Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/ebI6lo6FFyrxH7BnniqczSoCpEU.roa
File:                     ebI6lo6FFyrxH7BnniqczSoCpEU.roa (raw, json)
Hash identifier:          VWIQku3g+eu08iWePk/+zF+lAvowuzYaw8AhxuX9/iY=
Subject key identifier:   79:B2:3A:96:8E:85:17:2A:F1:1F:B0:67:9E:2A:9C:CD:2A:02:A4:45
Certificate issuer:       /CN=ddbe6e0adae8bb478393aab175b638644c74ccb7
Certificate serial:       019736F46D426C830300E1DA0F588084A442
Authority key identifier: DD:BE:6E:0A:DA:E8:BB:47:83:93:AA:B1:75:B6:38:64:4C:74:CC:B7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/ebI6lo6FFyrxH7BnniqczSoCpEU.roa
Signing time:             Tue 03 Jun 2025 18:01:17 +0000
ROA not before:           Tue 03 Jun 2025 18:01:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        178.212.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 06:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:36:f4:6d:42:6c:83:03:00:e1:da:0f:58:80:84:a4:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddbe6e0adae8bb478393aab175b638644c74ccb7
        Validity
            Not Before: Jun  3 18:01:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=79b23a968e85172af11fb0679e2a9ccd2a02a445
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:1d:2c:06:ca:93:9e:38:0c:cc:52:f5:23:45:
                    a8:e6:31:58:22:cc:f4:46:a3:d5:81:50:f5:d7:ae:
                    03:9e:ae:d3:eb:ee:56:2f:af:f3:f2:38:af:1e:6b:
                    1a:3f:4b:df:7e:c3:5d:51:5a:8d:bc:b6:42:a1:ed:
                    b8:9f:64:dc:56:d0:00:f8:56:ac:bb:6f:a7:3a:9b:
                    55:28:47:0d:dd:ad:46:f8:a1:9e:f6:3a:76:16:1d:
                    21:36:ee:63:a9:5c:59:85:20:ca:c5:04:d8:74:b6:
                    ff:2f:5d:fb:3a:9d:07:0e:d6:f9:ca:80:1a:06:84:
                    de:4b:89:b1:91:69:5d:74:45:8e:fd:d6:14:3d:82:
                    93:40:b8:10:f2:81:2f:ad:74:c4:75:74:99:de:c8:
                    df:7b:80:22:56:2d:84:88:d0:18:f6:7d:c5:75:66:
                    8a:d6:bb:ac:9a:e0:c6:e3:05:85:7e:3e:af:48:1f:
                    60:ab:2d:dd:9c:da:3a:91:03:b0:71:86:c9:21:58:
                    e7:6d:3a:21:50:2e:97:da:80:2a:43:6c:94:38:0e:
                    68:77:3f:f4:ef:ce:7c:c4:15:dc:a6:02:2e:ba:c2:
                    9b:f9:33:fe:b1:88:89:81:f0:a8:dc:32:37:bc:81:
                    af:4d:09:eb:4a:5b:df:fc:9d:96:61:a1:5f:81:4e:
                    da:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:B2:3A:96:8E:85:17:2A:F1:1F:B0:67:9E:2A:9C:CD:2A:02:A4:45
            X509v3 Authority Key Identifier:
