Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/ejzl0ofmzawIFodS3w9DT80Q_Sc.roa
File:                     ejzl0ofmzawIFodS3w9DT80Q_Sc.roa (raw, json)
Hash identifier:          pqNkIe/f5LGm6clq4rxSpp7oiX85pDpRj/cIU4SqPjI=
Subject key identifier:   7A:3C:E5:D2:87:E6:CD:AC:08:16:87:52:DF:0F:43:4F:CD:10:FD:27
Certificate issuer:       /CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
Certificate serial:       0194258F82DA238AA9F2D5614661A78E6D09
Authority key identifier: 20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/ejzl0ofmzawIFodS3w9DT80Q_Sc.roa
Signing time:             Thu 02 Jan 2025 05:49:09 +0000
ROA not before:           Thu 02 Jan 2025 05:49:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35782
IP address blocks:        82.150.144.0/24 maxlen: 24
                          2a02:10:104::/48 maxlen: 48
                          2a02:10:105::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:82:da:23:8a:a9:f2:d5:61:46:61:a7:8e:6d:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=201fe30fc6b4b0d0f6db4e1bfbbd50195dca575c
        Validity
            Not Before: Jan  2 05:49:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a3ce5d287e6cdac08168752df0f434fcd10fd27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:68:c0:ae:32:1b:b6:42:f4:30:6c:92:b6:49:
                    b2:d1:a9:38:ba:bd:93:62:e3:9f:e5:cf:d2:6c:72:
                    eb:1e:4a:57:88:63:76:ab:79:f2:c8:a5:3c:c9:5f:
                    d6:df:5d:5e:b6:cd:d9:6a:46:10:ef:4f:dd:06:ae:
                    69:02:e8:06:8e:ae:10:fe:86:e5:15:d4:79:5b:3b:
                    54:be:ce:02:1b:ef:42:4f:8d:2e:ae:78:76:47:9c:
                    c9:03:20:86:e3:eb:fe:89:44:b6:40:c2:d2:37:0f:
                    43:79:78:b6:e9:fe:7d:23:77:8d:72:24:bf:23:03:
                    d4:80:36:c9:d1:65:0e:44:ee:af:8f:bd:95:2f:2c:
                    92:4f:4d:a6:8c:e1:48:73:ac:e1:22:65:63:72:23:
                    ba:01:dd:d0:6a:a9:bc:81:b6:87:9d:97:0f:c0:6f:
                    55:6e:c1:32:23:27:c1:1c:1b:09:a5:28:45:ec:e9:
                    95:01:a8:a6:5f:ed:31:09:35:9c:10:0a:74:d9:f9:
                    0e:29:87:3e:63:08:95:00:15:10:a3:0a:a7:33:34:
                    dc:88:c6:27:65:94:3a:c8:24:0f:c4:c3:81:6a:66:
                    1d:0d:47:91:45:b1:fb:51:d1:0a:d6:d8:24:59:d5:
                    e7:17:fb:ae:70:dd:33:fb:7f:0d:cb:e5:f3:cd:e4:
                    b6:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:3C:E5:D2:87:E6:CD:AC:08:16:87:52:DF:0F:43:4F:CD:10:FD:27
            X509v3 Authority Key Identifier:
                keyid:20:1F:E3:0F:C6:B4:B0:D0:F6:DB:4E:1B:FB:BD:50:19:5D:CA:57:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IB_jD8a0sND2204b-71QGV3KV1w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/ejzl0ofmzawIFodS3w9DT80Q_Sc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/8d80f9-494e-4abb-9956-fc121c800b30/1/IB_jD8a0sND2204b-71QGV3KV1w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.150.144.0/24
