Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/Eey_cZJG1JzbE89yJ5-3WKAQnps.roa
File:                     Eey_cZJG1JzbE89yJ5-3WKAQnps.roa (raw, json)
Hash identifier:          Sd/BEYaeo7DwAgjKLvAs+URaNM8tk1wO8kSwFI5eaf8=
Subject key identifier:   11:EC:BF:71:92:46:D4:9C:DB:13:CF:72:27:9F:B7:58:A0:10:9E:9B
Certificate issuer:       /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial:       019425FDD979C0FCD1BBD6789D73E4964165
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/Eey_cZJG1JzbE89yJ5-3WKAQnps.roa
Signing time:             Thu 02 Jan 2025 07:49:40 +0000
ROA not before:           Thu 02 Jan 2025 07:49:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47147
IP address blocks:        152.53.0.0/16 maxlen: 24
                          152.53.98.0/24 maxlen: 24
                          152.53.128.0/20 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:d9:79:c0:fc:d1:bb:d6:78:9d:73:e4:96:41:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
        Validity
            Not Before: Jan  2 07:49:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11ecbf719246d49cdb13cf72279fb758a0109e9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:2e:fb:81:e6:86:07:8b:19:ee:3c:f2:8d:d3:
                    c9:70:6e:11:f7:fe:dd:7a:0a:5f:4c:5e:89:a2:ff:
                    2c:5e:10:3e:02:04:66:76:ac:c5:bd:16:16:c9:f8:
                    80:66:bf:bb:ab:8d:07:1b:57:dd:1c:e2:12:b2:8f:
                    fc:be:bc:87:e2:02:73:8d:31:81:8c:6a:43:6b:a9:
                    51:f0:86:20:2b:34:09:7b:0a:8b:a9:44:e4:62:c9:
                    fa:47:d3:da:14:54:ae:4e:b4:ae:3c:f7:cc:36:61:
                    1b:d9:8b:26:2c:38:58:f9:da:cd:a2:c3:e5:76:91:
                    06:b4:5d:00:39:ac:a6:ac:7a:a0:90:50:0a:a3:58:
                    1f:36:6b:5e:1b:6a:92:cd:3c:41:d3:fd:2b:c0:b4:
                    8a:af:e4:36:eb:97:da:3d:3f:7a:23:15:f9:c4:e6:
                    17:5d:08:14:04:0a:82:df:c9:5f:96:e9:a5:af:6a:
                    e5:53:04:30:fd:2b:0e:e7:09:49:eb:03:6b:af:2d:
                    35:dc:79:92:f4:d6:54:0d:d9:f1:1f:11:2f:6d:e3:
                    7b:75:f8:8e:8a:4f:cb:94:f7:c5:38:7a:1d:b2:aa:
                    ba:1c:6b:5e:20:90:6f:81:c9:0f:06:7c:ca:69:48:
                    a6:de:4a:4a:ef:1c:6d:1d:60:9b:8d:3d:26:f4:9a:
                    56:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:EC:BF:71:92:46:D4:9C:DB:13:CF:72:27:9F:B7:58:A0:10:9E:9B
            X509v3 Authority Key Identifier:
                keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/Eey_cZJG1JzbE89yJ5-3WKAQnps.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.53.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         57:04:e7:7e:15:e0:6d:6a:f6:3a:82:e2:e4:81:49:45:b4:88:
         b2:31:5f:19:00:2d:97:68:c7:38:40:e2:06:c7:7a:24:0f:df:
         c9:7c:4a:4c:c3:ef:d9:09:d8:24:3c:22:32:d1:75:12:0a:f5:
         87:09:67:1c:b1:83:c1:33:91:4d:75:6e:f9:30:07:9b:e1:26:
         60:ad:66:82:0c:73:e2:96:89:9e:52:e6:b9:34:42:38:fd:87:
         c5:a5:8d:e5:34:e7:42:8f:da:25:91:68:e5:9b:2f:3d:4f:0c:
         70:f1:91:cd:3b:3e:3a:15:61:eb:15:fb:c3:dc:4d:bd:b0:e6:
         ae:04:83:c0:d3:d5:44:5e:ce:56:e5:0e:aa:c2:d0:c0:b6:01:
         61:60:75:86:47:ff:94:3c:84:03:fc:25:55:61:ad:0b:c6:38:
         12:0c:0a:c2:14:75:29:df:5a:fe:f6:e7:9b:62:d5:f1:5a:4a:
         52:ad:59:2a:38:8a:b6:0c:bb:e9:1b:a8:5f:21:87:36:1b:c3:
         d7:ec:bd:ec:57:4f:15:43:30:23:6f:28:2a:d9:6a:a1:93:2a:
         32:e4:d7:0e:39:a4:11:29:70:ec:cb:4c:7e:bc:87:0c:48:e9:
         fb:fc:aa:c6:4d:01:45:a3:f2:16:a0:fa:3a:b3:64:91:45:ff:
         a0:74:89:4d
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQl/dl5wPzRu9Z4nXPklkFlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjUwMTAyMDc0OTQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWVjYmY3MTkyNDZkNDljZGIxM2NmNzIyNzlmYjc1OGEwMTA5ZTliMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3S77geaGB4sZ7jzyjdPJcG4R9/7d
egpfTF6Jov8sXhA+AgRmdqzFvRYWyfiAZr+7q40HG1fdHOISso/8vryH4gJzjTGB
jGpDa6lR8IYgKzQJewqLqUTkYsn6R9PaFFSuTrSuPPfMNmEb2YsmLDhY+drNosPl
dpEGtF0AOaymrHqgkFAKo1gfNmteG2qSzTxB0/0rwLSKr+Q265faPT96IxX5xOYX
XQgUBAqC38lflumlr2rlUwQw/SsO5wlJ6wNrry013HmS9NZUDdnxHxEvbeN7dfiO
ik/LlPfFOHodsqq6HGteIJBvgckPBnzKaUim3kpK7xxtHWCbjT0m9JpWwwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFBHsv3GSRtSc2xPPcieft1igEJ6bMB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEvRWV5X2NaSkcxSnpiRTg5eUo1LTNXS0FRbnBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAmDUwDQYJ
KoZIhvcNAQELBQADggEBAFcE534V4G1q9jqC4uSBSUW0iLIxXxkALZdoxzhA4gbH
eiQP38l8SkzD79kJ2CQ8IjLRdRIK9YcJZxyxg8EzkU11bvkwB5vhJmCtZoIMc+KW
iZ5S5rk0Qjj9h8WljeU050KP2iWRaOWbLz1PDHDxkc07PjoVYesV+8PcTb2w5q4E
g8DT1URezlblDqrC0MC2AWFgdYZH/5Q8hAP8JVVhrQvGOBIMCsIUdSnfWv7255ti
1fFaSlKtWSo4irYMu+kbqF8hhzYbw9fsvexXTxVDMCNvKCrZaqGTKjLk1w45pBEp
cOzLTH68hwxI6fv8qsZNAUWj8hag+jqzZJFF/6B0iU0=
-----END CERTIFICATE-----