Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/EmhpSnj7iLgC2d70P5qJqnThSpI.roa
File:                     EmhpSnj7iLgC2d70P5qJqnThSpI.roa (raw, json)
Hash identifier:          CX+fHnUOAwNmcRoAT7+5woe0kC9yhVErQMUO/t7HIGw=
Subject key identifier:   12:68:69:4A:78:FB:88:B8:02:D9:DE:F4:3F:9A:89:AA:74:E1:4A:92
Certificate issuer:       /CN=e83a2cce9083e8c15a1d325cf48767559f92b623
Certificate serial:       01978C88C8D94ACE4C3D72F1DCACD7938AFB
Authority key identifier: E8:3A:2C:CE:90:83:E8:C1:5A:1D:32:5C:F4:87:67:55:9F:92:B6:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6DoszpCD6MFaHTJc9IdnVZ-StiM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/EmhpSnj7iLgC2d70P5qJqnThSpI.roa
Signing time:             Fri 20 Jun 2025 08:51:03 +0000
ROA not before:           Fri 20 Jun 2025 08:51:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59529
IP address blocks:        176.123.58.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/6DoszpCD6MFaHTJc9IdnVZ-StiM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/6DoszpCD6MFaHTJc9IdnVZ-StiM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6DoszpCD6MFaHTJc9IdnVZ-StiM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 01 Jul 2025 23:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:8c:88:c8:d9:4a:ce:4c:3d:72:f1:dc:ac:d7:93:8a:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e83a2cce9083e8c15a1d325cf48767559f92b623
        Validity
            Not Before: Jun 20 08:51:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1268694a78fb88b802d9def43f9a89aa74e14a92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:e2:71:de:b4:a2:5b:33:18:c0:4d:b5:b2:84:
                    0d:b7:5a:8c:46:30:d5:33:38:93:b3:d6:86:18:f3:
                    5b:6a:94:79:36:ac:ce:33:b6:d1:e6:21:79:9b:48:
                    fa:fe:a9:9c:db:58:89:a0:08:a6:3f:23:2e:b0:24:
                    d4:e9:9d:d1:e2:31:ae:e1:4e:b7:52:08:7e:c6:b7:
                    14:83:24:67:d4:8a:46:09:70:a1:d6:94:bd:02:35:
                    23:96:f7:9c:cc:19:e3:92:3d:0c:9e:e9:61:b2:7b:
                    cf:63:10:25:54:74:ef:01:d8:12:dc:87:d8:f6:9a:
                    cd:09:37:b6:88:3d:d0:21:49:94:9f:10:66:09:16:
                    ab:bc:1a:5b:83:67:7a:96:97:82:9a:3e:ec:6e:f1:
                    df:8a:8e:80:2a:09:c8:e8:0c:27:15:9b:18:df:cb:
                    40:30:6a:94:25:f8:74:e7:2e:32:79:4e:92:b0:a9:
                    9b:44:5a:7b:98:16:a6:24:c4:8d:64:7c:0e:04:92:
                    0f:85:9c:75:e0:39:35:d5:4f:84:34:3a:d0:00:ea:
                    0a:a6:0a:b2:ff:84:93:a4:b8:73:19:a9:aa:9d:ed:
                    1f:30:f1:4b:80:98:7b:f0:f8:05:ff:fc:c8:84:2e:
                    01:e1:46:bd:17:ce:87:4e:2d:c6:57:e9:38:d4:b7:
                    ac:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:68:69:4A:78:FB:88:B8:02:D9:DE:F4:3F:9A:89:AA:74:E1:4A:92
            X509v3 Authority Key Identifier:
                keyid:E8:3A:2C:CE:90:83:E8:C1:5A:1D:32:5C:F4:87:67:55:9F:92:B6:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6DoszpCD6MFaHTJc9IdnVZ-StiM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/EmhpSnj7iLgC2d70P5qJqnThSpI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/56/eb422b-c79e-4fbe-ae8f-3563f9543487/1/6DoszpCD6MFaHTJc9IdnVZ-StiM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.123.58.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:3b:f4:fa:7a:be:11:76:eb:f5:79:1c:08:c7:73:41:e9:7b:
         74:65:28:36:f2:e3:b5:5f:87:26:af:10:86:b5:e4:30:0c:1a:
         72:8d:c6:ba:f9:9d:b0:f6:0d:27:3c:0d:ca:44:dd:13:05:8a:
         7e:3a:eb:53:4b:56:ef:b4:d0:2d:82:a5:cf:a7:e3:30:41:bd:
         bf:22:fa:a8:df:de:1f:6b:56:f0:18:5f:c6:af:66:83:79:27:
         cf:ab:c1:66:9a:5d:1b:a2:ae:09:3e:57:3e:ee:46:cb:56:39:
         87:63:b5:9f:aa:d9:2e:18:48:44:76:71:99:3c:3d:26:86:41:
         08:e5:8f:51:6a:6a:0c:98:0b:21:6d:7f:3e:cf:1a:fa:df:57:
         6a:ff:82:2e:33:c9:05:ee:f7:45:13:45:f8:b7:91:05:bb:c4:
         3f:58:d9:e7:ed:16:1c:10:32:88:a7:3f:31:e7:80:ad:90:d2:
         6c:d2:80:d0:54:8f:c5:b0:4d:99:32:45:3a:bf:3f:5f:e7:ce:
         ec:c4:da:46:7f:32:c2:59:4d:5d:f8:6c:78:3e:61:29:7b:9c:
         90:38:ea:d4:67:da:3b:3c:fb:64:fe:0b:0f:46:03:6a:39:90:
         6f:ec:c6:a9:56:01:b2:9f:b9:87:c6:a3:e0:8c:5f:cc:e6:a0:
         5b:c6:17:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeMiMjZSs5MPXLx3KzXk4r7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4M2EyY2NlOTA4M2U4YzE1YTFkMzI1Y2Y0ODc2NzU1OWY5
MmI2MjMwHhcNMjUwNjIwMDg1MTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjY4Njk0YTc4ZmI4OGI4MDJkOWRlZjQzZjlhODlhYTc0ZTE0YTkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkeJx3rSiWzMYwE21soQNt1qMRjDV
MziTs9aGGPNbapR5NqzOM7bR5iF5m0j6/qmc21iJoAimPyMusCTU6Z3R4jGu4U63
Ugh+xrcUgyRn1IpGCXCh1pS9AjUjlveczBnjkj0MnulhsnvPYxAlVHTvAdgS3IfY
9prNCTe2iD3QIUmUnxBmCRarvBpbg2d6lpeCmj7sbvHfio6AKgnI6AwnFZsY38tA
MGqUJfh05y4yeU6SsKmbRFp7mBamJMSNZHwOBJIPhZx14Dk11U+ENDrQAOoKpgqy
/4STpLhzGamqne0fMPFLgJh78PgF//zIhC4B4Ua9F86HTi3GV+k41LesMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBJoaUp4+4i4Atne9D+aiap04UqSMB8GA1UdIwQY
MBaAFOg6LM6Qg+jBWh0yXPSHZ1WfkrYjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkRvc3pwQ0Q2TUZhSFRKYzlJZG5WWi1TdGlNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9lYjQyMmItYzc5ZS00ZmJlLWFlOGYt
MzU2M2Y5NTQzNDg3LzEvRW1ocFNuajdpTGdDMmQ3MFA1cUpxblRoU3BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9lYjQyMmItYzc5ZS00ZmJlLWFlOGYtMzU2M2Y5NTQzNDg3
LzEvNkRvc3pwQ0Q2TUZhSFRKYzlJZG5WWi1TdGlNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAsHs6MA0G
CSqGSIb3DQEBCwUAA4IBAQAnO/T6er4Rduv1eRwIx3NB6Xt0ZSg28uO1X4cmrxCG
teQwDBpyjca6+Z2w9g0nPA3KRN0TBYp+OutTS1bvtNAtgqXPp+MwQb2/Ivqo394f
a1bwGF/Gr2aDeSfPq8Fmml0boq4JPlc+7kbLVjmHY7WfqtkuGEhEdnGZPD0mhkEI
5Y9RamoMmAshbX8+zxr631dq/4IuM8kF7vdFE0X4t5EFu8Q/WNnn7RYcEDKIpz8x
54CtkNJs0oDQVI/FsE2ZMkU6vz9f587sxNpGfzLCWU1d+Gx4PmEpe5yQOOrUZ9o7
PPtk/gsPRgNqOZBv7MapVgGyn7mHxqPgjF/M5qBbxhdG
-----END CERTIFICATE-----