Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/b8aeef-6889-4614-b7fc-5c75c3f421f5/1/epWrKZoZxgqtFdz4Di1G7Q1JJR0.roa
File:                     epWrKZoZxgqtFdz4Di1G7Q1JJR0.roa (raw, json)
Hash identifier:          25FBIS8eQ/Jf0OYuSsfxQqMTyQ18rWviBPs8sT/whpc=
Subject key identifier:   7A:95:AB:29:9A:19:C6:0A:AD:15:DC:F8:0E:2D:46:ED:0D:49:25:1D
Certificate issuer:       /CN=c7554fd3e13b4a50c1d87482a7437b81c63e9951
Certificate serial:       019422FB7E5CF87E11F399C5EEC1943CD5D9
Authority key identifier: C7:55:4F:D3:E1:3B:4A:50:C1:D8:74:82:A7:43:7B:81:C6:3E:99:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x1VP0-E7SlDB2HSCp0N7gcY-mVE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/b8aeef-6889-4614-b7fc-5c75c3f421f5/1/epWrKZoZxgqtFdz4Di1G7Q1JJR0.roa
Signing time:             Wed 01 Jan 2025 17:48:14 +0000
ROA not before:           Wed 01 Jan 2025 17:48:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208957
IP address blocks:        5.182.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/b8aeef-6889-4614-b7fc-5c75c3f421f5/1/x1VP0-E7SlDB2HSCp0N7gcY-mVE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/b8aeef-6889-4614-b7fc-5c75c3f421f5/1/x1VP0-E7SlDB2HSCp0N7gcY-mVE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x1VP0-E7SlDB2HSCp0N7gcY-mVE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:7e:5c:f8:7e:11:f3:99:c5:ee:c1:94:3c:d5:d9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7554fd3e13b4a50c1d87482a7437b81c63e9951
        Validity
            Not Before: Jan  1 17:48:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7a95ab299a19c60aad15dcf80e2d46ed0d49251d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:0d:1b:2a:75:75:fc:b0:78:c5:c4:01:48:c7:
                    d3:f0:27:fd:4c:0f:12:20:9d:20:ec:e8:5d:1c:7b:
                    06:7b:9b:12:30:fd:d7:3e:ff:bc:86:7c:d9:c2:45:
                    8c:9f:f4:d9:6a:e6:1c:20:6d:2c:de:21:00:65:af:
                    23:4c:ac:60:65:26:6f:0f:2e:aa:6b:4f:ed:6c:e5:
                    12:ab:5e:2b:67:41:cf:71:6a:88:98:57:bd:f9:05:
                    85:ee:0b:a7:5c:10:c5:1c:f1:0d:21:84:ef:0d:b3:
                    41:61:22:33:ec:cd:bd:9c:a2:be:e8:cc:79:61:7d:
                    81:f3:2a:54:8a:f3:b5:b6:e1:f6:8d:4b:fd:ff:18:
                    f4:a1:45:6a:8a:dd:51:30:cd:cd:ec:de:8d:1c:95:
                    08:2f:ad:33:78:91:28:ed:fa:c8:26:9f:12:b6:c5:
                    0c:ca:44:47:95:10:0d:8b:d8:fc:30:c9:04:d3:da:
                    40:9a:47:0e:99:df:ef:40:7f:80:e7:c7:b5:5f:10:
                    90:70:af:4b:83:77:31:7d:b7:6b:b6:48:bd:69:dd:
                    70:d7:93:2c:d9:28:9c:68:69:e4:44:d5:3c:d9:27:
                    cf:ee:b4:b7:83:fc:1c:65:f6:12:31:2c:23:5b:90:
                    7b:fb:57:0a:e8:ac:2e:0f:32:66:cd:5c:4f:e4:e0:
                    eb:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7A:95:AB:29:9A:19:C6:0A:AD:15:DC:F8:0E:2D:46:ED:0D:49:25:1D
            X509v3 Authority Key Identifier:
                keyid:C7:55:4F:D3:E1:3B:4A:50:C1:D8:74:82:A7:43:7B:81:C6:3E:99:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x1VP0-E7SlDB2HSCp0N7gcY-mVE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/b8aeef-6889-4614-b7fc-5c75c3f421f5/1/epWrKZoZxgqtFdz4Di1G7Q1JJR0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/b8aeef-6889-4614-b7fc-5c75c3f421f5/1/x1VP0-E7SlDB2HSCp0N7gcY-mVE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.182.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1c:37:1b:61:b0:a9:24:eb:de:a0:f0:0e:99:79:47:2d:93:b5:
         15:70:b3:9e:10:89:0a:11:06:5e:4d:f8:3e:8e:19:ea:86:aa:
         29:17:19:77:9b:b8:27:a1:ea:fa:1c:c4:d5:62:c8:aa:08:3a:
         7f:79:f7:e6:a6:c4:d8:bf:77:cb:3c:2c:01:1b:ff:99:f8:2d:
         8d:69:33:2f:22:de:5c:ad:f6:32:35:9c:67:05:9b:71:0d:97:
         1b:be:46:33:b3:b2:4d:80:10:92:ef:d5:1e:98:25:b2:aa:22:
         14:21:86:cd:2c:0e:10:7e:f1:d5:3e:47:6c:34:14:82:14:b8:
         b5:0c:d5:1f:5a:69:be:d7:82:7d:63:ce:27:6e:09:e3:1b:06:
         5a:13:46:35:cd:04:79:63:30:ff:d2:16:3b:43:6d:98:3d:af:
         bb:f1:c1:9a:72:51:8b:7a:8c:56:3e:b2:43:10:7f:c3:03:da:
         7c:bb:a7:d4:d7:d1:f8:72:1d:bf:eb:cd:33:df:ca:09:ef:c0:
         f3:b0:41:59:8a:9c:4f:d2:61:de:15:28:d2:79:a9:bf:46:04:
         1e:7f:2d:11:56:81:1a:d5:76:12:70:2b:0c:3b:f9:d8:40:99:
         7b:0f:4e:9c:f0:93:72:ad:1c:56:a5:fd:09:b4:89:b1:ba:bf:
         11:19:5e:9a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+35c+H4R85nF7sGUPNXZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3NTU0ZmQzZTEzYjRhNTBjMWQ4NzQ4MmE3NDM3YjgxYzYz
ZTk5NTEwHhcNMjUwMTAxMTc0ODE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTk1YWIyOTlhMTljNjBhYWQxNWRjZjgwZTJkNDZlZDBkNDkyNTFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyQ0bKnV1/LB4xcQBSMfT8Cf9TA8S
IJ0g7OhdHHsGe5sSMP3XPv+8hnzZwkWMn/TZauYcIG0s3iEAZa8jTKxgZSZvDy6q
a0/tbOUSq14rZ0HPcWqImFe9+QWF7gunXBDFHPENIYTvDbNBYSIz7M29nKK+6Mx5
YX2B8ypUivO1tuH2jUv9/xj0oUVqit1RMM3N7N6NHJUIL60zeJEo7frIJp8StsUM
ykRHlRANi9j8MMkE09pAmkcOmd/vQH+A58e1XxCQcK9Lg3cxfbdrtki9ad1w15Ms
2SicaGnkRNU82SfP7rS3g/wcZfYSMSwjW5B7+1cK6KwuDzJmzVxP5ODrgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHqVqymaGcYKrRXc+A4tRu0NSSUdMB8GA1UdIwQY
MBaAFMdVT9PhO0pQwdh0gqdDe4HGPplRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDFWUDAtRTdTbERCMkhTQ3AwTjdnY1ktbVZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9iOGFlZWYtNjg4OS00NjE0LWI3ZmMt
NWM3NWMzZjQyMWY1LzEvZXBXcktab1p4Z3F0RmR6NERpMUc3UTFKSlIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9iOGFlZWYtNjg4OS00NjE0LWI3ZmMtNWM3NWMzZjQyMWY1
LzEveDFWUDAtRTdTbERCMkhTQ3AwTjdnY1ktbVZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBbaoMA0G
CSqGSIb3DQEBCwUAA4IBAQAcNxthsKkk696g8A6ZeUctk7UVcLOeEIkKEQZeTfg+
jhnqhqopFxl3m7gnoer6HMTVYsiqCDp/effmpsTYv3fLPCwBG/+Z+C2NaTMvIt5c
rfYyNZxnBZtxDZcbvkYzs7JNgBCS79UemCWyqiIUIYbNLA4QfvHVPkdsNBSCFLi1
DNUfWmm+14J9Y84nbgnjGwZaE0Y1zQR5YzD/0hY7Q22YPa+78cGaclGLeoxWPrJD
EH/DA9p8u6fU19H4ch2/680z38oJ78DzsEFZipxP0mHeFSjSeam/RgQefy0RVoEa
1XYScCsMO/nYQJl7D06c8JNyrRxWpf0JtImxur8RGV6a
-----END CERTIFICATE-----