Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/E8ctuT8I25PNpJlv_YsEEXcr8pk.roa
File:                     E8ctuT8I25PNpJlv_YsEEXcr8pk.roa (raw, json)
Hash identifier:          5mqJS85psOoDSolMzRmcv/leNn2i1C/OlCJhTj3L83E=
Subject key identifier:   13:C7:2D:B9:3F:08:DB:93:CD:A4:99:6F:FD:8B:04:11:77:2B:F2:99
Certificate issuer:       /CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
Certificate serial:       0195D94DCE4B9A1B1B9A2C955C95C89C7F20
Authority key identifier: E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/E8ctuT8I25PNpJlv_YsEEXcr8pk.roa
Signing time:             Thu 27 Mar 2025 20:31:49 +0000
ROA not before:           Thu 27 Mar 2025 20:31:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213762
IP address blocks:        62.164.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 17:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:d9:4d:ce:4b:9a:1b:1b:9a:2c:95:5c:95:c8:9c:7f:20
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
        Validity
            Not Before: Mar 27 20:31:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13c72db93f08db93cda4996ffd8b0411772bf299
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:dc:ef:d7:51:6a:d9:41:e2:42:2c:59:13:fc:
                    7a:c6:d5:ac:54:21:b1:00:ba:f0:4d:0d:3f:74:05:
                    64:78:5c:88:7d:be:24:12:fe:f4:10:0d:0a:9a:5d:
                    ce:61:bd:03:e6:39:5b:e5:28:e7:06:da:ea:0d:a9:
                    fb:f7:76:87:f5:87:ad:f9:b5:9a:28:8c:4a:4d:90:
                    8b:40:d7:2f:02:bf:32:5e:71:35:ff:2e:cf:c0:b1:
                    ef:d6:94:33:19:2d:79:7d:b8:eb:01:09:96:0a:fa:
                    66:ff:81:1f:a8:fe:f1:e1:b8:d6:8c:b2:dd:69:8e:
                    0b:a1:b7:05:62:34:47:ed:94:6c:c0:91:fb:eb:b4:
                    8d:61:1e:25:9b:2e:ed:88:4f:dc:e2:ec:bc:c2:54:
                    79:5c:18:d8:c8:2e:a7:ad:fd:b8:16:ac:3b:d5:b4:
                    f2:db:d8:3d:8d:cb:15:af:3c:7a:3f:95:ee:a5:25:
                    c1:96:20:80:c5:27:67:18:51:12:19:27:af:cd:11:
                    c9:44:99:f5:0a:68:c5:cc:95:67:10:23:b1:eb:a8:
                    cf:92:dd:d5:02:86:b4:48:4a:b8:d1:54:e7:fb:4d:
                    1d:bb:f9:28:57:b1:31:6b:48:b9:fa:f1:b3:3d:36:
                    f7:37:a7:c6:e5:9f:05:49:85:b7:f6:34:f2:fe:ba:
                    56:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:C7:2D:B9:3F:08:DB:93:CD:A4:99:6F:FD:8B:04:11:77:2B:F2:99
            X509v3 Authority Key Identifier:
                keyid:E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/E8ctuT8I25PNpJlv_YsEEXcr8pk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  62.164.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:06:fa:ab:66:08:00:4e:b9:c9:9f:89:88:5e:69:ea:fc:b7:
         ad:21:08:66:1a:c8:66:7a:af:f3:a5:a0:11:0c:92:22:b6:f6:
         e4:31:9b:83:22:1b:41:be:50:db:4b:17:2b:d7:2f:c9:92:6c:
         04:22:c5:4a:8c:3e:c3:bd:ca:6e:d5:69:29:c1:75:39:0e:ae:
         76:de:e3:bc:91:08:9a:9c:db:37:1a:ff:43:1c:ee:a2:c4:51:
         76:73:23:dd:14:77:9f:57:ef:79:11:97:36:b5:b1:75:ea:a3:
         06:0a:02:2c:8c:ab:8b:f9:48:4b:43:f2:69:34:ee:67:3d:88:
         3e:6d:89:45:ad:eb:e9:ba:7e:b1:ef:15:94:ab:cd:e1:e1:89:
         b0:f9:6c:91:61:5a:49:90:af:48:37:b5:67:7d:3e:02:4a:03:
         6b:a1:9d:7b:02:42:b4:17:0e:57:b6:50:a5:ff:24:4e:a3:29:
         90:99:88:d7:e3:d9:1c:1a:0c:5e:0c:4a:6b:45:e0:4b:b4:ad:
         f3:dc:b9:3b:02:a6:51:51:fd:60:d4:95:26:9b:8a:e6:5a:00:
         56:dd:1d:6f:86:51:73:34:f2:2b:96:fb:75:71:09:7f:76:61:
         f2:12:3e:e4:0c:e1:25:6b:0d:73:f3:7d:fe:5e:de:c9:8e:8b:
         fd:60:9c:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZXZTc5LmhsbmiyVXJXInH8gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZWY5Njk0YWE0OGQ4MTI3OWU4ZWRlNDMwNzk1ZjI3Njhk
MmRkNTIwHhcNMjUwMzI3MjAzMTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2M3MmRiOTNmMDhkYjkzY2RhNDk5NmZmZDhiMDQxMTc3MmJmMjk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv9zv11Fq2UHiQixZE/x6xtWsVCGx
ALrwTQ0/dAVkeFyIfb4kEv70EA0Kml3OYb0D5jlb5SjnBtrqDan793aH9Yet+bWa
KIxKTZCLQNcvAr8yXnE1/y7PwLHv1pQzGS15fbjrAQmWCvpm/4EfqP7x4bjWjLLd
aY4LobcFYjRH7ZRswJH767SNYR4lmy7tiE/c4uy8wlR5XBjYyC6nrf24Fqw71bTy
29g9jcsVrzx6P5XupSXBliCAxSdnGFESGSevzRHJRJn1CmjFzJVnECOx66jPkt3V
Aoa0SEq40VTn+00du/koV7Exa0i5+vGzPTb3N6fG5Z8FSYW39jTy/rpWRQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBPHLbk/CNuTzaSZb/2LBBF3K/KZMB8GA1UdIwQY
MBaAFOHvlpSqSNgSeejt5DB5Xydo0t1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMt
YWRlZDFjNDY5ZWFmLzEvRThjdHVUOEkyNVBOcEpsdl9Zc0VFWGNyOHBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMtYWRlZDFjNDY5ZWFm
LzEvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAPqTBMA0G
CSqGSIb3DQEBCwUAA4IBAQAlBvqrZggATrnJn4mIXmnq/LetIQhmGshmeq/zpaAR
DJIitvbkMZuDIhtBvlDbSxcr1y/JkmwEIsVKjD7Dvcpu1WkpwXU5Dq523uO8kQia
nNs3Gv9DHO6ixFF2cyPdFHefV+95EZc2tbF16qMGCgIsjKuL+UhLQ/JpNO5nPYg+
bYlFrevpun6x7xWUq83h4Ymw+WyRYVpJkK9IN7VnfT4CSgNroZ17AkK0Fw5XtlCl
/yROoymQmYjX49kcGgxeDEprReBLtK3z3Lk7AqZRUf1g1JUmm4rmWgBW3R1vhlFz
NPIrlvt1cQl/dmHyEj7kDOElaw1z833+Xt7Jjov9YJxB
-----END CERTIFICATE-----