Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f5/49c3e1-1f7f-4e58-b02b-88592043026f/1/eEe-w2donDCxX-tAzaEpFb0UtVY.roa
File:                     eEe-w2donDCxX-tAzaEpFb0UtVY.roa (raw, json)
Hash identifier:          g2d5FELl0EWl1pKF09WRuqqNzRt0N8/ZzyiwDHce4Xk=
Subject key identifier:   78:47:BE:C3:67:68:9C:30:B1:5F:EB:40:CD:A1:29:15:BD:14:B5:56
Certificate issuer:       /CN=28c203d65df2d65bdbcf3c883442ddab55a3bcde
Certificate serial:       0196B0333E2C82EA1DFF44B6041A6AC91899
Authority key identifier: 28:C2:03:D6:5D:F2:D6:5B:DB:CF:3C:88:34:42:DD:AB:55:A3:BC:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KMID1l3y1lvbzzyINELdq1WjvN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f5/49c3e1-1f7f-4e58-b02b-88592043026f/1/eEe-w2donDCxX-tAzaEpFb0UtVY.roa
Signing time:             Thu 08 May 2025 14:01:10 +0000
ROA not before:           Thu 08 May 2025 14:01:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43623
IP address blocks:        193.189.152.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f5/49c3e1-1f7f-4e58-b02b-88592043026f/1/KMID1l3y1lvbzzyINELdq1WjvN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f5/49c3e1-1f7f-4e58-b02b-88592043026f/1/KMID1l3y1lvbzzyINELdq1WjvN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KMID1l3y1lvbzzyINELdq1WjvN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 08:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:b0:33:3e:2c:82:ea:1d:ff:44:b6:04:1a:6a:c9:18:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28c203d65df2d65bdbcf3c883442ddab55a3bcde
        Validity
            Not Before: May  8 14:01:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7847bec367689c30b15feb40cda12915bd14b556
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:a0:d8:1b:f7:63:d8:1c:79:df:36:7c:41:23:
                    95:08:1e:dd:1a:f7:29:75:43:28:b4:94:82:02:10:
                    4c:56:d1:a6:60:9f:b9:76:61:60:5d:91:27:dc:3a:
                    c5:03:62:7d:fd:07:f9:79:57:5f:ef:13:80:67:4f:
                    c6:e0:03:8b:01:7f:9f:83:b6:c0:2a:c0:0c:c7:2c:
                    b3:a5:e0:d9:d2:63:3f:3f:9f:22:f9:6a:8e:c0:29:
                    3a:1a:bd:2e:81:f2:19:15:c5:54:ec:d7:de:f5:8f:
                    56:d4:51:d7:6c:7b:ab:e3:1c:65:3a:f0:a4:f9:ab:
                    0f:55:c1:eb:58:57:d4:78:b7:4c:05:67:d5:63:39:
                    96:33:00:73:27:25:a1:c1:a8:dc:3e:95:c5:fa:2f:
                    4f:95:8a:92:aa:56:6f:28:d8:64:31:a2:5e:e3:cd:
                    6e:12:ca:f5:77:a7:24:89:97:de:6e:ed:32:2b:c1:
                    02:2f:52:2a:cf:a8:7e:82:ef:95:56:1a:4c:0c:27:
                    d0:0b:44:ef:11:f3:1e:73:c3:21:cf:d3:3f:f6:90:
                    36:aa:46:3d:15:03:5c:d6:ac:67:65:c7:f7:e4:dd:
                    52:62:b1:cf:ec:d9:22:4d:e6:d3:f6:93:aa:a2:e9:
                    48:8a:6b:eb:75:57:fd:a4:5b:25:51:71:ad:6d:4e:
                    d3:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:47:BE:C3:67:68:9C:30:B1:5F:EB:40:CD:A1:29:15:BD:14:B5:56
            X509v3 Authority Key Identifier:
