Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/EbNpyVfz1b94e_sms4FC9oC-M5k.roa
File:                     EbNpyVfz1b94e_sms4FC9oC-M5k.roa (raw, json)
Hash identifier:          7+0vSIClzX5i0HVa8Uhi8LmRFILFpnJIyxRpkTwNb5Q=
Subject key identifier:   11:B3:69:C9:57:F3:D5:BF:78:7B:FB:26:B3:81:42:F6:80:BE:33:99
Certificate issuer:       /CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
Certificate serial:       019422204510C4003206688A9AB1CB58A879
Authority key identifier: D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/EbNpyVfz1b94e_sms4FC9oC-M5k.roa
Signing time:             Wed 01 Jan 2025 13:48:47 +0000
ROA not before:           Wed 01 Jan 2025 13:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212360
IP address blocks:        2a0e:8f02:f00d::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 05:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:45:10:c4:00:32:06:68:8a:9a:b1:cb:58:a8:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d56ef48ed6155dd7843eed3632469abaa3100bf3
        Validity
            Not Before: Jan  1 13:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11b369c957f3d5bf787bfb26b38142f680be3399
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:68:c3:3c:b8:39:8d:27:70:cc:ce:ff:f9:ea:
                    e8:b3:e7:d0:f1:b6:50:59:a4:5c:e2:78:36:95:fd:
                    59:f4:cc:8f:76:f5:28:ce:0e:06:c4:0a:b0:88:0a:
                    02:d7:86:ee:57:5e:f6:ca:87:5c:cc:4d:17:f5:5e:
                    d0:9e:19:90:32:4d:64:95:d8:c9:3f:18:3e:d4:c5:
                    89:75:7d:8d:7a:5d:e0:b6:4f:7d:33:20:3b:e7:a3:
                    ae:7e:cb:14:56:81:35:6e:f6:32:ee:37:31:8f:4d:
                    9e:61:43:05:bf:f4:1d:34:f4:a6:6e:61:2f:77:7b:
                    57:08:99:0e:a2:9e:0e:e9:99:56:87:94:9b:5d:f0:
                    75:cf:86:33:c6:59:3f:83:f6:9a:72:f3:4e:ca:23:
                    10:3b:66:52:40:6b:41:de:15:b2:47:5a:51:66:62:
                    86:5a:18:c5:90:c9:91:41:cd:57:78:46:b0:4f:fd:
                    6d:d2:9e:34:f9:b0:4b:b7:15:9b:a3:d2:e6:7b:07:
                    b3:73:d1:ca:db:95:96:dc:4b:66:ec:7f:8c:61:53:
                    03:89:bb:25:c5:56:73:87:a2:08:e8:83:ee:c1:ae:
                    73:c9:1d:83:0b:44:ac:f1:01:bd:a8:7a:b2:0e:6d:
                    cb:93:26:e7:57:68:13:95:cb:2f:e8:33:2d:36:a7:
                    62:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:B3:69:C9:57:F3:D5:BF:78:7B:FB:26:B3:81:42:F6:80:BE:33:99
            X509v3 Authority Key Identifier:
                keyid:D5:6E:F4:8E:D6:15:5D:D7:84:3E:ED:36:32:46:9A:BA:A3:10:0B:F3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1W70jtYVXdeEPu02MkaauqMQC_M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/EbNpyVfz1b94e_sms4FC9oC-M5k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/58ff54-3410-4e42-aab8-d2d7f2bb64df/1/1W70jtYVXdeEPu02MkaauqMQC_M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:8f02:f00d::/48

