Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a1/87ca91-6fb8-4038-890c-4915fe7f92ce/1/k-ezMHwur8MdZRQR3hE_e0BhJJw.roa
File:                     k-ezMHwur8MdZRQR3hE_e0BhJJw.roa (raw, json)
Hash identifier:          P4qrs0pkvJINK01RPHPSPt0K8P0Ok49T8HWuoZXmVYY=
Subject key identifier:   93:E7:B3:30:7C:2E:AF:C3:1D:65:14:11:DE:11:3F:7B:40:61:24:9C
Certificate issuer:       /CN=644f033f782eaf32ab09088775d64ac4b94b5b11
Certificate serial:       01942067D6D6FD468ECBFB0BF6D5DB47CC55
Authority key identifier: 64:4F:03:3F:78:2E:AF:32:AB:09:08:87:75:D6:4A:C4:B9:4B:5B:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZE8DP3gurzKrCQiHddZKxLlLWxE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a1/87ca91-6fb8-4038-890c-4915fe7f92ce/1/k-ezMHwur8MdZRQR3hE_e0BhJJw.roa
Signing time:             Wed 01 Jan 2025 05:47:43 +0000
ROA not before:           Wed 01 Jan 2025 05:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58192
IP address blocks:        213.134.17.0/24 maxlen: 24
                          2a05:2580::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a1/87ca91-6fb8-4038-890c-4915fe7f92ce/1/ZE8DP3gurzKrCQiHddZKxLlLWxE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a1/87ca91-6fb8-4038-890c-4915fe7f92ce/1/ZE8DP3gurzKrCQiHddZKxLlLWxE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZE8DP3gurzKrCQiHddZKxLlLWxE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:d6:d6:fd:46:8e:cb:fb:0b:f6:d5:db:47:cc:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=644f033f782eaf32ab09088775d64ac4b94b5b11
        Validity
            Not Before: Jan  1 05:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=93e7b3307c2eafc31d651411de113f7b4061249c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:27:76:41:bf:8c:e5:d7:f3:eb:c7:77:bc:57:
                    d5:6b:91:9f:dd:b5:36:83:e9:88:33:6c:1a:07:bc:
                    9e:ba:ab:54:3b:b8:9e:41:44:b2:4a:f8:95:03:88:
                    e9:d9:10:a4:5e:6d:a6:07:38:b1:ef:37:43:b0:e6:
                    5a:15:8a:c3:63:e8:fe:dd:e7:3f:44:43:ca:cb:33:
                    66:17:e9:0f:ee:cf:01:2d:89:e3:56:b6:83:09:a2:
                    9d:06:63:6b:86:fe:6c:a5:ee:4d:84:fe:e1:6f:5a:
                    28:4c:f6:f9:1b:29:ad:9f:b8:a7:b0:0c:f2:03:6b:
                    79:de:b4:af:0f:e8:33:3f:3a:45:b8:5d:fe:05:19:
                    52:b1:e8:1b:94:a2:9c:46:34:da:2c:5b:2a:04:a3:
                    d6:18:78:0e:54:3a:01:e8:fa:3a:fe:43:78:be:4d:
                    21:89:6f:2b:3e:8b:35:0c:db:11:1e:4a:86:45:c6:
                    10:9e:b3:59:f0:fd:d8:b5:86:b1:7e:4c:88:8d:b9:
                    1c:9e:9f:99:5c:6a:ef:9e:79:2f:ff:0c:ce:bf:4a:
                    d0:34:7a:f4:ac:7a:4d:0f:30:fd:c4:0a:97:30:5e:
                    a0:a1:3b:db:17:9a:a4:51:e5:73:02:31:12:46:93:
                    5f:93:87:0f:12:17:f0:58:ba:14:8d:5b:e0:d0:a4:
                    6f:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:E7:B3:30:7C:2E:AF:C3:1D:65:14:11:DE:11:3F:7B:40:61:24:9C
            X509v3 Authority Key Identifier:
