Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/eScdjGWs1U9IpMmrjPWOhIIwqvU.roa
File:                     eScdjGWs1U9IpMmrjPWOhIIwqvU.roa (raw, json)
Hash identifier:          x3okkqhpjy6dpCXY46GTivoDmGIYftmyUmWz/IE8R4c=
Subject key identifier:   79:27:1D:8C:65:AC:D5:4F:48:A4:C9:AB:8C:F5:8E:84:82:30:AA:F5
Certificate issuer:       /CN=70f68cded39e3ec54cee2233252ef3937ba9828d
Certificate serial:       019711AC9E330B7A5FBEF04EE3EE4FADAF50
Authority key identifier: 70:F6:8C:DE:D3:9E:3E:C5:4C:EE:22:33:25:2E:F3:93:7B:A9:82:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPaM3tOePsVM7iIzJS7zk3upgo0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/eScdjGWs1U9IpMmrjPWOhIIwqvU.roa
Signing time:             Tue 27 May 2025 12:16:54 +0000
ROA not before:           Tue 27 May 2025 12:16:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211201
IP address blocks:        81.85.102.0/23 maxlen: 24
                          193.33.96.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/cPaM3tOePsVM7iIzJS7zk3upgo0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/cPaM3tOePsVM7iIzJS7zk3upgo0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPaM3tOePsVM7iIzJS7zk3upgo0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:11:ac:9e:33:0b:7a:5f:be:f0:4e:e3:ee:4f:ad:af:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f68cded39e3ec54cee2233252ef3937ba9828d
        Validity
            Not Before: May 27 12:16:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79271d8c65acd54f48a4c9ab8cf58e848230aaf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:08:1e:fa:71:6f:ef:fa:42:0f:00:ff:54:cf:
                    e0:44:3b:69:81:62:bd:43:12:a7:ba:15:e8:8f:a9:
                    52:f7:bb:36:7a:fc:e7:4a:4b:76:34:7e:df:ae:a4:
                    f2:0c:52:24:52:e3:b3:bd:10:df:60:bd:37:0e:ae:
                    fb:2e:96:22:8e:01:9b:9e:ce:f6:54:99:92:27:80:
                    e0:04:45:da:a9:c9:23:0b:35:c6:9d:67:24:1f:6d:
                    d2:1c:f1:6b:46:f9:48:32:b0:74:81:a7:56:f9:2b:
                    81:b0:8c:00:c2:76:f9:3e:47:8c:96:bd:d6:da:be:
                    b7:bc:83:72:a3:81:0b:5f:52:d6:dc:19:2d:9b:65:
                    d5:da:bd:3b:e3:84:4e:19:d9:5a:eb:3e:be:7b:e3:
                    56:cc:a6:01:5c:ee:44:f1:a9:a1:0b:f9:cf:f7:9e:
                    c7:98:e2:a3:4a:d7:4e:a5:de:a4:ff:79:a7:70:89:
                    2d:ce:64:75:8e:42:e8:74:4c:72:2b:62:58:b4:eb:
                    4c:ce:b8:cc:b9:29:bb:90:26:87:a2:4b:77:e8:b2:
                    b9:cb:83:a5:61:02:8e:72:cb:37:c1:21:85:06:c1:
                    8b:e4:cb:d8:32:cd:21:7c:96:66:f9:3f:91:af:96:
                    bb:56:d4:12:0c:3e:87:66:b7:3b:6e:04:a8:55:9d:
                    59:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:27:1D:8C:65:AC:D5:4F:48:A4:C9:AB:8C:F5:8E:84:82:30:AA:F5
            X509v3 Authority Key Identifier:
