Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/EkHUkSFDGbKL5AAVp021d1F1RP8.roa
File:                     EkHUkSFDGbKL5AAVp021d1F1RP8.roa (raw, json)
Hash identifier:          1xhDwqLWw9RpWkyO026DKFTjyp3KuWA9Qrj8Ra8eCJA=
Subject key identifier:   12:41:D4:91:21:43:19:B2:8B:E4:00:15:A7:4D:B5:77:51:75:44:FF
Certificate issuer:       /CN=7e20b034e2c497b1884488def106972704765029
Certificate serial:       0199E674D5CD709858B03875708EFB687264
Authority key identifier: 7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/EkHUkSFDGbKL5AAVp021d1F1RP8.roa
Signing time:             Wed 15 Oct 2025 06:00:40 +0000
ROA not before:           Wed 15 Oct 2025 06:00:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5065
IP address blocks:        195.40.153.0/24 maxlen: 24
                          195.40.154.0/24 maxlen: 24
                          195.40.155.0/24 maxlen: 24
                          195.172.120.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:e6:74:d5:cd:70:98:58:b0:38:75:70:8e:fb:68:72:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e20b034e2c497b1884488def106972704765029
        Validity
            Not Before: Oct 15 06:00:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1241d491214319b28be40015a74db577517544ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:d6:be:34:70:ce:7d:d3:a2:01:8f:ad:2d:23:
                    ba:d8:ab:1a:18:eb:1d:69:9c:55:e9:f4:ec:82:13:
                    f6:8a:4a:76:d2:23:2e:ba:b2:92:bd:09:38:c8:70:
                    56:2b:f4:ea:2f:fa:89:eb:a9:04:32:9e:53:0c:5c:
                    68:9e:4b:e1:55:97:37:bd:21:b9:88:18:9f:9b:4d:
                    37:76:a1:db:f5:a7:15:b2:e5:32:85:7a:1b:f3:ca:
                    9b:75:41:19:84:f1:98:00:0c:c2:47:16:55:7d:6a:
                    9b:5f:99:58:b2:30:e6:4e:2a:d5:a8:99:4f:78:37:
                    83:99:d0:ee:1e:43:bb:53:13:c6:a3:3f:49:19:db:
                    93:a3:77:65:d9:89:20:bb:f9:a2:d9:88:c6:bf:a5:
                    72:21:7e:d6:85:bd:27:67:ec:48:83:5e:f2:2a:d4:
                    a0:50:07:8e:66:d3:0c:8d:76:09:04:54:81:df:67:
                    2e:fd:e7:3d:a6:ac:70:6a:6b:e6:86:7a:73:24:3b:
                    b8:08:00:89:94:66:82:57:7d:23:0a:d3:60:3d:ad:
                    ea:98:9f:48:9d:06:5c:5b:48:6e:bc:73:7e:45:eb:
                    68:3f:93:63:55:fe:4c:60:55:c4:f6:0e:83:a2:24:
                    87:bc:e0:d2:07:38:2a:f4:24:a3:e3:ac:dd:1f:ae:
                    34:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:41:D4:91:21:43:19:B2:8B:E4:00:15:A7:4D:B5:77:51:75:44:FF
            X509v3 Authority Key Identifier:
                keyid:7E:20:B0:34:E2:C4:97:B1:88:44:88:DE:F1:06:97:27:04:76:50:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fiCwNOLEl7GIRIje8QaXJwR2UCk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/EkHUkSFDGbKL5AAVp021d1F1RP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/6b662d-02a1-46e7-b9cd-035d977f4216/1/fiCwNOLEl7GIRIje8QaXJwR2UCk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.40.153.0-195.40.155.255
                  195.172.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:c3:5b:44:8a:1f:32:9d:3e:63:41:d4:65:8b:7a:90:0a:a5:
         c0:95:2b:96:14:18:ab:29:64:37:a8:5f:94:b4:7d:67:52:45:
         30:7b:cf:e6:31:71:50:1c:42:25:d1:e8:26:df:96:cf:c4:1a:
         2e:a9:3f:7c:bb:41:c5:61:9c:9c:fb:d5:4a:d1:ca:5f:8e:b7:
         38:3d:ec:ec:5c:d4:8a:9e:c2:d1:7c:58:55:3e:f4:df:8d:57:
         48:01:a6:aa:a3:7b:b6:17:e3:eb:61:53:7f:f6:2c:72:f5:5a:
         9b:56:ba:12:5d:04:53:94:28:6d:ba:98:2c:28:a4:2c:9e:ad:
         80:91:98:83:e3:b8:59:69:a5:de:c4:c6:fc:b3:f4:b2:bb:0d:
         e5:c4:82:30:b0:32:7b:04:83:99:1d:8a:d1:a8:f9:17:b5:a6:
         ac:c1:d1:b3:d0:69:2d:28:fd:a9:dc:b2:fe:88:7c:f5:4d:94:
         5a:31:95:f5:63:ab:08:29:95:b6:39:79:84:85:c7:cc:f0:a8:
         ce:2c:b5:6d:a8:65:5d:5f:d0:a2:e8:42:e4:d7:c3:13:1b:cb:
         3d:cc:e3:18:0e:bf:85:30:b1:36:03:33:b0:4d:4b:72:51:d3:
         0c:10:f2:04:3d:69:c2:9e:fa:cc:d2:23:c7:49:16:23:63:3a:
         d0:e1:74:2c
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAZnmdNXNcJhYsDh1cI77aHJkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMjBiMDM0ZTJjNDk3YjE4ODQ0ODhkZWYxMDY5NzI3MDQ3
NjUwMjkwHhcNMjUxMDE1MDYwMDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjQxZDQ5MTIxNDMxOWIyOGJlNDAwMTVhNzRkYjU3NzUxNzU0NGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt9a+NHDOfdOiAY+tLSO62KsaGOsd
aZxV6fTsghP2ikp20iMuurKSvQk4yHBWK/TqL/qJ66kEMp5TDFxonkvhVZc3vSG5
iBifm003dqHb9acVsuUyhXob88qbdUEZhPGYAAzCRxZVfWqbX5lYsjDmTirVqJlP
eDeDmdDuHkO7UxPGoz9JGduTo3dl2Ykgu/mi2YjGv6VyIX7Whb0nZ+xIg17yKtSg
UAeOZtMMjXYJBFSB32cu/ec9pqxwamvmhnpzJDu4CACJlGaCV30jCtNgPa3qmJ9I
nQZcW0huvHN+RetoP5NjVf5MYFXE9g6DoiSHvODSBzgq9CSj46zdH6401wIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFBJB1JEhQxmyi+QAFadNtXdRdUT/MB8GA1UdIwQY
MBaAFH4gsDTixJexiESI3vEGlycEdlApMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2Qt
MDM1ZDk3N2Y0MjE2LzEvRWtIVWtTRkRHYktMNUFBVnAwMjFkMUYxUlA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC82YjY2MmQtMDJhMS00NmU3LWI5Y2QtMDM1ZDk3N2Y0MjE2
LzEvZmlDd05PTEVsN0dJUklqZThRYVhKd1IyVUNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBADDKJkD
BALDKJgDBADDrHgwDQYJKoZIhvcNAQELBQADggEBALjDW0SKHzKdPmNB1GWLepAK
pcCVK5YUGKspZDeoX5S0fWdSRTB7z+YxcVAcQiXR6Cbfls/EGi6pP3y7QcVhnJz7
1UrRyl+Otzg97Oxc1IqewtF8WFU+9N+NV0gBpqqje7YX4+thU3/2LHL1WptWuhJd
BFOUKG26mCwopCyerYCRmIPjuFlppd7Exvyz9LK7DeXEgjCwMnsEg5kditGo+Re1
pqzB0bPQaS0o/ancsv6IfPVNlFoxlfVjqwgplbY5eYSFx8zwqM4stW2oZV1f0KLo
QuTXwxMbyz3M4xgOv4UwsTYDM7BNS3JR0wwQ8gQ9acKe+szSI8dJFiNjOtDhdCw=
-----END CERTIFICATE-----