Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/68/267bf5-0220-48b1-b723-a5ae5b19939a/1/eLZf6bXb8xEZurUf42JvubCYQLQ.roa
File:                     eLZf6bXb8xEZurUf42JvubCYQLQ.roa (raw, json)
Hash identifier:          CQdXKjlldjU5ONxgLx9uzQIu5vM63ThRAoUDUMH3Bko=
Subject key identifier:   78:B6:5F:E9:B5:DB:F3:11:19:BA:B5:1F:E3:62:6F:B9:B0:98:40:B4
Certificate issuer:       /CN=cb14d30f3b1e1137423c4b235957f3303064daff
Certificate serial:       0194274827860C9FD299D52621C2E65A5A96
Authority key identifier: CB:14:D3:0F:3B:1E:11:37:42:3C:4B:23:59:57:F3:30:30:64:DA:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yxTTDzseETdCPEsjWVfzMDBk2v8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/68/267bf5-0220-48b1-b723-a5ae5b19939a/1/eLZf6bXb8xEZurUf42JvubCYQLQ.roa
Signing time:             Thu 02 Jan 2025 13:50:27 +0000
ROA not before:           Thu 02 Jan 2025 13:50:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57710
IP address blocks:        37.61.160.0/20 maxlen: 24
                          185.235.200.0/22 maxlen: 24
                          2a00:9640::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/68/267bf5-0220-48b1-b723-a5ae5b19939a/1/yxTTDzseETdCPEsjWVfzMDBk2v8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/68/267bf5-0220-48b1-b723-a5ae5b19939a/1/yxTTDzseETdCPEsjWVfzMDBk2v8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yxTTDzseETdCPEsjWVfzMDBk2v8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:27:86:0c:9f:d2:99:d5:26:21:c2:e6:5a:5a:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cb14d30f3b1e1137423c4b235957f3303064daff
        Validity
            Not Before: Jan  2 13:50:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78b65fe9b5dbf31119bab51fe3626fb9b09840b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:b8:26:c7:32:8c:7d:03:b1:eb:c4:14:ce:a9:
                    6b:9f:bd:c4:6f:ac:65:8e:b6:15:02:85:d8:a1:88:
                    6d:af:d4:27:d4:0d:0b:1a:1f:d7:7e:44:dd:e2:cb:
                    70:ac:9d:a6:91:49:81:b9:6a:c3:79:c1:7d:4f:ba:
                    97:11:b0:7e:c5:a5:3c:75:be:a5:9b:53:fb:18:45:
                    e5:35:32:f1:93:9f:fc:1e:29:1c:05:ee:46:2f:b7:
                    18:7b:8b:41:84:52:85:66:cb:61:d6:9f:8d:4b:a8:
                    3d:64:6f:70:3e:07:a7:29:8a:0f:9e:40:61:de:e0:
                    28:ce:5d:3d:c8:a8:d5:71:d8:40:77:05:ae:ae:ae:
                    6b:55:4d:1b:a5:2c:57:1f:ec:e4:cd:f0:e9:58:cd:
                    54:8c:9d:36:df:2e:24:53:46:99:b1:c4:85:83:b5:
                    1f:f3:74:e1:63:2e:f5:70:88:c6:6b:42:c6:ae:2f:
                    ed:96:88:8e:f8:b8:93:4d:56:b1:d7:b3:60:fc:a7:
                    22:b2:e5:97:69:11:2b:b7:83:1c:cb:36:83:16:aa:
                    a5:b5:34:39:d1:62:76:18:c6:33:84:24:df:57:6d:
                    16:b3:7f:4d:12:3e:8f:bd:f1:8b:1a:6c:8d:7e:34:
                    2f:ab:25:bb:7f:f7:3f:89:d2:42:33:4c:db:85:d8:
                    18:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:B6:5F:E9:B5:DB:F3:11:19:BA:B5:1F:E3:62:6F:B9:B0:98:40:B4
            X509v3 Authority Key Identifier:
                keyid:CB:14:D3:0F:3B:1E:11:37:42:3C:4B:23:59:57:F3:30:30:64:DA:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yxTTDzseETdCPEsjWVfzMDBk2v8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/68/267bf5-0220-48b1-b723-a5ae5b19939a/1/eLZf6bXb8xEZurUf42JvubCYQLQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/68/267bf5-0220-48b1-b723-a5ae5b19939a/1/yxTTDzseETdCPEsjWVfzMDBk2v8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.61.160.0/20
                  185.235.200.0/22
                IPv6:
                  2a00:9640::/32

    Signature Algorithm: sha256WithRSAEncryption
         bf:25:8c:2d:8e:c8:a6:7f:64:84:c7:3c:3a:4d:6e:7d:67:b6:
         e0:18:b9:98:d7:88:37:e6:ba:c9:2e:42:32:0b:fd:2c:df:34:
         10:49:dd:ed:d3:a2:97:b5:b1:fe:e1:3c:d9:66:a1:01:77:4a:
         46:78:f8:75:5f:0c:bc:1a:4c:d8:ce:e4:44:9d:09:4d:c2:77:
         a4:c4:6b:8a:19:54:33:49:ca:1a:09:22:b3:ce:96:7c:38:13:
         e2:cf:c9:52:76:c6:12:c4:6f:05:98:89:7f:8b:f4:b1:94:f8:
         2f:2e:2a:25:8b:b4:fd:b3:ae:9e:3d:e3:e1:eb:83:38:a0:96:
         a9:6e:c5:28:f6:90:b9:49:ff:3b:60:17:cf:fe:98:13:bf:21:
         f9:b9:13:20:a1:cf:93:1d:8d:47:6c:af:f1:ce:dc:75:b3:80:
         f9:4c:7b:97:77:6b:2a:1b:72:59:22:22:90:32:2d:e4:d4:73:
         3f:41:88:0e:49:8f:9d:35:d2:70:91:04:68:3e:a8:c4:53:62:
         4e:cd:74:bb:03:a5:1d:e0:47:86:21:49:d2:0c:55:ec:95:8c:
         a6:44:11:e3:6d:64:c8:70:77:fa:86:c3:06:58:5b:80:7a:79:
         b4:b1:5c:37:49:5d:49:52:ba:3b:fc:de:2a:82:87:8f:91:f5:
         0a:58:7d:0a
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQnSCeGDJ/SmdUmIcLmWlqWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiMTRkMzBmM2IxZTExMzc0MjNjNGIyMzU5NTdmMzMwMzA2
NGRhZmYwHhcNMjUwMTAyMTM1MDI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGI2NWZlOWI1ZGJmMzExMTliYWI1MWZlMzYyNmZiOWIwOTg0MGI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtbgmxzKMfQOx68QUzqlrn73Eb6xl
jrYVAoXYoYhtr9Qn1A0LGh/XfkTd4stwrJ2mkUmBuWrDecF9T7qXEbB+xaU8db6l
m1P7GEXlNTLxk5/8HikcBe5GL7cYe4tBhFKFZsth1p+NS6g9ZG9wPgenKYoPnkBh
3uAozl09yKjVcdhAdwWurq5rVU0bpSxXH+zkzfDpWM1UjJ023y4kU0aZscSFg7Uf
83ThYy71cIjGa0LGri/tloiO+LiTTVax17Ng/KcisuWXaRErt4McyzaDFqqltTQ5
0WJ2GMYzhCTfV20Ws39NEj6PvfGLGmyNfjQvqyW7f/c/idJCM0zbhdgYEwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHi2X+m12/MRGbq1H+Nib7mwmEC0MB8GA1UdIwQY
MBaAFMsU0w87HhE3QjxLI1lX8zAwZNr/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveXhUVER6c2VFVGRDUEVzaldWZnpNREJrMnY4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OC8yNjdiZjUtMDIyMC00OGIxLWI3MjMt
YTVhZTViMTk5MzlhLzEvZUxaZjZiWGI4eEVadXJVZjQySnZ1YkNZUUxRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OC8yNjdiZjUtMDIyMC00OGIxLWI3MjMtYTVhZTViMTk5Mzlh
LzEveXhUVER6c2VFVGRDUEVzaldWZnpNREJrMnY4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEJT2gAwQC
uevIMA0EAgACMAcDBQAqAJZAMA0GCSqGSIb3DQEBCwUAA4IBAQC/JYwtjsimf2SE
xzw6TW59Z7bgGLmY14g35rrJLkIyC/0s3zQQSd3t06KXtbH+4TzZZqEBd0pGePh1
Xwy8GkzYzuREnQlNwnekxGuKGVQzScoaCSKzzpZ8OBPiz8lSdsYSxG8FmIl/i/Sx
lPgvLioli7T9s66ePePh64M4oJapbsUo9pC5Sf87YBfP/pgTvyH5uRMgoc+THY1H
bK/xztx1s4D5THuXd2sqG3JZIiKQMi3k1HM/QYgOSY+dNdJwkQRoPqjEU2JOzXS7
A6Ud4EeGIUnSDFXslYymRBHjbWTIcHf6hsMGWFuAenm0sVw3SV1JUro7/N4qgoeP
kfUKWH0K
-----END CERTIFICATE-----