                keyid:70:F6:8C:DE:D3:9E:3E:C5:4C:EE:22:33:25:2E:F3:93:7B:A9:82:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPaM3tOePsVM7iIzJS7zk3upgo0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/eScdjGWs1U9IpMmrjPWOhIIwqvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/f0cc41-b3e7-46ff-a976-29df4e2611f1/1/cPaM3tOePsVM7iIzJS7zk3upgo0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.85.102.0/23
                  193.33.96.0/24

    Signature Algorithm: sha256WithRSAEncryption
         86:47:3f:9c:31:23:f8:98:54:64:48:42:d8:c1:e1:83:97:29:
         78:87:e1:ab:3c:24:64:0f:7c:14:25:9a:61:24:c9:02:d9:0a:
         6d:6f:7a:bf:ca:94:4d:11:b5:8b:08:71:1c:14:ca:7e:7e:20:
         7f:d6:96:ef:2a:d6:96:5d:6d:94:6c:0a:dd:f8:e7:df:82:da:
         d6:66:1b:6f:c7:10:b7:4c:db:14:91:aa:61:35:17:ed:50:61:
         b1:7c:7d:39:a0:89:5d:b2:5e:ce:cf:7a:0c:fa:a6:a8:ee:21:
         38:d5:2e:aa:72:a0:a6:cb:dc:b2:60:d7:66:00:63:34:c0:2f:
         b9:fa:41:40:0c:78:94:05:41:37:95:ca:9f:b8:cd:f8:b3:ef:
         c8:b4:0b:5e:28:2c:3c:09:99:e4:cb:84:28:da:4c:f3:fd:b3:
         dc:73:c1:0b:b8:81:a8:4b:4a:1b:3b:64:33:03:50:6e:69:39:
         ad:42:9a:17:c0:2b:a2:ce:76:21:fa:b7:2b:fe:af:97:d2:ce:
         21:9e:d3:25:dc:53:02:58:d6:91:6a:15:6f:d0:99:1f:37:44:
         1a:af:45:1a:9a:8f:22:29:55:bf:96:cd:18:5c:ac:8b:51:d3:
         b3:ea:1b:f1:6b:24:a4:74:a4:63:ae:a7:9b:3f:34:75:d9:30:
         88:d1:88:40
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcRrJ4zC3pfvvBO4+5Pra9QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjY4Y2RlZDM5ZTNlYzU0Y2VlMjIzMzI1MmVmMzkzN2Jh
OTgyOGQwHhcNMjUwNTI3MTIxNjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTI3MWQ4YzY1YWNkNTRmNDhhNGM5YWI4Y2Y1OGU4NDgyMzBhYWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlwge+nFv7/pCDwD/VM/gRDtpgWK9
QxKnuhXoj6lS97s2evznSkt2NH7frqTyDFIkUuOzvRDfYL03Dq77LpYijgGbns72
VJmSJ4DgBEXaqckjCzXGnWckH23SHPFrRvlIMrB0gadW+SuBsIwAwnb5PkeMlr3W
2r63vINyo4ELX1LW3Bktm2XV2r0744ROGdla6z6+e+NWzKYBXO5E8amhC/nP957H
mOKjStdOpd6k/3mncIktzmR1jkLodExyK2JYtOtMzrjMuSm7kCaHokt36LK5y4Ol
YQKOcss3wSGFBsGL5MvYMs0hfJZm+T+Rr5a7VtQSDD6HZrc7bgSoVZ1Z5QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHknHYxlrNVPSKTJq4z1joSCMKr1MB8GA1UdIwQY
MBaAFHD2jN7Tnj7FTO4iMyUu85N7qYKNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BhTTN0T2VQc1ZNN2lJekpTN3prM3VwZ28wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy9mMGNjNDEtYjNlNy00NmZmLWE5NzYt
MjlkZjRlMjYxMWYxLzEvZVNjZGpHV3MxVTlJcE1tcmpQV09oSUl3cXZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy9mMGNjNDEtYjNlNy00NmZmLWE5NzYtMjlkZjRlMjYxMWYx
LzEvY1BhTTN0T2VQc1ZNN2lJekpTN3prM3VwZ28wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBUVVmAwQA
wSFgMA0GCSqGSIb3DQEBCwUAA4IBAQCGRz+cMSP4mFRkSELYweGDlyl4h+GrPCRk
D3wUJZphJMkC2Qptb3q/ypRNEbWLCHEcFMp+fiB/1pbvKtaWXW2UbArd+OffgtrW
ZhtvxxC3TNsUkaphNRftUGGxfH05oIldsl7Oz3oM+qao7iE41S6qcqCmy9yyYNdm
AGM0wC+5+kFADHiUBUE3lcqfuM34s+/ItAteKCw8CZnky4Qo2kzz/bPcc8ELuIGo
S0obO2QzA1BuaTmtQpoXwCuiznYh+rcr/q+X0s4hntMl3FMCWNaRahVv0JkfN0Qa
r0Uamo8iKVW/ls0YXKyLUdOz6hvxaySkdKRjrqebPzR12TCI0YhA
-----END CERTIFICATE-----