Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/EqaISQIUHHoTZcarSoXaLlnO0LM.roa
File:                     EqaISQIUHHoTZcarSoXaLlnO0LM.roa (raw, json)
Hash identifier:          USJm/vhGTWlgHw2udyKE27tLrmsdveXCYt9mLeOcil4=
Subject key identifier:   12:A6:88:49:02:14:1C:7A:13:65:C6:AB:4A:85:DA:2E:59:CE:D0:B3
Certificate issuer:       /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial:       019425FC745D05823756AA80AE95EDF7A7FB
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/EqaISQIUHHoTZcarSoXaLlnO0LM.roa
Signing time:             Thu 02 Jan 2025 07:48:09 +0000
ROA not before:           Thu 02 Jan 2025 07:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49187
IP address blocks:        188.253.14.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 13:43:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:74:5d:05:82:37:56:aa:80:ae:95:ed:f7:a7:fb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
        Validity
            Not Before: Jan  2 07:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=12a6884902141c7a1365c6ab4a85da2e59ced0b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:75:65:f5:13:28:bf:6b:1f:f0:03:c0:fe:43:
                    ad:7f:4a:34:15:45:6f:15:0a:3a:8e:8d:f8:4a:26:
                    55:b9:7d:13:83:a4:bd:17:7e:e0:f0:08:03:43:e1:
                    56:b1:f6:34:98:a5:70:50:45:47:bf:40:09:70:1a:
                    e3:e1:7f:0a:b8:08:0e:d8:96:81:26:45:a2:7b:09:
                    ec:c1:ce:9b:47:d2:74:68:bd:ee:52:0b:e7:d5:2e:
                    86:b9:06:90:0f:87:09:0f:68:ec:72:88:4d:0c:e0:
                    6e:62:df:12:f9:d2:61:5b:22:b0:89:a2:20:90:66:
                    af:cc:b9:5c:4d:c7:eb:a6:63:43:30:84:ec:78:88:
                    14:e9:0f:e2:89:40:02:93:67:0c:6c:0a:b4:3a:ba:
                    aa:fb:39:e7:0d:17:d8:76:28:b0:ed:15:52:bd:b2:
                    96:54:56:bd:14:d1:3e:f4:da:59:e3:d6:3c:fd:a2:
                    c4:ef:80:d5:30:19:dc:47:4f:a3:eb:a7:f6:77:06:
                    00:ad:50:cc:79:01:93:9b:02:75:52:d1:aa:47:ad:
                    3e:c0:4d:98:91:d5:72:55:92:26:a8:4f:91:ed:0d:
                    d9:70:67:03:12:b0:06:fb:b5:0f:cd:18:43:02:3d:
                    4f:4c:72:b6:49:5d:68:84:39:2d:aa:1a:0f:2b:2e:
                    b7:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:A6:88:49:02:14:1C:7A:13:65:C6:AB:4A:85:DA:2E:59:CE:D0:B3
            X509v3 Authority Key Identifier:
                keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/EqaISQIUHHoTZcarSoXaLlnO0LM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  188.253.14.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c9:d7:c2:06:17:ad:ae:3e:85:31:7d:d2:84:9e:12:d5:e8:75:
         cc:00:28:fb:85:05:df:84:7c:07:c8:54:57:8c:d9:49:3c:4f:
         a0:f2:62:20:2a:e5:78:cc:51:c3:94:8e:dc:65:35:6f:a8:8b:
         0c:cd:37:81:3f:f7:d5:63:27:6e:8c:b2:70:8c:f2:b3:25:3d:
         4d:2d:83:1b:de:ce:2d:03:e6:45:2c:98:04:60:b8:28:13:35:
         79:64:5c:ee:ea:4c:af:0a:ed:9d:91:c0:65:aa:12:a5:21:8c:
         b5:cc:7b:8a:70:65:cd:d1:ee:a6:3b:7d:cc:d0:37:73:bb:44:
         61:ad:3b:64:1d:e6:df:b0:f0:4e:ae:46:18:63:fa:b0:86:ae:
         86:42:78:f5:cd:31:98:cf:59:bb:d3:d1:5b:b5:97:d7:bb:3c:
         47:ea:1c:54:00:03:e9:65:0e:dd:2f:3d:a0:bb:81:54:7f:bb:
         e7:69:cd:80:4e:01:fe:29:19:98:a0:f7:b4:f7:fd:c2:f2:5f:
         7c:f7:15:a8:67:82:2c:76:9e:b1:39:6c:bb:f0:07:f4:fe:77:
         f0:c4:6f:61:b4:e0:8c:9f:58:2c:21:dd:02:c7:fc:d0:06:8d:
         36:17:b5:d4:c0:ff:d0:9e:9c:bb:61:fb:61:60:de:3a:71:9a:
         22:b4:5a:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/HRdBYI3VqqArpXt96f7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjUwMTAyMDc0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmE2ODg0OTAyMTQxYzdhMTM2NWM2YWI0YTg1ZGEyZTU5Y2VkMGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnVl9RMov2sf8APA/kOtf0o0FUVv
FQo6jo34SiZVuX0Tg6S9F37g8AgDQ+FWsfY0mKVwUEVHv0AJcBrj4X8KuAgO2JaB
JkWiewnswc6bR9J0aL3uUgvn1S6GuQaQD4cJD2jscohNDOBuYt8S+dJhWyKwiaIg
kGavzLlcTcfrpmNDMITseIgU6Q/iiUACk2cMbAq0Orqq+znnDRfYdiiw7RVSvbKW
VFa9FNE+9NpZ49Y8/aLE74DVMBncR0+j66f2dwYArVDMeQGTmwJ1UtGqR60+wE2Y
kdVyVZImqE+R7Q3ZcGcDErAG+7UPzRhDAj1PTHK2SV1ohDktqhoPKy63lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBKmiEkCFBx6E2XGq0qF2i5ZztCzMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvRXFhSVNRSVVISG9UWmNhclNvWGFMbG5PMExNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBvP0OMA0G
CSqGSIb3DQEBCwUAA4IBAQDJ18IGF62uPoUxfdKEnhLV6HXMACj7hQXfhHwHyFRX
jNlJPE+g8mIgKuV4zFHDlI7cZTVvqIsMzTeBP/fVYydujLJwjPKzJT1NLYMb3s4t
A+ZFLJgEYLgoEzV5ZFzu6kyvCu2dkcBlqhKlIYy1zHuKcGXN0e6mO33M0Ddzu0Rh
rTtkHebfsPBOrkYYY/qwhq6GQnj1zTGYz1m709FbtZfXuzxH6hxUAAPpZQ7dLz2g
u4FUf7vnac2ATgH+KRmYoPe09/3C8l989xWoZ4Isdp6xOWy78Af0/nfwxG9htOCM
n1gsId0Cx/zQBo02F7XUwP/Qnpy7YfthYN46cZoitFrh
-----END CERTIFICATE-----