Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/1eb_RUUKl1wArkM4nQrNO8o6zA4.roa
File:                     1eb_RUUKl1wArkM4nQrNO8o6zA4.roa (raw, json)
Hash identifier:          DnRX9ewfVK8qHRMwGypJDg5WY6eKWtJUTgSgVVUpaxk=
Subject key identifier:   D5:E6:FF:45:45:0A:97:5C:00:AE:43:38:9D:0A:CD:3B:CA:3A:CC:0E
Certificate issuer:       /CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
Certificate serial:       01989ED8CCAE4C85E815749BF846BEC72091
Authority key identifier: 66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/1eb_RUUKl1wArkM4nQrNO8o6zA4.roa
Signing time:             Tue 12 Aug 2025 15:14:24 +0000
ROA not before:           Tue 12 Aug 2025 15:14:24 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213652
IP address blocks:        212.64.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 24 Aug 2025 12:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:9e:d8:cc:ae:4c:85:e8:15:74:9b:f8:46:be:c7:20:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6640f89ce22645b97297d7803726dc2fb0e5f4b9
        Validity
            Not Before: Aug 12 15:14:24 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5e6ff45450a975c00ae43389d0acd3bca3acc0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:e7:03:5c:e7:01:bc:00:f9:41:da:ee:20:e7:
                    6c:22:e5:59:89:ee:bd:8f:86:90:87:f5:06:22:4d:
                    44:ea:71:51:78:9d:f2:59:73:67:75:5c:c6:ab:29:
                    6a:29:6a:38:82:b0:11:44:8d:fe:9e:d2:c9:1d:ea:
                    0c:67:9e:67:4f:d8:d9:5d:b6:0a:be:ce:5d:2f:fb:
                    6c:e6:1e:e6:6d:a2:22:31:bd:c8:c7:c6:b8:f7:00:
                    6d:da:05:21:53:73:49:d0:82:2c:8c:e5:e4:bc:9f:
                    ef:ba:c9:c0:d8:7f:a8:7e:08:87:80:ae:d9:19:7c:
                    c4:20:70:74:d5:77:37:51:af:a6:d4:0f:ad:aa:aa:
                    49:9e:bc:59:b9:55:50:7f:c2:02:de:4d:98:5a:4a:
                    b4:c0:86:f9:0a:09:2e:0e:38:ca:c3:90:bd:47:f7:
                    61:28:50:a3:7b:3b:5e:35:e5:a4:d9:83:b3:88:c2:
                    0d:fa:21:a5:35:90:52:de:9b:28:16:c8:7d:6b:f3:
                    42:90:25:42:e3:aa:e3:08:08:f3:d7:bd:ea:f8:d7:
                    9a:22:d2:89:4c:86:f6:3d:ce:17:19:fe:46:f1:4a:
                    cc:bd:5b:1b:52:28:ca:04:af:48:d7:ec:6b:34:4c:
                    12:ac:79:c5:3f:39:ce:21:a6:3d:9a:fd:b4:75:e8:
                    a6:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:E6:FF:45:45:0A:97:5C:00:AE:43:38:9D:0A:CD:3B:CA:3A:CC:0E
            X509v3 Authority Key Identifier:
                keyid:66:40:F8:9C:E2:26:45:B9:72:97:D7:80:37:26:DC:2F:B0:E5:F4:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZkD4nOImRblyl9eANybcL7Dl9Lk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/1eb_RUUKl1wArkM4nQrNO8o6zA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/c3ad2e-b52e-441c-89ba-44ab7a9d7dea/1/ZkD4nOImRblyl9eANybcL7Dl9Lk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.64.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:1e:c6:27:fe:f3:e9:1d:6a:13:3e:0a:c7:c1:e7:c4:24:2a:
         dc:79:fd:42:6c:fe:bb:02:47:a6:a3:b1:9b:7e:5f:ad:49:a8:
         2a:e3:01:6e:c9:2d:71:d0:99:f7:84:c0:2d:b2:8c:63:82:7d:
         15:94:1e:c2:2f:c6:9a:46:b5:c4:79:42:51:7b:aa:72:a4:b2:
         9c:a0:f8:5e:24:c1:d6:9e:aa:5c:51:3d:11:a9:c3:bf:55:47:
         c3:98:51:57:df:9e:1f:e1:5d:dc:e3:c4:6c:3f:4d:52:89:11:
         2c:c3:c4:6b:4f:10:0a:c0:34:da:82:81:ce:7b:d1:74:26:c9:
         ab:30:12:eb:f5:31:9d:56:0f:1d:9c:b5:6b:e4:2f:2e:81:3a:
         4c:f9:d2:e0:24:8e:73:d7:3e:9d:be:e6:31:97:4f:c7:f1:d5:
         f6:2b:af:0d:ce:96:7e:10:e8:55:08:a9:08:0a:01:4b:fb:ad:
         f1:c1:6a:0e:28:f0:e5:36:35:27:bf:f2:fd:2c:c4:43:62:b8:
         64:82:38:54:84:34:f0:fa:0e:38:52:12:32:a6:cc:06:7b:3f:
         51:34:e4:22:7e:49:9b:ed:2b:10:02:66:37:36:0a:6c:46:8e:
         4d:56:ff:43:fa:81:61:42:e7:86:d4:06:d0:d8:a4:81:84:3f:
         8c:f7:92:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZie2MyuTIXoFXSb+Ea+xyCRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2NDBmODljZTIyNjQ1Yjk3Mjk3ZDc4MDM3MjZkYzJmYjBl
NWY0YjkwHhcNMjUwODEyMTUxNDI0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNWU2ZmY0NTQ1MGE5NzVjMDBhZTQzMzg5ZDBhY2QzYmNhM2FjYzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqucDXOcBvAD5QdruIOdsIuVZie69
j4aQh/UGIk1E6nFReJ3yWXNndVzGqylqKWo4grARRI3+ntLJHeoMZ55nT9jZXbYK
vs5dL/ts5h7mbaIiMb3Ix8a49wBt2gUhU3NJ0IIsjOXkvJ/vusnA2H+ofgiHgK7Z
GXzEIHB01Xc3Ua+m1A+tqqpJnrxZuVVQf8IC3k2YWkq0wIb5CgkuDjjKw5C9R/dh
KFCjezteNeWk2YOziMIN+iGlNZBS3psoFsh9a/NCkCVC46rjCAjz173q+NeaItKJ
TIb2Pc4XGf5G8UrMvVsbUijKBK9I1+xrNEwSrHnFPznOIaY9mv20deimwwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNXm/0VFCpdcAK5DOJ0KzTvKOswOMB8GA1UdIwQY
MBaAFGZA+JziJkW5cpfXgDcm3C+w5fS5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEt
NDRhYjdhOWQ3ZGVhLzEvMWViX1JVVUtsMXdBcmtNNG5Rck5POG82ekE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy9jM2FkMmUtYjUyZS00NDFjLTg5YmEtNDRhYjdhOWQ3ZGVh
LzEvWmtENG5PSW1SYmx5bDllQU55YmNMN0RsOUxrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EDBMA0G
CSqGSIb3DQEBCwUAA4IBAQCOHsYn/vPpHWoTPgrHwefEJCrcef1CbP67Akemo7Gb
fl+tSagq4wFuyS1x0Jn3hMAtsoxjgn0VlB7CL8aaRrXEeUJRe6pypLKcoPheJMHW
nqpcUT0RqcO/VUfDmFFX354f4V3c48RsP01SiREsw8RrTxAKwDTagoHOe9F0Jsmr
MBLr9TGdVg8dnLVr5C8ugTpM+dLgJI5z1z6dvuYxl0/H8dX2K68NzpZ+EOhVCKkI
CgFL+63xwWoOKPDlNjUnv/L9LMRDYrhkgjhUhDTw+g44UhIypswGez9RNOQifkmb
7SsQAmY3NgpsRo5NVv9D+oFhQueG1AbQ2KSBhD+M95Iw
-----END CERTIFICATE-----