                keyid:28:C2:03:D6:5D:F2:D6:5B:DB:CF:3C:88:34:42:DD:AB:55:A3:BC:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KMID1l3y1lvbzzyINELdq1WjvN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/49c3e1-1f7f-4e58-b02b-88592043026f/1/eEe-w2donDCxX-tAzaEpFb0UtVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f5/49c3e1-1f7f-4e58-b02b-88592043026f/1/KMID1l3y1lvbzzyINELdq1WjvN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.189.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:05:1f:5a:54:d8:e2:d1:09:3d:4f:b8:f7:b6:4c:fd:3a:4f:
         24:e4:96:4e:21:75:86:1a:60:de:14:75:cd:26:dc:a9:41:88:
         09:98:d8:93:7e:64:4c:5c:ac:64:d3:8d:b0:26:6a:58:40:3b:
         79:95:8d:d5:1d:63:65:e5:e8:03:7e:6f:27:37:2c:c9:76:33:
         f1:80:fb:5c:73:7d:42:73:bd:67:0e:f6:fe:e7:f2:02:5c:12:
         ed:13:8a:d6:ac:50:f7:0c:be:3a:da:d0:5f:49:42:7e:96:f6:
         da:d7:2e:09:53:85:eb:e5:0f:b8:65:04:c9:1c:a7:08:f9:46:
         ca:cb:35:21:cd:8b:10:68:c3:f2:3a:05:37:e4:91:e1:78:03:
         c8:d2:ef:9a:ed:ec:a0:43:85:7a:7e:c0:bb:50:97:6d:60:e4:
         62:22:69:2c:8c:84:0b:8b:2e:4c:6a:4a:47:ef:6f:35:0e:4b:
         08:11:6d:d2:b8:69:0c:fb:ac:9b:05:25:1f:49:5d:e3:10:f0:
         a7:49:d5:39:aa:65:be:f4:91:35:21:e4:ff:15:93:65:d7:07:
         0f:58:93:61:d6:f0:ab:26:08:71:50:30:43:a9:80:ee:26:29:
         bc:11:94:04:f2:f6:04:8e:d3:70:86:82:18:f9:b5:23:3c:4f:
         29:a8:e6:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZawMz4sguod/0S2BBpqyRiZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YzIwM2Q2NWRmMmQ2NWJkYmNmM2M4ODM0NDJkZGFiNTVh
M2JjZGUwHhcNMjUwNTA4MTQwMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODQ3YmVjMzY3Njg5YzMwYjE1ZmViNDBjZGExMjkxNWJkMTRiNTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7KDYG/dj2Bx53zZ8QSOVCB7dGvcp
dUMotJSCAhBMVtGmYJ+5dmFgXZEn3DrFA2J9/Qf5eVdf7xOAZ0/G4AOLAX+fg7bA
KsAMxyyzpeDZ0mM/P58i+WqOwCk6Gr0ugfIZFcVU7Nfe9Y9W1FHXbHur4xxlOvCk
+asPVcHrWFfUeLdMBWfVYzmWMwBzJyWhwajcPpXF+i9PlYqSqlZvKNhkMaJe481u
Esr1d6ckiZfebu0yK8ECL1Iqz6h+gu+VVhpMDCfQC0TvEfMec8Mhz9M/9pA2qkY9
FQNc1qxnZcf35N1SYrHP7NkiTebT9pOqoulIimvrdVf9pFslUXGtbU7T3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHhHvsNnaJwwsV/rQM2hKRW9FLVWMB8GA1UdIwQY
MBaAFCjCA9Zd8tZb2888iDRC3atVo7zeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS01JRDFsM3kxbHZienp5SU5FTGRxMVdqdk40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNS80OWMzZTEtMWY3Zi00ZTU4LWIwMmIt
ODg1OTIwNDMwMjZmLzEvZUVlLXcyZG9uREN4WC10QXphRXBGYjBVdFZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNS80OWMzZTEtMWY3Zi00ZTU4LWIwMmItODg1OTIwNDMwMjZm
LzEvS01JRDFsM3kxbHZienp5SU5FTGRxMVdqdk40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwb2YMA0G
CSqGSIb3DQEBCwUAA4IBAQAfBR9aVNji0Qk9T7j3tkz9Ok8k5JZOIXWGGmDeFHXN
JtypQYgJmNiTfmRMXKxk042wJmpYQDt5lY3VHWNl5egDfm8nNyzJdjPxgPtcc31C
c71nDvb+5/ICXBLtE4rWrFD3DL462tBfSUJ+lvba1y4JU4Xr5Q+4ZQTJHKcI+UbK
yzUhzYsQaMPyOgU35JHheAPI0u+a7eygQ4V6fsC7UJdtYORiImksjIQLiy5MakpH
7281DksIEW3SuGkM+6ybBSUfSV3jEPCnSdU5qmW+9JE1IeT/FZNl1wcPWJNh1vCr
JghxUDBDqYDuJim8EZQE8vYEjtNwhoIY+bUjPE8pqObW
-----END CERTIFICATE-----