Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/CN0B7UGnZsUghzd1Sf6tTtb-EPA.roa
File:                     CN0B7UGnZsUghzd1Sf6tTtb-EPA.roa (raw, json)
Hash identifier:          xt5eJQTJ6dnXsnWbwbawB1WgbDb54xlrkvObZoI70gQ=
Subject key identifier:   08:DD:01:ED:41:A7:66:C5:20:87:37:75:49:FE:AD:4E:D6:FE:10:F0
Certificate issuer:       /CN=6ddb38b343da2d119309edaa19c7a78870327ebe
Certificate serial:       01949D65DF10CC3A1E84AFE2DC9D02BC5B2A
Authority key identifier: 6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/CN0B7UGnZsUghzd1Sf6tTtb-EPA.roa
Signing time:             Sat 25 Jan 2025 12:18:06 +0000
ROA not before:           Sat 25 Jan 2025 12:18:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214922
IP address blocks:        188.212.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:9d:65:df:10:cc:3a:1e:84:af:e2:dc:9d:02:bc:5b:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ddb38b343da2d119309edaa19c7a78870327ebe
        Validity
            Not Before: Jan 25 12:18:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=08dd01ed41a766c52087377549fead4ed6fe10f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:16:0d:67:22:91:1e:92:b5:46:2f:89:5c:00:
                    bd:5d:e1:b4:8d:94:fa:4c:63:b0:1e:4b:51:bc:38:
                    34:cf:8d:2d:55:fe:a6:4b:9a:1f:22:00:9a:fd:36:
                    18:1a:f0:4a:ea:fa:31:44:71:fc:f4:0e:d3:b8:83:
                    a6:6a:cd:27:53:36:eb:21:1b:5f:b0:34:e5:81:06:
                    0e:a8:fe:42:58:b4:7b:af:5f:b2:72:09:df:03:f6:
                    ce:2e:e4:47:ae:f7:5f:f4:09:c1:d2:20:c9:2d:0d:
                    df:f9:21:43:80:a7:da:0d:7f:f3:50:96:5f:ca:a2:
                    fb:f4:30:6f:4d:a9:ed:81:9e:b7:cc:b0:c3:da:7c:
                    86:a9:7c:5c:ce:03:a3:72:d3:76:ab:60:5e:fd:f9:
                    1a:11:05:bb:30:21:67:96:83:85:dd:d0:17:5d:a6:
                    d4:06:b7:b7:c6:5b:32:02:bb:5c:c0:88:b1:60:de:
                    df:59:41:70:ac:c4:4f:45:e6:97:d5:b1:8b:9f:12:
                    c3:81:d5:54:c9:6f:72:99:c6:7d:a8:8d:7c:da:d4:
                    84:38:f3:0a:b5:27:6f:42:4c:7c:32:ca:f3:d8:19:
                    77:65:ae:2e:29:9d:cc:6b:a0:c8:05:d6:ac:01:88:
                    d6:db:36:7a:1a:2c:58:11:47:45:74:11:ad:33:f3:
                    91:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:DD:01:ED:41:A7:66:C5:20:87:37:75:49:FE:AD:4E:D6:FE:10:F0
            X509v3 Authority Key Identifier:
                keyid:6D:DB:38:B3:43:DA:2D:11:93:09:ED:AA:19:C7:A7:88:70:32:7E:BE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bds4s0PaLRGTCe2qGceniHAyfr4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/CN0B7UGnZsUghzd1Sf6tTtb-EPA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/52/c961a0-4f53-422a-b7dd-3dfa510d6b16/1/bds4s0PaLRGTCe2qGceniHAyfr4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.212.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:4c:60:81:6b:42:e2:44:44:5e:ae:20:c7:f2:4a:cc:dc:50:
         5d:ac:15:0e:78:8f:26:23:30:d8:4a:79:0a:7c:c1:69:65:c4:
         f4:d5:9a:42:b6:ab:18:eb:e1:1c:2f:bd:43:c0:a0:87:b7:8e:
         ab:f7:2f:ed:00:a3:e6:e8:b5:4c:4f:5c:a3:21:fd:f2:80:77:
         fa:d2:9e:59:db:f4:99:64:3b:d5:c3:56:e7:69:43:fd:96:55:
         d7:a1:93:f7:7a:c5:4d:cb:5a:7d:a9:11:e6:22:2a:b4:cc:7d:
         ed:db:ec:f4:ec:2f:a6:a1:01:3d:35:eb:59:24:9a:be:26:67:
         3b:ea:a6:73:b8:b3:1e:57:2a:84:c7:8f:a1:9e:65:e7:1e:14:
         dc:de:3b:fc:b8:92:9e:9b:51:79:ef:35:db:d3:80:a4:fe:34:
         2e:dd:42:d0:53:b4:99:99:7d:bc:77:22:e5:fc:f7:49:aa:93:
         b5:f2:bd:8f:0d:56:75:df:9c:2e:fb:42:d6:80:79:7f:17:7d:
         3c:11:fd:6a:a1:ff:e1:fa:96:3b:65:e9:36:c3:c8:c0:e2:99:
         92:28:51:04:76:2f:64:27:a4:9d:ad:d7:90:c6:17:17:2d:98:
         a8:7d:b9:9a:e6:f2:2c:8b:df:c3:06:54:8e:44:c4:33:35:d9:
         e9:ec:77:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSdZd8QzDoehK/i3J0CvFsqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkZGIzOGIzNDNkYTJkMTE5MzA5ZWRhYTE5YzdhNzg4NzAz
MjdlYmUwHhcNMjUwMTI1MTIxODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOGRkMDFlZDQxYTc2NmM1MjA4NzM3NzU0OWZlYWQ0ZWQ2ZmUxMGYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsBYNZyKRHpK1Ri+JXAC9XeG0jZT6
TGOwHktRvDg0z40tVf6mS5ofIgCa/TYYGvBK6voxRHH89A7TuIOmas0nUzbrIRtf
sDTlgQYOqP5CWLR7r1+ycgnfA/bOLuRHrvdf9AnB0iDJLQ3f+SFDgKfaDX/zUJZf
yqL79DBvTantgZ63zLDD2nyGqXxczgOjctN2q2Be/fkaEQW7MCFnloOF3dAXXabU
Bre3xlsyArtcwIixYN7fWUFwrMRPReaX1bGLnxLDgdVUyW9ymcZ9qI182tSEOPMK
tSdvQkx8Msrz2Bl3Za4uKZ3Ma6DIBdasAYjW2zZ6GixYEUdFdBGtM/ORuQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAjdAe1Bp2bFIIc3dUn+rU7W/hDwMB8GA1UdIwQY
MBaAFG3bOLND2i0RkwntqhnHp4hwMn6+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQt
M2RmYTUxMGQ2YjE2LzEvQ04wQjdVR25ac1VnaHpkMVNmNnRUdGItRVBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi9jOTYxYTAtNGY1My00MjJhLWI3ZGQtM2RmYTUxMGQ2YjE2
LzEvYmRzNHMwUGFMUkdUQ2UycUdjZW5pSEF5ZnI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAvNRiMA0G
CSqGSIb3DQEBCwUAA4IBAQCeTGCBa0LiREReriDH8krM3FBdrBUOeI8mIzDYSnkK
fMFpZcT01ZpCtqsY6+EcL71DwKCHt46r9y/tAKPm6LVMT1yjIf3ygHf60p5Z2/SZ
ZDvVw1bnaUP9llXXoZP3esVNy1p9qRHmIiq0zH3t2+z07C+moQE9NetZJJq+Jmc7
6qZzuLMeVyqEx4+hnmXnHhTc3jv8uJKem1F57zXb04Ck/jQu3ULQU7SZmX28dyLl
/PdJqpO18r2PDVZ135wu+0LWgHl/F308Ef1qof/h+pY7Zek2w8jA4pmSKFEEdi9k
J6SdrdeQxhcXLZiofbma5vIsi9/DBlSORMQzNdnp7Hf1
-----END CERTIFICATE-----