Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/EYQXkknA6RRbIAOPxO-xjVakxQI.roa
File:                     EYQXkknA6RRbIAOPxO-xjVakxQI.roa (raw, json)
Hash identifier:          vTTMvZpjzKV9NKwMFW18+TJ6B/8Rj2A8DbEda2I4iyQ=
Subject key identifier:   11:84:17:92:49:C0:E9:14:5B:20:03:8F:C4:EF:B1:8D:56:A4:C5:02
Certificate issuer:       /CN=2663f3db152e055ac145bdbb429e018654204c8d
Certificate serial:       0197350A9EF40079EAF6F4CF9FAE64EC401F
Authority key identifier: 26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/EYQXkknA6RRbIAOPxO-xjVakxQI.roa
Signing time:             Tue 03 Jun 2025 09:06:17 +0000
ROA not before:           Tue 03 Jun 2025 09:06:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213076
IP address blocks:        194.209.13.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:35:0a:9e:f4:00:79:ea:f6:f4:cf:9f:ae:64:ec:40:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2663f3db152e055ac145bdbb429e018654204c8d
        Validity
            Not Before: Jun  3 09:06:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1184179249c0e9145b20038fc4efb18d56a4c502
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3c:7c:86:c0:0e:37:04:22:82:da:5d:a2:c4:
                    0a:50:8b:4f:6f:b6:32:0e:24:2d:a9:ff:3b:6d:49:
                    7a:5a:dc:2c:ee:0a:84:1f:ca:3c:47:48:d9:e2:b2:
                    4a:db:ca:f6:4b:fd:e2:5b:ce:de:27:6d:48:c6:b2:
                    ed:e7:61:86:8f:d6:d5:d3:a3:4f:5f:38:f3:86:83:
                    eb:e7:25:d5:96:c0:d3:90:45:ca:f5:ca:cd:f8:be:
                    94:1f:31:47:cb:e9:9b:11:b5:8b:8a:b6:da:0c:a8:
                    78:83:81:1b:93:d3:90:38:04:d0:2b:dc:ad:c0:56:
                    6a:08:9d:39:6a:e9:04:27:d2:7c:e8:25:da:72:df:
                    55:af:13:43:71:2a:f6:48:51:68:ed:c5:2e:b9:81:
                    a8:d6:a4:f6:f7:a7:79:b3:3b:2d:2f:6a:24:03:e7:
                    5d:3f:0d:85:59:18:0a:db:31:58:dd:81:68:58:7d:
                    ef:75:8d:47:cb:b1:4c:55:33:97:bc:ad:86:a4:24:
                    a3:e7:54:7a:ab:5e:f2:ce:d9:cb:cb:30:e0:e6:e3:
                    11:88:54:9b:07:2e:9f:f7:fc:65:14:0c:72:ab:c2:
                    88:9b:e4:79:10:71:06:cc:97:2c:83:a1:23:cd:82:
                    dd:7e:ab:78:2c:74:1f:d0:6e:30:b8:62:5b:77:02:
                    ef:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:84:17:92:49:C0:E9:14:5B:20:03:8F:C4:EF:B1:8D:56:A4:C5:02
            X509v3 Authority Key Identifier:
                keyid:26:63:F3:DB:15:2E:05:5A:C1:45:BD:BB:42:9E:01:86:54:20:4C:8D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JmPz2xUuBVrBRb27Qp4BhlQgTI0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/EYQXkknA6RRbIAOPxO-xjVakxQI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/c8c6f6-595c-45b1-a76e-bd192676c9bb/1/JmPz2xUuBVrBRb27Qp4BhlQgTI0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.209.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:f7:c0:81:87:9c:b2:d3:13:d5:d5:80:08:cd:f9:70:f7:41:
         06:3e:08:ee:06:6b:ae:6a:03:56:48:45:f8:bc:6a:c9:42:90:
         04:7e:04:d0:e4:1d:31:d5:66:9f:41:38:39:36:96:3f:b2:8b:
         6f:2e:05:99:98:a3:1b:bd:88:c1:da:d2:94:41:93:43:f8:4d:
         b5:a1:94:c2:2e:cb:65:d1:d8:ac:1d:06:0b:37:c1:ec:3f:fb:
         7c:6b:20:f6:ff:30:de:26:20:d2:8e:17:fe:4c:5e:85:c5:d8:
         7f:c3:15:f4:be:a8:12:dc:eb:f0:67:3a:fe:31:56:ea:d5:ab:
         69:f5:fd:2a:ee:77:14:be:29:95:6f:c9:7e:7c:34:34:b0:81:
         2b:3c:48:13:48:a0:83:0b:b0:7d:30:20:40:2d:9a:74:4e:0f:
         41:ea:cf:b4:79:c5:8e:1d:c0:d8:7d:e1:93:6b:b3:e2:7c:2a:
         39:5c:63:d8:f4:42:1e:29:10:34:4f:4e:88:2d:cd:5c:66:05:
         8f:9f:b8:e3:b5:aa:47:e2:12:13:e4:58:b1:c0:94:99:ca:44:
         de:4d:9c:4e:c7:cf:50:61:af:25:a0:ff:02:1a:fa:9c:0b:c9:
         0d:70:9c:11:f5:d3:56:a8:ad:f5:0e:c5:09:70:19:0a:0b:f9:
         ca:be:62:34
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc1Cp70AHnq9vTPn65k7EAfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2NjNmM2RiMTUyZTA1NWFjMTQ1YmRiYjQyOWUwMTg2NTQy
MDRjOGQwHhcNMjUwNjAzMDkwNjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTg0MTc5MjQ5YzBlOTE0NWIyMDAzOGZjNGVmYjE4ZDU2YTRjNTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtTx8hsAONwQigtpdosQKUItPb7Yy
DiQtqf87bUl6Wtws7gqEH8o8R0jZ4rJK28r2S/3iW87eJ21IxrLt52GGj9bV06NP
XzjzhoPr5yXVlsDTkEXK9crN+L6UHzFHy+mbEbWLirbaDKh4g4Ebk9OQOATQK9yt
wFZqCJ05aukEJ9J86CXact9VrxNDcSr2SFFo7cUuuYGo1qT296d5szstL2okA+dd
Pw2FWRgK2zFY3YFoWH3vdY1Hy7FMVTOXvK2GpCSj51R6q17yztnLyzDg5uMRiFSb
By6f9/xlFAxyq8KIm+R5EHEGzJcsg6EjzYLdfqt4LHQf0G4wuGJbdwLv5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGEF5JJwOkUWyADj8TvsY1WpMUCMB8GA1UdIwQY
MBaAFCZj89sVLgVawUW9u0KeAYZUIEyNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUt
YmQxOTI2NzZjOWJiLzEvRVlRWGtrbkE2UlJiSUFPUHhPLXhqVmFreFFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9jOGM2ZjYtNTk1Yy00NWIxLWE3NmUtYmQxOTI2NzZjOWJi
LzEvSm1QejJ4VXVCVnJCUmIyN1FwNEJobFFnVEkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwtENMA0G
CSqGSIb3DQEBCwUAA4IBAQCe98CBh5yy0xPV1YAIzflw90EGPgjuBmuuagNWSEX4
vGrJQpAEfgTQ5B0x1WafQTg5NpY/sotvLgWZmKMbvYjB2tKUQZND+E21oZTCLstl
0disHQYLN8HsP/t8ayD2/zDeJiDSjhf+TF6Fxdh/wxX0vqgS3OvwZzr+MVbq1atp
9f0q7ncUvimVb8l+fDQ0sIErPEgTSKCDC7B9MCBALZp0Tg9B6s+0ecWOHcDYfeGT
a7PifCo5XGPY9EIeKRA0T06ILc1cZgWPn7jjtapH4hIT5FixwJSZykTeTZxOx89Q
Ya8loP8CGvqcC8kNcJwR9dNWqK31DsUJcBkKC/nKvmI0
-----END CERTIFICATE-----