                keyid:64:4F:03:3F:78:2E:AF:32:AB:09:08:87:75:D6:4A:C4:B9:4B:5B:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZE8DP3gurzKrCQiHddZKxLlLWxE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/87ca91-6fb8-4038-890c-4915fe7f92ce/1/k-ezMHwur8MdZRQR3hE_e0BhJJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a1/87ca91-6fb8-4038-890c-4915fe7f92ce/1/ZE8DP3gurzKrCQiHddZKxLlLWxE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.134.17.0/24
                IPv6:
                  2a05:2580::/30

    Signature Algorithm: sha256WithRSAEncryption
         b7:28:a7:50:6c:76:97:11:6a:a5:2f:7e:f9:85:27:05:7b:5e:
         2e:e3:29:ed:e4:74:00:04:09:47:b7:29:24:85:af:6e:b9:90:
         44:ba:fd:1a:cf:a6:ba:46:11:a2:3b:f7:ec:0b:0a:ef:0b:14:
         34:0b:87:27:1a:16:38:cf:b6:86:5c:75:08:71:73:be:ae:fc:
         3a:37:90:ac:10:69:d4:0f:58:dd:9b:b7:97:d5:93:84:08:e1:
         20:64:fe:0e:48:ea:cf:30:96:b7:f5:bd:1e:a1:6d:35:ae:48:
         c4:64:b7:de:8a:da:dd:cd:79:0c:a2:de:14:75:59:25:26:97:
         6d:f9:7d:a6:cd:f5:f3:cb:ec:e8:67:e2:45:22:4c:97:25:22:
         12:44:a7:f6:cb:bc:9f:7e:ac:83:61:d6:b2:39:0f:4b:3a:40:
         e6:95:42:03:1a:9b:c6:dc:5d:4f:66:ad:10:4b:1d:a1:27:62:
         16:0e:ea:40:63:8c:b7:40:78:f5:7e:3e:03:c6:11:90:1b:27:
         ec:16:3d:0e:8f:d8:83:8f:40:09:91:50:d0:28:a5:0a:49:c6:
         22:d9:09:1d:66:46:a2:76:66:00:fc:37:e8:41:fc:dc:9c:8f:
         65:72:f6:2f:25:cc:b2:c4:f5:1b:13:2e:09:53:36:58:ef:22:
         59:6a:0c:e1
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgZ9bW/UaOy/sL9tXbR8xVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY0NGYwMzNmNzgyZWFmMzJhYjA5MDg4Nzc1ZDY0YWM0Yjk0
YjViMTEwHhcNMjUwMTAxMDU0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2U3YjMzMDdjMmVhZmMzMWQ2NTE0MTFkZTExM2Y3YjQwNjEyNDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSd2Qb+M5dfz68d3vFfVa5Gf3bU2
g+mIM2waB7yeuqtUO7ieQUSySviVA4jp2RCkXm2mBzix7zdDsOZaFYrDY+j+3ec/
REPKyzNmF+kP7s8BLYnjVraDCaKdBmNrhv5spe5NhP7hb1ooTPb5Gymtn7insAzy
A2t53rSvD+gzPzpFuF3+BRlSsegblKKcRjTaLFsqBKPWGHgOVDoB6Po6/kN4vk0h
iW8rPos1DNsRHkqGRcYQnrNZ8P3YtYaxfkyIjbkcnp+ZXGrvnnkv/wzOv0rQNHr0
rHpNDzD9xAqXMF6goTvbF5qkUeVzAjESRpNfk4cPEhfwWLoUjVvg0KRvqwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFJPnszB8Lq/DHWUUEd4RP3tAYSScMB8GA1UdIwQY
MBaAFGRPAz94Lq8yqwkIh3XWSsS5S1sRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWkU4RFAzZ3VyektyQ1FpSGRkWkt4TGxMV3hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMS84N2NhOTEtNmZiOC00MDM4LTg5MGMt
NDkxNWZlN2Y5MmNlLzEvay1lek1Id3VyOE1kWlJRUjNoRV9lMEJoSkp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMS84N2NhOTEtNmZiOC00MDM4LTg5MGMtNDkxNWZlN2Y5MmNl
LzEvWkU4RFAzZ3VyektyQ1FpSGRkWkt4TGxMV3hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQA1YYRMA0E
AgACMAcDBQIqBSWAMA0GCSqGSIb3DQEBCwUAA4IBAQC3KKdQbHaXEWqlL375hScF
e14u4ynt5HQABAlHtykkha9uuZBEuv0az6a6RhGiO/fsCwrvCxQ0C4cnGhY4z7aG
XHUIcXO+rvw6N5CsEGnUD1jdm7eX1ZOECOEgZP4OSOrPMJa39b0eoW01rkjEZLfe
itrdzXkMot4UdVklJpdt+X2mzfXzy+zoZ+JFIkyXJSISRKf2y7yffqyDYdayOQ9L
OkDmlUIDGpvG3F1PZq0QSx2hJ2IWDupAY4y3QHj1fj4DxhGQGyfsFj0Oj9iDj0AJ
kVDQKKUKScYi2QkdZkaidmYA/DfoQfzcnI9lcvYvJcyyxPUbEy4JUzZY7yJZagzh
-----END CERTIFICATE-----