Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/EWb-PkjsIGrotnAtaFBGeuGJJ0M.roa
File:                     EWb-PkjsIGrotnAtaFBGeuGJJ0M.roa (raw, json)
Hash identifier:          s/YjiZmCl+ztWg/KIAf2mdlufoYtThEtnsr6l3/dV9o=
Subject key identifier:   11:66:FE:3E:48:EC:20:6A:E8:B6:70:2D:68:50:46:7A:E1:89:27:43
Certificate issuer:       /CN=eb349af2af111361b29fcfef2e043d5be75e3f98
Certificate serial:       0197BAAD8393E3E98857B95D49D0F2CAE63B
Authority key identifier: EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/EWb-PkjsIGrotnAtaFBGeuGJJ0M.roa
Signing time:             Sun 29 Jun 2025 07:53:43 +0000
ROA not before:           Sun 29 Jun 2025 07:53:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210718
IP address blocks:        5.56.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 13:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ba:ad:83:93:e3:e9:88:57:b9:5d:49:d0:f2:ca:e6:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb349af2af111361b29fcfef2e043d5be75e3f98
        Validity
            Not Before: Jun 29 07:53:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1166fe3e48ec206ae8b6702d6850467ae1892743
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:cc:9c:93:c8:68:97:cb:31:98:13:fe:3d:d6:
                    d2:38:3a:d9:db:e5:e1:27:12:af:18:64:8f:04:58:
                    1c:79:36:44:30:73:7d:9e:61:85:80:d4:40:01:d8:
                    08:49:02:db:71:40:df:2c:74:8d:be:fe:65:3e:4b:
                    de:da:65:59:11:1d:11:57:81:a9:81:64:4c:34:82:
                    40:e3:43:63:89:0d:4d:1e:8e:7a:f4:ef:5f:73:55:
                    78:ac:ae:de:86:27:19:5a:f1:a3:08:5e:59:fb:6b:
                    95:61:1c:f9:89:69:1e:eb:69:f6:f0:8f:50:cf:e4:
                    41:4e:5c:01:f0:25:be:c4:cf:b1:73:fd:2c:50:95:
                    71:f1:31:76:4e:0c:d1:71:c1:ae:9f:66:40:7c:88:
                    7c:19:bd:b1:44:70:b5:48:cf:7c:dc:85:1d:fe:e4:
                    96:e0:b2:f0:c6:f0:47:d5:d6:d6:b2:83:57:b7:fb:
                    07:6c:d4:f7:a6:50:d3:f8:91:6f:4e:21:92:73:48:
                    ce:67:27:37:db:14:eb:1d:71:a2:0c:f5:ed:51:67:
                    95:80:78:9c:a3:4d:1a:86:a8:0e:b4:1d:9e:6e:9f:
                    ee:e9:53:65:07:b5:05:e3:45:19:b5:db:8c:3a:c5:
                    0c:32:e2:64:59:87:4f:cb:f9:8e:a5:0c:73:66:98:
                    2d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:66:FE:3E:48:EC:20:6A:E8:B6:70:2D:68:50:46:7A:E1:89:27:43
            X509v3 Authority Key Identifier:
                keyid:EB:34:9A:F2:AF:11:13:61:B2:9F:CF:EF:2E:04:3D:5B:E7:5E:3F:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/EWb-PkjsIGrotnAtaFBGeuGJJ0M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/3cb147-a7c3-44e9-adc8-9cd662bc8320/1/6zSa8q8RE2Gyn8_vLgQ9W-deP5g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.56.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:cd:6c:9f:b5:f8:63:f7:6e:ab:26:35:4c:af:65:aa:9c:bf:
         35:af:d6:f7:ce:1b:22:9a:ae:ee:69:9e:90:43:5b:0a:24:e1:
         00:d6:cd:b7:e8:b8:69:98:7f:0b:fb:c7:a8:4d:f9:22:c9:af:
         c4:4b:98:c7:b9:2b:5d:0f:10:87:ec:2f:12:62:95:04:c9:d4:
         b5:3c:25:fe:7e:e8:57:46:4b:72:a5:4b:68:f0:f3:7b:08:78:
         cc:21:88:40:a2:fe:7d:5c:53:49:5f:de:c5:f5:9c:d0:b5:89:
         eb:92:df:89:fc:d8:30:9f:5f:9e:73:c9:27:a7:fa:a4:ee:03:
         92:29:29:39:1e:2d:80:b5:17:c7:51:4a:1e:4c:48:9e:c7:5e:
         58:5f:cd:8b:db:d7:d3:7e:12:88:7b:c8:f6:4e:59:ee:39:a6:
         05:96:5d:88:00:6f:2f:5b:c7:e2:ee:b5:9a:17:e0:c1:b1:7b:
         4f:01:25:d9:e3:3a:49:28:f2:06:28:1f:4a:fc:0b:31:66:c3:
         92:b4:ea:7b:53:c2:54:19:ce:3e:ba:34:97:06:a1:c2:ae:5a:
         87:3c:e9:cf:aa:d4:92:ca:f8:c0:9f:a0:5f:89:25:4d:13:f1:
         d9:b2:1a:14:88:f9:ee:47:db:6c:d9:06:06:aa:e0:3d:19:0c:
         4f:60:f1:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZe6rYOT4+mIV7ldSdDyyuY7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViMzQ5YWYyYWYxMTEzNjFiMjlmY2ZlZjJlMDQzZDViZTc1
ZTNmOTgwHhcNMjUwNjI5MDc1MzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTY2ZmUzZTQ4ZWMyMDZhZThiNjcwMmQ2ODUwNDY3YWUxODkyNzQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtsyck8hol8sxmBP+PdbSODrZ2+Xh
JxKvGGSPBFgceTZEMHN9nmGFgNRAAdgISQLbcUDfLHSNvv5lPkve2mVZER0RV4Gp
gWRMNIJA40NjiQ1NHo569O9fc1V4rK7ehicZWvGjCF5Z+2uVYRz5iWke62n28I9Q
z+RBTlwB8CW+xM+xc/0sUJVx8TF2TgzRccGun2ZAfIh8Gb2xRHC1SM983IUd/uSW
4LLwxvBH1dbWsoNXt/sHbNT3plDT+JFvTiGSc0jOZyc32xTrHXGiDPXtUWeVgHic
o00ahqgOtB2ebp/u6VNlB7UF40UZtduMOsUMMuJkWYdPy/mOpQxzZpgtnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBFm/j5I7CBq6LZwLWhQRnrhiSdDMB8GA1UdIwQY
MBaAFOs0mvKvERNhsp/P7y4EPVvnXj+YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgt
OWNkNjYyYmM4MzIwLzEvRVdiLVBranNJR3JvdG5BdGFGQkdldUdKSjBNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC8zY2IxNDctYTdjMy00NGU5LWFkYzgtOWNkNjYyYmM4MzIw
LzEvNnpTYThxOFJFMkd5bjhfdkxnUTlXLWRlUDVnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABTgdMA0G
CSqGSIb3DQEBCwUAA4IBAQCczWyftfhj926rJjVMr2WqnL81r9b3zhsimq7uaZ6Q
Q1sKJOEA1s236LhpmH8L+8eoTfkiya/ES5jHuStdDxCH7C8SYpUEydS1PCX+fuhX
RktypUto8PN7CHjMIYhAov59XFNJX97F9ZzQtYnrkt+J/Ngwn1+ec8knp/qk7gOS
KSk5Hi2AtRfHUUoeTEiex15YX82L29fTfhKIe8j2TlnuOaYFll2IAG8vW8fi7rWa
F+DBsXtPASXZ4zpJKPIGKB9K/AsxZsOStOp7U8JUGc4+ujSXBqHCrlqHPOnPqtSS
yvjAn6BfiSVNE/HZshoUiPnuR9ts2QYGquA9GQxPYPGb
-----END CERTIFICATE-----