Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/ERIEQtLad89UsNFgCT0wIGh3Zfc.roa
File:                     ERIEQtLad89UsNFgCT0wIGh3Zfc.roa (raw, json)
Hash identifier:          JgWy6eUrjbZB43PHfVudMI0TNEs32+zK3HUlnwhlY7g=
Subject key identifier:   11:12:04:42:D2:DA:77:CF:54:B0:D1:60:09:3D:30:20:68:77:65:F7
Certificate issuer:       /CN=3af09ba33b5ae581b0d29323249314f76aa10511
Certificate serial:       0197C616F4FF2181D371D291AFEF57216BD2
Authority key identifier: 3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/ERIEQtLad89UsNFgCT0wIGh3Zfc.roa
Signing time:             Tue 01 Jul 2025 13:04:42 +0000
ROA not before:           Tue 01 Jul 2025 13:04:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16550
IP address blocks:        194.2.190.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Jul 2025 04:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c6:16:f4:ff:21:81:d3:71:d2:91:af:ef:57:21:6b:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3af09ba33b5ae581b0d29323249314f76aa10511
        Validity
            Not Before: Jul  1 13:04:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11120442d2da77cf54b0d160093d3020687765f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:6f:98:37:0a:77:68:78:ff:f8:96:75:b6:6f:
                    b9:e2:2d:85:71:a5:c0:7d:c6:6f:f8:65:80:16:e6:
                    15:d3:0b:e4:9c:eb:03:22:51:08:61:ca:f0:50:b3:
                    88:79:a3:6c:69:02:ca:b7:e2:11:4b:08:11:4c:8c:
                    11:ca:7b:8c:a4:4a:44:89:7f:1f:73:59:a0:fc:ac:
                    c4:47:5f:6e:ea:2c:66:9d:48:23:a2:8b:f9:cf:d0:
                    1e:0f:ce:f1:2c:79:c5:91:e7:bb:f7:77:20:af:e9:
                    c9:10:ad:99:4b:de:25:ce:c5:40:b1:8d:d6:58:76:
                    d3:0b:c9:6c:15:13:f8:ce:21:27:ed:eb:cc:7d:4b:
                    20:90:6f:90:68:58:59:28:61:7f:15:f1:c6:6b:a0:
                    38:c8:19:70:1d:d6:d5:db:52:51:1c:a6:e4:ee:43:
                    64:19:5f:73:79:5e:f3:34:ae:83:a2:79:02:4c:31:
                    26:cc:ce:e1:58:a9:e2:04:2e:ab:6a:42:b0:9c:70:
                    3a:a3:29:44:5e:39:b7:2d:af:7e:eb:a8:29:4c:84:
                    f8:c3:d1:bc:b6:e7:cd:fb:1d:66:c4:a5:8c:f0:1a:
                    3f:87:cc:b5:34:02:c1:09:66:69:57:2c:91:c0:8a:
                    f3:d2:30:a6:a7:68:b7:ab:13:39:19:bb:61:08:3e:
                    67:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:12:04:42:D2:DA:77:CF:54:B0:D1:60:09:3D:30:20:68:77:65:F7
            X509v3 Authority Key Identifier:
                keyid:3A:F0:9B:A3:3B:5A:E5:81:B0:D2:93:23:24:93:14:F7:6A:A1:05:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OvCbozta5YGw0pMjJJMU92qhBRE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/ERIEQtLad89UsNFgCT0wIGh3Zfc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/33d5d1-c450-413b-afe4-45935f506a12/1/OvCbozta5YGw0pMjJJMU92qhBRE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.2.190.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:10:1f:d2:52:ee:d5:b2:dc:10:29:c1:57:8d:95:e7:3a:7a:
         07:a4:54:af:0f:0f:54:76:71:3a:3e:e7:ae:3b:d0:01:ae:8a:
         86:0c:8a:88:3a:ee:1f:78:74:d0:5f:ba:35:2d:a9:21:c9:2f:
         55:90:46:9c:9b:64:a1:11:94:3f:c8:a5:26:e6:33:81:f1:d8:
         91:86:7a:8c:13:4f:46:37:1f:3e:12:02:ee:9b:a3:5b:ad:e4:
         5c:b8:47:62:4a:8e:1f:b5:10:8a:17:e2:6d:af:41:f5:23:ae:
         36:06:aa:0c:46:37:f7:0b:11:af:31:a7:fa:f5:ae:07:39:09:
         15:9c:35:17:f6:eb:0c:26:01:96:84:d5:bc:c9:54:07:60:f5:
         0f:0e:9b:27:94:55:47:7c:0a:9b:cd:3c:06:c7:28:82:93:56:
         6a:02:3d:12:a6:e6:62:0d:67:23:30:ef:e5:26:d3:b5:5f:42:
         b4:6f:20:a3:30:3b:5d:c3:45:ba:c1:e6:52:63:ff:d1:af:97:
         a9:53:f3:b6:36:8c:c2:de:cd:64:94:90:00:c8:9e:16:d7:95:
         59:15:35:dd:68:45:60:49:f4:bc:27:13:5f:24:78:8c:eb:22:
         1c:74:6b:e6:e6:57:b7:17:d0:2f:4e:f5:07:dc:7e:be:8c:62:
         7a:ad:0b:ff
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfGFvT/IYHTcdKRr+9XIWvSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhZjA5YmEzM2I1YWU1ODFiMGQyOTMyMzI0OTMxNGY3NmFh
MTA1MTEwHhcNMjUwNzAxMTMwNDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTEyMDQ0MmQyZGE3N2NmNTRiMGQxNjAwOTNkMzAyMDY4Nzc2NWY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgW+YNwp3aHj/+JZ1tm+54i2FcaXA
fcZv+GWAFuYV0wvknOsDIlEIYcrwULOIeaNsaQLKt+IRSwgRTIwRynuMpEpEiX8f
c1mg/KzER19u6ixmnUgjoov5z9AeD87xLHnFkee793cgr+nJEK2ZS94lzsVAsY3W
WHbTC8lsFRP4ziEn7evMfUsgkG+QaFhZKGF/FfHGa6A4yBlwHdbV21JRHKbk7kNk
GV9zeV7zNK6DonkCTDEmzM7hWKniBC6rakKwnHA6oylEXjm3La9+66gpTIT4w9G8
tufN+x1mxKWM8Bo/h8y1NALBCWZpVyyRwIrz0jCmp2i3qxM5GbthCD5n7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBESBELS2nfPVLDRYAk9MCBod2X3MB8GA1UdIwQY
MBaAFDrwm6M7WuWBsNKTIySTFPdqoQURMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQt
NDU5MzVmNTA2YTEyLzEvRVJJRVF0TGFkODlVc05GZ0NUMHdJR2gzWmZjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8zM2Q1ZDEtYzQ1MC00MTNiLWFmZTQtNDU5MzVmNTA2YTEy
LzEvT3ZDYm96dGE1WUd3MHBNakpKTVU5MnFoQlJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwgK+MA0G
CSqGSIb3DQEBCwUAA4IBAQCREB/SUu7VstwQKcFXjZXnOnoHpFSvDw9UdnE6Pueu
O9ABroqGDIqIOu4feHTQX7o1LakhyS9VkEacm2ShEZQ/yKUm5jOB8diRhnqME09G
Nx8+EgLum6NbreRcuEdiSo4ftRCKF+Jtr0H1I642BqoMRjf3CxGvMaf69a4HOQkV
nDUX9usMJgGWhNW8yVQHYPUPDpsnlFVHfAqbzTwGxyiCk1ZqAj0SpuZiDWcjMO/l
JtO1X0K0byCjMDtdw0W6weZSY//Rr5epU/O2NozC3s1klJAAyJ4W15VZFTXdaEVg
SfS8JxNfJHiM6yIcdGvm5le3F9AvTvUH3H6+jGJ6rQv/
-----END CERTIFICATE-----