Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/EI7dYlJh6LhMXB8o9nb3T4Z5aSU.roa
File:                     EI7dYlJh6LhMXB8o9nb3T4Z5aSU.roa (raw, json)
Hash identifier:          MmSw3Gp5lTTxkK0eiPx+eF3FQfljG+ipyig54PF6DUw=
Subject key identifier:   10:8E:DD:62:52:61:E8:B8:4C:5C:1F:28:F6:76:F7:4F:86:79:69:25
Certificate issuer:       /CN=2979cc43c2469ffa5cf8b7ac639b01f3a768ac55
Certificate serial:       01942144649A0653ADC79FD4FC7AE172F037
Authority key identifier: 29:79:CC:43:C2:46:9F:FA:5C:F8:B7:AC:63:9B:01:F3:A7:68:AC:55
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/EI7dYlJh6LhMXB8o9nb3T4Z5aSU.roa
Signing time:             Wed 01 Jan 2025 09:48:37 +0000
ROA not before:           Wed 01 Jan 2025 09:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58061
IP address blocks:        185.121.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 05 Feb 2025 21:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:64:9a:06:53:ad:c7:9f:d4:fc:7a:e1:72:f0:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2979cc43c2469ffa5cf8b7ac639b01f3a768ac55
        Validity
            Not Before: Jan  1 09:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=108edd625261e8b84c5c1f28f676f74f86796925
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:97:d3:a3:05:16:23:aa:84:eb:3a:d9:41:e6:
                    49:93:32:e7:1c:72:b5:ee:64:e7:1f:eb:91:70:19:
                    61:6a:c0:17:e2:c1:21:66:a3:43:40:a7:a3:3a:17:
                    18:02:3b:a1:50:df:35:d6:b2:08:f1:29:3e:5c:82:
                    ac:71:a0:98:8e:4f:fc:48:e9:78:54:d4:11:a7:e0:
                    19:eb:48:b4:fe:f0:88:a5:13:a9:15:fd:47:9b:e6:
                    ac:29:d7:41:13:a6:b9:8d:d2:7c:f3:89:2a:10:e2:
                    69:6c:d6:84:9a:14:cc:97:03:d1:62:43:14:2d:a0:
                    79:08:b5:8d:49:b4:7d:1a:f8:11:44:4e:ef:c7:64:
                    68:80:4c:02:52:1b:a8:5b:f9:c7:a1:54:a6:62:b1:
                    c6:b1:f6:1a:04:f4:03:9c:8f:39:e9:eb:4d:aa:f6:
                    11:e8:03:d0:cb:5f:c6:57:60:e0:c7:e7:d9:cd:32:
                    0f:a9:aa:70:18:20:78:92:81:3f:eb:8a:fe:0d:24:
                    b7:e6:c2:08:45:5e:da:aa:b2:a3:3d:bc:4e:34:8b:
                    e0:92:38:af:63:19:aa:b3:9b:42:d9:b0:35:5e:48:
                    0d:03:1a:c2:c3:87:7d:14:44:71:41:db:03:97:69:
                    27:72:ba:ac:3b:35:b8:ac:a8:0c:cb:5b:42:4e:98:
                    79:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:8E:DD:62:52:61:E8:B8:4C:5C:1F:28:F6:76:F7:4F:86:79:69:25
            X509v3 Authority Key Identifier:
                keyid:29:79:CC:43:C2:46:9F:FA:5C:F8:B7:AC:63:9B:01:F3:A7:68:AC:55

