Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/EE_wtY_jOWFrr7fkMKsqtDjLk_M.roa
File:                     EE_wtY_jOWFrr7fkMKsqtDjLk_M.roa (raw, json)
Hash identifier:          bPRNvFCrauDbjeBVD0prKiUlLOERe0dc5QDfoGRuOTo=
Subject key identifier:   10:4F:F0:B5:8F:E3:39:61:6B:AF:B7:E4:30:AB:2A:B4:38:CB:93:F3
Certificate issuer:       /CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
Certificate serial:       0197827420431640DA520E7D9D8DA72EED67
Authority key identifier: 29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/EE_wtY_jOWFrr7fkMKsqtDjLk_M.roa
Signing time:             Wed 18 Jun 2025 09:52:17 +0000
ROA not before:           Wed 18 Jun 2025 09:52:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207840
IP address blocks:        5.10.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 29 Jun 2025 15:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:82:74:20:43:16:40:da:52:0e:7d:9d:8d:a7:2e:ed:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=297ef9befd1a7e24c0cc9729987fc065d6b7132f
        Validity
            Not Before: Jun 18 09:52:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=104ff0b58fe339616bafb7e430ab2ab438cb93f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:87:9d:72:4e:de:37:dd:08:d6:dd:ed:9d:1f:
                    45:02:d8:4f:f2:06:c9:2b:c1:6b:22:1c:d1:64:86:
                    08:73:63:ca:df:6e:97:ef:fd:93:ba:a4:1b:a2:83:
                    c6:52:05:0e:99:58:f7:46:69:24:6d:98:f6:c3:e3:
                    e4:95:12:cf:aa:07:ad:94:bb:e4:d0:c7:1d:af:ba:
                    f5:c4:24:bd:26:f3:c1:2b:f2:d6:97:b2:98:a0:7b:
                    2b:f4:54:34:42:83:34:8e:7b:59:c5:5f:89:f0:48:
                    86:73:22:a8:4f:4e:ef:89:4f:ca:35:b7:fb:ad:e1:
                    8f:38:51:52:44:58:4c:4b:63:ab:47:33:c7:03:f4:
                    61:c9:04:01:9c:10:c8:11:d6:3f:d2:82:3c:59:07:
                    c1:f5:c2:88:7b:a2:85:ad:5b:af:65:f7:75:a0:cb:
                    42:fb:8e:5f:0e:0c:e3:53:d5:d4:96:73:ad:34:63:
                    0a:e0:1e:20:7e:cd:6c:99:0d:b4:6b:76:6a:46:65:
                    b5:66:41:68:c4:9f:a6:3c:17:16:a4:31:44:26:3c:
                    0d:a2:c0:17:80:b0:99:3d:e6:53:5a:05:51:e7:b0:
                    ec:1a:db:bc:93:46:7b:70:4f:30:da:08:28:97:a8:
                    65:d3:1f:b2:c1:07:74:59:96:9c:a6:5f:cc:d1:2e:
                    be:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:4F:F0:B5:8F:E3:39:61:6B:AF:B7:E4:30:AB:2A:B4:38:CB:93:F3
            X509v3 Authority Key Identifier:
