Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/0ESHx6o_bEDdbe3bS47z5AA9_2A.roa
File:                     0ESHx6o_bEDdbe3bS47z5AA9_2A.roa (raw, json)
Hash identifier:          FBbhXK+wtLEWtxbxvTb522xPc5/xwLbqkikaE9rGgWA=
Subject key identifier:   D0:44:87:C7:AA:3F:6C:40:DD:6D:ED:DB:4B:8E:F3:E4:00:3D:FF:60
Certificate issuer:       /CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
Certificate serial:       01984CE35B81EC1E32097B93CF9760CE42A6
Authority key identifier: 3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/0ESHx6o_bEDdbe3bS47z5AA9_2A.roa
Signing time:             Sun 27 Jul 2025 17:17:05 +0000
ROA not before:           Sun 27 Jul 2025 17:17:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214024
IP address blocks:        212.116.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 11 Aug 2025 08:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:4c:e3:5b:81:ec:1e:32:09:7b:93:cf:97:60:ce:42:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b098e45ef4bb5d18dbc86c5a135f57ebcbe005d
        Validity
            Not Before: Jul 27 17:17:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d04487c7aa3f6c40dd6deddb4b8ef3e4003dff60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:d0:90:0c:5d:cf:32:ef:48:a3:9a:e2:f3:91:
                    85:69:8e:f5:76:7d:65:79:7b:c6:0a:99:f0:3d:bb:
                    ab:5d:06:99:7e:d3:18:62:b5:c2:d1:48:da:76:be:
                    d0:74:60:c9:a0:4e:2c:65:54:11:05:70:7b:09:ee:
                    a7:b9:a0:e1:5c:44:ca:09:81:9d:e3:31:e1:be:99:
                    1c:6e:84:e9:32:9b:f5:33:92:a4:3c:e7:b7:d1:f5:
                    c7:9b:88:9e:7f:5a:04:78:59:f1:f6:2f:9d:38:31:
                    12:6d:8c:ce:36:97:1e:06:14:a0:37:ae:e1:37:df:
                    e8:fc:b1:4c:31:5a:ff:39:25:ea:ff:c7:b7:34:94:
                    e3:6e:cb:d6:d9:fe:bd:59:8e:a2:31:ba:c5:53:a5:
                    27:d7:13:25:d4:25:89:e4:0a:ff:1d:02:ab:8f:96:
                    30:f8:3f:93:29:24:53:5d:18:98:21:c9:22:1c:24:
                    9b:9e:3b:10:cb:de:b1:63:a1:e8:b6:df:aa:b3:d7:
                    4e:26:c0:58:ab:25:11:40:eb:e7:8a:bd:a9:1c:62:
                    3d:73:34:5f:7c:62:a1:80:fb:1f:ac:48:4a:16:27:
                    5b:e0:6b:31:35:c3:c4:db:20:73:4f:7e:28:00:85:
                    8d:10:6d:2f:46:8b:70:fc:e0:0b:fc:58:82:e1:93:
                    46:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:44:87:C7:AA:3F:6C:40:DD:6D:ED:DB:4B:8E:F3:E4:00:3D:FF:60
            X509v3 Authority Key Identifier:
                keyid:3B:09:8E:45:EF:4B:B5:D1:8D:BC:86:C5:A1:35:F5:7E:BC:BE:00:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OwmORe9LtdGNvIbFoTX1fry-AF0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/0ESHx6o_bEDdbe3bS47z5AA9_2A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/954d31-f74c-467b-9013-e12b164215b9/1/OwmORe9LtdGNvIbFoTX1fry-AF0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.116.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:0a:82:76:a4:c2:04:fb:6a:99:e9:37:33:f3:41:e7:82:43:
         81:93:a6:64:6d:79:06:93:7d:c1:f1:4e:1d:da:aa:7e:b6:bd:
         33:52:b1:7d:7a:c2:86:e1:ce:a7:c2:5d:cc:b5:50:c2:d3:84:
         77:07:55:bf:ae:fd:21:33:96:09:8e:87:8b:36:bb:5d:d6:60:
         b7:7f:9a:95:2b:b5:3f:4a:d9:89:c1:a8:ea:d5:46:80:5f:e0:
         fa:eb:9a:87:80:3b:5f:ba:72:a1:34:9f:24:b5:5d:42:31:ef:
         cc:c8:71:3b:32:48:b1:ed:3b:c6:8e:7c:d0:d2:dd:96:ab:39:
         38:92:88:39:84:6c:d7:7d:9a:7a:15:80:75:f5:bd:c0:e5:d6:
         59:76:3f:4c:04:36:c0:84:b7:8c:44:51:20:36:99:a8:35:d8:
         99:98:42:73:61:39:93:b4:58:41:c5:ea:7a:82:04:34:42:1c:
         ad:f1:60:5c:5c:cd:3c:71:58:63:b9:79:c9:d1:ca:59:db:cb:
         3b:3a:52:31:09:00:cf:be:29:a2:d0:c5:f2:ee:dd:26:d4:10:
         0e:88:06:e7:9f:d5:d9:52:7f:77:6c:0b:2f:9c:e5:f0:f7:9f:
         75:f9:26:7c:6b:b9:bf:fb:63:0f:60:da:b8:9c:58:19:e5:7d:
         a2:d9:07:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhM41uB7B4yCXuTz5dgzkKmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiMDk4ZTQ1ZWY0YmI1ZDE4ZGJjODZjNWExMzVmNTdlYmNi
ZTAwNWQwHhcNMjUwNzI3MTcxNzA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDQ0ODdjN2FhM2Y2YzQwZGQ2ZGVkZGI0YjhlZjNlNDAwM2RmZjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttCQDF3PMu9Io5ri85GFaY71dn1l
eXvGCpnwPburXQaZftMYYrXC0Ujadr7QdGDJoE4sZVQRBXB7Ce6nuaDhXETKCYGd
4zHhvpkcboTpMpv1M5KkPOe30fXHm4ief1oEeFnx9i+dODESbYzONpceBhSgN67h
N9/o/LFMMVr/OSXq/8e3NJTjbsvW2f69WY6iMbrFU6Un1xMl1CWJ5Ar/HQKrj5Yw
+D+TKSRTXRiYIckiHCSbnjsQy96xY6Hott+qs9dOJsBYqyURQOvnir2pHGI9czRf
fGKhgPsfrEhKFidb4GsxNcPE2yBzT34oAIWNEG0vRotw/OAL/FiC4ZNGyQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNBEh8eqP2xA3W3t20uO8+QAPf9gMB8GA1UdIwQY
MBaAFDsJjkXvS7XRjbyGxaE19X68vgBdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMt
ZTEyYjE2NDIxNWI5LzEvMEVTSHg2b19iRURkYmUzYlM0N3o1QUE5XzJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi85NTRkMzEtZjc0Yy00NjdiLTkwMTMtZTEyYjE2NDIxNWI5
LzEvT3dtT1JlOUx0ZEdOdkliRm9UWDFmcnktQUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1HTwMA0G
CSqGSIb3DQEBCwUAA4IBAQBXCoJ2pMIE+2qZ6Tcz80HngkOBk6ZkbXkGk33B8U4d
2qp+tr0zUrF9esKG4c6nwl3MtVDC04R3B1W/rv0hM5YJjoeLNrtd1mC3f5qVK7U/
StmJwajq1UaAX+D665qHgDtfunKhNJ8ktV1CMe/MyHE7Mkix7TvGjnzQ0t2Wqzk4
kog5hGzXfZp6FYB19b3A5dZZdj9MBDbAhLeMRFEgNpmoNdiZmEJzYTmTtFhBxep6
ggQ0Qhyt8WBcXM08cVhjuXnJ0cpZ28s7OlIxCQDPvimi0MXy7t0m1BAOiAbnn9XZ
Un93bAsvnOXw9591+SZ8a7m/+2MPYNq4nFgZ5X2i2Qef
-----END CERTIFICATE-----
Generated at Sun Aug 10 16:05:41 2025 by rpki-client