Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/EosSTQCKUItHXv7-KMs8d6VEQJU.roa
File:                     EosSTQCKUItHXv7-KMs8d6VEQJU.roa (raw, json)
Hash identifier:          2/RRRIz8C+kd/j0NgOztXhwg/QWQ421n30H1qFnd+vY=
Subject key identifier:   12:8B:12:4D:00:8A:50:8B:47:5E:FE:FE:28:CB:3C:77:A5:44:40:95
Certificate issuer:       /CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
Certificate serial:       0197644D501005D36FC7FFBDB3132D6C14C5
Authority key identifier: F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/EosSTQCKUItHXv7-KMs8d6VEQJU.roa
Signing time:             Thu 12 Jun 2025 13:21:17 +0000
ROA not before:           Thu 12 Jun 2025 13:21:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207043
IP address blocks:        2a03:5840:129::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:64:4d:50:10:05:d3:6f:c7:ff:bd:b3:13:2d:6c:14:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f77705e89bb65b472e4e0184d6fe9bfb8c58635a
        Validity
            Not Before: Jun 12 13:21:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=128b124d008a508b475efefe28cb3c77a5444095
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a0:59:c2:a4:56:47:8a:33:f8:1d:5f:4d:5b:
                    9b:e0:54:5a:8c:65:84:d4:9d:f6:0a:f6:41:a0:42:
                    8d:c2:5f:35:ea:d3:cc:f4:ad:5b:dc:17:c3:e6:30:
                    d4:eb:a4:ad:25:6b:07:23:25:c7:f9:bc:20:79:b5:
                    20:9b:e9:a5:22:8d:35:c4:b5:97:09:75:3e:9e:18:
                    45:12:43:0c:df:79:d6:2f:d8:83:af:ad:3d:d3:ed:
                    59:e2:26:4d:1d:9e:be:f8:68:84:05:ba:c4:03:c1:
                    09:d1:18:be:9a:ae:ac:8b:30:e2:b8:37:c3:38:f1:
                    9e:a7:b4:34:be:d4:54:f0:7e:95:28:a2:7f:17:61:
                    f1:ee:da:b6:85:96:5c:ea:34:17:61:d5:04:ec:86:
                    15:62:b6:fd:75:d9:b2:db:0d:c0:16:c9:b8:9c:75:
                    14:f5:e4:53:24:5b:74:f9:7f:17:00:b5:5e:13:d0:
                    d0:89:58:ff:89:44:67:f5:70:96:7b:de:c6:86:fe:
                    e1:15:b6:47:bf:ec:a5:c9:b9:8c:06:9e:e2:af:23:
                    f0:02:c6:02:3b:8d:88:5d:5d:ff:be:bf:26:b0:e6:
                    9f:aa:00:55:50:d2:68:4a:40:a1:74:00:99:24:f8:
                    74:69:40:cb:27:3c:7a:ef:e2:64:ac:e8:b9:ee:f0:
                    98:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:8B:12:4D:00:8A:50:8B:47:5E:FE:FE:28:CB:3C:77:A5:44:40:95
            X509v3 Authority Key Identifier:
