Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/eGVXCVl6aukVP8mO60zACiQMPqI.roa
File:                     eGVXCVl6aukVP8mO60zACiQMPqI.roa (raw, json)
Hash identifier:          z8mcscbLEVWWmCc+MHtcdzxxB51JnoAK56OuCjKkOHY=
Subject key identifier:   78:65:57:09:59:7A:6A:E9:15:3F:C9:8E:EB:4C:C0:0A:24:0C:3E:A2
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       019756411F7B4B235601201CE5812D5ADDFF
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/eGVXCVl6aukVP8mO60zACiQMPqI.roa
Signing time:             Mon 09 Jun 2025 19:53:17 +0000
ROA not before:           Mon 09 Jun 2025 19:53:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61317
IP address blocks:        45.152.167.0/24 maxlen: 24
                          152.89.192.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:56:41:1f:7b:4b:23:56:01:20:1c:e5:81:2d:5a:dd:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Jun  9 19:53:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78655709597a6ae9153fc98eeb4cc00a240c3ea2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:41:71:55:ad:1e:1c:69:3f:b7:75:21:aa:06:
                    9e:a8:72:7d:38:a4:58:ea:86:a0:d3:b0:a4:37:8f:
                    75:37:2d:a5:23:c3:cc:ad:60:4b:5e:e7:09:53:ca:
                    01:3d:17:05:15:af:e7:99:e2:73:39:41:6a:cb:d5:
                    a9:52:c4:77:2e:51:73:a2:84:88:19:40:71:b4:b9:
                    ad:d5:de:58:2c:a5:99:30:0a:9b:79:80:66:69:0d:
                    2b:6c:4a:b1:da:56:23:f2:a8:3e:ac:dd:62:a5:e1:
                    25:1c:18:7f:c3:a9:c5:53:cf:86:9d:ef:45:da:9a:
                    74:f1:b3:f8:e4:78:db:0e:fb:8f:7d:a3:06:bf:95:
                    de:8c:85:11:26:97:01:ed:e5:c8:eb:dd:ca:d0:89:
                    78:a3:8f:b1:26:fa:e0:69:00:9a:8d:09:3d:09:54:
                    a3:c8:d9:c6:31:17:8a:ff:59:37:66:79:7e:e8:65:
                    88:36:f4:94:f3:6f:e9:a5:d8:d8:6d:34:10:7f:a5:
                    45:9c:41:0e:b2:cc:f4:0a:d3:92:ca:30:e4:7e:59:
                    c9:c5:6a:3d:81:50:46:c2:be:f9:c9:5a:97:37:96:
                    c6:e3:09:57:c4:ef:2b:8f:77:19:26:ce:8e:ee:d6:
                    50:e6:d8:b8:ec:a6:b5:a9:0f:3a:63:2c:01:90:9e:
                    af:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:65:57:09:59:7A:6A:E9:15:3F:C9:8E:EB:4C:C0:0A:24:0C:3E:A2
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/eGVXCVl6aukVP8mO60zACiQMPqI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.152.167.0/24
                  152.89.192.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:4f:26:83:e0:10:e2:08:db:85:08:b2:42:76:f1:63:77:85:
         c6:dc:e6:81:de:77:f3:c7:17:68:d9:ee:3d:b9:9d:7d:c1:6c:
         52:f4:fb:6a:60:d4:14:87:7d:34:8c:cc:59:af:25:64:76:7c:
         10:61:1f:ed:06:56:1a:0b:b0:8d:d4:16:0b:2b:77:71:0d:a1:
         57:0d:7c:43:4c:37:51:21:52:ef:2c:ed:35:11:bc:62:d7:82:
         3e:dc:7c:41:5c:5e:bd:17:63:4a:d1:bf:74:72:77:76:30:82:
         20:54:8b:93:a6:69:a7:50:c9:d6:6e:5f:fd:bb:3a:91:fb:6e:
         35:8a:94:9a:74:84:9a:c5:26:14:0c:51:b5:a8:4e:2b:05:e5:
         1d:40:ea:f9:d9:2f:61:e1:9d:dc:e2:a4:e3:69:05:ff:1b:48:
         3c:56:e6:fa:e2:1b:eb:78:0c:e1:20:8f:74:b4:59:79:c2:6e:
         4e:b1:30:f8:73:8c:04:72:76:fb:a8:fa:dc:f5:68:b3:25:d5:
         8a:3b:a9:bd:5b:8b:bb:0c:2d:90:4b:b7:96:8f:ed:0b:c9:8f:
         2b:2a:b6:eb:ed:16:e5:1d:7a:5d:e8:dd:34:8d:c6:3a:cf:ae:
         5a:ee:be:1c:0b:9a:1d:34:82:19:71:4b:38:ea:4d:1e:3d:89:
         29:cc:d5:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdWQR97SyNWASAc5YEtWt3/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjUwNjA5MTk1MzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODY1NTcwOTU5N2E2YWU5MTUzZmM5OGVlYjRjYzAwYTI0MGMzZWEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUFxVa0eHGk/t3UhqgaeqHJ9OKRY
6oag07CkN491Ny2lI8PMrWBLXucJU8oBPRcFFa/nmeJzOUFqy9WpUsR3LlFzooSI
GUBxtLmt1d5YLKWZMAqbeYBmaQ0rbEqx2lYj8qg+rN1ipeElHBh/w6nFU8+Gne9F
2pp08bP45HjbDvuPfaMGv5XejIURJpcB7eXI693K0Il4o4+xJvrgaQCajQk9CVSj
yNnGMReK/1k3Znl+6GWINvSU82/ppdjYbTQQf6VFnEEOssz0CtOSyjDkflnJxWo9
gVBGwr75yVqXN5bG4wlXxO8rj3cZJs6O7tZQ5ti47Ka1qQ86YywBkJ6vuQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHhlVwlZemrpFT/JjutMwAokDD6iMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvZUdWWENWbDZhdWtWUDhtTzYwekFDaVFNUHFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALZinAwQA
mFnAMA0GCSqGSIb3DQEBCwUAA4IBAQBcTyaD4BDiCNuFCLJCdvFjd4XG3OaB3nfz
xxdo2e49uZ19wWxS9PtqYNQUh300jMxZryVkdnwQYR/tBlYaC7CN1BYLK3dxDaFX
DXxDTDdRIVLvLO01Ebxi14I+3HxBXF69F2NK0b90cnd2MIIgVIuTpmmnUMnWbl/9
uzqR+241ipSadISaxSYUDFG1qE4rBeUdQOr52S9h4Z3c4qTjaQX/G0g8Vub64hvr
eAzhII90tFl5wm5OsTD4c4wEcnb7qPrc9WizJdWKO6m9W4u7DC2QS7eWj+0LyY8r
Krbr7RblHXpd6N00jcY6z65a7r4cC5odNIIZcUs46k0ePYkpzNXs
-----END CERTIFICATE-----