Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/EaNOtJnyoBH2AKMmzVCmNF1nSWU.roa
File:                     EaNOtJnyoBH2AKMmzVCmNF1nSWU.roa (raw, json)
Hash identifier:          qd2kYNwXTo0ghzb+q0JH2cF3Und1N0r58z0udba+JGA=
Subject key identifier:   11:A3:4E:B4:99:F2:A0:11:F6:00:A3:26:CD:50:A6:34:5D:67:49:65
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       01984969763BCFAD112E892F947FD3E4BA8B
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/EaNOtJnyoBH2AKMmzVCmNF1nSWU.roa
Signing time:             Sun 27 Jul 2025 01:05:05 +0000
ROA not before:           Sun 27 Jul 2025 01:05:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        91.223.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 05 Aug 2025 07:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:49:69:76:3b:cf:ad:11:2e:89:2f:94:7f:d3:e4:ba:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jul 27 01:05:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11a34eb499f2a011f600a326cd50a6345d674965
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:dd:b0:85:40:d4:7d:ed:e4:36:df:9e:61:3b:
                    b3:ef:58:db:01:77:e1:44:f8:23:05:87:2f:a2:24:
                    ac:ad:ce:67:f2:49:2b:0b:bb:9f:3a:e1:ca:b8:24:
                    07:4f:71:38:e7:49:6e:7d:65:13:50:d1:fb:2f:95:
                    54:ec:8b:78:21:56:3b:4a:e8:d8:54:03:1b:4f:f4:
                    d9:aa:6c:8c:ce:63:66:18:36:c3:37:c7:31:36:b6:
                    68:71:7b:09:fe:79:1f:c0:d6:fc:e1:24:4a:8e:2a:
                    b3:39:ed:23:25:dd:ae:9d:aa:ae:63:53:e8:18:84:
                    e5:1f:0e:06:0f:88:4c:61:2a:28:9d:5f:7d:d8:35:
                    71:ee:89:3a:f8:e1:f4:22:25:37:06:7d:8b:26:99:
                    77:51:b8:d7:b1:f6:cb:07:aa:60:e6:a7:f8:9c:8b:
                    cb:db:c3:1e:6a:35:c7:ea:1f:70:76:5b:0e:ff:f3:
                    44:28:b9:5e:b6:8c:21:a7:45:72:11:94:5f:e9:bb:
                    18:c6:64:83:0d:b6:9b:89:85:b9:96:60:cc:db:1c:
                    a8:0d:13:c1:d2:a7:4f:20:b3:30:3f:28:80:7e:12:
                    8a:c9:9e:a1:08:9a:3b:ab:08:a8:68:d1:ea:fe:a2:
                    d1:11:2b:9b:12:67:73:a5:69:88:1c:e3:e1:dd:30:
                    c8:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:A3:4E:B4:99:F2:A0:11:F6:00:A3:26:CD:50:A6:34:5D:67:49:65
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/EaNOtJnyoBH2AKMmzVCmNF1nSWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.223.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:00:bf:01:a4:2c:fe:c2:9b:8e:fa:c1:e2:d9:ff:c5:1d:44:
         fb:b8:13:72:90:73:ec:5c:c5:2e:76:79:7e:7b:b6:c8:1c:d7:
         60:72:ab:dc:1f:49:58:0e:65:0b:b5:d4:b2:84:4b:f0:d2:8c:
         4d:b6:63:a0:39:4c:c9:80:d8:05:b8:cd:4a:4b:43:e0:12:13:
         8e:e6:83:d3:f3:0b:01:c9:ba:bc:80:42:86:04:48:27:04:47:
         8c:59:dd:15:7f:a3:9f:0c:4a:f5:9a:b3:31:07:6f:a9:54:d7:
         02:46:a5:44:2a:65:ce:6e:eb:1a:88:6d:f0:f9:1e:d7:43:74:
         b0:ba:ad:7f:73:1a:48:e3:81:78:e0:82:72:97:ec:37:85:6d:
         bf:ee:cf:f5:32:2a:2a:48:ba:3c:6f:56:32:52:91:5c:9b:5f:
         cf:16:a3:14:33:60:5b:77:8e:1a:90:8f:83:f1:a3:4e:b6:e0:
         ae:ce:de:03:35:c2:03:cb:cb:e2:79:a0:2f:11:09:8f:e1:52:
         64:2c:f0:3d:21:e9:d5:37:a7:e4:79:6a:05:e3:52:6b:ff:6d:
         20:30:ef:aa:08:1a:5d:5a:10:a1:16:ae:95:2d:cf:12:5b:70:
         8b:8f:87:b7:de:13:19:b1:17:60:5c:7d:2c:4d:87:88:1a:99:
         bb:38:db:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhJaXY7z60RLokvlH/T5LqLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjUwNzI3MDEwNTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWEzNGViNDk5ZjJhMDExZjYwMGEzMjZjZDUwYTYzNDVkNjc0OTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtd2whUDUfe3kNt+eYTuz71jbAXfh
RPgjBYcvoiSsrc5n8kkrC7ufOuHKuCQHT3E450lufWUTUNH7L5VU7It4IVY7SujY
VAMbT/TZqmyMzmNmGDbDN8cxNrZocXsJ/nkfwNb84SRKjiqzOe0jJd2unaquY1Po
GITlHw4GD4hMYSoonV992DVx7ok6+OH0IiU3Bn2LJpl3UbjXsfbLB6pg5qf4nIvL
28MeajXH6h9wdlsO//NEKLletowhp0VyEZRf6bsYxmSDDbabiYW5lmDM2xyoDRPB
0qdPILMwPyiAfhKKyZ6hCJo7qwioaNHq/qLRESubEmdzpWmIHOPh3TDI0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGjTrSZ8qAR9gCjJs1QpjRdZ0llMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEvRWFOT3RKbnlvQkgyQUtNbXpWQ21ORjFuU1dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAW99DMA0G
CSqGSIb3DQEBCwUAA4IBAQARAL8BpCz+wpuO+sHi2f/FHUT7uBNykHPsXMUudnl+
e7bIHNdgcqvcH0lYDmULtdSyhEvw0oxNtmOgOUzJgNgFuM1KS0PgEhOO5oPT8wsB
ybq8gEKGBEgnBEeMWd0Vf6OfDEr1mrMxB2+pVNcCRqVEKmXObusaiG3w+R7XQ3Sw
uq1/cxpI44F44IJyl+w3hW2/7s/1MioqSLo8b1YyUpFcm1/PFqMUM2Bbd44akI+D
8aNOtuCuzt4DNcIDy8vieaAvEQmP4VJkLPA9IenVN6fkeWoF41Jr/20gMO+qCBpd
WhChFq6VLc8SW3CLj4e33hMZsRdgXH0sTYeIGpm7ONvo
-----END CERTIFICATE-----