                keyid:DD:BE:6E:0A:DA:E8:BB:47:83:93:AA:B1:75:B6:38:64:4C:74:CC:B7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b5uCtrou0eDk6qxdbY4ZEx0zLc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/ebI6lo6FFyrxH7BnniqczSoCpEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/36/a67b78-58c8-4311-9e69-6baa3b548d23/1/3b5uCtrou0eDk6qxdbY4ZEx0zLc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.212.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         58:5e:8b:47:a5:72:7b:7a:ca:e4:d9:09:33:a8:28:b7:a6:b0:
         e3:e1:3d:99:19:6c:46:18:4d:17:3a:4d:65:ed:6c:50:48:18:
         96:ad:de:13:f6:86:ae:27:20:46:72:1e:30:aa:b6:d0:44:a7:
         68:7a:4e:23:80:66:4d:98:e1:f7:7d:8d:67:83:c8:2f:27:64:
         bf:d0:7d:a6:73:ad:3e:17:aa:60:60:86:1e:c2:65:6b:5f:a5:
         6c:92:3d:41:12:83:4b:87:61:92:f7:f5:35:a1:ab:d3:77:62:
         2c:12:dc:f2:0f:3e:bb:7f:2f:6d:a3:90:05:91:ca:d0:a4:06:
         59:52:38:15:6b:ec:97:ff:94:25:e2:eb:b8:58:77:b3:2c:0f:
         2f:73:54:68:65:58:ee:b5:17:c4:23:df:3a:1a:ce:21:32:66:
         d0:da:37:7e:eb:5b:8d:2c:fb:ea:36:44:4b:6f:18:db:20:3c:
         cc:bf:b5:b6:a5:45:68:30:ac:8f:60:01:c8:76:f6:f1:db:12:
         41:2c:e7:8f:08:62:53:ec:c7:19:a4:53:e1:56:93:9a:23:b4:
         d1:0c:70:51:ab:a4:4a:f0:15:45:b2:07:e5:dc:af:28:af:96:
         17:f5:b2:ed:7e:f0:1b:05:ac:2e:bb:e1:ec:1c:37:35:42:e3:
         e7:81:1d:23
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc29G1CbIMDAOHaD1iAhKRCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkYmU2ZTBhZGFlOGJiNDc4MzkzYWFiMTc1YjYzODY0NGM3
NGNjYjcwHhcNMjUwNjAzMTgwMTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OWIyM2E5NjhlODUxNzJhZjExZmIwNjc5ZTJhOWNjZDJhMDJhNDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlx0sBsqTnjgMzFL1I0Wo5jFYIsz0
RqPVgVD1164Dnq7T6+5WL6/z8jivHmsaP0vffsNdUVqNvLZCoe24n2TcVtAA+Fas
u2+nOptVKEcN3a1G+KGe9jp2Fh0hNu5jqVxZhSDKxQTYdLb/L137Op0HDtb5yoAa
BoTeS4mxkWlddEWO/dYUPYKTQLgQ8oEvrXTEdXSZ3sjfe4AiVi2EiNAY9n3FdWaK
1rusmuDG4wWFfj6vSB9gqy3dnNo6kQOwcYbJIVjnbTohUC6X2oAqQ2yUOA5odz/0
7858xBXcpgIuusKb+TP+sYiJgfCo3DI3vIGvTQnrSlvf/J2WYaFfgU7a/wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHmyOpaOhRcq8R+wZ54qnM0qAqRFMB8GA1UdIwQY
MBaAFN2+bgra6LtHg5OqsXW2OGRMdMy3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2I1dUN0cm91MGVEazZxeGRiWTRaRXgwekxjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNi9hNjdiNzgtNThjOC00MzExLTllNjkt
NmJhYTNiNTQ4ZDIzLzEvZWJJNmxvNkZGeXJ4SDdCbm5pcWN6U29DcEVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNi9hNjdiNzgtNThjOC00MzExLTllNjktNmJhYTNiNTQ4ZDIz
LzEvM2I1dUN0cm91MGVEazZxeGRiWTRaRXgwekxjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAstQ/MA0G
CSqGSIb3DQEBCwUAA4IBAQBYXotHpXJ7esrk2QkzqCi3prDj4T2ZGWxGGE0XOk1l
7WxQSBiWrd4T9oauJyBGch4wqrbQRKdoek4jgGZNmOH3fY1ng8gvJ2S/0H2mc60+
F6pgYIYewmVrX6Vskj1BEoNLh2GS9/U1oavTd2IsEtzyDz67fy9to5AFkcrQpAZZ
UjgVa+yX/5Ql4uu4WHezLA8vc1RoZVjutRfEI986Gs4hMmbQ2jd+61uNLPvqNkRL
bxjbIDzMv7W2pUVoMKyPYAHIdvbx2xJBLOePCGJT7McZpFPhVpOaI7TRDHBRq6RK
8BVFsgfl3K8or5YX9bLtfvAbBawuu+HsHDc1QuPngR0j
-----END CERTIFICATE-----