Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/EZKSFO2NEuAH-h6tOWr_Lr_4upc.roa
File:                     EZKSFO2NEuAH-h6tOWr_Lr_4upc.roa (raw, json)
Hash identifier:          wV4VGEiLrp0bit41RVyzgowJdABU7OXVtSesO8xYkNQ=
Subject key identifier:   11:92:92:14:ED:8D:12:E0:07:FA:1E:AD:39:6A:FF:2E:BF:F8:BA:97
Certificate issuer:       /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial:       01980933C04613B767A6E8719B26F1C59A4B
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/EZKSFO2NEuAH-h6tOWr_Lr_4upc.roa
Signing time:             Mon 14 Jul 2025 13:50:43 +0000
ROA not before:           Mon 14 Jul 2025 13:50:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15731
IP address blocks:        45.112.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 13:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:09:33:c0:46:13:b7:67:a6:e8:71:9b:26:f1:c5:9a:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
        Validity
            Not Before: Jul 14 13:50:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11929214ed8d12e007fa1ead396aff2ebff8ba97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:05:eb:59:27:88:b5:c5:04:70:10:67:03:54:
                    6e:6c:7b:32:9c:b5:ef:0a:25:a6:f6:4a:fd:0b:f5:
                    c3:9b:13:1c:c9:d9:0b:2c:6d:d5:6a:1a:a0:45:98:
                    d8:9c:45:73:f3:b5:24:ec:4f:ee:0a:fb:75:ad:b5:
                    63:2a:72:3c:e3:57:a7:7f:2b:03:f8:7f:64:31:a4:
                    98:54:ac:d0:04:82:bc:73:b7:f7:dd:e8:4c:fa:33:
                    42:1d:8c:01:f6:7a:cd:97:a7:d3:cb:cc:43:49:f6:
                    48:b0:26:db:48:ad:bd:e7:8c:55:dc:2b:14:7f:6d:
                    79:60:db:5e:f2:1f:1c:87:72:cb:97:a3:e8:bc:08:
                    d5:ea:a0:7f:fa:2c:e1:47:52:bf:92:06:9c:cc:91:
                    7c:bf:7c:0a:4b:5d:08:d4:5c:5f:7e:27:83:fe:32:
                    04:c7:59:98:ca:08:c7:3c:ed:da:7a:d6:1b:d0:46:
                    43:90:fd:74:97:3b:a1:d1:a0:cf:75:79:43:54:d6:
                    63:55:23:0d:11:b9:87:f0:f0:77:a2:f5:94:a4:44:
                    f4:37:d4:e0:b2:df:35:21:93:2f:7b:ed:d4:f9:95:
                    5c:19:03:6e:05:7d:e6:34:59:d6:42:c7:00:78:a3:
                    a4:9e:30:8c:2e:07:a7:4e:8a:8d:83:ec:84:7d:dc:
                    ba:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:92:92:14:ED:8D:12:E0:07:FA:1E:AD:39:6A:FF:2E:BF:F8:BA:97
            X509v3 Authority Key Identifier:
                keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/EZKSFO2NEuAH-h6tOWr_Lr_4upc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.112.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         90:e4:ec:d8:f8:9e:5f:78:24:fc:33:ec:90:24:43:28:07:d0:
         b3:b5:1e:e5:7d:a6:d0:b5:96:1a:fd:e3:ea:2a:98:4f:c2:34:
         07:2b:7e:23:7f:e0:be:a2:b7:6e:5d:46:11:cb:7e:b5:b9:8d:
         79:b4:b0:af:ed:6e:ed:02:fc:d7:06:e4:85:db:9b:2e:6b:fa:
         d6:86:3f:3a:88:01:8b:f4:08:79:3f:bf:47:b9:d2:fc:cd:66:
         52:f4:a4:93:98:e4:6a:84:99:d7:fc:5f:19:cf:a9:da:23:fc:
         f3:3c:9d:43:a4:ab:65:04:8b:bb:73:e0:80:78:60:7f:05:a7:
         a1:60:ea:f8:13:6d:98:ad:c8:a3:3d:9a:2d:7c:1b:7c:c5:f6:
         95:d2:b0:c7:73:52:1b:bc:31:78:c9:9f:c9:89:9c:6e:04:de:
         67:26:0f:25:e3:78:c9:91:7f:b8:c0:21:2a:de:10:2d:1e:0c:
         38:a4:d8:82:0a:0d:42:34:41:75:b2:92:5a:f6:f2:50:9a:90:
         c7:cf:77:dd:d6:72:36:15:e8:15:66:ca:f4:d9:21:31:de:dc:
         06:bc:33:93:5c:12:bb:f2:69:58:2a:a2:63:c5:5f:49:df:d7:
         1d:a8:32:07:a0:bd:76:36:9e:86:b3:13:b4:1e:79:c9:53:c9:
         42:b3:70:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgJM8BGE7dnpuhxmybxxZpLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjUwNzE0MTM1MDQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTkyOTIxNGVkOGQxMmUwMDdmYTFlYWQzOTZhZmYyZWJmZjhiYTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkAXrWSeItcUEcBBnA1RubHsynLXv
CiWm9kr9C/XDmxMcydkLLG3VahqgRZjYnEVz87Uk7E/uCvt1rbVjKnI841enfysD
+H9kMaSYVKzQBIK8c7f33ehM+jNCHYwB9nrNl6fTy8xDSfZIsCbbSK2954xV3CsU
f215YNte8h8ch3LLl6PovAjV6qB/+izhR1K/kgaczJF8v3wKS10I1FxffieD/jIE
x1mYygjHPO3aetYb0EZDkP10lzuh0aDPdXlDVNZjVSMNEbmH8PB3ovWUpET0N9Tg
st81IZMve+3U+ZVcGQNuBX3mNFnWQscAeKOknjCMLgenToqNg+yEfdy6ywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGSkhTtjRLgB/oerTlq/y6/+LqXMB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEvRVpLU0ZPMk5FdUFILWg2dE9Xcl9Mcl80dXBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALXDCMA0G
CSqGSIb3DQEBCwUAA4IBAQCQ5OzY+J5feCT8M+yQJEMoB9CztR7lfabQtZYa/ePq
KphPwjQHK34jf+C+orduXUYRy361uY15tLCv7W7tAvzXBuSF25sua/rWhj86iAGL
9Ah5P79HudL8zWZS9KSTmORqhJnX/F8Zz6naI/zzPJ1DpKtlBIu7c+CAeGB/Baeh
YOr4E22YrcijPZotfBt8xfaV0rDHc1IbvDF4yZ/JiZxuBN5nJg8l43jJkX+4wCEq
3hAtHgw4pNiCCg1CNEF1spJa9vJQmpDHz3fd1nI2FegVZsr02SEx3twGvDOTXBK7
8mlYKqJjxV9J39cdqDIHoL12Np6GsxO0HnnJU8lCs3Dl
-----END CERTIFICATE-----