Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/EpevIGB0DDjGczsoRTQXsDte0Ro.roa
File:                     EpevIGB0DDjGczsoRTQXsDte0Ro.roa (raw, json)
Hash identifier:          r5oPEcXXSWhhpUr01BCVcDevz3GoCQQqjngEWJqS8MA=
Subject key identifier:   12:97:AF:20:60:74:0C:38:C6:73:3B:28:45:34:17:B0:3B:5E:D1:1A
Certificate issuer:       /CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
Certificate serial:       019803DA82DCA5620E2EE20F6FCBED7B9161
Authority key identifier: 0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/EpevIGB0DDjGczsoRTQXsDte0Ro.roa
Signing time:             Sun 13 Jul 2025 12:55:08 +0000
ROA not before:           Sun 13 Jul 2025 12:55:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215443
IP address blocks:        2a0d:d940:2000::/48 maxlen: 48
                          2a0d:d940:9005::/48 maxlen: 48
                          2a0d:d940:9006::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 07:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:03:da:82:dc:a5:62:0e:2e:e2:0f:6f:cb:ed:7b:91:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b4e3b3b84242258863142ed3a19792d97cbbc74
        Validity
            Not Before: Jul 13 12:55:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1297af2060740c38c6733b28453417b03b5ed11a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:46:d3:c7:ca:10:94:3b:df:4e:d7:e0:6f:c9:
                    bd:d9:64:54:ee:05:29:a4:f7:6a:48:dc:23:53:16:
                    f9:7d:06:bb:37:08:ee:a1:d9:34:f1:19:d2:dd:8c:
                    7f:e4:db:cb:8b:95:08:0b:b5:1d:38:51:4f:77:2c:
                    df:7b:2d:8e:ed:79:b2:60:19:39:40:69:9d:47:ba:
                    50:a0:1a:a4:33:fc:73:84:9f:71:43:39:8c:53:05:
                    83:fb:10:ca:48:35:a4:db:32:56:2b:bb:53:8e:b9:
                    95:7a:eb:af:c0:13:8e:5a:da:91:38:81:d1:41:f4:
                    b6:35:b2:43:99:97:ad:ee:57:da:0b:f3:14:2a:63:
                    4b:c3:d4:7b:f9:96:18:16:07:ce:f6:1b:52:8a:7c:
                    54:85:40:d7:7f:96:36:c3:2e:0a:8c:a2:15:b8:f5:
                    9c:23:c2:24:b4:fa:b5:94:d2:b2:0b:f8:ae:29:ce:
                    00:da:65:18:ef:9d:0d:16:54:86:d7:95:a9:cc:3f:
                    ba:bb:d9:cf:c1:b0:0b:63:18:30:aa:b2:55:37:40:
                    81:75:58:d6:36:34:95:86:54:3f:be:ca:7b:26:66:
                    98:e8:80:6e:e4:3b:05:a1:ed:5d:db:ac:cb:cb:4f:
                    45:70:9a:14:54:ab:79:bd:63:2a:89:43:de:a4:f4:
                    10:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:97:AF:20:60:74:0C:38:C6:73:3B:28:45:34:17:B0:3B:5E:D1:1A
            X509v3 Authority Key Identifier:
                keyid:0B:4E:3B:3B:84:24:22:58:86:31:42:ED:3A:19:79:2D:97:CB:BC:74

