Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/pUBqCD7nejoDDFxvF2FXL2OHc7A.roa
File:                     pUBqCD7nejoDDFxvF2FXL2OHc7A.roa (raw, json)
Hash identifier:          to2kXRP363Jc5MKaW67n4a1M7W9DhKTD9WixGpgyIaM=
Subject key identifier:   A5:40:6A:08:3E:E7:7A:3A:03:0C:5C:6F:17:61:57:2F:63:87:73:B0
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01969170CB3F07903CDD6B814529E91F3FCF
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/pUBqCD7nejoDDFxvF2FXL2OHc7A.roa
Signing time:             Fri 02 May 2025 14:40:10 +0000
ROA not before:           Fri 02 May 2025 14:40:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209298
IP address blocks:        45.136.68.0/24 maxlen: 24
                          213.226.113.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:91:70:cb:3f:07:90:3c:dd:6b:81:45:29:e9:1f:3f:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: May  2 14:40:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a5406a083ee77a3a030c5c6f1761572f638773b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:a2:c5:57:1e:82:55:8b:ed:85:88:d7:88:48:
                    ce:70:23:36:d6:93:95:78:dc:ee:64:bf:d0:c4:12:
                    2e:f6:80:37:3c:28:0a:cb:7e:f3:8a:fc:22:c0:2e:
                    e3:a4:82:39:9a:84:ef:5d:80:4a:41:a5:ec:b1:4b:
                    df:99:f1:c7:6e:27:4c:61:c1:f5:c6:45:0c:e2:41:
                    3e:7b:a7:5f:75:5a:00:15:f1:7f:ac:a9:4c:4f:45:
                    8e:45:0b:02:13:fb:d9:e4:6f:ce:69:82:32:62:00:
                    f8:ee:e4:01:71:5b:22:8c:fe:32:94:05:c5:17:84:
                    4d:34:7d:fd:c6:12:2a:79:9e:6e:e1:6e:cd:3d:e7:
                    ef:1a:1b:7a:5d:3a:18:6b:a4:ed:b3:95:3f:a3:76:
                    bb:de:d2:bd:ac:cb:85:74:9a:9b:64:3b:bf:b2:5a:
                    40:ea:fb:43:07:ee:ed:e5:5f:b4:96:86:85:f2:9f:
                    1f:ef:45:75:c3:1d:52:84:1e:68:c8:d9:92:22:b3:
                    28:f3:e6:a5:9b:ad:37:16:de:e8:25:da:f3:82:69:
                    d3:b5:f9:d3:e7:91:c9:c3:7f:f3:9c:b2:7a:af:e3:
                    9f:dd:f5:6e:d1:dc:b4:e4:fb:d3:d6:8a:2f:ad:3d:
                    cb:5c:a9:c6:24:81:21:2c:eb:7f:66:01:3d:6a:93:
                    bb:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:40:6A:08:3E:E7:7A:3A:03:0C:5C:6F:17:61:57:2F:63:87:73:B0
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/pUBqCD7nejoDDFxvF2FXL2OHc7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.136.68.0/24
                  213.226.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         22:ae:f9:9f:76:7b:b1:ed:c7:97:c5:e3:86:04:fc:b8:56:3e:
         fb:75:3b:05:29:40:9a:c5:c2:7e:e7:c1:be:ae:8e:4d:f7:16:
         df:6d:fc:c6:d3:2f:cf:06:78:72:6c:16:1a:dc:44:26:57:c2:
         04:87:2a:d7:6e:04:c2:bd:a0:dd:1f:b1:59:94:41:37:ff:fd:
         64:f9:e5:85:bd:bc:50:b2:9e:dc:02:c4:2e:4e:72:89:af:f6:
         c3:e6:34:c6:ac:ab:ae:c0:d5:a9:a5:e4:f8:aa:18:24:c0:cc:
         82:64:a8:38:b9:2a:e7:78:e2:36:1a:15:53:b8:44:a3:00:5b:
         82:4e:16:28:5b:71:ff:13:9f:b3:41:13:32:1c:cd:0c:1e:1f:
         e8:88:e5:b6:b7:24:e3:24:53:f5:26:d5:a0:38:9b:31:2a:7f:
         78:20:80:9c:ef:a0:6e:47:96:a4:51:44:d3:72:a9:e7:ed:21:
         43:db:76:d9:54:b1:64:5e:63:38:35:2a:a5:b5:49:61:e8:70:
         08:01:eb:61:5b:fa:78:4b:67:0f:7d:4c:b7:b9:1f:8e:e0:43:
         f5:7f:30:85:9d:56:ed:1a:cd:2e:56:08:5e:02:c5:ff:aa:0c:
         0e:4b:65:2b:83:87:e2:27:d3:84:10:b2:a6:4f:ae:1d:9f:67:
         18:b2:c0:34
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZaRcMs/B5A83WuBRSnpHz/PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwNTAyMTQ0MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTQwNmEwODNlZTc3YTNhMDMwYzVjNmYxNzYxNTcyZjYzODc3M2IwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7qLFVx6CVYvthYjXiEjOcCM21pOV
eNzuZL/QxBIu9oA3PCgKy37zivwiwC7jpII5moTvXYBKQaXssUvfmfHHbidMYcH1
xkUM4kE+e6dfdVoAFfF/rKlMT0WORQsCE/vZ5G/OaYIyYgD47uQBcVsijP4ylAXF
F4RNNH39xhIqeZ5u4W7NPefvGht6XToYa6Tts5U/o3a73tK9rMuFdJqbZDu/slpA
6vtDB+7t5V+0loaF8p8f70V1wx1ShB5oyNmSIrMo8+alm603Ft7oJdrzgmnTtfnT
55HJw3/znLJ6r+Of3fVu0dy05PvT1oovrT3LXKnGJIEhLOt/ZgE9apO7BQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKVAagg+53o6AwxcbxdhVy9jh3OwMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvcFVCcUNEN25lam9EREZ4dkYyRlhMMk9IYzdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYhEAwQA
1eJxMA0GCSqGSIb3DQEBCwUAA4IBAQAirvmfdnux7ceXxeOGBPy4Vj77dTsFKUCa
xcJ+58G+ro5N9xbfbfzG0y/PBnhybBYa3EQmV8IEhyrXbgTCvaDdH7FZlEE3//1k
+eWFvbxQsp7cAsQuTnKJr/bD5jTGrKuuwNWppeT4qhgkwMyCZKg4uSrneOI2GhVT
uESjAFuCThYoW3H/E5+zQRMyHM0MHh/oiOW2tyTjJFP1JtWgOJsxKn94IICc76Bu
R5akUUTTcqnn7SFD23bZVLFkXmM4NSqltUlh6HAIAethW/p4S2cPfUy3uR+O4EP1
fzCFnVbtGs0uVgheAsX/qgwOS2Urg4fiJ9OEELKmT64dn2cYssA0
-----END CERTIFICATE-----