Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/EbFUrmFebOFQQ2V3BzElw_rdFI8.roa
File:                     EbFUrmFebOFQQ2V3BzElw_rdFI8.roa (raw, json)
Hash identifier:          gfwEcPEag9aWi13oHU7KsbXxz22c+fm3lDMww7X2aLc=
Subject key identifier:   11:B1:54:AE:61:5E:6C:E1:50:43:65:77:07:31:25:C3:FA:DD:14:8F
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01965C9E7555879529F05CD42A7BEA89E0BA
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/EbFUrmFebOFQQ2V3BzElw_rdFI8.roa
Signing time:             Tue 22 Apr 2025 08:30:10 +0000
ROA not before:           Tue 22 Apr 2025 08:30:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48266
IP address blocks:        194.147.16.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 07:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:5c:9e:75:55:87:95:29:f0:5c:d4:2a:7b:ea:89:e0:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Apr 22 08:30:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11b154ae615e6ce150436577073125c3fadd148f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:27:73:0a:57:ef:48:4a:fa:3f:b6:c8:18:96:
                    2d:35:16:e8:2c:c7:36:4d:fe:bb:6c:22:3a:3d:ca:
                    3e:c9:17:3c:a8:f0:83:67:2f:da:b2:63:ab:22:bf:
                    b1:cc:93:fe:b5:fd:37:26:e3:c0:25:d1:cf:51:05:
                    46:be:3b:2d:1f:51:86:ee:d5:70:65:dc:f7:cc:0d:
                    0b:e8:91:1f:0d:71:b8:43:cc:d2:9c:49:43:9c:92:
                    6f:d0:15:db:63:db:dc:47:20:0a:aa:08:ec:2e:88:
                    e1:22:ac:d6:76:80:ca:26:c9:90:d8:ab:2f:09:39:
                    d4:53:12:95:19:50:15:30:0a:d3:99:ca:cf:7f:a6:
                    0c:5d:68:2e:28:f4:e7:1d:85:1f:ad:71:ac:c6:bb:
                    05:c6:32:a8:81:de:3e:6b:a1:ac:e4:b5:b5:9c:58:
                    6d:e8:a4:ac:ce:7b:ea:26:13:5c:db:5c:86:7a:a7:
                    56:0e:55:fb:a2:dd:d3:78:76:80:f2:f2:45:2e:74:
                    f9:bc:d3:c4:ba:d5:a8:4e:27:1b:1b:75:59:ca:89:
                    4d:b2:bf:f3:33:41:7a:e0:e7:8f:06:a9:c0:8a:d2:
                    ae:13:6d:c2:b2:59:25:7a:e9:5e:97:7c:d1:28:c5:
                    b7:57:fc:73:0f:e1:28:c2:40:bb:8c:27:52:df:e4:
                    c6:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:B1:54:AE:61:5E:6C:E1:50:43:65:77:07:31:25:C3:FA:DD:14:8F
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/EbFUrmFebOFQQ2V3BzElw_rdFI8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:8d:ce:9b:2e:49:50:5c:0e:05:94:1a:cb:e6:c8:17:1f:2b:
         47:92:fc:4e:9e:1e:b0:1e:01:db:ce:56:46:43:f7:e6:2d:48:
         63:6b:51:f9:85:b8:06:2f:a7:cd:32:38:13:aa:4b:f7:ec:32:
         39:4f:e1:40:bd:44:09:b0:63:35:f9:8f:7d:52:85:30:e0:d7:
         a0:27:02:08:85:d2:c7:de:54:f9:2f:2a:2b:6b:ba:0f:3c:6b:
         b9:1a:4d:fc:20:85:2a:a1:53:0f:fe:8d:2a:a1:38:f5:ab:c8:
         9e:46:86:f3:83:7a:28:7c:f4:b5:24:29:87:52:d4:dd:2c:41:
         d4:e8:31:56:7f:44:59:68:6f:0a:3f:c1:ff:94:9d:e3:6a:5b:
         18:f6:bb:55:7c:9f:85:ab:1b:82:20:d6:78:fe:67:04:c2:be:
         0b:47:57:bb:a2:f8:2b:9c:44:e3:74:4a:69:5b:bf:39:4a:3a:
         a5:8c:3e:9c:da:af:bc:24:3c:63:35:3e:a3:9e:4e:43:75:53:
         a0:23:42:f3:cc:cc:b3:b8:ca:10:20:b5:83:84:de:83:41:b4:
         fe:4e:5d:8e:27:dd:95:d4:73:9c:c8:23:cc:76:af:09:23:fe:
         88:f2:54:2e:82:17:63:e8:e7:af:35:14:4a:f7:d4:4a:8e:48:
         c2:24:ef:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZcnnVVh5Up8FzUKnvqieC6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNDIyMDgzMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWIxNTRhZTYxNWU2Y2UxNTA0MzY1NzcwNzMxMjVjM2ZhZGQxNDhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApydzClfvSEr6P7bIGJYtNRboLMc2
Tf67bCI6Pco+yRc8qPCDZy/asmOrIr+xzJP+tf03JuPAJdHPUQVGvjstH1GG7tVw
Zdz3zA0L6JEfDXG4Q8zSnElDnJJv0BXbY9vcRyAKqgjsLojhIqzWdoDKJsmQ2Ksv
CTnUUxKVGVAVMArTmcrPf6YMXWguKPTnHYUfrXGsxrsFxjKogd4+a6Gs5LW1nFht
6KSsznvqJhNc21yGeqdWDlX7ot3TeHaA8vJFLnT5vNPEutWoTicbG3VZyolNsr/z
M0F64OePBqnAitKuE23Cslkleulel3zRKMW3V/xzD+EowkC7jCdS3+TGQQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGxVK5hXmzhUENldwcxJcP63RSPMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvRWJGVXJtRmViT0ZRUTJWM0J6RWx3X3JkRkk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpMQMA0G
CSqGSIb3DQEBCwUAA4IBAQBcjc6bLklQXA4FlBrL5sgXHytHkvxOnh6wHgHbzlZG
Q/fmLUhja1H5hbgGL6fNMjgTqkv37DI5T+FAvUQJsGM1+Y99UoUw4NegJwIIhdLH
3lT5Lyora7oPPGu5Gk38IIUqoVMP/o0qoTj1q8ieRobzg3oofPS1JCmHUtTdLEHU
6DFWf0RZaG8KP8H/lJ3jalsY9rtVfJ+FqxuCINZ4/mcEwr4LR1e7ovgrnETjdEpp
W785SjqljD6c2q+8JDxjNT6jnk5DdVOgI0LzzMyzuMoQILWDhN6DQbT+Tl2OJ92V
1HOcyCPMdq8JI/6I8lQughdj6OevNRRK99RKjkjCJO/U
-----END CERTIFICATE-----