Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5c/7d5607-0a8a-4447-8651-c6349db9499b/1/EAKe9346ONHQ_VuM_WxVCj_cv4Y.roa
File:                     EAKe9346ONHQ_VuM_WxVCj_cv4Y.roa (raw, json)
Hash identifier:          5H5/ZpQAnmY/nM8N1VtyRS6/84qLoSsU0G+AmpT2T/k=
Subject key identifier:   10:02:9E:F7:7E:3A:38:D1:D0:FD:5B:8C:FD:6C:55:0A:3F:DC:BF:86
Certificate issuer:       /CN=db8d08edc4393a8671296f8eacbbecf94d76562a
Certificate serial:       019421B1B1D9C29BAFEB41EBB33685F2CF8F
Authority key identifier: DB:8D:08:ED:C4:39:3A:86:71:29:6F:8E:AC:BB:EC:F9:4D:76:56:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/240I7cQ5OoZxKW-OrLvs-U12Vio.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5c/7d5607-0a8a-4447-8651-c6349db9499b/1/EAKe9346ONHQ_VuM_WxVCj_cv4Y.roa
Signing time:             Wed 01 Jan 2025 11:48:01 +0000
ROA not before:           Wed 01 Jan 2025 11:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212338
IP address blocks:        185.213.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5c/7d5607-0a8a-4447-8651-c6349db9499b/1/240I7cQ5OoZxKW-OrLvs-U12Vio.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5c/7d5607-0a8a-4447-8651-c6349db9499b/1/240I7cQ5OoZxKW-OrLvs-U12Vio.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/240I7cQ5OoZxKW-OrLvs-U12Vio.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:b1:d9:c2:9b:af:eb:41:eb:b3:36:85:f2:cf:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=db8d08edc4393a8671296f8eacbbecf94d76562a
        Validity
            Not Before: Jan  1 11:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=10029ef77e3a38d1d0fd5b8cfd6c550a3fdcbf86
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:4a:e2:02:51:8b:2f:6b:94:98:77:dc:8d:7a:
                    58:7a:d0:90:bc:21:5b:ec:23:57:3e:fd:9b:11:d4:
                    e4:54:27:c6:eb:f3:dc:03:32:ea:77:23:16:fa:23:
                    7f:64:c3:2f:a6:d9:90:4d:87:f7:3d:53:84:11:3f:
                    41:37:09:df:0b:f8:55:ad:1c:29:05:eb:5a:cf:56:
                    92:80:bf:13:d4:1c:c6:aa:a5:9f:72:7c:08:f5:c9:
                    6b:1e:14:92:3c:29:00:2d:21:e1:de:81:d4:f6:8a:
                    e1:8f:3c:af:3a:54:7e:58:ba:36:69:f5:1b:a7:4b:
                    bd:14:06:c3:49:59:4e:ee:fb:fd:84:22:45:61:b1:
                    0c:48:85:18:44:6c:c4:d0:bb:f8:07:f9:35:e8:f0:
                    00:10:f0:d8:0d:a6:c7:8b:ac:4c:4a:40:9a:65:df:
                    76:93:ae:a7:47:56:5e:f1:87:9a:86:71:13:5d:49:
                    83:2d:36:5f:b7:29:3e:ca:fe:38:f3:28:c2:7d:fa:
                    cb:33:c4:02:b6:b2:0f:bb:61:71:7d:0d:a1:17:44:
                    99:6d:72:8f:d5:4f:ea:81:fc:d1:32:ee:b9:d4:16:
                    8f:02:eb:5a:fe:72:8b:8e:3f:9d:ed:7c:dc:46:f0:
                    63:e3:c0:26:e5:27:62:87:fa:34:96:21:3e:5a:9e:
                    6b:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:02:9E:F7:7E:3A:38:D1:D0:FD:5B:8C:FD:6C:55:0A:3F:DC:BF:86
            X509v3 Authority Key Identifier:
