Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/EKhqaPh1As_LgaSnKh_9jCCsPwU.roa
File:                     EKhqaPh1As_LgaSnKh_9jCCsPwU.roa (raw, json)
Hash identifier:          iH9Gmv62UC/gRR0SnkOogSHM2scacEkSa0jeOv1ldL4=
Subject key identifier:   10:A8:6A:68:F8:75:02:CF:CB:81:A4:A7:2A:1F:FD:8C:20:AC:3F:05
Certificate issuer:       /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial:       01963329813923038FF32C50537FA4563D7F
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/EKhqaPh1As_LgaSnKh_9jCCsPwU.roa
Signing time:             Mon 14 Apr 2025 07:17:59 +0000
ROA not before:           Mon 14 Apr 2025 07:17:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212027
IP address blocks:        213.130.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:33:29:81:39:23:03:8f:f3:2c:50:53:7f:a4:56:3d:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
        Validity
            Not Before: Apr 14 07:17:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=10a86a68f87502cfcb81a4a72a1ffd8c20ac3f05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:39:93:8d:ce:03:17:8e:dc:cb:75:25:c1:8f:
                    6f:23:bf:cd:d5:50:1f:aa:39:4a:fc:77:a6:aa:db:
                    6f:ad:bd:10:c7:3b:8e:6e:b1:a4:5e:14:9f:87:df:
                    9f:7d:d4:30:95:19:ea:d3:b6:be:58:ed:8e:b0:e9:
                    a4:59:44:0a:02:eb:de:94:32:34:46:9b:55:f9:b1:
                    46:86:d0:2b:df:d8:e4:91:57:88:99:dc:a6:c1:e1:
                    e6:3a:81:08:de:35:7f:b2:2d:5d:97:98:1e:cb:3b:
                    fc:50:75:2c:7c:c2:bb:51:c0:c8:e9:8c:b6:dd:d4:
                    e2:c2:21:92:44:37:66:17:36:08:c3:4b:eb:fe:8b:
                    7d:22:88:a0:67:19:42:10:23:7a:39:1c:e9:65:6b:
                    f3:0f:74:32:2b:b6:4f:84:39:f1:3b:35:1c:06:d8:
                    e3:64:4b:cd:d1:c8:e1:ad:d9:0e:b8:70:1e:6c:14:
                    3f:dc:e5:3b:49:a3:73:5a:d5:e4:d4:54:76:6f:fd:
                    3b:b6:ef:6d:29:63:cd:a0:dc:15:75:cb:23:41:71:
                    b3:a6:84:8a:fc:0d:a1:d2:e7:88:62:cb:0b:f2:11:
                    cd:8b:7d:81:a1:45:bc:51:98:a0:2b:1a:83:97:70:
                    8a:6a:2b:66:cc:68:f5:9d:dd:5a:5c:78:3b:fc:cd:
                    70:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:A8:6A:68:F8:75:02:CF:CB:81:A4:A7:2A:1F:FD:8C:20:AC:3F:05
            X509v3 Authority Key Identifier:
                keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/EKhqaPh1As_LgaSnKh_9jCCsPwU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.130.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         35:ed:1e:6f:11:7e:ae:94:00:74:fc:87:1b:34:8b:ac:fd:57:
         60:47:bc:90:98:48:62:e5:2b:ed:97:4f:da:47:a3:9a:c9:f6:
         8e:a1:9d:71:f1:3e:d9:09:73:8b:d5:1f:da:55:42:70:a7:4d:
         06:cb:06:01:3b:8a:a8:4e:b7:e7:f4:49:8a:c3:b4:35:6e:33:
         df:3b:07:b3:fe:c8:c8:57:a3:3a:d0:29:54:3a:90:85:de:91:
         3d:74:d0:2d:3d:35:80:58:e2:43:94:18:3c:dd:8f:ef:c9:e7:
         7b:ab:24:77:d3:9e:52:f5:9e:20:2d:c8:28:d7:f2:fb:fd:87:
         8b:db:79:cc:cc:4d:29:42:57:17:ff:4c:4f:91:fb:f9:78:83:
         39:9e:62:ab:e0:16:9c:3c:a0:4c:eb:c2:41:93:aa:31:0b:b2:
         d0:16:36:05:2c:d3:5f:b0:60:8b:6f:78:80:e0:43:7a:e8:3f:
         e1:60:53:f2:0d:78:05:0a:8a:c3:5a:25:75:3a:97:69:c9:1e:
         d8:80:17:67:42:ed:a8:5e:5a:64:ae:4f:05:f0:ec:b4:b5:d6:
         de:66:b4:5e:1a:66:2d:39:6e:52:de:c7:8e:7f:bc:1b:8e:74:
         e0:78:a6:f7:c0:a4:f2:dd:46:70:72:ea:d2:e6:eb:5a:a1:c1:
         04:b3:27:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYzKYE5IwOP8yxQU3+kVj1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjUwNDE0MDcxNzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGE4NmE2OGY4NzUwMmNmY2I4MWE0YTcyYTFmZmQ4YzIwYWMzZjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0zmTjc4DF47cy3UlwY9vI7/N1VAf
qjlK/Hemqttvrb0QxzuObrGkXhSfh9+ffdQwlRnq07a+WO2OsOmkWUQKAuvelDI0
RptV+bFGhtAr39jkkVeImdymweHmOoEI3jV/si1dl5geyzv8UHUsfMK7UcDI6Yy2
3dTiwiGSRDdmFzYIw0vr/ot9IoigZxlCECN6ORzpZWvzD3QyK7ZPhDnxOzUcBtjj
ZEvN0cjhrdkOuHAebBQ/3OU7SaNzWtXk1FR2b/07tu9tKWPNoNwVdcsjQXGzpoSK
/A2h0ueIYssL8hHNi32BoUW8UZigKxqDl3CKaitmzGj1nd1aXHg7/M1wAQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBCoamj4dQLPy4Gkpyof/YwgrD8FMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvRUtocWFQaDFBc19MZ2FTbktoXzlqQ0NzUHdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YKXMA0G
CSqGSIb3DQEBCwUAA4IBAQA17R5vEX6ulAB0/IcbNIus/VdgR7yQmEhi5Svtl0/a
R6OayfaOoZ1x8T7ZCXOL1R/aVUJwp00GywYBO4qoTrfn9EmKw7Q1bjPfOwez/sjI
V6M60ClUOpCF3pE9dNAtPTWAWOJDlBg83Y/vyed7qyR3055S9Z4gLcgo1/L7/YeL
23nMzE0pQlcX/0xPkfv5eIM5nmKr4BacPKBM68JBk6oxC7LQFjYFLNNfsGCLb3iA
4EN66D/hYFPyDXgFCorDWiV1OpdpyR7YgBdnQu2oXlpkrk8F8Oy0tdbeZrReGmYt
OW5S3seOf7wbjnTgeKb3wKTy3UZwcurS5utaocEEsyfr
-----END CERTIFICATE-----