                keyid:29:7E:F9:BE:FD:1A:7E:24:C0:CC:97:29:98:7F:C0:65:D6:B7:13:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KX75vv0afiTAzJcpmH_AZda3Ey8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/EE_wtY_jOWFrr7fkMKsqtDjLk_M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/be4909-745f-4d0c-bfab-dee76860013d/1/KX75vv0afiTAzJcpmH_AZda3Ey8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.10.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6b:9c:3a:89:da:35:e2:1e:ac:ae:9e:31:de:da:5f:a7:d2:1c:
         29:d7:9c:eb:51:a1:a3:5a:1e:8b:39:40:ae:f6:18:d0:04:04:
         9a:f2:85:a7:b7:ae:b5:36:e3:1d:57:9a:fb:d6:e1:d8:31:41:
         d8:04:bd:c1:3e:ef:43:56:ee:ae:0b:b5:81:18:c2:eb:f2:fe:
         55:e1:a8:b2:e8:ef:4a:6a:6b:44:c1:90:30:7b:6d:5f:d0:45:
         77:1b:8b:4d:7f:c8:0a:d8:37:3c:cb:7b:fa:5e:10:a6:4f:9d:
         88:bf:ce:9b:46:69:a2:44:47:14:ab:ca:3c:f4:d6:b1:3f:4a:
         a4:3a:40:ee:cd:34:cb:4a:21:94:b3:d6:7b:fb:0a:6c:d7:24:
         ce:66:c0:e0:fc:48:82:7a:47:e9:7d:7d:03:16:94:af:16:d2:
         e7:65:ee:d8:d9:c0:06:9a:71:9a:13:89:93:fe:e4:9c:07:2e:
         65:56:1f:2d:a9:1a:3e:6a:4d:ea:de:47:3e:d0:3d:b6:11:f4:
         be:92:e3:19:74:8f:36:00:67:7c:51:6b:98:01:d6:e6:05:1b:
         77:81:34:d9:26:40:59:da:b9:ac:e9:26:1d:8a:df:2a:f8:14:
         78:58:94:14:1f:92:6e:59:86:a1:fb:15:be:cb:ba:38:32:06:
         aa:a3:5f:c7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeCdCBDFkDaUg59nY2nLu1nMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5N2VmOWJlZmQxYTdlMjRjMGNjOTcyOTk4N2ZjMDY1ZDZi
NzEzMmYwHhcNMjUwNjE4MDk1MjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDRmZjBiNThmZTMzOTYxNmJhZmI3ZTQzMGFiMmFiNDM4Y2I5M2YzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvYedck7eN90I1t3tnR9FAthP8gbJ
K8FrIhzRZIYIc2PK326X7/2TuqQbooPGUgUOmVj3RmkkbZj2w+PklRLPqgetlLvk
0Mcdr7r1xCS9JvPBK/LWl7KYoHsr9FQ0QoM0jntZxV+J8EiGcyKoT07viU/KNbf7
reGPOFFSRFhMS2OrRzPHA/RhyQQBnBDIEdY/0oI8WQfB9cKIe6KFrVuvZfd1oMtC
+45fDgzjU9XUlnOtNGMK4B4gfs1smQ20a3ZqRmW1ZkFoxJ+mPBcWpDFEJjwNosAX
gLCZPeZTWgVR57DsGtu8k0Z7cE8w2ggol6hl0x+ywQd0WZacpl/M0S6+cwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBBP8LWP4zlha6+35DCrKrQ4y5PzMB8GA1UdIwQY
MBaAFCl++b79Gn4kwMyXKZh/wGXWtxMvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWIt
ZGVlNzY4NjAwMTNkLzEvRUVfd3RZX2pPV0Zycjdma01Lc3F0RGpMa19NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9iZTQ5MDktNzQ1Zi00ZDBjLWJmYWItZGVlNzY4NjAwMTNk
LzEvS1g3NXZ2MGFmaVRBekpjcG1IX0FaZGEzRXk4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQABQrYMA0G
CSqGSIb3DQEBCwUAA4IBAQBrnDqJ2jXiHqyunjHe2l+n0hwp15zrUaGjWh6LOUCu
9hjQBASa8oWnt661NuMdV5r71uHYMUHYBL3BPu9DVu6uC7WBGMLr8v5V4aiy6O9K
amtEwZAwe21f0EV3G4tNf8gK2Dc8y3v6XhCmT52Iv86bRmmiREcUq8o89NaxP0qk
OkDuzTTLSiGUs9Z7+wps1yTOZsDg/EiCekfpfX0DFpSvFtLnZe7Y2cAGmnGaE4mT
/uScBy5lVh8tqRo+ak3q3kc+0D22EfS+kuMZdI82AGd8UWuYAdbmBRt3gTTZJkBZ
2rms6SYdit8q+BR4WJQUH5JuWYah+xW+y7o4Mgaqo1/H
-----END CERTIFICATE-----