Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/EDQ-Yk7isf9sH4FXPQShWflCgog.roa
File:                     EDQ-Yk7isf9sH4FXPQShWflCgog.roa (raw, json)
Hash identifier:          SaxlXz/G0eyL2HVakqjpN328ugQ4obe8PUCDuMchTeo=
Subject key identifier:   10:34:3E:62:4E:E2:B1:FF:6C:1F:81:57:3D:04:A1:59:F9:42:82:88
Certificate issuer:       /CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
Certificate serial:       019894F5E4D907223682B700F806D443E5E6
Authority key identifier: BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/EDQ-Yk7isf9sH4FXPQShWflCgog.roa
Signing time:             Sun 10 Aug 2025 17:09:59 +0000
ROA not before:           Sun 10 Aug 2025 17:09:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        212.81.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 05:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:94:f5:e4:d9:07:22:36:82:b7:00:f8:06:d4:43:e5:e6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd3668628f0df79d047eca0d9adcfc0b6693e309
        Validity
            Not Before: Aug 10 17:09:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=10343e624ee2b1ff6c1f81573d04a159f9428288
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3c:68:a1:39:98:2e:05:18:68:3a:61:23:d3:
                    74:2c:4e:b2:0f:bb:c7:7f:ad:de:da:13:dd:0c:f9:
                    29:c1:ae:e5:32:5b:c4:b6:73:64:af:46:99:ca:6a:
                    6e:15:46:93:86:28:6d:ec:b4:4f:49:52:27:97:55:
                    65:a9:5c:ce:0c:dc:73:63:36:89:97:4e:b4:c5:ea:
                    7c:e7:93:ee:ab:de:1d:cc:c0:94:04:74:b4:29:8f:
                    3e:7e:df:65:df:0d:60:50:88:91:a4:94:5e:c9:f0:
                    b8:e9:22:78:1b:2d:00:77:7c:80:e2:ba:d0:2e:4f:
                    d2:07:fb:2d:97:03:a5:c4:0a:57:b4:b3:a3:46:34:
                    75:c3:b8:a8:28:ae:4f:de:f0:ef:19:37:04:ca:da:
                    17:f1:09:7d:e6:f3:48:84:a8:7f:cc:27:58:38:32:
                    f5:be:9a:24:79:f1:14:1c:f7:15:6d:84:b4:25:50:
                    7e:22:37:ab:0e:50:ad:c0:ea:8b:25:2d:e3:61:92:
                    26:00:a5:c5:82:86:11:d8:b4:89:fd:16:9f:c0:f8:
                    1e:7b:d7:b9:a2:62:73:7c:3a:6d:4b:b9:30:1c:78:
                    26:f6:56:fb:43:ab:bf:05:0c:41:b0:2a:de:9b:1a:
                    ce:c4:97:21:30:52:92:3f:e8:00:20:9f:02:4e:02:
                    6d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:34:3E:62:4E:E2:B1:FF:6C:1F:81:57:3D:04:A1:59:F9:42:82:88
            X509v3 Authority Key Identifier:
                keyid:BD:36:68:62:8F:0D:F7:9D:04:7E:CA:0D:9A:DC:FC:0B:66:93:E3:09

