Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/b54988-87e1-4a9d-a33b-34a949c92074/1/EshCzxO86qcL07tz5uc1JfugV7o.roa
File:                     EshCzxO86qcL07tz5uc1JfugV7o.roa (raw, json)
Hash identifier:          LPE3JzJOmXyXyccfoQvv4I0FBt2vRf2Wt20kp5/Xotw=
Subject key identifier:   12:C8:42:CF:13:BC:EA:A7:0B:D3:BB:73:E6:E7:35:25:FB:A0:57:BA
Certificate issuer:       /CN=4773243081eadc1ef4ae3234f86b2bd72622b5c4
Certificate serial:       01995818F7F614EA53CCE85EBFEA110C1FE6
Authority key identifier: 47:73:24:30:81:EA:DC:1E:F4:AE:32:34:F8:6B:2B:D7:26:22:B5:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/R3MkMIHq3B70rjI0-Gsr1yYitcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/b54988-87e1-4a9d-a33b-34a949c92074/1/EshCzxO86qcL07tz5uc1JfugV7o.roa
Signing time:             Wed 17 Sep 2025 14:34:15 +0000
ROA not before:           Wed 17 Sep 2025 14:34:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214329
IP address blocks:        209.131.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/b54988-87e1-4a9d-a33b-34a949c92074/1/R3MkMIHq3B70rjI0-Gsr1yYitcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/b54988-87e1-4a9d-a33b-34a949c92074/1/R3MkMIHq3B70rjI0-Gsr1yYitcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/R3MkMIHq3B70rjI0-Gsr1yYitcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:01:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:58:18:f7:f6:14:ea:53:cc:e8:5e:bf:ea:11:0c:1f:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4773243081eadc1ef4ae3234f86b2bd72622b5c4
        Validity
            Not Before: Sep 17 14:34:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=12c842cf13bceaa70bd3bb73e6e73525fba057ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:57:f5:91:39:fd:ba:29:c0:7b:54:e8:85:4d:
                    23:19:b7:92:ff:47:9b:8f:b3:33:f5:d2:c4:a9:88:
                    34:7f:80:d3:39:33:bf:f2:19:dd:5e:de:7f:f4:c0:
                    92:d6:24:fe:4a:91:15:2c:e2:f9:05:f4:24:47:c3:
                    30:53:95:e7:ec:c3:54:69:74:ea:e7:05:26:5d:ad:
                    c5:72:26:7c:6e:ec:45:e0:74:85:d7:2f:12:7b:f4:
                    d7:d2:2c:18:65:98:6f:f9:9f:5c:39:4c:69:84:d7:
                    2f:29:b9:c2:f7:ed:ed:a7:fc:1b:8c:55:b8:f4:3e:
                    8f:d3:d7:a9:73:6a:b8:ca:e3:90:f5:f9:28:20:ba:
                    bc:fc:58:c9:69:3b:21:5a:75:36:f5:f1:90:de:2b:
                    8d:38:06:fa:90:05:2b:9b:2e:e5:ce:43:4a:34:90:
                    71:61:bc:af:1a:3e:c1:30:2c:65:05:97:38:11:dc:
                    c1:07:6c:94:85:4b:10:34:9e:78:cb:23:29:59:9d:
                    ac:b2:0f:13:4f:81:97:44:5e:ab:5d:83:ef:bf:d8:
                    25:bd:ea:18:22:63:3f:2f:4e:50:27:3c:cb:65:2b:
                    6f:5b:bb:4a:a5:5c:86:7b:15:76:6c:ea:0d:92:34:
                    ee:66:78:30:03:9d:b5:29:98:ee:d6:99:dd:47:28:
                    96:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:C8:42:CF:13:BC:EA:A7:0B:D3:BB:73:E6:E7:35:25:FB:A0:57:BA
            X509v3 Authority Key Identifier:
                keyid:47:73:24:30:81:EA:DC:1E:F4:AE:32:34:F8:6B:2B:D7:26:22:B5:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/R3MkMIHq3B70rjI0-Gsr1yYitcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b54988-87e1-4a9d-a33b-34a949c92074/1/EshCzxO86qcL07tz5uc1JfugV7o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/b54988-87e1-4a9d-a33b-34a949c92074/1/R3MkMIHq3B70rjI0-Gsr1yYitcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  209.131.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:14:2d:7e:70:4e:5c:60:16:17:a9:a7:c7:ea:d7:2f:46:11:
         75:8e:44:3b:47:0d:6d:0c:a3:43:dc:0a:a4:ec:69:04:61:0b:
         4c:b8:ed:df:19:75:db:8e:7a:2b:4c:c6:a2:df:73:f1:da:14:
         de:dd:08:a8:89:1b:1d:2c:dd:36:38:93:3f:22:a4:9d:3b:24:
         e8:ba:cd:61:88:f7:88:e1:79:b9:c6:96:3e:42:80:8f:ea:8a:
         d5:bf:ae:a1:e4:a0:69:5e:0d:a1:9d:2b:66:9c:75:bd:27:fc:
         96:d3:28:06:8c:2e:55:02:88:46:8f:b9:55:e5:b4:f0:0a:0b:
         42:8b:24:6a:89:b6:7e:3e:89:77:17:e4:41:e6:9c:2d:96:a9:
         60:4e:96:50:96:da:4c:14:86:ac:b1:ec:cf:98:5b:38:a4:b0:
         33:bf:46:7e:8d:46:c8:4a:d6:d7:a0:bb:b2:cc:d8:c4:1e:7c:
         db:50:64:98:7b:7f:62:68:93:77:8b:8e:a8:d1:d8:18:85:f9:
         18:c2:54:ee:32:94:5a:7f:95:38:73:2b:bc:43:cd:34:ba:58:
         90:92:72:ed:fd:41:a5:e7:3c:f3:77:29:6a:ce:ea:c7:51:ce:
         2e:fd:e1:65:49:ab:9c:c7:28:e3:6e:2a:a4:f6:a2:88:b6:0d:
         ce:90:e0:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZlYGPf2FOpTzOhev+oRDB/mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3NzMyNDMwODFlYWRjMWVmNGFlMzIzNGY4NmIyYmQ3MjYy
MmI1YzQwHhcNMjUwOTE3MTQzNDE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmM4NDJjZjEzYmNlYWE3MGJkM2JiNzNlNmU3MzUyNWZiYTA1N2JhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+lf1kTn9uinAe1TohU0jGbeS/0eb
j7Mz9dLEqYg0f4DTOTO/8hndXt5/9MCS1iT+SpEVLOL5BfQkR8MwU5Xn7MNUaXTq
5wUmXa3FciZ8buxF4HSF1y8Se/TX0iwYZZhv+Z9cOUxphNcvKbnC9+3tp/wbjFW4
9D6P09epc2q4yuOQ9fkoILq8/FjJaTshWnU29fGQ3iuNOAb6kAUrmy7lzkNKNJBx
YbyvGj7BMCxlBZc4EdzBB2yUhUsQNJ54yyMpWZ2ssg8TT4GXRF6rXYPvv9glveoY
ImM/L05QJzzLZStvW7tKpVyGexV2bOoNkjTuZngwA521KZju1pndRyiWcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBLIQs8TvOqnC9O7c+bnNSX7oFe6MB8GA1UdIwQY
MBaAFEdzJDCB6twe9K4yNPhrK9cmIrXEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUjNNa01JSHEzQjcwcmpJMC1Hc3IxeVlpdGNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9iNTQ5ODgtODdlMS00YTlkLWEzM2It
MzRhOTQ5YzkyMDc0LzEvRXNoQ3p4Tzg2cWNMMDd0ejV1YzFKZnVnVjdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi9iNTQ5ODgtODdlMS00YTlkLWEzM2ItMzRhOTQ5YzkyMDc0
LzEvUjNNa01JSHEzQjcwcmpJMC1Hc3IxeVlpdGNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA0YN+MA0G
CSqGSIb3DQEBCwUAA4IBAQAkFC1+cE5cYBYXqafH6tcvRhF1jkQ7Rw1tDKND3Aqk
7GkEYQtMuO3fGXXbjnorTMai33Px2hTe3QioiRsdLN02OJM/IqSdOyTous1hiPeI
4Xm5xpY+QoCP6orVv66h5KBpXg2hnStmnHW9J/yW0ygGjC5VAohGj7lV5bTwCgtC
iyRqibZ+Pol3F+RB5pwtlqlgTpZQltpMFIassezPmFs4pLAzv0Z+jUbIStbXoLuy
zNjEHnzbUGSYe39iaJN3i46o0dgYhfkYwlTuMpRaf5U4cyu8Q800uliQknLt/UGl
5zzzdylqzurHUc4u/eFlSaucxyjjbiqk9qKItg3OkOCt
-----END CERTIFICATE-----