Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/EZYeVV1sSE-2JpbNlwV7wPbYnOo.roa
File:                     EZYeVV1sSE-2JpbNlwV7wPbYnOo.roa (raw, json)
Hash identifier:          ikr2sxni9DwwzkUepDYlmJ4xAXRqZ6YMknDRjY0uwRw=
Subject key identifier:   11:96:1E:55:5D:6C:48:4F:B6:26:96:CD:97:05:7B:C0:F6:D8:9C:EA
Certificate issuer:       /CN=e78ba5d98d48cebd5ad04c08bf09082b12a7e3ab
Certificate serial:       0194222008A528ADEFD581235FE2189A9237
Authority key identifier: E7:8B:A5:D9:8D:48:CE:BD:5A:D0:4C:08:BF:09:08:2B:12:A7:E3:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/54ul2Y1Izr1a0EwIvwkIKxKn46s.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/EZYeVV1sSE-2JpbNlwV7wPbYnOo.roa
Signing time:             Wed 01 Jan 2025 13:48:32 +0000
ROA not before:           Wed 01 Jan 2025 13:48:32 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        77.81.0.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/54ul2Y1Izr1a0EwIvwkIKxKn46s.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/54ul2Y1Izr1a0EwIvwkIKxKn46s.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/54ul2Y1Izr1a0EwIvwkIKxKn46s.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:08:a5:28:ad:ef:d5:81:23:5f:e2:18:9a:92:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e78ba5d98d48cebd5ad04c08bf09082b12a7e3ab
        Validity
            Not Before: Jan  1 13:48:32 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=11961e555d6c484fb62696cd97057bc0f6d89cea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ba:dd:db:88:ab:88:a1:c9:95:7a:ca:82:74:
                    d1:4d:a8:bb:91:c8:a8:13:2f:76:07:aa:67:ab:9d:
                    4a:43:17:66:26:fc:55:70:60:27:3b:e6:1c:4c:be:
                    f7:c7:3b:92:25:fb:f1:be:5e:da:be:7e:69:bb:81:
                    88:17:e7:d5:5e:62:f4:f6:20:4f:9d:19:2b:5e:28:
                    a7:aa:81:36:42:33:17:74:5b:96:a7:d7:c9:e4:a1:
                    6c:50:1d:22:14:a8:85:21:4f:29:53:cc:73:cd:fd:
                    6a:74:74:9a:e4:b6:0d:30:a0:03:7f:80:fe:ef:6f:
                    c0:12:53:ff:e8:a9:e8:46:8d:fd:28:d4:44:cb:fd:
                    1e:2b:64:82:04:ff:68:ff:a4:8b:dc:eb:ee:a2:29:
                    48:b8:42:16:fe:8b:98:b3:c8:da:96:d7:11:0a:a4:
                    06:86:e3:3a:32:4f:f5:15:78:f3:e7:71:d5:a5:5d:
                    66:c3:ea:c3:6e:e8:7a:0d:44:f9:9b:c1:e9:df:3d:
                    ba:55:ea:14:ac:78:ea:e1:20:39:1d:ec:4e:b9:3b:
                    68:e1:35:46:19:23:0a:42:37:51:2c:db:e7:72:19:
                    0c:dd:c3:8f:bc:ac:b7:ae:3c:d0:e5:35:1d:b1:39:
                    ce:54:76:b3:cf:51:98:75:9b:6e:89:61:92:0a:6d:
                    d4:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:96:1E:55:5D:6C:48:4F:B6:26:96:CD:97:05:7B:C0:F6:D8:9C:EA
            X509v3 Authority Key Identifier:
                keyid:E7:8B:A5:D9:8D:48:CE:BD:5A:D0:4C:08:BF:09:08:2B:12:A7:E3:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/54ul2Y1Izr1a0EwIvwkIKxKn46s.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/EZYeVV1sSE-2JpbNlwV7wPbYnOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/90/c52293-0678-4b42-8ae0-4891653eeb67/1/54ul2Y1Izr1a0EwIvwkIKxKn46s.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.81.0.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a0:c4:fa:80:04:ff:1c:e6:0a:95:fa:d8:f0:e8:45:64:e1:77:
         da:a3:9d:66:c7:fe:85:a8:fe:61:31:18:29:4e:be:4c:0b:db:
         da:41:1d:85:9a:0e:97:eb:fd:f2:5b:b2:ad:5d:30:6a:f7:a4:
         57:64:4b:e8:07:60:04:22:1d:da:6a:2e:53:7b:ad:21:9f:44:
         dc:fb:0b:62:95:c4:10:d7:7b:95:03:08:e4:f5:5f:68:dd:78:
         08:1b:4e:51:6f:c2:c4:d3:10:6d:1f:ec:ca:55:24:3d:58:da:
         39:04:49:c3:7a:75:f9:ae:d5:83:69:90:d3:96:d8:93:ba:96:
         76:4f:78:49:d9:7b:6c:7c:83:6c:6a:e6:4d:da:b5:d7:86:cf:
         47:75:15:97:32:56:8d:c1:0c:74:b5:b3:5f:00:3f:2c:66:d4:
         0a:9a:70:e0:24:a6:b9:14:bc:55:ba:54:41:de:69:be:56:76:
         5d:23:a3:a0:20:1e:a8:99:9d:67:8a:55:67:52:02:80:fe:76:
         f1:58:82:4c:4e:c9:3f:b5:03:f9:92:99:b1:df:d0:7a:0e:1e:
         03:3d:5b:37:d2:35:05:d4:32:aa:56:38:8b:4c:05:45:61:56:
         08:a4:d0:21:44:60:05:53:6c:7e:71:fb:fa:08:76:87:7c:27:
         61:ab:86:af
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIAilKK3v1YEjX+IYmpI3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3OGJhNWQ5OGQ0OGNlYmQ1YWQwNGMwOGJmMDkwODJiMTJh
N2UzYWIwHhcNMjUwMTAxMTM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTk2MWU1NTVkNmM0ODRmYjYyNjk2Y2Q5NzA1N2JjMGY2ZDg5Y2VhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo7rd24iriKHJlXrKgnTRTai7kcio
Ey92B6pnq51KQxdmJvxVcGAnO+YcTL73xzuSJfvxvl7avn5pu4GIF+fVXmL09iBP
nRkrXiinqoE2QjMXdFuWp9fJ5KFsUB0iFKiFIU8pU8xzzf1qdHSa5LYNMKADf4D+
72/AElP/6KnoRo39KNREy/0eK2SCBP9o/6SL3OvuoilIuEIW/ouYs8jaltcRCqQG
huM6Mk/1FXjz53HVpV1mw+rDbuh6DUT5m8Hp3z26VeoUrHjq4SA5HexOuTto4TVG
GSMKQjdRLNvnchkM3cOPvKy3rjzQ5TUdsTnOVHazz1GYdZtuiWGSCm3UmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGWHlVdbEhPtiaWzZcFe8D22JzqMB8GA1UdIwQY
MBaAFOeLpdmNSM69WtBMCL8JCCsSp+OrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTR1bDJZMUl6cjFhMEV3SXZ3a0lLeEtuNDZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MC9jNTIyOTMtMDY3OC00YjQyLThhZTAt
NDg5MTY1M2VlYjY3LzEvRVpZZVZWMXNTRS0ySnBiTmx3Vjd3UGJZbk9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MC9jNTIyOTMtMDY3OC00YjQyLThhZTAtNDg5MTY1M2VlYjY3
LzEvNTR1bDJZMUl6cjFhMEV3SXZ3a0lLeEtuNDZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQATVEAMA0G
CSqGSIb3DQEBCwUAA4IBAQCgxPqABP8c5gqV+tjw6EVk4Xfao51mx/6FqP5hMRgp
Tr5MC9vaQR2Fmg6X6/3yW7KtXTBq96RXZEvoB2AEIh3aai5Te60hn0Tc+wtilcQQ
13uVAwjk9V9o3XgIG05Rb8LE0xBtH+zKVSQ9WNo5BEnDenX5rtWDaZDTltiTupZ2
T3hJ2XtsfINsauZN2rXXhs9HdRWXMlaNwQx0tbNfAD8sZtQKmnDgJKa5FLxVulRB
3mm+VnZdI6OgIB6omZ1nilVnUgKA/nbxWIJMTsk/tQP5kpmx39B6Dh4DPVs30jUF
1DKqVjiLTAVFYVYIpNAhRGAFU2x+cfv6CHaHfCdhq4av
-----END CERTIFICATE-----