Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/2c8f08-e599-44f3-bbc1-8cbef913e342/1/ESXrpZgGSFTBEiaTfpuO1Ua_m8o.roa
File:                     ESXrpZgGSFTBEiaTfpuO1Ua_m8o.roa (raw, json)
Hash identifier:          fDiB8gqQjZSMqzctJDGZ4eRYCm04M7zaIMybwkgd7NA=
Subject key identifier:   11:25:EB:A5:98:06:48:54:C1:12:26:93:7E:9B:8E:D5:46:BF:9B:CA
Certificate issuer:       /CN=85db83a8365a604476f282d24d327ad1ef0fde52
Certificate serial:       01941FFA7F7D6A8030C4DBD9AF4A9BE68E30
Authority key identifier: 85:DB:83:A8:36:5A:60:44:76:F2:82:D2:4D:32:7A:D1:EF:0F:DE:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hduDqDZaYER28oLSTTJ60e8P3lI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/2c8f08-e599-44f3-bbc1-8cbef913e342/1/ESXrpZgGSFTBEiaTfpuO1Ua_m8o.roa
Signing time:             Wed 01 Jan 2025 03:48:17 +0000
ROA not before:           Wed 01 Jan 2025 03:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41153
IP address blocks:        91.215.4.0/22 maxlen: 24
                          194.140.246.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/2c8f08-e599-44f3-bbc1-8cbef913e342/1/hduDqDZaYER28oLSTTJ60e8P3lI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/2c8f08-e599-44f3-bbc1-8cbef913e342/1/hduDqDZaYER28oLSTTJ60e8P3lI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hduDqDZaYER28oLSTTJ60e8P3lI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 15:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:7f:7d:6a:80:30:c4:db:d9:af:4a:9b:e6:8e:30
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85db83a8365a604476f282d24d327ad1ef0fde52
        Validity
            Not Before: Jan  1 03:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1125eba598064854c11226937e9b8ed546bf9bca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:d0:0c:12:f3:1c:c8:6a:fa:4f:f0:74:d6:4c:
                    01:8f:6a:be:12:3e:72:cf:ca:b5:66:bc:1c:90:c1:
                    f9:d1:2d:1f:8b:e5:44:a9:ec:88:51:d5:a7:84:bb:
                    ef:4c:46:70:92:dc:7b:5f:d1:c9:88:60:2c:39:16:
                    99:03:8d:26:47:78:84:9c:cf:46:5e:76:aa:b7:65:
                    1c:12:e4:0e:d3:17:86:b5:7b:45:1a:11:e9:5e:05:
                    21:5f:9a:de:43:2d:c3:f6:4d:c3:36:5f:e5:54:23:
                    07:84:df:e9:d1:3f:d0:e3:ff:18:9f:6c:c4:66:e6:
                    f4:f6:30:6a:29:bc:4f:e0:d3:1c:84:ba:bb:78:1a:
                    be:7f:14:01:f1:61:91:37:ef:e5:5f:5c:f7:63:10:
                    06:9f:0f:58:c7:18:12:73:97:57:7a:8f:f8:72:5b:
                    6f:d8:09:10:a3:e9:6d:05:89:ae:91:8c:35:bf:11:
                    27:3b:f0:85:ac:88:eb:06:ce:81:5e:15:98:d9:e0:
                    23:23:25:87:fd:01:1a:08:8c:bc:63:49:98:a3:55:
                    18:c2:47:81:7c:18:51:1c:4e:62:6d:34:71:0a:70:
                    99:c4:6d:7f:a9:92:27:b2:a7:b6:1b:66:4d:fa:52:
                    2a:4a:df:59:da:5d:b0:02:d0:9e:8b:79:76:46:91:
                    9f:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:25:EB:A5:98:06:48:54:C1:12:26:93:7E:9B:8E:D5:46:BF:9B:CA
            X509v3 Authority Key Identifier:
                keyid:85:DB:83:A8:36:5A:60:44:76:F2:82:D2:4D:32:7A:D1:EF:0F:DE:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hduDqDZaYER28oLSTTJ60e8P3lI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/2c8f08-e599-44f3-bbc1-8cbef913e342/1/ESXrpZgGSFTBEiaTfpuO1Ua_m8o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/2c8f08-e599-44f3-bbc1-8cbef913e342/1/hduDqDZaYER28oLSTTJ60e8P3lI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.215.4.0/22
                  194.140.246.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1c:6d:e2:8d:b6:59:51:c9:24:6f:17:f0:9b:95:87:d1:ab:4c:
         d0:a6:b0:9a:c8:ad:7f:13:56:f5:cd:2c:c1:b3:de:7d:5f:2a:
         06:71:30:d0:fc:10:4a:6e:9f:47:ae:b8:d0:b7:83:82:28:a5:
         7f:1a:1c:f0:be:49:94:30:50:80:76:f0:80:52:50:63:4c:e4:
         f4:ac:2f:e5:e8:b4:cb:c0:fc:63:cd:58:e8:21:98:10:bb:82:
         04:6c:7b:fc:ce:13:3d:84:27:09:4b:48:b1:3a:dc:63:1f:3f:
         0b:e4:9d:d8:ec:4c:c9:ac:d1:3e:b4:8b:4d:56:52:a6:10:56:
         1d:49:9d:ec:26:d2:d4:b9:fb:db:f0:23:1c:83:32:b0:4a:b6:
         e6:92:b3:fb:e0:2e:cf:6f:a7:61:75:a4:6a:dd:e2:d4:04:c9:
         df:d3:ea:81:0d:ad:29:b5:f0:f9:84:84:6e:89:37:fe:60:3a:
         c8:9b:c7:0d:ca:34:0c:23:a5:56:89:76:ad:c5:56:72:bb:37:
         7a:a1:10:b0:4e:e2:0a:52:6d:12:21:e0:61:fc:51:26:c0:52:
         92:0f:cd:bb:33:8f:2e:03:79:28:23:58:2f:cd:04:9f:1d:5e:
         41:f8:9d:4b:28:91:0e:87:cc:66:65:f7:8e:1c:c7:48:7d:a6:
         56:dd:2f:38
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+n99aoAwxNvZr0qb5o4wMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZGI4M2E4MzY1YTYwNDQ3NmYyODJkMjRkMzI3YWQxZWYw
ZmRlNTIwHhcNMjUwMTAxMDM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTI1ZWJhNTk4MDY0ODU0YzExMjI2OTM3ZTliOGVkNTQ2YmY5YmNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNAMEvMcyGr6T/B01kwBj2q+Ej5y
z8q1ZrwckMH50S0fi+VEqeyIUdWnhLvvTEZwktx7X9HJiGAsORaZA40mR3iEnM9G
Xnaqt2UcEuQO0xeGtXtFGhHpXgUhX5reQy3D9k3DNl/lVCMHhN/p0T/Q4/8Yn2zE
Zub09jBqKbxP4NMchLq7eBq+fxQB8WGRN+/lX1z3YxAGnw9YxxgSc5dXeo/4cltv
2AkQo+ltBYmukYw1vxEnO/CFrIjrBs6BXhWY2eAjIyWH/QEaCIy8Y0mYo1UYwkeB
fBhRHE5ibTRxCnCZxG1/qZInsqe2G2ZN+lIqSt9Z2l2wAtCei3l2RpGfowIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBEl66WYBkhUwRImk36bjtVGv5vKMB8GA1UdIwQY
MBaAFIXbg6g2WmBEdvKC0k0yetHvD95SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGR1RHFEWmFZRVIyOG9MU1RUSjYwZThQM2xJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8yYzhmMDgtZTU5OS00NGYzLWJiYzEt
OGNiZWY5MTNlMzQyLzEvRVNYcnBaZ0dTRlRCRWlhVGZwdU8xVWFfbThvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8yYzhmMDgtZTU5OS00NGYzLWJiYzEtOGNiZWY5MTNlMzQy
LzEvaGR1RHFEWmFZRVIyOG9MU1RUSjYwZThQM2xJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCW9cEAwQA
woz2MA0GCSqGSIb3DQEBCwUAA4IBAQAcbeKNtllRySRvF/CblYfRq0zQprCayK1/
E1b1zSzBs959XyoGcTDQ/BBKbp9HrrjQt4OCKKV/GhzwvkmUMFCAdvCAUlBjTOT0
rC/l6LTLwPxjzVjoIZgQu4IEbHv8zhM9hCcJS0ixOtxjHz8L5J3Y7EzJrNE+tItN
VlKmEFYdSZ3sJtLUufvb8CMcgzKwSrbmkrP74C7Pb6dhdaRq3eLUBMnf0+qBDa0p
tfD5hIRuiTf+YDrIm8cNyjQMI6VWiXatxVZyuzd6oRCwTuIKUm0SIeBh/FEmwFKS
D827M48uA3koI1gvzQSfHV5B+J1LKJEOh8xmZfeOHMdIfaZW3S84
-----END CERTIFICATE-----