Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/EQBW-afgsUg2YEQok_iAQIL7nMY.roa
File:                     EQBW-afgsUg2YEQok_iAQIL7nMY.roa (raw, json)
Hash identifier:          8Tu2q0w4IMbGT+mbRYx2ZBxMheQPrvwMeembFkLhy/g=
Subject key identifier:   11:00:56:F9:A7:E0:B1:48:36:60:44:28:93:F8:80:40:82:FB:9C:C6
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196EC23804CEB5E8077144AB3E1E2853426
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/EQBW-afgsUg2YEQok_iAQIL7nMY.roa
Signing time:             Tue 20 May 2025 05:21:11 +0000
ROA not before:           Tue 20 May 2025 05:21:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201949
IP address blocks:        151.244.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 21:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ec:23:80:4c:eb:5e:80:77:14:4a:b3:e1:e2:85:34:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 20 05:21:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=110056f9a7e0b1483660442893f8804082fb9cc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:7b:d7:89:b2:df:5c:36:0d:97:51:b0:72:f0:
                    3c:9d:1b:38:cd:c1:75:35:0f:ed:61:6a:4d:26:87:
                    71:b5:a0:3b:3d:3b:a7:d8:d8:8d:af:48:ba:0e:46:
                    b1:11:07:23:db:ee:47:36:a0:58:f6:2d:6d:60:f2:
                    94:ab:f3:aa:89:22:d3:f3:e5:28:62:6d:a2:8f:20:
                    43:8d:b2:3a:92:43:47:43:86:1b:cf:cf:ca:f5:0a:
                    71:0b:4e:8d:14:50:09:7a:d1:5a:2a:8b:81:99:b1:
                    97:66:81:e1:e3:6d:ab:ec:fd:e1:80:b2:c8:38:80:
                    a6:1e:ec:00:ec:07:0c:37:30:1c:87:a5:eb:19:1f:
                    fb:37:a5:78:77:a1:01:71:b9:8a:1e:71:21:29:95:
                    bd:a7:1b:65:2a:02:0c:0c:32:47:7d:55:51:34:85:
                    e4:f6:a3:2a:f6:0b:ea:e5:d9:f2:da:4c:bd:b0:23:
                    06:0f:35:d6:fb:39:f8:26:49:43:a9:11:ce:75:4f:
                    ff:34:2f:6c:dc:0d:e0:d8:38:67:f3:fc:90:7f:e1:
                    7d:cf:46:c0:e6:23:7d:b6:aa:3c:07:03:8e:44:97:
                    5f:3d:1e:6c:b8:b2:e7:f2:af:db:24:f3:de:4b:34:
                    52:0d:da:4e:0c:94:55:16:f5:77:51:f2:dd:90:71:
                    75:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:00:56:F9:A7:E0:B1:48:36:60:44:28:93:F8:80:40:82:FB:9C:C6
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/EQBW-afgsUg2YEQok_iAQIL7nMY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  151.244.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:1f:12:08:a2:2d:3b:ed:f9:53:2f:d0:59:5b:77:28:8a:db:
         56:6a:7e:16:1b:25:c4:5a:59:e2:b1:ff:51:bf:f3:fc:dd:3e:
         7a:de:60:e5:c4:46:67:a2:02:27:0b:ed:ee:15:3e:89:af:be:
         d5:05:95:93:54:c3:e9:9b:ad:a5:24:a1:40:15:34:c0:f1:7c:
         ed:af:de:32:33:0a:be:9f:7e:33:25:f1:4e:2b:b7:e8:57:84:
         af:d5:4e:29:8e:f2:38:98:63:35:76:27:f5:dd:0a:f1:8d:35:
         f0:2d:7b:79:76:6a:20:e1:f7:00:ae:a5:8d:e4:00:0d:be:a9:
         f6:fb:13:51:43:a7:b5:92:ee:0b:79:15:4f:a0:a3:99:78:be:
         53:71:39:86:b9:c7:8f:ac:d2:e2:88:b2:bd:78:55:9c:38:00:
         96:39:6f:c4:98:c5:a1:e6:e0:db:5d:ee:8b:c0:62:60:df:44:
         ad:6d:3e:83:27:81:69:6a:be:d9:71:02:92:d3:28:40:43:8c:
         b4:72:4d:9d:33:2a:35:de:12:9f:a0:30:07:88:72:52:ea:33:
         8e:7e:75:63:db:78:b0:01:73:ee:04:c1:a4:49:d4:ce:c8:11:
         0a:09:6a:20:25:26:5d:e8:74:d2:2f:15:15:47:e7:8f:36:f0:
         b4:d3:f7:c0
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbsI4BM616AdxRKs+HihTQmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTIwMDUyMTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTAwNTZmOWE3ZTBiMTQ4MzY2MDQ0Mjg5M2Y4ODA0MDgyZmI5Y2M2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo3vXibLfXDYNl1GwcvA8nRs4zcF1
NQ/tYWpNJodxtaA7PTun2NiNr0i6DkaxEQcj2+5HNqBY9i1tYPKUq/OqiSLT8+Uo
Ym2ijyBDjbI6kkNHQ4Ybz8/K9QpxC06NFFAJetFaKouBmbGXZoHh422r7P3hgLLI
OICmHuwA7AcMNzAch6XrGR/7N6V4d6EBcbmKHnEhKZW9pxtlKgIMDDJHfVVRNIXk
9qMq9gvq5dny2ky9sCMGDzXW+zn4JklDqRHOdU//NC9s3A3g2Dhn8/yQf+F9z0bA
5iN9tqo8BwOORJdfPR5suLLn8q/bJPPeSzRSDdpODJRVFvV3UfLdkHF1YwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBEAVvmn4LFINmBEKJP4gECC+5zGMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvRVFCVy1hZmdzVWcyWUVRb2tfaUFRSUw3bk1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAl/QsMA0G
CSqGSIb3DQEBCwUAA4IBAQCoHxIIoi077flTL9BZW3coittWan4WGyXEWlnisf9R
v/P83T563mDlxEZnogInC+3uFT6Jr77VBZWTVMPpm62lJKFAFTTA8Xztr94yMwq+
n34zJfFOK7foV4Sv1U4pjvI4mGM1dif13QrxjTXwLXt5dmog4fcArqWN5AANvqn2
+xNRQ6e1ku4LeRVPoKOZeL5TcTmGucePrNLiiLK9eFWcOACWOW/EmMWh5uDbXe6L
wGJg30StbT6DJ4Fpar7ZcQKS0yhAQ4y0ck2dMyo13hKfoDAHiHJS6jOOfnVj23iw
AXPuBMGkSdTOyBEKCWogJSZd6HTSLxUVR+ePNvC00/fA
-----END CERTIFICATE-----