmY4YzNlMzNm
LzEvaWdHcmJOUktlajZrQUN3UWFwYkVKN1VzZ2RVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCjWKUAwQD
1EIwMA0GCSqGSIb3DQEBCwUAA4IBAQDprk7+OG+cp+q7dcMBjdsxgwKLVH9tK0Rg
glh4M6e9SIZUBvc3itjVKbBfurYm+oFRfUFquRH4VDBjtQfu9gQjq/zIxPBqsegm
uQ4dztKjvk7jJteRtRh+TQKMVoU4UdWov2gwzUmLnIKpHdPYmKkILEinj5oqHUyp
qprcinsPyM9pS9x1yymlBHDyqTObXhg//V7suZqJcZIT6BLuJsCqzUMs9/ishX2j
5BfSsEb+Egf8sjrwboWiDKC3qsytSu0WuZ6zHlwbdZ4cuDLtVNZw1q/jsBCNdd4/
JPiRovJoDVN08b8JWoje3/VcZbJm8h+wJKaQJscC89Qo0vhg/T/n
-----END CERTIFICATE-----