Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/BltTEInitivK3eyqQ5obKTw3h6s.roa
File:                     BltTEInitivK3eyqQ5obKTw3h6s.roa (raw, json)
Hash identifier:          hMPC9jhA8iF1m1Jzwjku0E4e4nuT3S0/44EvQID8r7g=
Subject key identifier:   06:5B:53:10:89:E2:B6:2B:CA:DD:EC:AA:43:9A:1B:29:3C:37:87:AB
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       0196B623049DEA3F401B2F391F581ECFCB57
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/BltTEInitivK3eyqQ5obKTw3h6s.roa
Signing time:             Fri 09 May 2025 17:41:10 +0000
ROA not before:           Fri 09 May 2025 17:41:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     397423
IP address blocks:        89.106.15.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b6:23:04:9d:ea:3f:40:1b:2f:39:1f:58:1e:cf:cb:57
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: May  9 17:41:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=065b531089e2b62bcaddecaa439a1b293c3787ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:37:d1:94:ee:16:52:5d:fe:cf:8a:53:45:68:
                    ae:14:ab:30:24:36:6f:a8:06:6b:21:c9:fc:dd:ae:
                    83:bb:83:d8:e4:0e:68:dc:29:50:93:f7:10:59:86:
                    1d:ea:37:2b:98:20:e4:be:58:2b:8c:01:a3:8f:c3:
                    e0:e4:df:05:97:2e:db:e6:ba:74:78:ed:af:91:14:
                    8b:4e:0d:71:4b:b6:fe:58:b4:63:66:80:ce:ae:1a:
                    a7:9d:d9:77:c6:88:28:9e:20:27:26:07:68:ec:80:
                    0c:f3:d5:48:f1:a9:67:c7:78:b2:b7:6c:b8:33:54:
                    dc:99:62:c4:05:de:31:dd:a5:03:38:6e:ef:63:84:
                    ef:5f:f8:d6:10:3e:a6:65:4e:31:32:4a:e5:e7:e6:
                    7c:28:49:bb:b2:fc:08:a3:4e:12:22:14:de:16:97:
                    7d:e5:04:e0:0a:9b:81:d3:ba:b9:37:70:85:20:6b:
                    c1:bf:95:30:9c:7b:a8:0e:e2:37:29:87:08:3b:04:
                    81:8f:a2:78:eb:a1:be:d7:cc:bc:0a:8e:7b:0e:96:
                    97:0e:e6:99:d2:75:d8:db:9e:3d:5d:85:14:51:02:
                    a7:20:df:b3:2f:0c:ed:a8:cd:99:a3:9c:df:1f:95:
                    8e:93:8d:a4:35:f5:c5:9f:8b:d0:55:90:ff:aa:d7:
                    34:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:5B:53:10:89:E2:B6:2B:CA:DD:EC:AA:43:9A:1B:29:3C:37:87:AB
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/BltTEInitivK3eyqQ5obKTw3h6s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.106.15.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:a8:44:14:94:57:51:c2:cc:b6:b4:3e:90:04:96:57:c0:33:
         e9:27:22:9e:b4:37:f9:9f:1c:10:15:a7:1b:5d:34:b7:7a:ac:
         0e:fc:a1:83:98:01:51:66:20:2c:4a:85:37:c3:a8:fd:42:d5:
         f3:23:98:10:c5:b9:26:f5:34:67:d0:41:85:2e:21:c9:f1:83:
         be:30:a4:35:c1:02:82:eb:69:e2:ed:70:dc:25:e6:9f:fe:68:
         fc:5e:d4:ee:d2:7b:40:b6:1e:78:af:e6:65:17:d5:3a:11:89:
         20:56:87:af:7e:5a:38:28:02:6f:e3:df:d3:1a:e1:cb:9e:7c:
         02:d2:44:1b:7d:07:bb:9d:f3:ea:24:49:6a:c3:88:1d:f7:2f:
         d3:26:4c:38:28:08:72:8b:1b:57:17:e7:1d:4a:82:f7:11:bb:
         b5:57:71:ca:fe:aa:9f:5b:e5:38:ae:41:c1:75:cc:71:6c:63:
         c0:e3:6f:d0:6e:31:81:05:e2:ce:a1:67:b9:02:7b:7c:e4:fd:
         1f:b1:6a:e4:e3:0e:be:7b:06:d1:2b:27:9e:c0:fb:1f:4d:26:
         2b:d3:5e:2e:f4:75:b9:10:cd:a4:e1:39:f0:f6:60:b4:2f:cc:
         d2:99:8f:16:9b:ea:1f:92:d3:a7:92:71:a6:ab:b9:72:77:f9:
         98:86:fe:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZa2IwSd6j9AGy85H1gez8tXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwNTA5MTc0MTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNjViNTMxMDg5ZTJiNjJiY2FkZGVjYWE0MzlhMWIyOTNjMzc4N2FiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3zfRlO4WUl3+z4pTRWiuFKswJDZv
qAZrIcn83a6Du4PY5A5o3ClQk/cQWYYd6jcrmCDkvlgrjAGjj8Pg5N8Fly7b5rp0
eO2vkRSLTg1xS7b+WLRjZoDOrhqnndl3xogoniAnJgdo7IAM89VI8alnx3iyt2y4
M1TcmWLEBd4x3aUDOG7vY4TvX/jWED6mZU4xMkrl5+Z8KEm7svwIo04SIhTeFpd9
5QTgCpuB07q5N3CFIGvBv5UwnHuoDuI3KYcIOwSBj6J466G+18y8Co57DpaXDuaZ
0nXY2549XYUUUQKnIN+zLwztqM2Zo5zfH5WOk42kNfXFn4vQVZD/qtc0mwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAZbUxCJ4rYryt3sqkOaGyk8N4erMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvQmx0VEVJbml0aXZLM2V5cVE1b2JLVHczaDZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAWWoPMA0G
CSqGSIb3DQEBCwUAA4IBAQBZqEQUlFdRwsy2tD6QBJZXwDPpJyKetDf5nxwQFacb
XTS3eqwO/KGDmAFRZiAsSoU3w6j9QtXzI5gQxbkm9TRn0EGFLiHJ8YO+MKQ1wQKC
62ni7XDcJeaf/mj8XtTu0ntAth54r+ZlF9U6EYkgVoevflo4KAJv49/TGuHLnnwC
0kQbfQe7nfPqJElqw4gd9y/TJkw4KAhyixtXF+cdSoL3Ebu1V3HK/qqfW+U4rkHB
dcxxbGPA42/QbjGBBeLOoWe5Ant85P0fsWrk4w6+ewbRKyeewPsfTSYr014u9HW5
EM2k4Tnw9mC0L8zSmY8Wm+ofktOnknGmq7lyd/mYhv6r
-----END CERTIFICATE-----