Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8c/a6c152-37d3-4f86-8f6e-7659bf86ac4c/1/EryZGhKHOKFejsNYtsHoCrBOwlI.roa
File:                     EryZGhKHOKFejsNYtsHoCrBOwlI.roa (raw, json)
Hash identifier:          XPrcWsidSTpQokDPJh6WTZK3lvnDmP0xxlT9T9iBNGQ=
Subject key identifier:   12:BC:99:1A:12:87:38:A1:5E:8E:C3:58:B6:C1:E8:0A:B0:4E:C2:52
Certificate issuer:       /CN=fd7d1cb11494eb3898f10d3d635be75f16b2dc51
Certificate serial:       01958F82D1D4681A7522012C76F144E4DA4B
Authority key identifier: FD:7D:1C:B1:14:94:EB:38:98:F1:0D:3D:63:5B:E7:5F:16:B2:DC:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_X0csRSU6ziY8Q09Y1vnXxay3FE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8c/a6c152-37d3-4f86-8f6e-7659bf86ac4c/1/EryZGhKHOKFejsNYtsHoCrBOwlI.roa
Signing time:             Thu 13 Mar 2025 12:37:50 +0000
ROA not before:           Thu 13 Mar 2025 12:37:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47708
IP address blocks:        134.25.0.0/16 maxlen: 16
                          2001:678:330::/48 maxlen: 48
                          2001:67c:d8::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8c/a6c152-37d3-4f86-8f6e-7659bf86ac4c/1/_X0csRSU6ziY8Q09Y1vnXxay3FE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8c/a6c152-37d3-4f86-8f6e-7659bf86ac4c/1/_X0csRSU6ziY8Q09Y1vnXxay3FE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_X0csRSU6ziY8Q09Y1vnXxay3FE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8f:82:d1:d4:68:1a:75:22:01:2c:76:f1:44:e4:da:4b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fd7d1cb11494eb3898f10d3d635be75f16b2dc51
        Validity
            Not Before: Mar 13 12:37:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=12bc991a128738a15e8ec358b6c1e80ab04ec252
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:bf:c3:4e:4d:73:33:5c:6c:6c:8f:fe:9d:07:
                    4a:08:1d:3e:fa:0d:e7:91:c4:0c:1d:a1:53:93:95:
                    e5:03:3c:ff:f7:06:7b:ab:51:6e:c2:e6:3e:0c:6b:
                    ec:1f:01:68:fa:4e:b1:7c:79:86:f9:d1:9d:db:57:
                    1f:49:2a:72:21:20:56:df:bb:ef:f4:9a:9c:49:23:
                    a7:10:b3:e5:2b:07:14:c7:29:24:33:5f:14:13:15:
                    e1:7f:9e:22:de:9d:fa:d9:7c:31:31:ac:a0:35:03:
                    38:bc:1a:64:97:1f:a7:2e:ef:00:61:ce:93:d0:b8:
                    ef:87:ab:05:c2:f6:25:95:1e:0f:0c:ad:c5:8f:98:
                    8b:81:87:40:a8:4d:47:97:d5:d7:22:a5:23:50:89:
                    f3:b1:f0:ee:03:e2:d3:4b:a0:cd:a1:70:f7:c0:15:
                    8d:88:51:b8:82:8b:3e:b5:6a:fa:d0:27:f8:2d:e8:
                    de:d2:70:e8:91:3c:1f:d0:77:76:32:ad:25:ff:53:
                    55:1f:56:da:7e:78:7d:1f:a5:31:d9:73:d6:16:ad:
                    c2:03:64:56:70:ce:eb:37:21:10:f2:5f:78:f6:d5:
                    5d:44:7a:ae:cc:75:26:b2:81:95:08:1b:fd:ad:97:
                    ae:6c:cf:cd:3b:54:07:9a:b6:e0:85:e1:5d:ae:ae:
                    d9:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:BC:99:1A:12:87:38:A1:5E:8E:C3:58:B6:C1:E8:0A:B0:4E:C2:52
            X509v3 Authority Key Identifier:
                keyid:FD:7D:1C:B1:14:94:EB:38:98:F1:0D:3D:63:5B:E7:5F:16:B2:DC:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_X0csRSU6ziY8Q09Y1vnXxay3FE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a6c152-37d3-4f86-8f6e-7659bf86ac4c/1/EryZGhKHOKFejsNYtsHoCrBOwlI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8c/a6c152-37d3-4f86-8f6e-7659bf86ac4c/1/_X0csRSU6ziY8Q09Y1vnXxay3FE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  134.25.0.0/16
                IPv6:
                  2001:678:330::/48
                  2001:67c:d8::/48

    Signature Algorithm: sha256WithRSAEncryption
         9e:91:1d:4c:03:7b:ba:f5:d2:a3:dd:4f:69:57:b6:57:ef:b3:
         26:1e:7f:90:94:89:23:ef:4f:46:30:57:8d:e9:da:3d:35:dd:
         f3:cf:c5:23:b0:26:9c:f0:f6:e1:a5:83:85:a9:76:45:f4:67:
         fd:d3:96:33:ed:6e:2b:87:47:b9:61:f1:e7:bf:fe:4b:c0:35:
         e7:4c:05:b1:08:de:a1:0a:6b:e8:7f:9e:2c:da:e8:c9:c5:28:
         d4:b7:90:33:92:36:eb:12:5d:86:76:e8:63:a3:58:7a:23:d2:
         66:6e:46:46:d8:3c:99:f4:97:39:d9:d1:b6:87:18:d8:16:10:
         cf:50:46:e4:14:86:61:ef:9a:00:82:b4:b3:0e:7e:cf:d8:e6:
         2a:1b:4d:73:1c:ae:7b:47:86:bc:63:3b:28:a6:c2:c9:b7:d4:
         a5:0e:2f:0b:da:c0:9b:47:c9:cf:fa:e0:f3:c3:e8:1a:e5:4e:
         ec:90:06:3a:b0:1d:93:bb:b2:bc:35:43:11:d2:12:1f:85:02:
         d7:f3:0c:5f:1b:a6:c7:fe:44:f0:5d:92:a0:5a:46:f6:d6:bc:
         76:a0:2d:7f:39:f5:50:98:98:0c:8e:bc:94:d7:0e:44:47:64:
         9f:9e:9e:c8:08:a6:8d:77:65:56:be:c9:19:94:52:07:86:7b:
         55:e8:cb:c5
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAZWPgtHUaBp1IgEsdvFE5NpLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZkN2QxY2IxMTQ5NGViMzg5OGYxMGQzZDYzNWJlNzVmMTZi
MmRjNTEwHhcNMjUwMzEzMTIzNzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMmJjOTkxYTEyODczOGExNWU4ZWMzNThiNmMxZTgwYWIwNGVjMjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzb/DTk1zM1xsbI/+nQdKCB0++g3n
kcQMHaFTk5XlAzz/9wZ7q1FuwuY+DGvsHwFo+k6xfHmG+dGd21cfSSpyISBW37vv
9JqcSSOnELPlKwcUxykkM18UExXhf54i3p362XwxMaygNQM4vBpklx+nLu8AYc6T
0Ljvh6sFwvYllR4PDK3Fj5iLgYdAqE1Hl9XXIqUjUInzsfDuA+LTS6DNoXD3wBWN
iFG4gos+tWr60Cf4Leje0nDokTwf0Hd2Mq0l/1NVH1bafnh9H6Ux2XPWFq3CA2RW
cM7rNyEQ8l949tVdRHquzHUmsoGVCBv9rZeubM/NO1QHmrbgheFdrq7ZvQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFBK8mRoShzihXo7DWLbB6AqwTsJSMB8GA1UdIwQY
MBaAFP19HLEUlOs4mPENPWNb518WstxRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX1gwY3NSU1U2emlZOFEwOVkxdm5YeGF5M0ZFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Yy9hNmMxNTItMzdkMy00Zjg2LThmNmUt
NzY1OWJmODZhYzRjLzEvRXJ5WkdoS0hPS0ZlanNOWXRzSG9DckJPd2xJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Yy9hNmMxNTItMzdkMy00Zjg2LThmNmUtNzY1OWJmODZhYzRj
LzEvX1gwY3NSU1U2emlZOFEwOVkxdm5YeGF5M0ZFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzALBAIAATAFAwMAhhkwGAQC
AAIwEgMHACABBngDMAMHACABBnwA2DANBgkqhkiG9w0BAQsFAAOCAQEAnpEdTAN7
uvXSo91PaVe2V++zJh5/kJSJI+9PRjBXjenaPTXd88/FI7AmnPD24aWDhal2RfRn
/dOWM+1uK4dHuWHx57/+S8A150wFsQjeoQpr6H+eLNroycUo1LeQM5I26xJdhnbo
Y6NYeiPSZm5GRtg8mfSXOdnRtocY2BYQz1BG5BSGYe+aAIK0sw5+z9jmKhtNcxyu
e0eGvGM7KKbCybfUpQ4vC9rAm0fJz/rg88PoGuVO7JAGOrAdk7uyvDVDEdISH4UC
1/MMXxumx/5E8F2SoFpG9ta8dqAtfzn1UJiYDI68lNcOREdkn56eyAimjXdlVr7J
GZRSB4Z7VejLxQ==
-----END CERTIFICATE-----