Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/3f2355-66ff-40b7-98d6-d95a38f0c06e/1/Eba-gFj6_KEbGtGz74WD9Qe5r-8.roa
File:                     Eba-gFj6_KEbGtGz74WD9Qe5r-8.roa (raw, json)
Hash identifier:          IQzF41AYmHmWyxwMWh8AK7MBgafq4BN6uK+awf+6jdE=
Subject key identifier:   11:B6:BE:80:58:FA:FC:A1:1B:1A:D1:B3:EF:85:83:F5:07:B9:AF:EF
Certificate issuer:       /CN=e3342c586371d465bcf35f79e1660e11e0805155
Certificate serial:       01977D01C76491FD366115ED2164EF7B85EC
Authority key identifier: E3:34:2C:58:63:71:D4:65:BC:F3:5F:79:E1:66:0E:11:E0:80:51:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4zQsWGNx1GW881954WYOEeCAUVU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/3f2355-66ff-40b7-98d6-d95a38f0c06e/1/Eba-gFj6_KEbGtGz74WD9Qe5r-8.roa
Signing time:             Tue 17 Jun 2025 08:29:17 +0000
ROA not before:           Tue 17 Jun 2025 08:29:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     52153
IP address blocks:        91.222.192.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/3f2355-66ff-40b7-98d6-d95a38f0c06e/1/4zQsWGNx1GW881954WYOEeCAUVU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/3f2355-66ff-40b7-98d6-d95a38f0c06e/1/4zQsWGNx1GW881954WYOEeCAUVU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4zQsWGNx1GW881954WYOEeCAUVU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 07:42:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7d:01:c7:64:91:fd:36:61:15:ed:21:64:ef:7b:85:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e3342c586371d465bcf35f79e1660e11e0805155
        Validity
            Not Before: Jun 17 08:29:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11b6be8058fafca11b1ad1b3ef8583f507b9afef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2b:a6:4a:49:a7:77:d4:37:c5:de:e1:86:3c:
                    4d:68:25:d8:f2:1c:80:4c:4a:55:43:2c:80:f5:4a:
                    67:3f:26:a4:b8:d5:c0:02:d2:b8:c5:13:39:47:46:
                    6d:b3:76:07:67:c0:07:b5:8d:57:2c:30:dc:9a:cd:
                    6a:79:b8:f3:a3:1d:69:51:0f:65:36:e0:3f:ed:bc:
                    86:41:81:19:23:a9:f1:cb:85:ea:ba:0c:3c:58:27:
                    25:7f:8d:3b:15:ff:54:b0:09:46:0f:58:64:32:5b:
                    19:6e:19:62:ee:b2:fa:7a:ca:5b:e6:89:d4:2b:1b:
                    61:72:90:88:64:87:c2:67:23:dc:a4:e1:f3:49:48:
                    27:8f:02:73:17:96:67:cd:31:1e:b8:5f:0d:8b:d6:
                    99:d4:0d:0e:7d:95:1d:2b:cf:69:fd:54:80:43:2c:
                    2d:b6:0d:b4:2d:41:90:6b:a4:e5:ad:05:da:f7:1a:
                    00:1f:a2:cc:1c:85:b2:1d:3f:7e:04:16:bb:e8:ad:
                    83:6c:85:28:58:79:91:03:a6:7c:fb:d2:ec:6a:b9:
                    69:d7:ac:24:55:bd:34:92:20:8d:d3:70:63:17:af:
                    16:e2:b2:eb:3e:9a:cc:4e:92:ae:dc:b6:63:b1:ee:
                    eb:b1:00:97:eb:25:85:1c:de:3f:24:46:f9:3b:46:
                    e2:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:B6:BE:80:58:FA:FC:A1:1B:1A:D1:B3:EF:85:83:F5:07:B9:AF:EF
            X509v3 Authority Key Identifier:
                keyid:E3:34:2C:58:63:71:D4:65:BC:F3:5F:79:E1:66:0E:11:E0:80:51:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4zQsWGNx1GW881954WYOEeCAUVU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/3f2355-66ff-40b7-98d6-d95a38f0c06e/1/Eba-gFj6_KEbGtGz74WD9Qe5r-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/3f2355-66ff-40b7-98d6-d95a38f0c06e/1/4zQsWGNx1GW881954WYOEeCAUVU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.222.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6f:f0:f1:8b:c1:f3:20:64:ee:bc:3e:ac:59:c1:30:26:3d:c4:
         14:28:6b:e1:5a:8f:40:4b:b1:b7:97:1b:3d:59:69:8d:61:cd:
         3e:a6:06:e2:47:0b:68:af:b6:11:cb:7b:02:6d:bc:35:f5:1f:
         88:3c:6c:f0:d6:a7:d3:17:a8:e1:d8:e8:5a:5e:c5:19:e5:4a:
         2b:cd:ba:23:4a:99:84:03:6d:1d:71:d3:8b:2b:47:a5:f0:82:
         07:a9:ad:49:14:0e:b9:b8:ea:e6:29:55:e1:fd:13:7e:3a:b3:
         4a:d0:a7:0d:fc:de:44:1b:34:4f:dd:79:30:04:54:de:55:5b:
         f0:39:56:0e:23:05:3c:8c:d0:01:89:62:41:eb:7c:c7:80:b6:
         a8:db:b1:95:fd:e5:b9:62:34:49:5c:62:61:cf:f8:01:92:68:
         f6:fe:ad:e3:14:85:0f:9d:7c:ba:76:7d:18:49:d2:d4:6f:81:
         39:8e:68:3e:ee:5c:a3:c2:af:72:7b:c9:00:cc:9b:f9:e0:57:
         fd:91:33:c6:52:9c:03:aa:94:1c:90:3c:4a:ef:f7:fc:9e:be:
         42:b5:16:e5:15:6c:83:6d:1d:f4:d1:3b:98:de:9f:8a:a9:58:
         46:de:7b:0a:dd:b9:6b:48:c9:47:95:7c:ac:7c:76:f6:1c:10:
         26:ad:9f:76
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd9Acdkkf02YRXtIWTve4XsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzMzQyYzU4NjM3MWQ0NjViY2YzNWY3OWUxNjYwZTExZTA4
MDUxNTUwHhcNMjUwNjE3MDgyOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWI2YmU4MDU4ZmFmY2ExMWIxYWQxYjNlZjg1ODNmNTA3YjlhZmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryumSkmnd9Q3xd7hhjxNaCXY8hyA
TEpVQyyA9UpnPyakuNXAAtK4xRM5R0Zts3YHZ8AHtY1XLDDcms1qebjzox1pUQ9l
NuA/7byGQYEZI6nxy4Xqugw8WCclf407Ff9UsAlGD1hkMlsZbhli7rL6espb5onU
KxthcpCIZIfCZyPcpOHzSUgnjwJzF5ZnzTEeuF8Ni9aZ1A0OfZUdK89p/VSAQywt
tg20LUGQa6TlrQXa9xoAH6LMHIWyHT9+BBa76K2DbIUoWHmRA6Z8+9Lsarlp16wk
Vb00kiCN03BjF68W4rLrPprMTpKu3LZjse7rsQCX6yWFHN4/JEb5O0biwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBG2voBY+vyhGxrRs++Fg/UHua/vMB8GA1UdIwQY
MBaAFOM0LFhjcdRlvPNfeeFmDhHggFFVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHpRc1dHTngxR1c4ODE5NTRXWU9FZUNBVVZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi8zZjIzNTUtNjZmZi00MGI3LTk4ZDYt
ZDk1YTM4ZjBjMDZlLzEvRWJhLWdGajZfS0ViR3RHejc0V0Q5UWU1ci04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi8zZjIzNTUtNjZmZi00MGI3LTk4ZDYtZDk1YTM4ZjBjMDZl
LzEvNHpRc1dHTngxR1c4ODE5NTRXWU9FZUNBVVZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW97AMA0G
CSqGSIb3DQEBCwUAA4IBAQBv8PGLwfMgZO68PqxZwTAmPcQUKGvhWo9AS7G3lxs9
WWmNYc0+pgbiRwtor7YRy3sCbbw19R+IPGzw1qfTF6jh2OhaXsUZ5UorzbojSpmE
A20dcdOLK0el8IIHqa1JFA65uOrmKVXh/RN+OrNK0KcN/N5EGzRP3XkwBFTeVVvw
OVYOIwU8jNABiWJB63zHgLao27GV/eW5YjRJXGJhz/gBkmj2/q3jFIUPnXy6dn0Y
SdLUb4E5jmg+7lyjwq9ye8kAzJv54Ff9kTPGUpwDqpQckDxK7/f8nr5CtRblFWyD
bR300TuY3p+KqVhG3nsK3blrSMlHlXysfHb2HBAmrZ92
-----END CERTIFICATE-----