Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/494fc5-8370-4313-a775-4c7c6ee1d645/1/ecPi4F9FvpvnnyN08rNPNOwyAw0.roa
File:                     ecPi4F9FvpvnnyN08rNPNOwyAw0.roa (raw, json)
Hash identifier:          gVC4oBRFhWQMZYBIpFGSJSlbUZiFGdF6+OMg3NAk+j8=
Subject key identifier:   79:C3:E2:E0:5F:45:BE:9B:E7:9F:23:74:F2:B3:4F:34:EC:32:03:0D
Certificate issuer:       /CN=e95bf5882167d152885b46a46c36096ec72c10e8
Certificate serial:       019859E000BFD05DD8956CEEED1053B105F2
Authority key identifier: E9:5B:F5:88:21:67:D1:52:88:5B:46:A4:6C:36:09:6E:C7:2C:10:E8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6Vv1iCFn0VKIW0akbDYJbscsEOg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/494fc5-8370-4313-a775-4c7c6ee1d645/1/ecPi4F9FvpvnnyN08rNPNOwyAw0.roa
Signing time:             Wed 30 Jul 2025 05:48:29 +0000
ROA not before:           Wed 30 Jul 2025 05:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210512
IP address blocks:        45.139.179.0/24 maxlen: 24
                          195.80.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/494fc5-8370-4313-a775-4c7c6ee1d645/1/6Vv1iCFn0VKIW0akbDYJbscsEOg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/494fc5-8370-4313-a775-4c7c6ee1d645/1/6Vv1iCFn0VKIW0akbDYJbscsEOg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6Vv1iCFn0VKIW0akbDYJbscsEOg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 10 Aug 2025 05:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:59:e0:00:bf:d0:5d:d8:95:6c:ee:ed:10:53:b1:05:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e95bf5882167d152885b46a46c36096ec72c10e8
        Validity
            Not Before: Jul 30 05:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79c3e2e05f45be9be79f2374f2b34f34ec32030d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:81:89:8d:c2:d6:64:5d:e0:7f:14:64:63:46:
                    7d:55:84:b0:27:e6:31:9e:8b:b7:16:38:ed:70:65:
                    75:ae:93:fe:09:a7:62:01:6e:54:5c:cf:e7:3d:a6:
                    54:05:22:d4:a5:26:bb:94:b6:3e:5d:8d:65:21:3c:
                    06:19:f7:32:94:78:14:9d:22:db:a9:af:ed:76:e4:
                    27:5f:6d:a4:6c:c1:9f:d3:85:d4:b9:ca:19:73:9b:
                    43:cc:1f:71:43:12:50:c9:c6:53:d6:9e:75:62:df:
                    a1:e4:3c:0e:f6:6f:dd:48:23:de:90:c8:82:f4:96:
                    b9:ff:22:18:9f:13:d8:e0:63:33:ab:f6:72:71:44:
                    bd:ee:ce:0b:42:75:09:2c:b9:fc:d6:94:df:b9:4c:
                    e7:2e:b7:6d:86:5f:b0:3c:0e:f0:dc:df:ce:2d:5b:
                    44:30:b4:82:36:9a:cd:1f:7c:96:ca:86:d3:bd:c0:
                    47:72:6a:a8:4a:5f:a2:7b:03:4f:2f:50:17:c3:52:
                    52:57:6e:5f:84:88:ed:40:7b:b5:f6:77:b4:b7:52:
                    11:cd:45:ab:db:71:c2:7b:0e:cb:cb:00:eb:84:02:
                    5d:ef:e5:c9:7a:36:48:2c:a8:86:a6:5a:c8:1f:d0:
                    00:62:a4:8a:5c:20:0c:b4:87:4a:cd:3f:0f:0e:d1:
                    72:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:C3:E2:E0:5F:45:BE:9B:E7:9F:23:74:F2:B3:4F:34:EC:32:03:0D
            X509v3 Authority Key Identifier:
