Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/0PZuiW_4sApVUKjv2CaSL1_JwKA.roa
File:                     0PZuiW_4sApVUKjv2CaSL1_JwKA.roa (raw, json)
Hash identifier:          z1Fl2XgB/kKzgkaCdqEXcKW2hmhVbsSgrBgscpmY9uY=
Subject key identifier:   D0:F6:6E:89:6F:F8:B0:0A:55:50:A8:EF:D8:26:92:2F:5F:C9:C0:A0
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019859F07B415AA34600B6DEE8C732092386
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/0PZuiW_4sApVUKjv2CaSL1_JwKA.roa
Signing time:             Wed 30 Jul 2025 06:06:29 +0000
ROA not before:           Wed 30 Jul 2025 06:06:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54103
IP address blocks:        124.158.102.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 09 Aug 2025 20:00:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:59:f0:7b:41:5a:a3:46:00:b6:de:e8:c7:32:09:23:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jul 30 06:06:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d0f66e896ff8b00a5550a8efd826922f5fc9c0a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:5f:99:7d:87:b1:7b:e1:d2:4e:4c:bc:dc:4e:
                    da:b8:93:1f:34:21:27:34:f3:dd:33:79:9d:73:c5:
                    af:0a:62:31:7c:53:d1:fb:37:cd:22:ac:3b:89:2b:
                    3e:35:01:a9:14:fc:fc:a3:73:67:ad:08:4a:c2:65:
                    1f:27:b2:c3:b2:77:8a:9a:1a:53:5b:58:05:d7:ac:
                    66:45:fb:d3:7f:b5:08:9b:e7:f4:b8:68:fc:e3:3b:
                    93:6f:58:e8:9d:91:c7:71:8e:86:f1:27:d5:3c:3b:
                    1b:e0:ca:24:1b:27:0e:37:62:3a:08:d4:0f:6e:85:
                    e4:d6:6b:42:7b:eb:c7:c6:33:e3:f3:1d:b2:d9:12:
                    e9:6c:59:b9:6e:fa:25:ea:46:74:64:22:66:e3:08:
                    67:0b:90:aa:d9:03:5a:29:00:52:a5:ac:9f:94:fa:
                    bb:34:fb:59:a8:87:dd:51:a0:11:c7:a6:d1:86:30:
                    f4:82:9a:e7:2f:19:0f:5b:c9:03:c5:6a:a8:93:c2:
                    c9:61:58:17:76:f2:00:70:e9:45:04:ba:09:11:ea:
                    e5:63:8b:cd:24:77:21:4b:11:96:ba:1c:74:42:70:
                    8b:d7:15:c3:dd:a8:bc:d2:ed:5b:9b:25:50:f7:b1:
                    9b:58:79:ec:a3:5d:dd:5e:d1:69:29:8f:e5:33:8f:
                    46:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:F6:6E:89:6F:F8:B0:0A:55:50:A8:EF:D8:26:92:2F:5F:C9:C0:A0
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/0PZuiW_4sApVUKjv2CaSL1_JwKA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.158.102.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:b8:f3:2f:37:15:d3:bb:3f:1b:74:b9:f2:13:b5:9d:cb:1e:
         a8:b1:2a:ac:4b:fd:82:32:15:b5:28:82:1e:23:23:5e:00:99:
         9f:c2:38:98:70:0e:cd:3d:10:28:ae:dc:8c:5b:b1:09:7d:6d:
         7f:e4:16:28:b2:be:6e:db:47:6d:dc:ae:44:73:47:05:d4:b1:
         ee:a9:6b:2f:10:68:fe:1d:7a:af:c4:d5:3b:df:2e:c2:fb:ff:
         37:ec:63:88:48:26:45:11:fe:c1:ba:20:15:4d:4f:4d:49:7e:
         06:a1:ae:7a:ad:72:4c:43:c7:e9:5d:b5:9c:b3:d5:82:7f:7c:
         6c:87:fd:50:93:c7:74:35:da:03:a1:18:51:36:df:fa:aa:cb:
         c6:a3:de:b6:18:f6:c2:7b:82:28:d5:84:62:60:82:f6:5e:8c:
         f7:06:b6:9a:bb:66:d7:98:0e:7f:0d:1e:6c:bd:e5:bb:10:91:
         94:d9:e9:fb:d4:71:41:78:07:2a:d8:ff:22:a6:6b:0f:67:32:
         73:2f:d2:36:46:62:70:51:81:8f:c2:f3:25:96:95:7f:f2:66:
         7a:fa:a2:6e:74:d4:0e:78:ca:e8:76:69:d7:a5:e3:66:db:a5:
         03:0b:06:4b:a2:be:e4:20:10:fc:bf:fb:72:f0:62:70:e0:ac:
         d4:e3:b2:df
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZhZ8HtBWqNGALbe6McyCSOGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwNzMwMDYwNjI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGY2NmU4OTZmZjhiMDBhNTU1MGE4ZWZkODI2OTIyZjVmYzljMGEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1+ZfYexe+HSTky83E7auJMfNCEn
NPPdM3mdc8WvCmIxfFPR+zfNIqw7iSs+NQGpFPz8o3NnrQhKwmUfJ7LDsneKmhpT
W1gF16xmRfvTf7UIm+f0uGj84zuTb1jonZHHcY6G8SfVPDsb4MokGycON2I6CNQP
boXk1mtCe+vHxjPj8x2y2RLpbFm5bvol6kZ0ZCJm4whnC5Cq2QNaKQBSpayflPq7
NPtZqIfdUaARx6bRhjD0gprnLxkPW8kDxWqok8LJYVgXdvIAcOlFBLoJEerlY4vN
JHchSxGWuhx0QnCL1xXD3ai80u1bmyVQ97GbWHnso13dXtFpKY/lM49G7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFND2bolv+LAKVVCo79gmki9fycCgMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvMFBadWlXXzRzQXBWVUtqdjJDYVNMMV9Kd0tBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAfJ5mMA0G
CSqGSIb3DQEBCwUAA4IBAQA+uPMvNxXTuz8bdLnyE7Wdyx6osSqsS/2CMhW1KIIe
IyNeAJmfwjiYcA7NPRAortyMW7EJfW1/5BYosr5u20dt3K5Ec0cF1LHuqWsvEGj+
HXqvxNU73y7C+/837GOISCZFEf7BuiAVTU9NSX4Goa56rXJMQ8fpXbWcs9WCf3xs
h/1Qk8d0NdoDoRhRNt/6qsvGo962GPbCe4Io1YRiYIL2Xoz3Braau2bXmA5/DR5s
veW7EJGU2en71HFBeAcq2P8ipmsPZzJzL9I2RmJwUYGPwvMllpV/8mZ6+qJudNQO
eMrodmnXpeNm26UDCwZLor7kIBD8v/ty8GJw4KzU47Lf
-----END CERTIFICATE-----