Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/c314f4-b1ac-426f-8f21-a5e850b6a1bc/1/ekPIeumjzc0aQ-0qnlrmTiVhDJI.roa
File:                     ekPIeumjzc0aQ-0qnlrmTiVhDJI.roa (raw, json)
Hash identifier:          MI/BYhVlkTAuExjmOk0h+DG2/B/CqzwrvfdzA0OS10s=
Subject key identifier:   7A:43:C8:7A:E9:A3:CD:CD:1A:43:ED:2A:9E:5A:E6:4E:25:61:0C:92
Certificate issuer:       /CN=4256e0cb38cd6125cee14e497228b8490a1d40e9
Certificate serial:       01942825AFBDE9AA100FDBC6ECCD0E58175E
Authority key identifier: 42:56:E0:CB:38:CD:61:25:CE:E1:4E:49:72:28:B8:49:0A:1D:40:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QlbgyzjNYSXO4U5Jcii4SQodQOk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/c314f4-b1ac-426f-8f21-a5e850b6a1bc/1/ekPIeumjzc0aQ-0qnlrmTiVhDJI.roa
Signing time:             Thu 02 Jan 2025 17:52:25 +0000
ROA not before:           Thu 02 Jan 2025 17:52:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203778
IP address blocks:        194.33.76.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/c314f4-b1ac-426f-8f21-a5e850b6a1bc/1/QlbgyzjNYSXO4U5Jcii4SQodQOk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/c314f4-b1ac-426f-8f21-a5e850b6a1bc/1/QlbgyzjNYSXO4U5Jcii4SQodQOk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QlbgyzjNYSXO4U5Jcii4SQodQOk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:af:bd:e9:aa:10:0f:db:c6:ec:cd:0e:58:17:5e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4256e0cb38cd6125cee14e497228b8490a1d40e9
        Validity
            Not Before: Jan  2 17:52:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a43c87ae9a3cdcd1a43ed2a9e5ae64e25610c92
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:e5:40:9a:aa:3d:2b:95:96:92:0c:b2:9b:0d:
                    a9:95:ac:26:41:c2:81:57:a6:29:71:cf:17:d7:ae:
                    b5:e5:7d:87:29:03:60:c8:f6:c1:a3:f0:88:06:02:
                    43:90:03:57:35:14:48:5f:67:e9:1f:4f:fc:de:c9:
                    ea:18:13:65:af:08:72:4e:8b:56:3e:62:64:ff:ee:
                    1f:ee:f7:11:4a:72:84:65:8a:c7:04:a3:23:21:46:
                    bc:c0:52:44:fa:ea:5e:a6:c4:1f:57:a0:6d:6a:f2:
                    20:04:96:66:f7:fa:f6:d5:a5:7b:be:b0:06:5a:9b:
                    6b:40:1b:dc:3e:5a:ea:30:c2:b1:2b:fe:2f:b2:00:
                    66:1e:09:00:0b:93:ba:b9:a3:23:5c:83:76:7c:e9:
                    7d:4c:2e:76:82:67:25:a6:6b:79:11:1e:51:77:d1:
                    e6:7a:94:d2:98:bd:56:f6:15:81:73:52:b0:b1:c3:
                    df:b7:d4:a6:97:d1:e9:9b:a0:09:66:2d:69:10:4e:
                    b5:92:9d:37:60:bd:28:24:5a:af:68:04:bc:d8:7f:
                    2f:95:26:6f:a3:f5:19:35:50:2a:dc:5b:5f:5e:7d:
                    1a:d3:c8:c0:71:86:5d:5a:fd:c4:b8:c1:5c:17:10:
                    52:05:67:70:1c:74:a8:5b:5a:a9:04:43:60:48:ed:
                    fb:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:43:C8:7A:E9:A3:CD:CD:1A:43:ED:2A:9E:5A:E6:4E:25:61:0C:92
            X509v3 Authority Key Identifier:
                keyid:42:56:E0:CB:38:CD:61:25:CE:E1:4E:49:72:28:B8:49:0A:1D:40:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QlbgyzjNYSXO4U5Jcii4SQodQOk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/c314f4-b1ac-426f-8f21-a5e850b6a1bc/1/ekPIeumjzc0aQ-0qnlrmTiVhDJI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/c314f4-b1ac-426f-8f21-a5e850b6a1bc/1/QlbgyzjNYSXO4U5Jcii4SQodQOk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.33.76.0/23

    Signature Algorithm: sha256WithRSAEncryption
         07:9c:65:ec:81:44:66:30:b7:4f:fb:7c:3a:d3:eb:e5:45:f0:
         12:aa:19:5d:02:2f:1d:4a:9d:3d:44:43:c8:36:c9:35:38:32:
         d8:fd:a0:6e:88:d1:65:db:19:d1:65:08:b4:da:dd:30:a4:f7:
         c5:da:7a:77:fa:8b:56:4f:a4:bb:d5:60:8c:27:cf:fb:f3:22:
         18:76:83:a6:6b:ec:9c:09:6c:28:bb:d7:f3:14:e8:26:bf:9f:
         30:bd:f7:75:e6:09:5f:9b:3c:27:63:eb:5b:ba:53:98:8e:f9:
         ec:95:24:ad:d2:65:8f:6c:05:25:6c:a5:5d:6b:bc:64:23:1f:
         0d:d9:19:a5:dc:3c:e2:4b:65:d3:5d:f1:c9:7d:e9:fa:f5:23:
         6d:2f:39:2b:67:f7:4b:bc:1f:f8:cc:d0:1d:4b:21:c1:33:26:
         c5:64:3f:e7:8a:75:a4:97:c0:d6:57:af:65:7a:fb:62:fc:91:
         1e:0a:9a:cb:33:94:a5:5b:fa:16:38:10:a0:c9:90:c2:a0:e1:
         24:70:cc:ae:15:be:d2:48:d2:0f:e8:0a:19:c7:fc:06:b0:c3:
         61:15:fe:41:21:f9:27:29:18:e4:94:9a:84:32:c8:bb:99:d3:
         28:2b:ee:f5:ff:fd:e6:bc:8c:9b:72:49:dd:f0:da:ed:07:c0:
         57:16:5e:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJa+96aoQD9vG7M0OWBdeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQyNTZlMGNiMzhjZDYxMjVjZWUxNGU0OTcyMjhiODQ5MGEx
ZDQwZTkwHhcNMjUwMTAyMTc1MjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTQzYzg3YWU5YTNjZGNkMWE0M2VkMmE5ZTVhZTY0ZTI1NjEwYzkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1uVAmqo9K5WWkgyymw2plawmQcKB
V6Ypcc8X16615X2HKQNgyPbBo/CIBgJDkANXNRRIX2fpH0/83snqGBNlrwhyTotW
PmJk/+4f7vcRSnKEZYrHBKMjIUa8wFJE+upepsQfV6BtavIgBJZm9/r21aV7vrAG
WptrQBvcPlrqMMKxK/4vsgBmHgkAC5O6uaMjXIN2fOl9TC52gmclpmt5ER5Rd9Hm
epTSmL1W9hWBc1KwscPft9Sml9Hpm6AJZi1pEE61kp03YL0oJFqvaAS82H8vlSZv
o/UZNVAq3FtfXn0a08jAcYZdWv3EuMFcFxBSBWdwHHSoW1qpBENgSO37UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHpDyHrpo83NGkPtKp5a5k4lYQySMB8GA1UdIwQY
MBaAFEJW4Ms4zWElzuFOSXIouEkKHUDpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUWxiZ3l6ak5ZU1hPNFU1SmNpaTRTUW9kUU9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9jMzE0ZjQtYjFhYy00MjZmLThmMjEt
YTVlODUwYjZhMWJjLzEvZWtQSWV1bWp6YzBhUS0wcW5scm1UaVZoREpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9jMzE0ZjQtYjFhYy00MjZmLThmMjEtYTVlODUwYjZhMWJj
LzEvUWxiZ3l6ak5ZU1hPNFU1SmNpaTRTUW9kUU9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwiFMMA0G
CSqGSIb3DQEBCwUAA4IBAQAHnGXsgURmMLdP+3w60+vlRfASqhldAi8dSp09REPI
Nsk1ODLY/aBuiNFl2xnRZQi02t0wpPfF2np3+otWT6S71WCMJ8/78yIYdoOma+yc
CWwou9fzFOgmv58wvfd15glfmzwnY+tbulOYjvnslSSt0mWPbAUlbKVda7xkIx8N
2Rml3DziS2XTXfHJfen69SNtLzkrZ/dLvB/4zNAdSyHBMybFZD/ninWkl8DWV69l
evti/JEeCprLM5SlW/oWOBCgyZDCoOEkcMyuFb7SSNIP6AoZx/wGsMNhFf5BIfkn
KRjklJqEMsi7mdMoK+71//3mvIybcknd8NrtB8BXFl7d
-----END CERTIFICATE-----