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KXnMQ8JGn_pc-LesY5sB86dorFU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/EI7dYlJh6LhMXB8o9nb3T4Z5aSU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/26/e40f9d-00f4-40d9-8b8d-40eaebc1c47e/1/KXnMQ8JGn_pc-LesY5sB86dorFU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:30:f7:7b:fd:da:df:14:19:ac:18:8c:65:e6:39:b9:7c:d9:
         cb:cf:37:44:6b:45:5f:11:25:09:4b:fa:3b:b1:60:c4:d7:20:
         32:72:ec:31:9d:fc:e6:6d:0a:a9:e2:c4:3f:06:f2:17:48:e1:
         c5:a8:e7:83:6d:4b:4a:81:51:6f:a7:be:c6:8e:2c:61:84:d6:
         c4:d5:d0:75:2a:85:47:cf:ac:7f:c2:38:1e:ab:ab:07:f0:1f:
         56:85:31:96:54:ec:f3:cc:a5:5d:01:c6:5d:75:1e:86:b8:2a:
         a4:3e:51:4e:0e:4b:52:40:a7:e4:90:e4:83:78:23:89:8c:12:
         86:5d:eb:00:c4:5e:b8:e7:29:6b:7d:b7:a8:b4:dc:89:48:fb:
         fe:b7:65:f0:6b:9d:94:ac:a1:8b:af:31:1b:af:a9:a3:73:ec:
         e7:d5:2f:d1:a5:d1:66:cc:77:6e:08:11:03:74:f2:be:33:84:
         69:26:2c:c5:75:f5:66:4c:37:65:e7:88:11:75:92:b8:40:f9:
         70:25:72:53:9a:a6:20:d1:f0:5a:03:59:bc:14:a5:ab:c1:dd:
         8a:30:4a:2e:95:76:2d:2c:e6:63:a1:34:25:e1:a8:42:75:93:
         99:f6:9e:72:e0:43:d4:25:4d:d3:66:c4:7f:9e:f9:67:3d:d3:
         6e:89:54:b8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRGSaBlOtx5/U/HrhcvA3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NzljYzQzYzI0NjlmZmE1Y2Y4YjdhYzYzOWIwMWYzYTc2
OGFjNTUwHhcNMjUwMTAxMDk0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDhlZGQ2MjUyNjFlOGI4NGM1YzFmMjhmNjc2Zjc0Zjg2Nzk2OTI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz5fTowUWI6qE6zrZQeZJkzLnHHK1
7mTnH+uRcBlhasAX4sEhZqNDQKejOhcYAjuhUN811rII8Sk+XIKscaCYjk/8SOl4
VNQRp+AZ60i0/vCIpROpFf1Hm+asKddBE6a5jdJ884kqEOJpbNaEmhTMlwPRYkMU
LaB5CLWNSbR9GvgRRE7vx2RogEwCUhuoW/nHoVSmYrHGsfYaBPQDnI856etNqvYR
6APQy1/GV2Dgx+fZzTIPqapwGCB4koE/64r+DSS35sIIRV7aqrKjPbxONIvgkjiv
Yxmqs5tC2bA1XkgNAxrCw4d9FERxQdsDl2kncrqsOzW4rKgMy1tCTph5ZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBCO3WJSYei4TFwfKPZ290+GeWklMB8GA1UdIwQY
MBaAFCl5zEPCRp/6XPi3rGObAfOnaKxVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1huTVE4SkduX3BjLUxlc1k1c0I4NmRvckZVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNi9lNDBmOWQtMDBmNC00MGQ5LThiOGQt
NDBlYWViYzFjNDdlLzEvRUk3ZFlsSmg2TGhNWEI4bzluYjNUNFo1YVNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNi9lNDBmOWQtMDBmNC00MGQ5LThiOGQtNDBlYWViYzFjNDdl
LzEvS1huTVE4SkduX3BjLUxlc1k1c0I4NmRvckZVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXnjMA0G
CSqGSIb3DQEBCwUAA4IBAQBAMPd7/drfFBmsGIxl5jm5fNnLzzdEa0VfESUJS/o7
sWDE1yAycuwxnfzmbQqp4sQ/BvIXSOHFqOeDbUtKgVFvp77GjixhhNbE1dB1KoVH
z6x/wjgeq6sH8B9WhTGWVOzzzKVdAcZddR6GuCqkPlFODktSQKfkkOSDeCOJjBKG
XesAxF645ylrfbeotNyJSPv+t2Xwa52UrKGLrzEbr6mjc+zn1S/RpdFmzHduCBED
dPK+M4RpJizFdfVmTDdl54gRdZK4QPlwJXJTmqYg0fBaA1m8FKWrwd2KMEoulXYt
LOZjoTQl4ahCdZOZ9p5y4EPUJU3TZsR/nvlnPdNuiVS4
-----END CERTIFICATE-----