Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fb/81ed41-e36b-45f7-90e7-b2fd9bf097f8/1/EeK4i6oC2iH9jlepCWK3gfTBLe8.roa
File:                     EeK4i6oC2iH9jlepCWK3gfTBLe8.roa (raw, json)
Hash identifier:          7H+b7WJxJU5yBe8ci4c9aoV8bkLWoT9nmkCdxD1EJu8=
Subject key identifier:   11:E2:B8:8B:AA:02:DA:21:FD:8E:57:A9:09:62:B7:81:F4:C1:2D:EF
Certificate issuer:       /CN=582e2170a7bcbec310154f2bce99833fec2801fb
Certificate serial:       01982D306FBBF2DC2DBCE86E3318CF63DD45
Authority key identifier: 58:2E:21:70:A7:BC:BE:C3:10:15:4F:2B:CE:99:83:3F:EC:28:01:FB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/WC4hcKe8vsMQFU8rzpmDP-woAfs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fb/81ed41-e36b-45f7-90e7-b2fd9bf097f8/1/EeK4i6oC2iH9jlepCWK3gfTBLe8.roa
Signing time:             Mon 21 Jul 2025 13:33:25 +0000
ROA not before:           Mon 21 Jul 2025 13:33:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        67.63.59.0/24 maxlen: 24
                          67.63.62.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fb/81ed41-e36b-45f7-90e7-b2fd9bf097f8/1/WC4hcKe8vsMQFU8rzpmDP-woAfs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fb/81ed41-e36b-45f7-90e7-b2fd9bf097f8/1/WC4hcKe8vsMQFU8rzpmDP-woAfs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/WC4hcKe8vsMQFU8rzpmDP-woAfs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 07 Aug 2025 07:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:2d:30:6f:bb:f2:dc:2d:bc:e8:6e:33:18:cf:63:dd:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=582e2170a7bcbec310154f2bce99833fec2801fb
        Validity
            Not Before: Jul 21 13:33:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11e2b88baa02da21fd8e57a90962b781f4c12def
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:5b:a2:9c:9b:db:65:be:8c:d8:ee:28:fc:69:
                    ce:42:6d:d0:83:14:a5:b4:45:b5:c8:a0:f8:6b:94:
                    ab:d6:1b:c1:e3:c2:65:11:7b:5b:db:f0:66:88:c2:
                    98:e2:cb:22:bb:98:12:e4:0f:10:6a:ec:cb:54:ea:
                    03:9a:9a:96:6f:ac:80:09:6d:4a:3d:5b:bb:25:04:
                    2a:6e:52:dc:2a:6c:37:78:7e:63:e1:d8:eb:ca:6e:
                    b1:12:6e:ab:f0:d3:92:02:bb:6f:27:c3:9b:65:06:
                    85:73:e8:54:d4:f9:09:e4:95:45:34:42:a7:d8:2b:
                    6f:5b:d7:d0:67:2c:ed:be:e8:67:61:8a:a3:31:17:
                    b5:50:e4:99:c3:bc:ed:88:6d:d1:ec:b0:44:d4:01:
                    bb:ab:a8:f5:ff:49:d2:3a:f9:7f:96:f5:d3:24:45:
                    0c:cc:08:45:8c:1d:62:4e:38:34:b8:80:7f:18:0a:
                    e8:59:17:7d:55:97:73:f0:5a:2a:94:10:8a:c9:74:
                    b6:71:94:cb:5b:b7:b1:e0:bc:0b:87:79:58:27:52:
                    59:42:ec:9a:b4:fd:ba:1b:29:a0:f2:91:c6:dd:71:
                    3f:78:a7:93:ef:cd:8d:d5:00:b4:f7:65:73:45:7b:
                    70:dd:54:a6:1f:05:db:23:0b:25:bf:72:c0:d7:6c:
                    57:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:E2:B8:8B:AA:02:DA:21:FD:8E:57:A9:09:62:B7:81:F4:C1:2D:EF
            X509v3 Authority Key Identifier:
                keyid:58:2E:21:70:A7:BC:BE:C3:10:15:4F:2B:CE:99:83:3F:EC:28:01:FB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/WC4hcKe8vsMQFU8rzpmDP-woAfs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/81ed41-e36b-45f7-90e7-b2fd9bf097f8/1/EeK4i6oC2iH9jlepCWK3gfTBLe8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fb/81ed41-e36b-45f7-90e7-b2fd9bf097f8/1/WC4hcKe8vsMQFU8rzpmDP-woAfs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  67.63.59.0/24
                  67.63.62.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:6b:68:00:1c:a5:cb:c7:83:a3:ae:18:57:68:f1:27:a7:63:
         93:b5:73:b9:e7:63:ec:03:f6:18:e7:48:9e:5c:b0:84:19:98:
         f1:00:8f:51:b3:8f:2c:0f:b3:56:03:91:cd:93:c0:5a:9b:27:
         35:32:a2:57:c7:60:f9:d1:bd:4a:97:27:ba:c8:37:d7:fe:93:
         ec:1b:45:0d:6c:06:6d:ff:fa:de:5d:d9:e1:ba:11:3f:75:5f:
         4c:f3:2f:8f:b6:37:ef:93:87:9c:47:f5:ad:87:d6:d3:c9:aa:
         ed:62:e3:48:6c:5e:cd:6a:a1:92:ec:44:e8:8f:46:fa:a9:db:
         7e:cb:73:d3:3c:02:56:db:cc:ff:df:54:76:20:5d:e0:23:d2:
         a0:98:9f:04:f4:95:47:50:12:45:ad:3e:8e:27:30:57:69:fd:
         47:b6:2e:06:ca:4f:d2:0c:a7:63:eb:1a:59:62:21:64:c2:9b:
         07:94:99:37:f3:72:a9:eb:21:2d:7b:f8:f2:50:6a:6a:4e:a0:
         3c:dd:ff:b0:5a:6c:af:24:28:d1:0a:b8:56:55:8b:40:f6:33:
         0c:ed:72:f6:cd:b9:28:bb:8d:9b:1d:58:aa:26:7c:12:1a:4d:
         5a:15:a8:eb:6c:c7:10:f1:07:3c:4d:ea:7e:9d:31:dd:0b:c0:
         78:48:6a:95
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZgtMG+78twtvOhuMxjPY91FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU4MmUyMTcwYTdiY2JlYzMxMDE1NGYyYmNlOTk4MzNmZWMy
ODAxZmIwHhcNMjUwNzIxMTMzMzI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWUyYjg4YmFhMDJkYTIxZmQ4ZTU3YTkwOTYyYjc4MWY0YzEyZGVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA51uinJvbZb6M2O4o/GnOQm3QgxSl
tEW1yKD4a5Sr1hvB48JlEXtb2/BmiMKY4ssiu5gS5A8QauzLVOoDmpqWb6yACW1K
PVu7JQQqblLcKmw3eH5j4djrym6xEm6r8NOSArtvJ8ObZQaFc+hU1PkJ5JVFNEKn
2CtvW9fQZyztvuhnYYqjMRe1UOSZw7ztiG3R7LBE1AG7q6j1/0nSOvl/lvXTJEUM
zAhFjB1iTjg0uIB/GAroWRd9VZdz8FoqlBCKyXS2cZTLW7ex4LwLh3lYJ1JZQuya
tP26Gymg8pHG3XE/eKeT782N1QC092VzRXtw3VSmHwXbIwslv3LA12xXxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBHiuIuqAtoh/Y5XqQlit4H0wS3vMB8GA1UdIwQY
MBaAFFguIXCnvL7DEBVPK86Zgz/sKAH7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvV0M0aGNLZTh2c01RRlU4cnpwbURQLXdvQWZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYi84MWVkNDEtZTM2Yi00NWY3LTkwZTct
YjJmZDliZjA5N2Y4LzEvRWVLNGk2b0MyaUg5amxlcENXSzNnZlRCTGU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYi84MWVkNDEtZTM2Yi00NWY3LTkwZTctYjJmZDliZjA5N2Y4
LzEvV0M0aGNLZTh2c01RRlU4cnpwbURQLXdvQWZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAQz87AwQA
Qz8+MA0GCSqGSIb3DQEBCwUAA4IBAQB4a2gAHKXLx4OjrhhXaPEnp2OTtXO552Ps
A/YY50ieXLCEGZjxAI9Rs48sD7NWA5HNk8Bamyc1MqJXx2D50b1Klye6yDfX/pPs
G0UNbAZt//reXdnhuhE/dV9M8y+Ptjfvk4ecR/Wth9bTyartYuNIbF7NaqGS7ETo
j0b6qdt+y3PTPAJW28z/31R2IF3gI9KgmJ8E9JVHUBJFrT6OJzBXaf1Hti4Gyk/S
DKdj6xpZYiFkwpsHlJk383Kp6yEte/jyUGpqTqA83f+wWmyvJCjRCrhWVYtA9jMM
7XL2zbkou42bHViqJnwSGk1aFajrbMcQ8Qc8Tep+nTHdC8B4SGqV
-----END CERTIFICATE-----