                IPv6:
                  2a02:10:104::/47

    Signature Algorithm: sha256WithRSAEncryption
         0f:44:60:f9:99:5f:dd:92:7a:d7:d3:07:c2:13:95:6a:12:8d:
         df:27:8d:f1:b9:d9:82:12:70:de:eb:bf:84:b3:75:31:d6:16:
         b2:b9:02:00:86:a7:76:82:3d:d5:93:d7:dc:cb:ff:ee:9e:aa:
         68:3c:ef:b1:cf:ff:ed:b4:03:f3:36:2b:e2:24:10:c6:21:39:
         3a:03:4f:96:22:8c:cd:46:82:82:51:36:f2:0d:f2:17:44:a7:
         ab:3e:90:67:30:f7:5e:d1:1f:52:46:93:09:d7:a1:0c:ed:61:
         a8:06:20:72:6d:ca:52:64:34:f4:96:ee:cb:85:76:7b:3f:64:
         24:4a:43:23:e3:9f:b0:ef:ac:02:d8:b4:21:1e:b6:7b:3e:8d:
         03:c1:5e:c3:f9:8a:9c:ce:f9:6c:5c:74:e4:96:2c:60:d8:75:
         c5:a6:8a:85:cf:bf:eb:8e:d7:16:01:19:47:4f:02:b5:a7:d2:
         8d:36:fe:22:da:44:97:97:e8:c2:6d:51:9d:c2:5c:b1:b6:26:
         6e:10:1b:58:b3:51:0c:a4:02:42:02:af:35:df:54:ba:2f:89:
         09:04:f5:96:3b:48:5e:21:a7:e7:32:e3:c7:e4:59:9f:bd:4b:
         d3:53:8b:a0:19:74:6e:20:6e:26:fa:b1:9b:34:f6:11:b2:bd:
         e9:8b:43:68
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQlj4LaI4qp8tVhRmGnjm0JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIwMWZlMzBmYzZiNGIwZDBmNmRiNGUxYmZiYmQ1MDE5NWRj
YTU3NWMwHhcNMjUwMTAyMDU0OTA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTNjZTVkMjg3ZTZjZGFjMDgxNjg3NTJkZjBmNDM0ZmNkMTBmZDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArmjArjIbtkL0MGyStkmy0ak4ur2T
YuOf5c/SbHLrHkpXiGN2q3nyyKU8yV/W311ets3ZakYQ70/dBq5pAugGjq4Q/obl
FdR5WztUvs4CG+9CT40urnh2R5zJAyCG4+v+iUS2QMLSNw9DeXi26f59I3eNciS/
IwPUgDbJ0WUORO6vj72VLyyST02mjOFIc6zhImVjciO6Ad3Qaqm8gbaHnZcPwG9V
bsEyIyfBHBsJpShF7OmVAaimX+0xCTWcEAp02fkOKYc+YwiVABUQowqnMzTciMYn
ZZQ6yCQPxMOBamYdDUeRRbH7UdEK1tgkWdXnF/uucN0z+38Ny+XzzeS24QIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFHo85dKH5s2sCBaHUt8PQ0/NEP0nMB8GA1UdIwQY
MBaAFCAf4w/GtLDQ9ttOG/u9UBldyldcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYt
ZmMxMjFjODAwYjMwLzEvZWp6bDBvZm16YXdJRm9kUzN3OURUODBRX1NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My84ZDgwZjktNDk0ZS00YWJiLTk5NTYtZmMxMjFjODAwYjMw
LzEvSUJfakQ4YTBzTkQyMjA0Yi03MVFHVjNLVjF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUpaQMA8E
AgACMAkDBwEqAgAQAQQwDQYJKoZIhvcNAQELBQADggEBAA9EYPmZX92SetfTB8IT
lWoSjd8njfG52YIScN7rv4SzdTHWFrK5AgCGp3aCPdWT19zL/+6eqmg877HP/+20
A/M2K+IkEMYhOToDT5YijM1GgoJRNvIN8hdEp6s+kGcw917RH1JGkwnXoQztYagG
IHJtylJkNPSW7suFdns/ZCRKQyPjn7DvrALYtCEetns+jQPBXsP5ipzO+WxcdOSW
LGDYdcWmioXPv+uO1xYBGUdPArWn0o02/iLaRJeX6MJtUZ3CXLG2Jm4QG1izUQyk
AkICrzXfVLoviQkE9ZY7SF4hp+cy48fkWZ+9S9NTi6AZdG4gbib6sZs09hGyvemL
Q2g=
-----END CERTIFICATE-----