                keyid:E9:5B:F5:88:21:67:D1:52:88:5B:46:A4:6C:36:09:6E:C7:2C:10:E8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Vv1iCFn0VKIW0akbDYJbscsEOg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/494fc5-8370-4313-a775-4c7c6ee1d645/1/ecPi4F9FvpvnnyN08rNPNOwyAw0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/494fc5-8370-4313-a775-4c7c6ee1d645/1/6Vv1iCFn0VKIW0akbDYJbscsEOg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.139.179.0/24
                  195.80.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3c:4c:f2:0d:f4:b9:dc:ab:8b:a2:42:24:da:a5:13:d3:ae:3e:
         a7:1d:e8:0e:5a:12:ad:66:9f:af:01:7e:0f:5b:f3:8b:3b:f4:
         19:ab:b9:38:4a:26:e4:7e:e4:31:bd:f7:92:28:1a:41:f3:b7:
         f7:0d:a2:b8:3c:67:10:37:51:9f:eb:36:a3:82:9a:1e:39:eb:
         08:0f:32:eb:55:73:ab:f5:4d:f2:fa:63:c1:b7:db:a8:48:80:
         43:a3:d6:99:ad:64:ea:71:d5:e9:61:72:6a:4a:f1:d3:f0:c3:
         77:62:7d:0a:b0:af:8c:9f:81:2e:d7:d2:68:76:ca:b2:37:86:
         ee:cf:72:57:39:71:a4:fb:30:66:54:81:79:1c:6d:a9:c1:53:
         3f:62:3c:4b:c9:d9:8e:d1:40:58:d1:24:87:1e:c9:15:b7:8a:
         b3:90:a3:e5:ab:10:d9:6d:e7:03:ac:00:52:97:99:94:15:d8:
         9b:91:5c:2a:32:a7:32:78:9b:f4:78:df:cf:3c:26:a5:a1:76:
         eb:f5:37:3e:31:9f:a5:1a:fd:29:7e:7e:71:23:8c:58:ad:e3:
         81:61:7c:2c:af:97:89:8b:fc:24:ee:e4:cf:fa:07:8c:2b:13:
         ab:4b:da:c9:18:ad:e4:71:e9:bd:e3:35:da:44:45:e6:3b:e8:
         4b:3b:50:12
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhZ4AC/0F3YlWzu7RBTsQXyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU5NWJmNTg4MjE2N2QxNTI4ODViNDZhNDZjMzYwOTZlYzcy
YzEwZTgwHhcNMjUwNzMwMDU0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWMzZTJlMDVmNDViZTliZTc5ZjIzNzRmMmIzNGYzNGVjMzIwMzBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA64GJjcLWZF3gfxRkY0Z9VYSwJ+Yx
nou3FjjtcGV1rpP+CadiAW5UXM/nPaZUBSLUpSa7lLY+XY1lITwGGfcylHgUnSLb
qa/tduQnX22kbMGf04XUucoZc5tDzB9xQxJQycZT1p51Yt+h5DwO9m/dSCPekMiC
9Ja5/yIYnxPY4GMzq/ZycUS97s4LQnUJLLn81pTfuUznLrdthl+wPA7w3N/OLVtE
MLSCNprNH3yWyobTvcBHcmqoSl+iewNPL1AXw1JSV25fhIjtQHu19ne0t1IRzUWr
23HCew7LywDrhAJd7+XJejZILKiGplrIH9AAYqSKXCAMtIdKzT8PDtFy7wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHnD4uBfRb6b558jdPKzTzTsMgMNMB8GA1UdIwQY
MBaAFOlb9YghZ9FSiFtGpGw2CW7HLBDoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNlZ2MWlDRm4wVktJVzBha2JEWUpic2NzRU9nLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS80OTRmYzUtODM3MC00MzEzLWE3NzUt
NGM3YzZlZTFkNjQ1LzEvZWNQaTRGOUZ2cHZubnlOMDhyTlBOT3d5QXcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS80OTRmYzUtODM3MC00MzEzLWE3NzUtNGM3YzZlZTFkNjQ1
LzEvNlZ2MWlDRm4wVktJVzBha2JEWUpic2NzRU9nLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYuzAwQA
w1CKMA0GCSqGSIb3DQEBCwUAA4IBAQA8TPIN9Lncq4uiQiTapRPTrj6nHegOWhKt
Zp+vAX4PW/OLO/QZq7k4SibkfuQxvfeSKBpB87f3DaK4PGcQN1Gf6zajgpoeOesI
DzLrVXOr9U3y+mPBt9uoSIBDo9aZrWTqcdXpYXJqSvHT8MN3Yn0KsK+Mn4Eu19Jo
dsqyN4buz3JXOXGk+zBmVIF5HG2pwVM/YjxLydmO0UBY0SSHHskVt4qzkKPlqxDZ
becDrABSl5mUFdibkVwqMqcyeJv0eN/PPCaloXbr9Tc+MZ+lGv0pfn5xI4xYreOB
YXwsr5eJi/wk7uTP+geMKxOrS9rJGK3kcem94zXaREXmO+hLO1AS
-----END CERTIFICATE-----