Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/81fYP5r81oVC4FxQVj4B3Wg1pCk.roa
File:                     81fYP5r81oVC4FxQVj4B3Wg1pCk.roa (raw, json)
Hash identifier:          MOogLCF9wtIQwY0uGoqHB7G+lY1FMj4985CDDRYIC5c=
Subject key identifier:   F3:57:D8:3F:9A:FC:D6:85:42:E0:5C:50:56:3E:01:DD:68:35:A4:29
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       01977EC60C2DECF0360968C1DDC6C958482E
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/81fYP5r81oVC4FxQVj4B3Wg1pCk.roa
Signing time:             Tue 17 Jun 2025 16:43:17 +0000
ROA not before:           Tue 17 Jun 2025 16:43:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21949
IP address blocks:        205.237.92.0/23 maxlen: 24
                          205.237.94.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 18 Jun 2025 22:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7e:c6:0c:2d:ec:f0:36:09:68:c1:dd:c6:c9:58:48:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jun 17 16:43:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f357d83f9afcd68542e05c50563e01dd6835a429
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:6c:ef:dc:d4:fc:7d:56:aa:da:5f:87:5a:33:
                    65:49:56:90:af:82:46:25:18:cd:f5:7f:25:58:1d:
                    d5:68:1b:75:b0:8d:6b:61:5c:92:9d:ba:43:c7:5e:
                    cd:63:6a:3a:b7:29:9a:da:a4:37:26:60:9e:c2:fb:
                    e0:3f:83:4a:3a:3b:ac:dc:0e:46:98:c9:b3:40:cf:
                    e3:ff:e7:ad:1e:c3:30:f3:45:8f:df:bd:03:c3:79:
                    d8:84:3d:64:6f:c5:83:9b:d6:c3:c9:47:37:bd:35:
                    bf:36:78:89:bb:3c:ec:af:59:47:5c:30:72:8b:28:
                    9d:47:70:e1:cc:67:3d:54:0c:2b:fb:72:82:ce:14:
                    a2:9d:77:eb:e5:84:68:24:ce:13:1b:77:11:44:d9:
                    55:13:21:b0:4d:a5:93:32:e5:bf:58:24:27:2b:5f:
                    3e:c8:ff:81:7b:0c:1e:e0:cb:46:e8:ed:26:80:a8:
                    60:57:4e:14:4a:cd:cc:63:f1:4f:3b:7f:f6:4c:3a:
                    94:84:f0:4c:5a:65:c0:ee:f3:88:5e:d9:ca:3b:fe:
                    78:07:56:e3:ab:a8:99:d3:fd:a9:80:02:b7:51:e8:
                    a2:f7:15:2b:2f:bc:27:5b:53:ea:5b:48:b2:85:32:
                    a6:fa:8c:2e:a2:bb:29:5c:8f:c7:20:c3:8f:bf:62:
                    e4:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:57:D8:3F:9A:FC:D6:85:42:E0:5C:50:56:3E:01:DD:68:35:A4:29
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/81fYP5r81oVC4FxQVj4B3Wg1pCk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  205.237.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d8:4f:9b:9d:44:34:f4:a7:80:e5:2a:41:0b:29:0c:d1:b0:19:
         30:2f:95:35:32:b8:3f:56:09:0b:f3:25:fd:df:92:c3:b3:11:
         20:1f:b6:02:95:ec:d7:96:45:df:41:0d:74:23:11:5b:9c:17:
         33:ba:01:0f:39:e5:9d:d6:f7:19:5d:f9:ae:de:f4:94:c3:9d:
         46:a2:5b:da:ce:ae:45:5b:f0:c0:a0:3d:3b:53:9c:1f:43:2f:
         59:5c:d0:48:9e:78:58:29:f1:11:e9:10:fc:7d:57:3a:26:ed:
         d2:02:c7:32:f8:40:34:6b:cd:59:30:f4:3a:c1:15:95:97:74:
         a7:0a:a3:4c:38:09:87:c4:22:54:08:40:2c:cc:90:74:c1:ae:
         c2:85:80:9e:b2:ea:f0:2e:a0:c9:f8:6c:f0:a2:5d:c1:5a:87:
         1c:06:74:f2:26:bb:63:3e:e3:cb:39:49:f6:1e:b3:74:3a:b3:
         ad:78:e7:64:27:ca:7e:68:f2:f1:23:17:66:64:e5:2e:af:ed:
         2a:f3:06:64:2a:e6:0d:56:80:ea:6a:fe:0d:47:4c:a9:19:3e:
         52:0f:23:97:ec:c9:30:dd:a4:8b:de:2d:ad:8c:d8:39:84:f1:
         55:cb:ae:1d:03:38:c9:2f:8f:40:99:8b:4b:b9:9c:69:a1:27:
         f3:a0:86:a4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd+xgwt7PA2CWjB3cbJWEguMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwNjE3MTY0MzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMzU3ZDgzZjlhZmNkNjg1NDJlMDVjNTA1NjNlMDFkZDY4MzVhNDI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnmzv3NT8fVaq2l+HWjNlSVaQr4JG
JRjN9X8lWB3VaBt1sI1rYVySnbpDx17NY2o6tyma2qQ3JmCewvvgP4NKOjus3A5G
mMmzQM/j/+etHsMw80WP370Dw3nYhD1kb8WDm9bDyUc3vTW/NniJuzzsr1lHXDBy
iyidR3DhzGc9VAwr+3KCzhSinXfr5YRoJM4TG3cRRNlVEyGwTaWTMuW/WCQnK18+
yP+Bewwe4MtG6O0mgKhgV04USs3MY/FPO3/2TDqUhPBMWmXA7vOIXtnKO/54B1bj
q6iZ0/2pgAK3Ueii9xUrL7wnW1PqW0iyhTKm+owuorspXI/HIMOPv2LkowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPNX2D+a/NaFQuBcUFY+Ad1oNaQpMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvODFmWVA1cjgxb1ZDNEZ4UVZqNEIzV2cxcENrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCze1cMA0G
CSqGSIb3DQEBCwUAA4IBAQDYT5udRDT0p4DlKkELKQzRsBkwL5U1Mrg/VgkL8yX9
35LDsxEgH7YClezXlkXfQQ10IxFbnBczugEPOeWd1vcZXfmu3vSUw51Golvazq5F
W/DAoD07U5wfQy9ZXNBInnhYKfER6RD8fVc6Ju3SAscy+EA0a81ZMPQ6wRWVl3Sn
CqNMOAmHxCJUCEAszJB0wa7ChYCesurwLqDJ+Gzwol3BWoccBnTyJrtjPuPLOUn2
HrN0OrOteOdkJ8p+aPLxIxdmZOUur+0q8wZkKuYNVoDqav4NR0ypGT5SDyOX7Mkw
3aSL3i2tjNg5hPFVy64dAzjJL49AmYtLuZxpoSfzoIak
-----END CERTIFICATE-----