Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/EzmgW5SIzKZhd3gcqi5vbAQspRs.roa
File:                     EzmgW5SIzKZhd3gcqi5vbAQspRs.roa (raw, json)
Hash identifier:          9GSjRSh1NRSv4vNrPQJMwH5N/rEwdp6boN/thonioHA=
Subject key identifier:   13:39:A0:5B:94:88:CC:A6:61:77:78:1C:AA:2E:6F:6C:04:2C:A5:1B
Certificate issuer:       /CN=9d989b3998e19fc00f8670cf6c9d7401715cf34f
Certificate serial:       01967C67A97CE6BE8172447A10DEE37961B3
Authority key identifier: 9D:98:9B:39:98:E1:9F:C0:0F:86:70:CF:6C:9D:74:01:71:5C:F3:4F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/EzmgW5SIzKZhd3gcqi5vbAQspRs.roa
Signing time:             Mon 28 Apr 2025 12:38:10 +0000
ROA not before:           Mon 28 Apr 2025 12:38:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209616
IP address blocks:        46.231.225.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 11 May 2025 22:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7c:67:a9:7c:e6:be:81:72:44:7a:10:de:e3:79:61:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9d989b3998e19fc00f8670cf6c9d7401715cf34f
        Validity
            Not Before: Apr 28 12:38:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1339a05b9488cca66177781caa2e6f6c042ca51b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:03:6d:46:aa:a0:85:7e:dd:c1:8b:67:82:58:
                    b3:6b:8e:16:dd:27:9d:54:d5:70:43:1e:e0:53:f7:
                    5d:09:bd:d7:e5:75:98:9a:6f:68:61:ce:41:09:bc:
                    4b:c8:60:00:6d:bb:73:a4:e7:b5:59:d5:0b:d3:9b:
                    aa:e8:53:6e:24:66:1c:67:eb:ee:90:ad:64:33:a8:
                    9a:00:68:0f:7f:32:c0:b4:c3:41:02:3a:54:5a:c8:
                    06:81:8f:56:9f:a9:74:66:d7:1c:9f:1a:4b:6a:82:
                    27:86:9a:fd:83:e1:97:b6:f2:ff:b1:04:a8:29:65:
                    82:fc:27:74:9a:52:b8:96:04:9a:20:83:60:e9:c5:
                    69:f9:fa:fd:29:5d:ca:68:13:74:96:cd:0e:3b:8b:
                    af:8c:26:bc:0b:43:80:cf:7d:15:c3:9e:ef:82:2a:
                    d9:8a:b0:1c:db:0b:1c:13:27:76:54:00:ba:9d:0d:
                    0d:7c:d5:5c:0b:db:1f:00:5a:a0:f0:67:b8:4d:93:
                    77:04:5f:9a:bf:92:57:5f:b4:37:95:3e:cb:81:82:
                    04:89:04:bd:0c:60:23:0d:5a:fc:c9:2e:44:82:03:
                    b3:c9:3f:60:46:4d:78:4b:80:9f:35:d4:52:3e:91:
                    d8:07:a5:82:80:17:db:ba:b8:16:a8:aa:aa:25:b7:
                    0b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:39:A0:5B:94:88:CC:A6:61:77:78:1C:AA:2E:6F:6C:04:2C:A5:1B
            X509v3 Authority Key Identifier:
                keyid:9D:98:9B:39:98:E1:9F:C0:0F:86:70:CF:6C:9D:74:01:71:5C:F3:4F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nZibOZjhn8APhnDPbJ10AXFc808.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/EzmgW5SIzKZhd3gcqi5vbAQspRs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/8c5f5a-804b-4df6-827b-c7ccd7943106/1/nZibOZjhn8APhnDPbJ10AXFc808.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.231.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:39:2d:30:db:53:12:2b:56:67:6c:b7:58:b0:9f:f2:4b:e2:
         99:f6:84:d6:89:06:5f:b9:d6:f7:ad:a2:86:57:bb:96:25:9e:
         1c:c5:39:f8:03:3b:dd:d8:b4:81:fb:d5:b3:3a:e4:50:9c:81:
         e6:cd:f4:a2:de:61:c8:7e:3e:27:97:78:e8:41:a3:4d:1c:b8:
         e6:26:9c:ca:62:05:2e:b4:2f:f9:9e:6f:4e:24:04:d0:c7:5b:
         53:88:47:4c:f3:89:ba:3d:e4:db:0b:5d:22:7b:24:79:5e:9a:
         76:ab:2f:0a:51:36:99:1c:76:96:dc:6b:12:46:ab:7c:a2:e9:
         fd:50:d9:a4:1b:9d:38:66:26:33:dd:1f:34:fd:a8:81:4d:f0:
         f8:0f:e0:14:a5:97:f4:7c:28:14:c5:15:bc:51:55:4d:a0:ac:
         e4:f6:30:c6:b3:be:29:4d:cf:bf:91:2d:ce:c9:e9:4a:c8:55:
         f2:e3:5f:48:87:57:49:f3:f4:f0:96:cd:af:75:86:14:eb:b4:
         e5:f7:1e:8d:34:53:0c:70:c3:bb:10:ec:d6:b5:a7:68:56:21:
         9c:90:95:e9:e4:81:d2:d1:a2:c3:9c:39:60:1f:45:58:81:ce:
         65:39:89:ac:2d:f7:7e:41:8d:ce:1c:48:8a:98:63:44:f8:63:
         94:18:5c:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ8Z6l85r6BckR6EN7jeWGzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkOTg5YjM5OThlMTlmYzAwZjg2NzBjZjZjOWQ3NDAxNzE1
Y2YzNGYwHhcNMjUwNDI4MTIzODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzM5YTA1Yjk0ODhjY2E2NjE3Nzc4MWNhYTJlNmY2YzA0MmNhNTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsgNtRqqghX7dwYtngliza44W3Sed
VNVwQx7gU/ddCb3X5XWYmm9oYc5BCbxLyGAAbbtzpOe1WdUL05uq6FNuJGYcZ+vu
kK1kM6iaAGgPfzLAtMNBAjpUWsgGgY9Wn6l0ZtccnxpLaoInhpr9g+GXtvL/sQSo
KWWC/Cd0mlK4lgSaIINg6cVp+fr9KV3KaBN0ls0OO4uvjCa8C0OAz30Vw57vgirZ
irAc2wscEyd2VAC6nQ0NfNVcC9sfAFqg8Ge4TZN3BF+av5JXX7Q3lT7LgYIEiQS9
DGAjDVr8yS5EggOzyT9gRk14S4CfNdRSPpHYB6WCgBfburgWqKqqJbcLywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBM5oFuUiMymYXd4HKoub2wELKUbMB8GA1UdIwQY
MBaAFJ2YmzmY4Z/AD4Zwz2yddAFxXPNPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvblppYk9aamhuOEFQaG5EUGJKMTBBWEZjODA4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC84YzVmNWEtODA0Yi00ZGY2LTgyN2It
YzdjY2Q3OTQzMTA2LzEvRXptZ1c1U0l6S1poZDNnY3FpNXZiQVFzcFJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC84YzVmNWEtODA0Yi00ZGY2LTgyN2ItYzdjY2Q3OTQzMTA2
LzEvblppYk9aamhuOEFQaG5EUGJKMTBBWEZjODA4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALufhMA0G
CSqGSIb3DQEBCwUAA4IBAQDHOS0w21MSK1ZnbLdYsJ/yS+KZ9oTWiQZfudb3raKG
V7uWJZ4cxTn4Azvd2LSB+9WzOuRQnIHmzfSi3mHIfj4nl3joQaNNHLjmJpzKYgUu
tC/5nm9OJATQx1tTiEdM84m6PeTbC10ieyR5Xpp2qy8KUTaZHHaW3GsSRqt8oun9
UNmkG504ZiYz3R80/aiBTfD4D+AUpZf0fCgUxRW8UVVNoKzk9jDGs74pTc+/kS3O
yelKyFXy419Ih1dJ8/Twls2vdYYU67Tl9x6NNFMMcMO7EOzWtadoViGckJXp5IHS
0aLDnDlgH0VYgc5lOYmsLfd+QY3OHEiKmGNE+GOUGFw0
-----END CERTIFICATE-----