    Signature Algorithm: sha256WithRSAEncryption
         5c:53:6e:a0:25:8f:4a:d7:c5:a8:c4:89:b2:3d:25:9d:29:31:
         0d:fe:ab:28:68:59:cc:99:ab:83:29:77:55:32:71:8b:a0:4e:
         5b:1f:02:3b:c2:88:86:22:4a:dd:6b:d1:21:a2:fc:36:c6:47:
         b0:18:d5:3c:79:87:9b:80:52:45:10:72:15:42:1e:15:57:d5:
         81:a1:a9:71:62:47:ed:41:e0:ab:41:5e:5f:3b:f5:3c:9c:ea:
         71:d2:60:25:bd:91:af:0e:1e:d4:6c:71:ca:e3:ae:11:1a:5c:
         32:ba:f5:94:eb:4d:f0:f1:af:eb:ba:95:07:07:50:d6:78:37:
         84:c6:d1:74:f8:89:18:47:5d:47:ba:5a:95:cb:af:94:3e:52:
         55:2c:e9:85:b5:09:05:c8:2a:00:cc:27:ca:bc:b5:cd:b7:8a:
         86:88:c1:a3:de:29:1f:9c:22:44:f3:72:dc:e2:75:19:cc:1e:
         40:62:6b:d7:f0:f3:ab:ac:89:f3:08:f1:0b:f8:95:a2:8b:d0:
         77:55:50:33:e1:55:2b:f0:13:24:b8:87:30:53:b9:1c:bd:0f:
         c3:3b:e5:a3:93:ab:cd:85:25:84:0f:bc:0b:2f:25:f7:a5:57:
         e4:8e:1b:8b:15:73:6f:59:08:05:59:e1:b9:b7:32:3f:64:f1:
         ab:2c:27:fa
-----BEGIN CERTIFICATE-----
MIIFADCCA+igAwIBAgISAZQiIEUQxAAyBmiKmrHLWKh5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ1NmVmNDhlZDYxNTVkZDc4NDNlZWQzNjMyNDY5YWJhYTMx
MDBiZjMwHhcNMjUwMTAxMTM0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWIzNjljOTU3ZjNkNWJmNzg3YmZiMjZiMzgxNDJmNjgwYmUzMzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApGjDPLg5jSdwzM7/+eros+fQ8bZQ
WaRc4ng2lf1Z9MyPdvUozg4GxAqwiAoC14buV172yodczE0X9V7QnhmQMk1kldjJ
Pxg+1MWJdX2Nel3gtk99MyA756OufssUVoE1bvYy7jcxj02eYUMFv/QdNPSmbmEv
d3tXCJkOop4O6ZlWh5SbXfB1z4Yzxlk/g/aacvNOyiMQO2ZSQGtB3hWyR1pRZmKG
WhjFkMmRQc1XeEawT/1t0p40+bBLtxWbo9Lmewezc9HK25WW3Etm7H+MYVMDibsl
xVZzh6II6IPuwa5zyR2DC0Ss8QG9qHqyDm3LkybnV2gTlcsv6DMtNqdi1wIDAQAB
o4ICDDCCAggwHQYDVR0OBBYEFBGzaclX89W/eHv7JrOBQvaAvjOZMB8GA1UdIwQY
MBaAFNVu9I7WFV3XhD7tNjJGmrqjEAvzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgt
ZDJkN2YyYmI2NGRmLzEvRWJOcHlWZnoxYjk0ZV9zbXM0RkM5b0MtTTVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS81OGZmNTQtMzQxMC00ZTQyLWFhYjgtZDJkN2YyYmI2NGRm
LzEvMVc3MGp0WVZYZGVFUHUwMk1rYWF1cU1RQ19NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCIGCCsGAQUFBwEHAQH/BBMwETAPBAIAAjAJAwcAKg6PAvAN
MA0GCSqGSIb3DQEBCwUAA4IBAQBcU26gJY9K18WoxImyPSWdKTEN/qsoaFnMmauD
KXdVMnGLoE5bHwI7woiGIkrda9Ehovw2xkewGNU8eYebgFJFEHIVQh4VV9WBoalx
YkftQeCrQV5fO/U8nOpx0mAlvZGvDh7UbHHK464RGlwyuvWU603w8a/rupUHB1DW
eDeExtF0+IkYR11HulqVy6+UPlJVLOmFtQkFyCoAzCfKvLXNt4qGiMGj3ikfnCJE
83Lc4nUZzB5AYmvX8POrrInzCPEL+JWii9B3VVAz4VUr8BMkuIcwU7kcvQ/DO+Wj
k6vNhSWED7wLLyX3pVfkjhuLFXNvWQgFWeG5tzI/ZPGrLCf6
-----END CERTIFICATE-----