                keyid:F7:77:05:E8:9B:B6:5B:47:2E:4E:01:84:D6:FE:9B:FB:8C:58:63:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/93cF6Ju2W0cuTgGE1v6b-4xYY1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/EosSTQCKUItHXv7-KMs8d6VEQJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/022839-6984-40d4-8716-6cb89791d7fd/1/93cF6Ju2W0cuTgGE1v6b-4xYY1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a03:5840:129::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:86:f6:50:0e:dd:36:63:5a:f3:55:0b:2b:63:46:fb:74:82:
         25:a7:54:58:42:92:36:5d:5b:2e:c5:7d:88:d1:1c:d3:83:74:
         e8:bb:47:5a:7c:6f:34:08:c4:8f:00:94:b0:d9:51:26:7b:c6:
         e9:63:25:1b:50:65:90:3e:16:02:86:6e:19:f7:c5:04:90:39:
         51:37:7e:e2:6a:e4:7a:3c:02:90:c1:19:4a:8e:b8:c1:78:d8:
         bd:d7:85:17:5e:b3:18:24:c9:f0:33:14:03:d8:43:7e:be:c7:
         18:bb:21:c1:85:da:0e:9e:1f:f9:a1:7c:d5:e6:b5:ea:14:8f:
         47:40:ee:f0:6c:5a:1b:d2:4c:c7:14:20:55:f9:68:80:10:d4:
         3c:ef:f9:62:67:a7:25:8c:f1:38:b8:64:7b:68:9c:4f:24:19:
         ca:7a:16:56:89:52:f0:98:93:2f:31:01:15:ee:23:ad:45:e2:
         18:04:b8:5b:94:7f:26:67:ac:22:90:0e:c9:7b:7a:4f:73:25:
         12:2a:d0:53:3b:0c:37:c0:c4:98:c3:09:10:3c:cb:94:1a:89:
         c3:9a:f0:df:e2:04:08:d2:ea:b8:34:db:e2:02:43:1a:8d:8c:
         21:91:3b:e4:91:74:ba:84:76:5c:97:77:1e:6d:3e:0d:38:28:
         f5:89:bf:b9
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZdkTVAQBdNvx/+9sxMtbBTFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NzcwNWU4OWJiNjViNDcyZTRlMDE4NGQ2ZmU5YmZiOGM1
ODYzNWEwHhcNMjUwNjEyMTMyMTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjhiMTI0ZDAwOGE1MDhiNDc1ZWZlZmUyOGNiM2M3N2E1NDQ0MDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoqBZwqRWR4oz+B1fTVub4FRajGWE
1J32CvZBoEKNwl816tPM9K1b3BfD5jDU66StJWsHIyXH+bwgebUgm+mlIo01xLWX
CXU+nhhFEkMM33nWL9iDr6090+1Z4iZNHZ6++GiEBbrEA8EJ0Ri+mq6sizDiuDfD
OPGep7Q0vtRU8H6VKKJ/F2Hx7tq2hZZc6jQXYdUE7IYVYrb9ddmy2w3AFsm4nHUU
9eRTJFt0+X8XALVeE9DQiVj/iURn9XCWe97Ghv7hFbZHv+ylybmMBp7iryPwAsYC
O42IXV3/vr8msOafqgBVUNJoSkChdACZJPh0aUDLJzx67+JkrOi57vCYZwIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBKLEk0AilCLR17+/ijLPHelRECVMB8GA1UdIwQY
MBaAFPd3BeibtltHLk4BhNb+m/uMWGNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYt
NmNiODk3OTFkN2ZkLzEvRW9zU1RRQ0tVSXRIWHY3LUtNczhkNlZFUUpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy8wMjI4MzktNjk4NC00MGQ0LTg3MTYtNmNiODk3OTFkN2Zk
LzEvOTNjRjZKdTJXMGN1VGdHRTF2NmItNHhZWTFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKgNYQAEp
MA0GCSqGSIb3DQEBCwUAA4IBAQBlhvZQDt02Y1rzVQsrY0b7dIIlp1RYQpI2XVsu
xX2I0RzTg3Tou0dafG80CMSPAJSw2VEme8bpYyUbUGWQPhYChm4Z98UEkDlRN37i
auR6PAKQwRlKjrjBeNi914UXXrMYJMnwMxQD2EN+vscYuyHBhdoOnh/5oXzV5rXq
FI9HQO7wbFob0kzHFCBV+WiAENQ87/liZ6cljPE4uGR7aJxPJBnKehZWiVLwmJMv
MQEV7iOtReIYBLhblH8mZ6wikA7Je3pPcyUSKtBTOww3wMSYwwkQPMuUGonDmvDf
4gQI0uq4NNviAkMajYwhkTvkkXS6hHZcl3cebT4NOCj1ib+5
-----END CERTIFICATE-----