Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/4186e4-a2a0-4bda-bc88-e6e928ce534f/1/eKW1kuPZCd7Q2-wUVFiZHmqNaHE.roa
File:                     eKW1kuPZCd7Q2-wUVFiZHmqNaHE.roa (raw, json)
Hash identifier:          E2zSiIhX/F8uFFD091DwlATetZWIqRRANFto/vLbHCQ=
Subject key identifier:   78:A5:B5:92:E3:D9:09:DE:D0:DB:EC:14:54:58:99:1E:6A:8D:68:71
Certificate issuer:       /CN=046acac713123856d4ae6c16054602684dfd07cb
Certificate serial:       0194266BE5A44DCBF9596A95878B66380137
Authority key identifier: 04:6A:CA:C7:13:12:38:56:D4:AE:6C:16:05:46:02:68:4D:FD:07:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BGrKxxMSOFbUrmwWBUYCaE39B8s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/4186e4-a2a0-4bda-bc88-e6e928ce534f/1/eKW1kuPZCd7Q2-wUVFiZHmqNaHE.roa
Signing time:             Thu 02 Jan 2025 09:49:52 +0000
ROA not before:           Thu 02 Jan 2025 09:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12969
IP address blocks:        217.171.208.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/4186e4-a2a0-4bda-bc88-e6e928ce534f/1/BGrKxxMSOFbUrmwWBUYCaE39B8s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/4186e4-a2a0-4bda-bc88-e6e928ce534f/1/BGrKxxMSOFbUrmwWBUYCaE39B8s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BGrKxxMSOFbUrmwWBUYCaE39B8s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6b:e5:a4:4d:cb:f9:59:6a:95:87:8b:66:38:01:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=046acac713123856d4ae6c16054602684dfd07cb
        Validity
            Not Before: Jan  2 09:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=78a5b592e3d909ded0dbec145458991e6a8d6871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:98:8d:c9:96:3b:51:1b:3e:66:de:b6:18:bf:b0:
                    c6:0d:36:21:1f:ce:78:be:c2:d1:ae:b5:c2:7a:4b:
                    46:0e:4b:03:89:7d:dd:ec:3f:eb:df:c0:53:69:4f:
                    80:b7:0b:1f:d9:fb:58:21:a2:26:63:52:de:93:06:
                    04:7c:35:68:b8:56:9a:3e:45:62:33:17:3f:fb:c7:
                    ab:08:11:43:c8:9e:c4:96:c4:f3:9d:d1:57:ee:10:
                    c2:70:37:82:ac:66:99:e6:3a:e0:6d:c7:31:c0:52:
                    df:8b:84:c1:d8:de:62:42:c5:9e:f6:86:42:a6:de:
                    c8:54:92:ee:d3:aa:0c:d2:38:55:de:51:93:67:a4:
                    42:76:4a:05:2f:66:33:72:d1:a9:9b:94:0e:bb:20:
                    7c:be:03:55:a4:2f:51:01:20:c1:25:14:7d:33:1c:
                    20:55:82:8b:9c:0c:fa:fb:5e:35:8e:00:97:76:d7:
                    93:b5:1c:e0:79:3d:99:80:7a:23:ed:5d:c9:93:e3:
                    67:78:c4:f5:92:1e:d2:3c:3f:11:54:ae:9f:02:36:
                    cf:cd:4d:4e:34:35:cd:d3:d1:8b:72:0a:92:c9:86:
                    9e:1e:ec:12:d1:55:da:1c:36:0f:32:d6:70:45:5b:
                    02:fb:4d:ce:73:c8:55:38:97:10:0c:1f:42:10:a4:
                    9b:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:A5:B5:92:E3:D9:09:DE:D0:DB:EC:14:54:58:99:1E:6A:8D:68:71
            X509v3 Authority Key Identifier:
                keyid:04:6A:CA:C7:13:12:38:56:D4:AE:6C:16:05:46:02:68:4D:FD:07:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BGrKxxMSOFbUrmwWBUYCaE39B8s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/4186e4-a2a0-4bda-bc88-e6e928ce534f/1/eKW1kuPZCd7Q2-wUVFiZHmqNaHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/4186e4-a2a0-4bda-bc88-e6e928ce534f/1/BGrKxxMSOFbUrmwWBUYCaE39B8s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.171.208.0/20

    Signature Algorithm: sha256WithRSAEncryption
         30:e0:cd:cd:1b:68:b5:d8:cc:9b:ba:d4:1d:cc:17:e3:65:f1:
         b0:20:a9:0c:ce:5e:3b:d6:1a:01:2c:ab:22:77:1a:26:90:7c:
         4c:79:1c:45:22:d4:f7:8e:62:7a:38:9f:46:bc:f4:8f:45:f3:
         70:4d:76:1e:b4:72:54:f1:f2:53:7a:a2:ff:3a:e2:7e:76:bd:
         71:03:f8:aa:ad:c5:f3:83:e3:a3:b7:45:75:db:d4:33:5b:13:
         4a:3f:20:89:72:aa:c4:cb:3c:b1:4c:c4:79:d0:62:78:06:71:
         2f:1f:aa:e2:ef:41:4f:5a:0b:3e:50:51:d8:02:2a:a5:2c:5e:
         1d:05:5e:74:a8:c1:36:46:a7:55:d2:fd:57:17:e7:34:3f:8d:
         41:6d:99:ca:d1:88:17:ba:91:d4:00:52:0e:29:50:0e:43:91:
         0b:f4:69:04:0f:39:f0:db:9c:6e:73:39:ec:ce:eb:ea:e1:a2:
         99:c3:0e:73:ed:f7:ae:7f:60:43:13:2f:a7:fe:12:6b:21:ba:
         cd:bc:43:91:d2:89:78:28:bc:e4:d8:26:60:63:c5:e3:9f:fe:
         84:e6:60:d9:fb:12:c8:d5:ae:61:a7:2c:f7:ee:1b:a9:b7:2f:
         0e:ca:85:29:f7:ed:52:33:09:c4:4a:10:00:5b:e0:1d:09:27:
         a4:0f:17:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQma+WkTcv5WWqVh4tmOAE3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA0NmFjYWM3MTMxMjM4NTZkNGFlNmMxNjA1NDYwMjY4NGRm
ZDA3Y2IwHhcNMjUwMTAyMDk0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OGE1YjU5MmUzZDkwOWRlZDBkYmVjMTQ1NDU4OTkxZTZhOGQ2ODcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmI3JljtRGz5m3rYYv7DGDTYhH854
vsLRrrXCektGDksDiX3d7D/r38BTaU+Atwsf2ftYIaImY1LekwYEfDVouFaaPkVi
Mxc/+8erCBFDyJ7ElsTzndFX7hDCcDeCrGaZ5jrgbccxwFLfi4TB2N5iQsWe9oZC
pt7IVJLu06oM0jhV3lGTZ6RCdkoFL2YzctGpm5QOuyB8vgNVpC9RASDBJRR9Mxwg
VYKLnAz6+141jgCXdteTtRzgeT2ZgHoj7V3Jk+NneMT1kh7SPD8RVK6fAjbPzU1O
NDXN09GLcgqSyYaeHuwS0VXaHDYPMtZwRVsC+03Oc8hVOJcQDB9CEKSbSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHiltZLj2Qne0NvsFFRYmR5qjWhxMB8GA1UdIwQY
MBaAFARqyscTEjhW1K5sFgVGAmhN/QfLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQkdyS3h4TVNPRmJVcm13V0JVWUNhRTM5QjhzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS80MTg2ZTQtYTJhMC00YmRhLWJjODgt
ZTZlOTI4Y2U1MzRmLzEvZUtXMWt1UFpDZDdRMi13VVZGaVpIbXFOYUhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS80MTg2ZTQtYTJhMC00YmRhLWJjODgtZTZlOTI4Y2U1MzRm
LzEvQkdyS3h4TVNPRmJVcm13V0JVWUNhRTM5QjhzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQE2avQMA0G
CSqGSIb3DQEBCwUAA4IBAQAw4M3NG2i12MybutQdzBfjZfGwIKkMzl471hoBLKsi
dxomkHxMeRxFItT3jmJ6OJ9GvPSPRfNwTXYetHJU8fJTeqL/OuJ+dr1xA/iqrcXz
g+Ojt0V129QzWxNKPyCJcqrEyzyxTMR50GJ4BnEvH6ri70FPWgs+UFHYAiqlLF4d
BV50qME2RqdV0v1XF+c0P41BbZnK0YgXupHUAFIOKVAOQ5EL9GkEDznw25xuczns
zuvq4aKZww5z7feuf2BDEy+n/hJrIbrNvEOR0ol4KLzk2CZgY8Xjn/6E5mDZ+xLI
1a5hpyz37hupty8OyoUp9+1SMwnEShAAW+AdCSekDxfq
-----END CERTIFICATE-----