Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/EK6XW48thDOhbEqOrZVkF4wNviY.roa
File:                     EK6XW48thDOhbEqOrZVkF4wNviY.roa (raw, json)
Hash identifier:          TaMn+E7YE9NMIOz64w+l5qs88ZBiuzDcpLepxVp30kM=
Subject key identifier:   10:AE:97:5B:8F:2D:84:33:A1:6C:4A:8E:AD:95:64:17:8C:0D:BE:26
Certificate issuer:       /CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
Certificate serial:       01984CFC1413FA21B81B90671F25100D1C9A
Authority key identifier: EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/EK6XW48thDOhbEqOrZVkF4wNviY.roa
Signing time:             Sun 27 Jul 2025 17:44:05 +0000
ROA not before:           Sun 27 Jul 2025 17:44:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213541
IP address blocks:        89.185.79.0/24 maxlen: 24
                          92.240.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 02:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:4c:fc:14:13:fa:21:b8:1b:90:67:1f:25:10:0d:1c:9a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ef57c2d9d93ac7cf9b2f17caa7859b6985b39b9d
        Validity
            Not Before: Jul 27 17:44:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=10ae975b8f2d8433a16c4a8ead9564178c0dbe26
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:e8:09:3f:18:bf:bf:aa:ba:d3:55:79:16:35:
                    5a:a4:0d:51:1f:79:a2:a6:59:3f:47:cf:f8:b8:d3:
                    45:c5:b7:3e:6d:39:98:fb:61:d8:54:27:7d:23:67:
                    4f:2e:96:d4:cf:1f:4c:7b:61:f4:07:f1:c2:e3:89:
                    e0:9b:35:da:00:2f:2b:c5:75:29:22:30:e3:34:f4:
                    db:0c:07:14:72:c5:da:10:db:01:9b:14:b0:b7:ee:
                    8d:bb:91:f8:f8:76:4a:e9:a4:75:e6:48:c8:59:f3:
                    0b:60:b2:8e:2d:4c:f3:85:2c:a4:5c:c0:69:ad:94:
                    5e:6d:d4:22:52:be:60:7f:b8:50:be:81:20:c6:c4:
                    e3:6a:cb:a1:b1:e5:b3:65:48:40:91:0a:b7:7d:43:
                    50:c5:3b:59:9b:79:eb:9e:b8:14:43:06:43:a7:ca:
                    a1:8d:ff:0d:37:9d:b8:e3:35:61:91:54:82:b9:86:
                    5b:1f:f2:f7:b6:7c:8f:b9:db:d7:dc:fe:90:8d:27:
                    30:af:69:e9:f0:d7:3f:09:e8:2a:3f:7d:95:02:e9:
                    9c:52:f1:41:ff:11:0b:af:f0:bf:30:1e:52:d9:5f:
                    e9:a1:38:cf:1a:c9:9e:93:96:e4:cf:88:81:82:93:
                    21:43:c2:78:0f:65:3c:09:37:e8:fa:62:17:a4:b0:
                    aa:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:AE:97:5B:8F:2D:84:33:A1:6C:4A:8E:AD:95:64:17:8C:0D:BE:26
            X509v3 Authority Key Identifier:
                keyid:EF:57:C2:D9:D9:3A:C7:CF:9B:2F:17:CA:A7:85:9B:69:85:B3:9B:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/71fC2dk6x8-bLxfKp4WbaYWzm50.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/EK6XW48thDOhbEqOrZVkF4wNviY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/1e04b8-1031-43f9-9667-8e6f878db5f4/1/71fC2dk6x8-bLxfKp4WbaYWzm50.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.185.79.0/24
                  92.240.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:26:d0:de:17:e4:2b:56:bf:b4:e3:5c:54:3b:52:5a:97:0b:
         9d:9a:c1:75:21:a6:4b:c5:5b:f3:82:a6:e3:10:92:5c:a9:48:
         17:ba:01:96:f7:7c:19:1a:a8:f2:51:e7:ad:b2:0b:9b:b3:dc:
         22:04:dd:aa:69:b0:61:13:d7:54:37:ba:b6:38:58:85:a2:9e:
         d3:11:2d:33:f1:35:b3:bf:49:91:87:9f:00:5d:b0:13:63:26:
         98:39:fd:25:9f:07:59:36:13:af:c4:ff:28:03:72:5e:90:38:
         9f:99:26:69:dd:2c:34:67:43:35:1a:65:48:b2:97:f2:38:28:
         3a:46:c9:64:33:a4:5d:a1:7f:ac:df:4c:ba:f5:b0:98:ab:41:
         e3:ac:16:30:47:39:0f:57:c0:02:f2:0e:66:59:a1:f6:5f:c6:
         8f:be:1b:8d:4c:54:ab:aa:7d:2a:22:c1:2a:34:6f:47:f3:c7:
         f8:20:25:d7:c2:af:6b:d1:9d:b9:a9:48:a9:13:96:c6:fb:b9:
         fb:7e:b8:55:9a:2a:b5:f2:ed:98:38:53:2c:6b:55:e9:d2:66:
         b9:18:c3:9e:75:9b:17:1d:81:e5:5a:90:b9:fb:a3:ea:93:8a:
         b3:09:40:c7:a9:f1:4f:c0:d9:25:34:2e:39:82:8f:e1:e9:e4:
         13:4b:9a:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZhM/BQT+iG4G5BnHyUQDRyaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVmNTdjMmQ5ZDkzYWM3Y2Y5YjJmMTdjYWE3ODU5YjY5ODVi
MzliOWQwHhcNMjUwNzI3MTc0NDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGFlOTc1YjhmMmQ4NDMzYTE2YzRhOGVhZDk1NjQxNzhjMGRiZTI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjugJPxi/v6q601V5FjVapA1RH3mi
plk/R8/4uNNFxbc+bTmY+2HYVCd9I2dPLpbUzx9Me2H0B/HC44ngmzXaAC8rxXUp
IjDjNPTbDAcUcsXaENsBmxSwt+6Nu5H4+HZK6aR15kjIWfMLYLKOLUzzhSykXMBp
rZRebdQiUr5gf7hQvoEgxsTjasuhseWzZUhAkQq3fUNQxTtZm3nrnrgUQwZDp8qh
jf8NN5244zVhkVSCuYZbH/L3tnyPudvX3P6QjScwr2np8Nc/CegqP32VAumcUvFB
/xELr/C/MB5S2V/poTjPGsmek5bkz4iBgpMhQ8J4D2U8CTfo+mIXpLCqpQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBCul1uPLYQzoWxKjq2VZBeMDb4mMB8GA1UdIwQY
MBaAFO9XwtnZOsfPmy8XyqeFm2mFs5udMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2Njct
OGU2Zjg3OGRiNWY0LzEvRUs2WFc0OHRoRE9oYkVxT3JaVmtGNHdOdmlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8xZTA0YjgtMTAzMS00M2Y5LTk2NjctOGU2Zjg3OGRiNWY0
LzEvNzFmQzJkazZ4OC1iTHhmS3A0V2JhWVd6bTUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWblPAwQA
XPDZMA0GCSqGSIb3DQEBCwUAA4IBAQBjJtDeF+QrVr+041xUO1JalwudmsF1IaZL
xVvzgqbjEJJcqUgXugGW93wZGqjyUeetsgubs9wiBN2qabBhE9dUN7q2OFiFop7T
ES0z8TWzv0mRh58AXbATYyaYOf0lnwdZNhOvxP8oA3JekDifmSZp3Sw0Z0M1GmVI
spfyOCg6RslkM6RdoX+s30y69bCYq0HjrBYwRzkPV8AC8g5mWaH2X8aPvhuNTFSr
qn0qIsEqNG9H88f4ICXXwq9r0Z25qUipE5bG+7n7frhVmiq18u2YOFMsa1Xp0ma5
GMOedZsXHYHlWpC5+6Pqk4qzCUDHqfFPwNklNC45go/h6eQTS5qc
-----END CERTIFICATE-----