                keyid:DB:8D:08:ED:C4:39:3A:86:71:29:6F:8E:AC:BB:EC:F9:4D:76:56:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/240I7cQ5OoZxKW-OrLvs-U12Vio.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/7d5607-0a8a-4447-8651-c6349db9499b/1/EAKe9346ONHQ_VuM_WxVCj_cv4Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5c/7d5607-0a8a-4447-8651-c6349db9499b/1/240I7cQ5OoZxKW-OrLvs-U12Vio.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:8c:e6:69:08:77:19:ef:6f:92:6f:49:ed:45:0b:dd:6a:e3:
         86:d4:6d:b1:02:aa:d3:6e:3f:e9:d2:bc:f6:b3:8f:c6:99:58:
         bb:aa:f9:a0:9c:97:7f:73:a1:0f:e5:6d:a9:bb:76:43:83:65:
         14:75:09:2a:b5:ef:76:e6:b4:ee:cb:86:8c:d5:f3:52:7a:fa:
         52:84:ed:33:9e:b7:04:c5:e9:3c:f5:1d:ba:35:2d:4f:1c:e3:
         87:f2:3b:75:6c:1a:ec:14:8b:c8:e3:dc:ef:46:f8:da:1e:20:
         22:91:ed:04:ca:c1:71:7a:c5:29:e5:bb:28:14:50:d2:7f:a7:
         0a:c2:f1:95:0b:02:54:64:96:0c:8c:3d:98:4f:7d:eb:22:f7:
         4e:41:a7:97:48:90:88:ec:1e:50:60:79:b8:9e:ba:4f:e6:94:
         02:97:ea:02:95:a4:f3:24:55:68:6d:e3:65:8f:ea:6a:11:5d:
         4d:3f:8d:8f:3c:62:46:60:6a:43:35:f7:e0:79:f9:63:68:d5:
         af:05:b1:86:8b:65:64:98:ee:d5:b8:71:c6:3b:db:38:e8:02:
         4c:65:87:19:b4:b8:31:aa:f0:40:9f:89:0f:3b:77:a1:17:71:
         79:28:10:86:44:37:a9:5c:94:d5:9d:68:ab:7a:92:0c:2a:61:
         7a:17:ba:ca
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsbHZwpuv60HrszaF8s+PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiOGQwOGVkYzQzOTNhODY3MTI5NmY4ZWFjYmJlY2Y5NGQ3
NjU2MmEwHhcNMjUwMTAxMTE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDAyOWVmNzdlM2EzOGQxZDBmZDViOGNmZDZjNTUwYTNmZGNiZjg2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm0riAlGLL2uUmHfcjXpYetCQvCFb
7CNXPv2bEdTkVCfG6/PcAzLqdyMW+iN/ZMMvptmQTYf3PVOEET9BNwnfC/hVrRwp
Betaz1aSgL8T1BzGqqWfcnwI9clrHhSSPCkALSHh3oHU9orhjzyvOlR+WLo2afUb
p0u9FAbDSVlO7vv9hCJFYbEMSIUYRGzE0Lv4B/k16PAAEPDYDabHi6xMSkCaZd92
k66nR1Ze8YeahnETXUmDLTZftyk+yv448yjCffrLM8QCtrIPu2FxfQ2hF0SZbXKP
1U/qgfzRMu651BaPAuta/nKLjj+d7XzcRvBj48Am5Sdih/o0liE+Wp5rcwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBACnvd+OjjR0P1bjP1sVQo/3L+GMB8GA1UdIwQY
MBaAFNuNCO3EOTqGcSlvjqy77PlNdlYqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjQwSTdjUTVPb1p4S1ctT3JMdnMtVTEyVmlvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Yy83ZDU2MDctMGE4YS00NDQ3LTg2NTEt
YzYzNDlkYjk0OTliLzEvRUFLZTkzNDZPTkhRX1Z1TV9XeFZDal9jdjRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Yy83ZDU2MDctMGE4YS00NDQ3LTg2NTEtYzYzNDlkYjk0OTli
LzEvMjQwSTdjUTVPb1p4S1ctT3JMdnMtVTEyVmlvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudUvMA0G
CSqGSIb3DQEBCwUAA4IBAQBVjOZpCHcZ72+Sb0ntRQvdauOG1G2xAqrTbj/p0rz2
s4/GmVi7qvmgnJd/c6EP5W2pu3ZDg2UUdQkqte925rTuy4aM1fNSevpShO0znrcE
xek89R26NS1PHOOH8jt1bBrsFIvI49zvRvjaHiAike0EysFxesUp5bsoFFDSf6cK
wvGVCwJUZJYMjD2YT33rIvdOQaeXSJCI7B5QYHm4nrpP5pQCl+oClaTzJFVobeNl
j+pqEV1NP42PPGJGYGpDNffgefljaNWvBbGGi2VkmO7VuHHGO9s46AJMZYcZtLgx
qvBAn4kPO3ehF3F5KBCGRDepXJTVnWirepIMKmF6F7rK
-----END CERTIFICATE-----