Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/682230-b4cd-4595-bd1e-32a41ba3e3c5/1/EOs1OcIjU7QpGNyQW0WAVHDhwZk.roa
File:                     EOs1OcIjU7QpGNyQW0WAVHDhwZk.roa (raw, json)
Hash identifier:          GhAzKLkw2PqF2q1j22FlhKv8LsjLpt0qx1W6/h0p4Js=
Subject key identifier:   10:EB:35:39:C2:23:53:B4:29:18:DC:90:5B:45:80:54:70:E1:C1:99
Certificate issuer:       /CN=fa7cfac6af108660d94e2fced61e61ff219c0a56
Certificate serial:       019667FEFACD8A36E37F1961491D7F52A6C6
Authority key identifier: FA:7C:FA:C6:AF:10:86:60:D9:4E:2F:CE:D6:1E:61:FF:21:9C:0A:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-nz6xq8QhmDZTi_O1h5h_yGcClY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/682230-b4cd-4595-bd1e-32a41ba3e3c5/1/EOs1OcIjU7QpGNyQW0WAVHDhwZk.roa
Signing time:             Thu 24 Apr 2025 13:31:25 +0000
ROA not before:           Thu 24 Apr 2025 13:31:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51377
IP address blocks:        185.210.176.0/22 maxlen: 22
                          193.221.124.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/682230-b4cd-4595-bd1e-32a41ba3e3c5/1/1-nz6xq8QhmDZTi_O1h5h_yGcClY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/682230-b4cd-4595-bd1e-32a41ba3e3c5/1/1-nz6xq8QhmDZTi_O1h5h_yGcClY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-nz6xq8QhmDZTi_O1h5h_yGcClY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 14 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:67:fe:fa:cd:8a:36:e3:7f:19:61:49:1d:7f:52:a6:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa7cfac6af108660d94e2fced61e61ff219c0a56
        Validity
            Not Before: Apr 24 13:31:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=10eb3539c22353b42918dc905b45805470e1c199
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:a3:6d:4a:60:ff:a3:9b:a7:2d:03:43:c4:95:
                    f2:13:bb:c0:30:9f:c3:72:45:84:d5:51:17:20:cc:
                    f6:01:08:03:67:39:00:80:6f:15:81:14:b2:64:b0:
                    d2:8c:5c:9a:4d:63:10:fd:06:d1:06:a5:e6:ec:76:
                    3e:1c:b7:f8:d5:78:8e:7a:38:a2:f5:d7:0d:b8:34:
                    be:38:c6:2f:1f:1a:ad:81:c0:a0:43:5b:37:ac:87:
                    a2:4e:d0:f8:13:8b:12:8d:b8:a5:4d:af:14:6b:36:
                    8e:d5:30:4e:8c:12:10:20:21:ee:ba:df:5d:d9:13:
                    6f:40:04:37:b6:e8:2f:ce:9a:28:ff:72:88:17:ef:
                    40:30:53:4c:b1:d9:86:91:03:c5:3d:c2:98:11:d9:
                    71:af:b1:61:bc:af:22:94:40:62:81:60:40:fa:2c:
                    ea:68:ea:06:60:9d:37:7d:d5:bb:80:e4:ec:ec:b1:
                    7a:02:91:07:1c:fc:3b:cc:08:24:94:c6:ff:5b:0a:
                    be:94:52:bd:9c:08:ed:6f:31:64:15:e3:60:d9:4c:
                    c9:2f:00:99:77:04:4d:43:1b:67:21:b9:5d:95:e5:
                    c6:65:73:e2:7f:4a:e0:b6:0a:0e:eb:95:87:96:1b:
                    68:fc:d1:2c:46:17:91:de:45:ff:6d:64:dc:23:f0:
                    63:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:EB:35:39:C2:23:53:B4:29:18:DC:90:5B:45:80:54:70:E1:C1:99
            X509v3 Authority Key Identifier:
                keyid:FA:7C:FA:C6:AF:10:86:60:D9:4E:2F:CE:D6:1E:61:FF:21:9C:0A:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-nz6xq8QhmDZTi_O1h5h_yGcClY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/682230-b4cd-4595-bd1e-32a41ba3e3c5/1/EOs1OcIjU7QpGNyQW0WAVHDhwZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/682230-b4cd-4595-bd1e-32a41ba3e3c5/1/1-nz6xq8QhmDZTi_O1h5h_yGcClY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.176.0/22
                  193.221.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:7b:7c:10:7a:b2:aa:5b:ab:04:83:e0:a4:41:ec:1e:73:de:
         86:93:b1:e6:5a:2e:dc:e0:7c:c6:4b:70:f4:1f:fb:c2:c1:47:
         cf:6b:e8:19:d1:64:2f:72:05:37:dc:3b:e1:19:5a:30:f2:79:
         33:38:6a:b2:76:18:3e:f3:ab:3c:f4:5e:05:38:73:cf:fe:93:
         50:a0:dc:90:af:0a:e3:a6:69:c4:f8:03:17:55:ab:a8:ca:19:
         29:83:46:93:76:cf:d4:c0:05:fd:a0:16:71:5c:27:a6:38:19:
         b2:89:8c:f7:e5:e1:92:c8:ff:4f:d0:95:c3:df:1c:21:1e:3e:
         c0:3e:d8:e6:cd:9d:e1:f4:6e:9e:37:6b:96:aa:4b:8d:5a:cc:
         ca:ec:49:7d:4f:02:ba:bc:32:b5:e1:44:71:f5:6c:b0:11:7a:
         c6:18:b1:6c:30:23:e5:50:e3:6a:9f:3b:22:e9:41:af:1c:5f:
         36:88:d8:8e:e9:b8:f7:e9:06:28:f5:6d:a3:9a:1e:ab:b1:9b:
         7e:58:27:98:1f:c7:52:91:e4:a0:91:27:88:c8:91:ca:77:9d:
         43:0f:40:6f:26:e4:04:6c:4a:30:dc:b2:a5:e4:3c:a8:13:ea:
         2c:25:71:7f:3b:9f:2a:26:e7:4d:8c:d0:79:83:a3:fb:36:c9:
         9c:d2:0b:ab
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZZn/vrNijbjfxlhSR1/UqbGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhN2NmYWM2YWYxMDg2NjBkOTRlMmZjZWQ2MWU2MWZmMjE5
YzBhNTYwHhcNMjUwNDI0MTMzMTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGViMzUzOWMyMjM1M2I0MjkxOGRjOTA1YjQ1ODA1NDcwZTFjMTk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxKNtSmD/o5unLQNDxJXyE7vAMJ/D
ckWE1VEXIMz2AQgDZzkAgG8VgRSyZLDSjFyaTWMQ/QbRBqXm7HY+HLf41XiOejii
9dcNuDS+OMYvHxqtgcCgQ1s3rIeiTtD4E4sSjbilTa8UazaO1TBOjBIQICHuut9d
2RNvQAQ3tugvzpoo/3KIF+9AMFNMsdmGkQPFPcKYEdlxr7FhvK8ilEBigWBA+izq
aOoGYJ03fdW7gOTs7LF6ApEHHPw7zAgklMb/Wwq+lFK9nAjtbzFkFeNg2UzJLwCZ
dwRNQxtnIbldleXGZXPif0rgtgoO65WHlhto/NEsRheR3kX/bWTcI/BjxwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFBDrNTnCI1O0KRjckFtFgFRw4cGZMB8GA1UdIwQY
MBaAFPp8+savEIZg2U4vztYeYf8hnApWMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1uejZ4cThRaG1EWlRpX08xaDVoX3lHY0NsWS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNmQvNjgyMjMwLWI0Y2QtNDU5NS1iZDFl
LTMyYTQxYmEzZTNjNS8xL0VPczFPY0lqVTdRcEdOeVFXMFdBVkhEaHdaay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNmQvNjgyMjMwLWI0Y2QtNDU5NS1iZDFlLTMyYTQxYmEzZTNj
NS8xLzEtbno2eHE4UWhtRFpUaV9PMWg1aF95R2NDbFkuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwJQYIKwYBBQUHAQcBAf8EFjAUMBIEAgABMAwDBAK50rAD
BADB3XwwDQYJKoZIhvcNAQELBQADggEBAAx7fBB6sqpbqwSD4KRB7B5z3oaTseZa
LtzgfMZLcPQf+8LBR89r6BnRZC9yBTfcO+EZWjDyeTM4arJ2GD7zqzz0XgU4c8/+
k1Cg3JCvCuOmacT4AxdVq6jKGSmDRpN2z9TABf2gFnFcJ6Y4GbKJjPfl4ZLI/0/Q
lcPfHCEePsA+2ObNneH0bp43a5aqS41azMrsSX1PArq8MrXhRHH1bLAResYYsWww
I+VQ42qfOyLpQa8cXzaI2I7puPfpBij1baOaHquxm35YJ5gfx1KR5KCRJ4jIkcp3
nUMPQG8m5ARsSjDcsqXkPKgT6iwlcX87nyom502M0HmDo/s2yZzSC6s=
-----END CERTIFICATE-----