Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/97311d-af26-4b8d-a1ad-13669569d68e/1/_EhP3rllpoQnC3l-MgFdCzFMz_E.roa
File:                     _EhP3rllpoQnC3l-MgFdCzFMz_E.roa (raw, json)
Hash identifier:          sUekJ+2MT+tzGeS52b6DvBGQq384Sn63ZR154oCzfhs=
Subject key identifier:   FC:48:4F:DE:B9:65:A6:84:27:0B:79:7E:32:01:5D:0B:31:4C:CF:F1
Certificate issuer:       /CN=7ad869e5efd483a72fd3e89978d1cc66df32b512
Certificate serial:       01942067D035FB9023DD1527A6603B1B72C4
Authority key identifier: 7A:D8:69:E5:EF:D4:83:A7:2F:D3:E8:99:78:D1:CC:66:DF:32:B5:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ethp5e_Ug6cv0-iZeNHMZt8ytRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/97311d-af26-4b8d-a1ad-13669569d68e/1/_EhP3rllpoQnC3l-MgFdCzFMz_E.roa
Signing time:             Wed 01 Jan 2025 05:47:41 +0000
ROA not before:           Wed 01 Jan 2025 05:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215588
IP address blocks:        91.201.92.0/22 maxlen: 24
                          2a10:1a80::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/97311d-af26-4b8d-a1ad-13669569d68e/1/ethp5e_Ug6cv0-iZeNHMZt8ytRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/97311d-af26-4b8d-a1ad-13669569d68e/1/ethp5e_Ug6cv0-iZeNHMZt8ytRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ethp5e_Ug6cv0-iZeNHMZt8ytRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 12 Mar 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:d0:35:fb:90:23:dd:15:27:a6:60:3b:1b:72:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7ad869e5efd483a72fd3e89978d1cc66df32b512
        Validity
            Not Before: Jan  1 05:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc484fdeb965a684270b797e32015d0b314ccff1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:14:74:7a:01:af:0e:31:5c:50:d1:a7:8a:89:
                    42:91:72:38:4f:bc:5c:10:e8:9d:a2:c6:d0:d6:47:
                    fb:c1:c5:0d:88:33:93:e7:42:54:e2:7d:a5:0f:12:
                    55:04:9c:a4:da:0f:67:22:94:bb:93:4b:31:90:09:
                    92:08:44:42:8c:ac:fc:57:8b:9b:12:56:38:81:b1:
                    cb:e3:c0:da:2e:61:79:bb:26:ab:89:e5:2d:47:f7:
                    e5:76:94:a0:8a:68:6e:44:40:40:f1:07:dc:47:45:
                    76:08:ed:e1:fe:f9:fd:b1:a8:62:95:7e:8c:77:ad:
                    c5:0b:4a:8e:4d:73:36:c4:26:24:e2:1c:db:82:f8:
                    d7:0b:81:bf:74:98:66:d8:35:f3:f4:a7:b7:16:99:
                    ba:03:f6:fa:0a:42:f7:b0:11:9b:30:b4:19:be:97:
                    21:dd:3f:76:52:12:45:bf:89:cd:f0:61:72:9c:eb:
                    f2:6f:fc:63:d1:10:bc:1f:c5:33:0d:be:6b:07:1f:
                    de:19:50:c7:12:d6:c3:61:70:e8:83:38:06:05:e2:
                    39:88:1d:71:9a:e5:27:c4:24:3a:f8:f8:4b:bf:4c:
                    47:24:b5:f8:8b:e9:36:cc:e3:72:55:05:ec:f6:33:
                    67:7e:94:1f:61:e0:a9:1f:0e:4e:ae:cd:dc:d4:1d:
                    fa:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:48:4F:DE:B9:65:A6:84:27:0B:79:7E:32:01:5D:0B:31:4C:CF:F1
            X509v3 Authority Key Identifier:
                keyid:7A:D8:69:E5:EF:D4:83:A7:2F:D3:E8:99:78:D1:CC:66:DF:32:B5:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ethp5e_Ug6cv0-iZeNHMZt8ytRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/97311d-af26-4b8d-a1ad-13669569d68e/1/_EhP3rllpoQnC3l-MgFdCzFMz_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/97311d-af26-4b8d-a1ad-13669569d68e/1/ethp5e_Ug6cv0-iZeNHMZt8ytRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.201.92.0/22
                IPv6:
                  2a10:1a80::/29

    Signature Algorithm: sha256WithRSAEncryption
         b5:2e:90:8d:0f:a2:b5:19:cb:73:0e:24:3a:e3:2d:46:97:55:
         66:95:78:fc:4f:ce:62:34:d3:b2:b5:d5:8b:a8:67:99:48:ba:
         59:55:d7:af:a8:ea:11:b0:93:b7:a1:ad:87:08:73:ea:b2:24:
         75:01:f6:5d:f5:5f:d7:4b:bf:39:67:c5:a0:5d:d1:7c:71:65:
         b3:2f:d8:37:9f:88:55:db:1b:ea:91:f8:d6:f7:f4:8c:f0:18:
         1a:16:89:a7:24:62:b0:78:40:2e:aa:2c:42:8b:08:06:32:70:
         99:6e:c3:0f:e8:46:5e:a0:a8:92:0e:40:f5:83:3c:02:b2:32:
         85:f7:86:04:d2:d3:63:f8:3b:bc:89:4a:a2:17:1f:77:6f:cc:
         b3:8e:73:8d:6b:8c:da:0f:b2:cd:d9:b6:3f:8f:49:cb:11:47:
         81:3a:6e:8e:20:49:ec:7c:b5:7a:4a:26:69:be:f0:4c:60:c8:
         1f:9c:46:56:94:9f:1f:55:3e:da:1a:03:4f:8a:7d:53:22:34:
         5a:52:25:ea:d3:61:b1:3c:82:a6:15:78:be:6c:dc:fc:da:02:
         a9:1a:34:fe:8a:58:79:d4:f8:57:03:b7:d8:19:b6:7f:89:bc:
         ec:3f:98:e9:d5:c2:be:5f:b9:aa:85:09:ee:39:b2:0e:36:78:
         58:a5:0c:4b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgZ9A1+5Aj3RUnpmA7G3LEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZDg2OWU1ZWZkNDgzYTcyZmQzZTg5OTc4ZDFjYzY2ZGYz
MmI1MTIwHhcNMjUwMTAxMDU0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzQ4NGZkZWI5NjVhNjg0MjcwYjc5N2UzMjAxNWQwYjMxNGNjZmYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BR0egGvDjFcUNGniolCkXI4T7xc
EOidosbQ1kf7wcUNiDOT50JU4n2lDxJVBJyk2g9nIpS7k0sxkAmSCERCjKz8V4ub
ElY4gbHL48DaLmF5uyarieUtR/fldpSgimhuREBA8QfcR0V2CO3h/vn9sahilX6M
d63FC0qOTXM2xCYk4hzbgvjXC4G/dJhm2DXz9Ke3Fpm6A/b6CkL3sBGbMLQZvpch
3T92UhJFv4nN8GFynOvyb/xj0RC8H8UzDb5rBx/eGVDHEtbDYXDogzgGBeI5iB1x
muUnxCQ6+PhLv0xHJLX4i+k2zONyVQXs9jNnfpQfYeCpHw5Ors3c1B36iwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFPxIT965ZaaEJwt5fjIBXQsxTM/xMB8GA1UdIwQY
MBaAFHrYaeXv1IOnL9PomXjRzGbfMrUSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXRocDVlX1VnNmN2MC1pWmVOSE1adDh5dFJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi85NzMxMWQtYWYyNi00YjhkLWExYWQt
MTM2Njk1NjlkNjhlLzEvX0VoUDNybGxwb1FuQzNsLU1nRmRDekZNel9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi85NzMxMWQtYWYyNi00YjhkLWExYWQtMTM2Njk1NjlkNjhl
LzEvZXRocDVlX1VnNmN2MC1pWmVOSE1adDh5dFJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCW8lcMA0E
AgACMAcDBQMqEBqAMA0GCSqGSIb3DQEBCwUAA4IBAQC1LpCND6K1GctzDiQ64y1G
l1VmlXj8T85iNNOytdWLqGeZSLpZVdevqOoRsJO3oa2HCHPqsiR1AfZd9V/XS785
Z8WgXdF8cWWzL9g3n4hV2xvqkfjW9/SM8BgaFomnJGKweEAuqixCiwgGMnCZbsMP
6EZeoKiSDkD1gzwCsjKF94YE0tNj+Du8iUqiFx93b8yzjnONa4zaD7LN2bY/j0nL
EUeBOm6OIEnsfLV6SiZpvvBMYMgfnEZWlJ8fVT7aGgNPin1TIjRaUiXq02GxPIKm
FXi+bNz82gKpGjT+ilh51PhXA7fYGbZ/ibzsP5jp1cK+X7mqhQnuObIONnhYpQxL
-----END CERTIFICATE-----