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C047O4QkIliGMULtOhl5LZfLvHQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/EpevIGB0DDjGczsoRTQXsDte0Ro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/7ba1b1-5562-4a32-9f5d-14d238527835/1/C047O4QkIliGMULtOhl5LZfLvHQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0d:d940:2000::/48
                  2a0d:d940:9005::-2a0d:d940:9006:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         d9:f8:1d:b3:fe:aa:39:7e:04:0a:a0:5b:c0:12:a8:be:8c:00:
         40:fd:c9:07:8a:92:fa:44:cd:9c:5c:85:63:21:8b:53:65:e0:
         da:32:5b:b1:c6:62:c8:56:22:27:b9:f5:c6:e8:70:2c:8e:ab:
         ec:af:8c:ec:4c:30:79:d3:44:58:bc:01:8a:db:a1:4d:b6:49:
         e7:cf:76:fc:da:9e:f1:e1:1c:3e:87:b9:4a:fc:be:9a:a4:cf:
         11:e7:b4:3b:8a:e5:cb:64:ac:f2:7f:bc:3d:4f:98:f6:3d:03:
         c4:ea:46:fe:f6:ef:49:bd:a2:ce:ac:18:20:a2:0e:ef:f0:f4:
         66:e8:1d:b7:8e:2c:b2:0d:a9:6b:15:5b:e2:b4:ac:ae:53:93:
         e9:23:14:1d:0b:b4:e6:87:94:cb:59:cf:56:a2:d3:39:94:04:
         f4:a6:c5:92:f3:d2:c1:55:5a:39:69:b5:be:7d:64:25:02:9b:
         3a:6f:5f:10:1c:e8:c3:47:3e:8a:e6:43:43:c5:4a:c2:24:b1:
         00:26:10:fc:e6:e8:a9:04:cf:21:14:73:35:c0:94:cb:95:08:
         4a:64:ce:b4:d5:e6:99:29:5b:0f:43:df:93:ba:f0:61:35:90:
         a6:23:09:9c:97:a5:c9:e0:c5:05:c4:04:82:3f:6a:e9:c5:2f:
         e1:19:bb:c6
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAZgD2oLcpWIOLuIPb8vte5FhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNGUzYjNiODQyNDIyNTg4NjMxNDJlZDNhMTk3OTJkOTdj
YmJjNzQwHhcNMjUwNzEzMTI1NTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjk3YWYyMDYwNzQwYzM4YzY3MzNiMjg0NTM0MTdiMDNiNWVkMTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzkbTx8oQlDvfTtfgb8m92WRU7gUp
pPdqSNwjUxb5fQa7Nwjuodk08RnS3Yx/5NvLi5UIC7UdOFFPdyzfey2O7XmyYBk5
QGmdR7pQoBqkM/xzhJ9xQzmMUwWD+xDKSDWk2zJWK7tTjrmVeuuvwBOOWtqROIHR
QfS2NbJDmZet7lfaC/MUKmNLw9R7+ZYYFgfO9htSinxUhUDXf5Y2wy4KjKIVuPWc
I8IktPq1lNKyC/iuKc4A2mUY750NFlSG15WpzD+6u9nPwbALYxgwqrJVN0CBdVjW
NjSVhlQ/vsp7JmaY6IBu5DsFoe1d26zLy09FcJoUVKt5vWMqiUPepPQQQQIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFBKXryBgdAw4xnM7KEU0F7A7XtEaMB8GA1UdIwQY
MBaAFAtOOzuEJCJYhjFC7ToZeS2Xy7x0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQt
MTRkMjM4NTI3ODM1LzEvRXBldklHQjBERGpHY3pzb1JUUVhzRHRlMFJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS83YmExYjEtNTU2Mi00YTMyLTlmNWQtMTRkMjM4NTI3ODM1
LzEvQzA0N080UWtJbGlHTVVMdE9obDVMWmZMdkhRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTAjBAIAAjAdAwcAKg3ZQCAA
MBIDBwAqDdlAkAUDBwAqDdlAkAYwDQYJKoZIhvcNAQELBQADggEBANn4HbP+qjl+
BAqgW8ASqL6MAED9yQeKkvpEzZxchWMhi1Nl4NoyW7HGYshWIie59cbocCyOq+yv
jOxMMHnTRFi8AYrboU22SefPdvzanvHhHD6HuUr8vpqkzxHntDuK5ctkrPJ/vD1P
mPY9A8TqRv7270m9os6sGCCiDu/w9GboHbeOLLINqWsVW+K0rK5Tk+kjFB0LtOaH
lMtZz1ai0zmUBPSmxZLz0sFVWjlptb59ZCUCmzpvXxAc6MNHPormQ0PFSsIksQAm
EPzm6KkEzyEUczXAlMuVCEpkzrTV5pkpWw9D35O68GE1kKYjCZyXpcngxQXEBII/
aunFL+EZu8Y=
-----END CERTIFICATE-----