Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/b8c13d-e7d3-4aa9-a911-ed64805977f0/1/eiXFhQbxCQpcEPNruQeHmSAD-Z0.roa
File:                     eiXFhQbxCQpcEPNruQeHmSAD-Z0.roa (raw, json)
Hash identifier:          MfMam3uqTveTnOv++uzEyTkwTSJ0lTcdAkWlcL+odNo=
Subject key identifier:   7A:25:C5:85:06:F1:09:0A:5C:10:F3:6B:B9:07:87:99:20:03:F9:9D
Certificate issuer:       /CN=ca942b2706761c2ba753289783edf985e338f177
Certificate serial:       01969FDA5E24FCD9959B2D2D83461FE0F85C
Authority key identifier: CA:94:2B:27:06:76:1C:2B:A7:53:28:97:83:ED:F9:85:E3:38:F1:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ypQrJwZ2HCunUyiXg-35heM48Xc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/b8c13d-e7d3-4aa9-a911-ed64805977f0/1/eiXFhQbxCQpcEPNruQeHmSAD-Z0.roa
Signing time:             Mon 05 May 2025 09:50:10 +0000
ROA not before:           Mon 05 May 2025 09:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212542
IP address blocks:        91.233.100.0/24 maxlen: 24
                          194.42.200.0/24 maxlen: 24
                          195.189.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/b8c13d-e7d3-4aa9-a911-ed64805977f0/1/ypQrJwZ2HCunUyiXg-35heM48Xc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/b8c13d-e7d3-4aa9-a911-ed64805977f0/1/ypQrJwZ2HCunUyiXg-35heM48Xc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ypQrJwZ2HCunUyiXg-35heM48Xc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 20:47:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:9f:da:5e:24:fc:d9:95:9b:2d:2d:83:46:1f:e0:f8:5c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ca942b2706761c2ba753289783edf985e338f177
        Validity
            Not Before: May  5 09:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a25c58506f1090a5c10f36bb90787992003f99d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:85:5e:56:86:90:e7:9e:18:d1:e5:0c:6d:0d:
                    8b:43:a7:9f:75:5a:63:a1:0e:4b:01:aa:e3:a9:d3:
                    ba:7f:a2:d0:a0:6e:90:c3:10:88:a7:ac:d6:b5:98:
                    e0:4e:74:35:d3:d3:63:56:d0:8d:95:5c:96:3c:14:
                    2d:cc:55:2a:ff:50:1c:0a:9c:ad:a6:72:12:4d:35:
                    74:7d:f4:d6:0c:6b:16:03:06:f0:4a:27:21:60:9a:
                    c2:e3:68:a5:8e:06:7c:36:59:1a:c0:84:69:ec:4d:
                    c9:1f:38:3d:e9:8d:fb:38:e2:52:fc:08:64:f6:2c:
                    b8:55:ea:78:fc:18:8e:37:56:ec:cd:68:c2:5c:57:
                    6f:b8:1b:23:32:c3:6f:12:ab:66:ca:36:4b:8a:5f:
                    62:c3:97:5b:67:f9:8b:ac:30:75:5a:30:3c:37:b7:
                    2a:f8:07:2e:e4:0d:c0:69:85:4b:5d:7c:6f:e7:0d:
                    91:a4:59:0b:de:88:37:a0:32:1c:a9:25:2a:c1:2c:
                    4c:8d:fc:57:49:47:d4:6d:4e:f1:f8:6a:5c:88:cc:
                    07:bc:d0:18:5c:09:73:b0:00:6f:c2:e9:16:18:42:
                    c6:72:3a:54:ba:b0:a2:8f:be:b4:8b:47:fd:b4:90:
                    b1:44:fa:d5:b0:47:a3:2c:78:f9:90:9f:19:2a:0b:
                    7f:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:25:C5:85:06:F1:09:0A:5C:10:F3:6B:B9:07:87:99:20:03:F9:9D
            X509v3 Authority Key Identifier:
                keyid:CA:94:2B:27:06:76:1C:2B:A7:53:28:97:83:ED:F9:85:E3:38:F1:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ypQrJwZ2HCunUyiXg-35heM48Xc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/b8c13d-e7d3-4aa9-a911-ed64805977f0/1/eiXFhQbxCQpcEPNruQeHmSAD-Z0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/b8c13d-e7d3-4aa9-a911-ed64805977f0/1/ypQrJwZ2HCunUyiXg-35heM48Xc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.233.100.0/24
                  194.42.200.0/24
                  195.189.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         63:80:0b:02:be:89:5f:d6:83:48:d7:e7:23:ac:c6:9f:8a:34:
         ef:99:b3:c5:e4:cd:08:32:83:17:7c:2c:ac:c2:78:7d:55:16:
         d4:3d:93:5a:0d:cb:09:97:aa:33:19:ad:1f:7b:ea:09:3b:47:
         2d:27:c9:99:32:91:40:e1:6d:8d:c8:ac:aa:60:14:f6:27:dd:
         55:46:da:20:7b:d8:1d:a2:0b:d4:67:eb:59:71:f3:60:40:8e:
         df:f1:c1:b9:7e:eb:19:14:ac:ea:9b:30:18:8f:de:eb:5b:d1:
         db:29:ef:3e:23:8d:a2:3d:38:5a:27:3b:50:1d:40:43:28:88:
         29:64:70:e8:9f:4a:17:90:41:3f:b6:24:06:ca:36:92:70:56:
         f9:a1:fa:31:a4:8a:ee:6a:6e:bc:ad:39:65:b9:1b:46:97:80:
         dc:98:ed:ef:34:c2:7d:4f:77:06:8e:e2:cd:6b:7f:58:81:de:
         43:c3:e4:78:f0:9c:08:c8:8b:4b:61:71:36:58:27:bc:71:1d:
         2a:31:f7:90:13:3a:43:12:6d:7c:a9:f6:e2:55:7f:bc:0d:f0:
         59:b9:99:8c:36:4b:8a:c4:db:27:47:de:9a:e3:6a:51:6a:b4:
         a5:f0:95:ee:50:f6:ac:3c:af:17:d3:d4:98:5d:fa:c5:87:4e:
         65:37:9b:a7
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZaf2l4k/NmVmy0tg0Yf4PhcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNhOTQyYjI3MDY3NjFjMmJhNzUzMjg5NzgzZWRmOTg1ZTMz
OGYxNzcwHhcNMjUwNTA1MDk1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTI1YzU4NTA2ZjEwOTBhNWMxMGYzNmJiOTA3ODc5OTIwMDNmOTlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4VeVoaQ554Y0eUMbQ2LQ6efdVpj
oQ5LAarjqdO6f6LQoG6QwxCIp6zWtZjgTnQ109NjVtCNlVyWPBQtzFUq/1AcCpyt
pnISTTV0ffTWDGsWAwbwSichYJrC42iljgZ8NlkawIRp7E3JHzg96Y37OOJS/Ahk
9iy4Vep4/BiON1bszWjCXFdvuBsjMsNvEqtmyjZLil9iw5dbZ/mLrDB1WjA8N7cq
+Acu5A3AaYVLXXxv5w2RpFkL3og3oDIcqSUqwSxMjfxXSUfUbU7x+GpciMwHvNAY
XAlzsABvwukWGELGcjpUurCij760i0f9tJCxRPrVsEejLHj5kJ8ZKgt/aQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHolxYUG8QkKXBDza7kHh5kgA/mdMB8GA1UdIwQY
MBaAFMqUKycGdhwrp1Mol4Pt+YXjOPF3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXBRckp3WjJIQ3VuVXlpWGctMzVoZU00OFhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny9iOGMxM2QtZTdkMy00YWE5LWE5MTEt
ZWQ2NDgwNTk3N2YwLzEvZWlYRmhRYnhDUXBjRVBOcnVRZUhtU0FELVowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny9iOGMxM2QtZTdkMy00YWE5LWE5MTEtZWQ2NDgwNTk3N2Yw
LzEveXBRckp3WjJIQ3VuVXlpWGctMzVoZU00OFhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAW+lkAwQA
wirIAwQAw73wMA0GCSqGSIb3DQEBCwUAA4IBAQBjgAsCvolf1oNI1+cjrMafijTv
mbPF5M0IMoMXfCyswnh9VRbUPZNaDcsJl6ozGa0fe+oJO0ctJ8mZMpFA4W2NyKyq
YBT2J91VRtoge9gdogvUZ+tZcfNgQI7f8cG5fusZFKzqmzAYj97rW9HbKe8+I42i
PThaJztQHUBDKIgpZHDon0oXkEE/tiQGyjaScFb5ofoxpIruam68rTlluRtGl4Dc
mO3vNMJ9T3cGjuLNa39Ygd5Dw+R48JwIyItLYXE2WCe8cR0qMfeQEzpDEm18qfbi
VX+8DfBZuZmMNkuKxNsnR96a42pRarSl8JXuUPasPK8X09SYXfrFh05lN5un
-----END CERTIFICATE-----