Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/ep1ybB5IHqsC4-RTg3PT6FL6N8w.roa
File:                     ep1ybB5IHqsC4-RTg3PT6FL6N8w.roa (raw, json)
Hash identifier:          RiXJCgU0bIddKaxphF+pVll9Uxqkkw4MSb72PuBEEug=
Subject key identifier:   7A:9D:72:6C:1E:48:1E:AB:02:E3:E4:53:83:73:D3:E8:52:FA:37:CC
Certificate issuer:       /CN=093353c1fabe896af8b85fe7600e4634968fcc4c
Certificate serial:       01942143FFC3DDB000D02D6394F9541728DE
Authority key identifier: 09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/ep1ybB5IHqsC4-RTg3PT6FL6N8w.roa
Signing time:             Wed 01 Jan 2025 09:48:11 +0000
ROA not before:           Wed 01 Jan 2025 09:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44477
IP address blocks:        212.107.27.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:ff:c3:dd:b0:00:d0:2d:63:94:f9:54:17:28:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=093353c1fabe896af8b85fe7600e4634968fcc4c
        Validity
            Not Before: Jan  1 09:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a9d726c1e481eab02e3e4538373d3e852fa37cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:92:58:33:30:5c:7f:b4:cc:bf:75:58:72:34:
                    ab:5d:29:9c:79:49:76:11:e4:8e:e1:b3:7e:72:83:
                    c5:a5:ca:c4:f5:81:14:a3:fd:6e:fb:c0:92:e6:21:
                    cf:bf:23:d5:8a:9c:62:aa:42:18:66:f2:6e:74:36:
                    73:99:ae:14:48:90:2c:e0:d0:56:52:0d:ed:03:0d:
                    cb:24:82:49:d7:0c:f1:ec:6e:42:5e:89:2c:09:8a:
                    7e:0a:1a:8b:04:af:ca:17:59:c7:34:76:64:8a:07:
                    23:31:7c:91:5b:f2:f0:29:c1:82:a9:c5:ff:3d:36:
                    de:ea:b6:f1:87:6b:6b:98:7c:cd:02:0c:d1:79:e6:
                    4c:fe:aa:3f:e2:f3:52:d8:eb:9f:e0:e4:b7:6d:24:
                    02:93:39:47:5c:38:c2:d4:94:ab:dd:d6:4d:b8:93:
                    b4:f0:d6:5a:fb:98:2d:42:64:bc:dd:1b:21:4d:be:
                    72:61:89:6c:b6:28:a0:7e:5c:b1:b5:c9:99:8e:72:
                    e6:7f:ec:49:19:58:91:6a:be:f2:f4:90:db:f9:52:
                    6a:8d:7f:78:7d:a3:bb:51:cb:9f:f7:b3:2d:df:56:
                    26:38:2a:d6:47:75:29:35:22:10:89:70:ae:e0:71:
                    cd:fc:44:0a:4f:b5:69:38:21:b7:64:9e:14:d9:15:
                    10:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:9D:72:6C:1E:48:1E:AB:02:E3:E4:53:83:73:D3:E8:52:FA:37:CC
            X509v3 Authority Key Identifier:
                keyid:09:33:53:C1:FA:BE:89:6A:F8:B8:5F:E7:60:0E:46:34:96:8F:CC:4C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CTNTwfq-iWr4uF_nYA5GNJaPzEw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/ep1ybB5IHqsC4-RTg3PT6FL6N8w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5b/7b9336-e9f8-4e27-af4b-239d2fe398b1/1/CTNTwfq-iWr4uF_nYA5GNJaPzEw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.107.27.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:d8:0e:4b:73:fb:36:ac:a8:79:32:53:9b:88:c4:2e:4e:fa:
         66:07:8e:2b:50:57:4b:4b:0a:2c:4b:0f:22:7f:0c:3b:e7:27:
         63:32:9f:eb:69:89:f4:71:b8:35:72:53:4c:3d:3c:04:b7:1e:
         53:9e:5f:09:ec:a8:e9:5f:53:23:d7:d3:2b:9e:bf:78:9a:fb:
         a9:f3:c1:72:56:de:10:e8:83:a5:3f:89:05:62:ba:ad:43:bc:
         5f:c3:fd:2e:41:a5:cc:e1:c3:8c:7e:df:d5:d7:e4:9e:a4:5b:
         fb:48:10:ac:56:9e:47:c2:66:86:e1:77:5e:1c:38:f3:78:7f:
         bb:5d:4e:19:a3:84:e0:cf:56:96:4f:ef:65:00:3d:81:ae:2c:
         eb:27:75:6f:82:e3:8e:41:0f:4f:80:34:63:cc:37:cd:97:86:
         48:60:33:cd:15:27:94:ec:be:30:2a:1e:0a:c1:c3:7d:af:ac:
         df:18:4c:9c:a5:b0:6f:ce:ed:a2:18:08:2d:9b:02:06:69:52:
         23:ae:42:73:00:fb:0c:13:4b:bc:92:30:da:c5:45:13:b8:7d:
         9b:99:9b:a0:ac:76:10:37:bd:41:4f:9a:3f:ab:2d:78:9a:48:
         7c:23:fe:f7:32:ae:01:ce:09:4b:df:b7:d4:9b:56:ff:e8:3a:
         e0:dd:3b:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ//D3bAA0C1jlPlUFyjeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA5MzM1M2MxZmFiZTg5NmFmOGI4NWZlNzYwMGU0NjM0OTY4
ZmNjNGMwHhcNMjUwMTAxMDk0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTlkNzI2YzFlNDgxZWFiMDJlM2U0NTM4MzczZDNlODUyZmEzN2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZJYMzBcf7TMv3VYcjSrXSmceUl2
EeSO4bN+coPFpcrE9YEUo/1u+8CS5iHPvyPVipxiqkIYZvJudDZzma4USJAs4NBW
Ug3tAw3LJIJJ1wzx7G5CXoksCYp+ChqLBK/KF1nHNHZkigcjMXyRW/LwKcGCqcX/
PTbe6rbxh2trmHzNAgzReeZM/qo/4vNS2Ouf4OS3bSQCkzlHXDjC1JSr3dZNuJO0
8NZa+5gtQmS83RshTb5yYYlstiigflyxtcmZjnLmf+xJGViRar7y9JDb+VJqjX94
faO7Ucuf97Mt31YmOCrWR3UpNSIQiXCu4HHN/EQKT7VpOCG3ZJ4U2RUQQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHqdcmweSB6rAuPkU4Nz0+hS+jfMMB8GA1UdIwQY
MBaAFAkzU8H6volq+Lhf52AORjSWj8xMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGIt
MjM5ZDJmZTM5OGIxLzEvZXAxeWJCNUlIcXNDNC1SVGczUFQ2Rkw2Tjh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yi83YjkzMzYtZTlmOC00ZTI3LWFmNGItMjM5ZDJmZTM5OGIx
LzEvQ1ROVHdmcS1pV3I0dUZfbllBNUdOSmFQekV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GsbMA0G
CSqGSIb3DQEBCwUAA4IBAQBo2A5Lc/s2rKh5MlObiMQuTvpmB44rUFdLSwosSw8i
fww75ydjMp/raYn0cbg1clNMPTwEtx5Tnl8J7KjpX1Mj19Mrnr94mvup88FyVt4Q
6IOlP4kFYrqtQ7xfw/0uQaXM4cOMft/V1+SepFv7SBCsVp5HwmaG4XdeHDjzeH+7
XU4Zo4Tgz1aWT+9lAD2BrizrJ3VvguOOQQ9PgDRjzDfNl4ZIYDPNFSeU7L4wKh4K
wcN9r6zfGEycpbBvzu2iGAgtmwIGaVIjrkJzAPsME0u8kjDaxUUTuH2bmZugrHYQ
N71BT5o/qy14mkh8I/73Mq4BzglL37fUm1b/6Drg3TvA
-----END CERTIFICATE-----