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vTZoYo8N950EfsoNmtz8C2aT4wk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/EDQ-Yk7isf9sH4FXPQShWflCgog.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/1b5722-1dda-4df3-a45c-e6bf316c94a1/1/vTZoYo8N950EfsoNmtz8C2aT4wk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.81.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:48:51:1b:3c:1f:5a:5a:ff:b7:7f:19:c9:23:6d:97:58:b7:
         f5:a2:d9:8f:70:3e:05:6a:9c:71:90:26:2d:5a:7e:d0:24:82:
         7d:29:53:08:f0:78:c2:a8:7e:ba:c2:9f:0e:fe:7e:9b:93:bc:
         16:d8:3a:ca:f4:91:7b:49:97:58:5c:b8:a9:c3:a2:e0:26:5a:
         3b:fa:96:07:8f:9f:47:96:97:c8:73:7b:22:8f:4c:70:ea:41:
         75:5a:7a:8a:87:1a:6b:5c:ef:9d:53:41:96:9c:39:6d:ad:b2:
         9e:50:f6:61:10:a5:a7:1a:42:74:34:58:02:f5:ac:b3:ea:8b:
         a4:88:e6:cd:ec:30:bd:98:96:c1:49:ce:b3:2e:56:f5:35:f9:
         59:19:ee:7c:d9:e6:91:65:f5:79:cc:1e:d8:11:03:36:9c:2d:
         9f:0b:4a:c7:37:69:d7:7c:cc:89:ac:ab:f2:3e:da:26:32:2d:
         10:c3:75:2c:7b:32:d3:d7:45:c1:4d:86:0b:ac:b6:ae:83:a8:
         9a:1d:1a:86:54:86:83:48:70:13:b6:62:fe:ec:17:dd:70:f1:
         04:c0:fd:57:c5:7e:58:5d:e6:f5:99:2e:36:ce:e9:db:4d:73:
         9f:30:4d:0e:f3:fd:62:77:ae:a7:48:0e:57:ab:0d:34:17:b6:
         b1:19:1e:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZiU9eTZByI2grcA+AbUQ+XmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkMzY2ODYyOGYwZGY3OWQwNDdlY2EwZDlhZGNmYzBiNjY5
M2UzMDkwHhcNMjUwODEwMTcwOTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDM0M2U2MjRlZTJiMWZmNmMxZjgxNTczZDA0YTE1OWY5NDI4Mjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsTxooTmYLgUYaDphI9N0LE6yD7vH
f63e2hPdDPkpwa7lMlvEtnNkr0aZympuFUaThiht7LRPSVInl1VlqVzODNxzYzaJ
l060xep855Puq94dzMCUBHS0KY8+ft9l3w1gUIiRpJReyfC46SJ4Gy0Ad3yA4rrQ
Lk/SB/stlwOlxApXtLOjRjR1w7ioKK5P3vDvGTcEytoX8Ql95vNIhKh/zCdYODL1
vpokefEUHPcVbYS0JVB+IjerDlCtwOqLJS3jYZImAKXFgoYR2LSJ/RafwPgee9e5
omJzfDptS7kwHHgm9lb7Q6u/BQxBsCremxrOxJchMFKSP+gAIJ8CTgJtfwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBA0PmJO4rH/bB+BVz0EoVn5QoKIMB8GA1UdIwQY
MBaAFL02aGKPDfedBH7KDZrc/Atmk+MJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMt
ZTZiZjMxNmM5NGExLzEvRURRLVlrN2lzZjlzSDRGWFBRU2hXZmxDZ29nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi8xYjU3MjItMWRkYS00ZGYzLWE0NWMtZTZiZjMxNmM5NGEx
LzEvdlRab1lvOE45NTBFZnNvTm10ejhDMmFUNHdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1FEvMA0G
CSqGSIb3DQEBCwUAA4IBAQAbSFEbPB9aWv+3fxnJI22XWLf1otmPcD4FapxxkCYt
Wn7QJIJ9KVMI8HjCqH66wp8O/n6bk7wW2DrK9JF7SZdYXLipw6LgJlo7+pYHj59H
lpfIc3sij0xw6kF1WnqKhxprXO+dU0GWnDltrbKeUPZhEKWnGkJ0NFgC9ayz6ouk
iObN7DC9mJbBSc6zLlb1NflZGe582eaRZfV5zB7YEQM2nC2fC0rHN2nXfMyJrKvy
PtomMi0Qw3UsezLT10XBTYYLrLaug6iaHRqGVIaDSHATtmL+7BfdcPEEwP1XxX5Y
Xeb1mS42zunbTXOfME0O8/1id66nSA5Xqw00F7axGR5O
-----END CERTIFICATE-----