Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/EQS-D1pgF9X9JxFRgbIMqF1eIP4.roa
File:                     EQS-D1pgF9X9JxFRgbIMqF1eIP4.roa (raw, json)
Hash identifier:          X1oH+D4EKjN/FZ/0o/XNZpi/rX7eBTsOxnwwIoAyafs=
Subject key identifier:   11:04:BE:0F:5A:60:17:D5:FD:27:11:51:81:B2:0C:A8:5D:5E:20:FE
Certificate issuer:       /CN=39732dcd0c35426144f9f026754179dfaebe8958
Certificate serial:       01942444FFB70F779710200FA4672C37FB5B
Authority key identifier: 39:73:2D:CD:0C:35:42:61:44:F9:F0:26:75:41:79:DF:AE:BE:89:58
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OXMtzQw1QmFE-fAmdUF5366-iVg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/EQS-D1pgF9X9JxFRgbIMqF1eIP4.roa
Signing time:             Wed 01 Jan 2025 23:48:09 +0000
ROA not before:           Wed 01 Jan 2025 23:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41817
IP address blocks:        193.200.2.0/24 maxlen: 24
                          2a0f:97c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/OXMtzQw1QmFE-fAmdUF5366-iVg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/OXMtzQw1QmFE-fAmdUF5366-iVg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OXMtzQw1QmFE-fAmdUF5366-iVg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:ff:b7:0f:77:97:10:20:0f:a4:67:2c:37:fb:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=39732dcd0c35426144f9f026754179dfaebe8958
        Validity
            Not Before: Jan  1 23:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1104be0f5a6017d5fd27115181b20ca85d5e20fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:bd:3b:40:59:5a:9d:06:12:ab:f2:f8:15:3e:
                    27:2e:a3:24:8f:b7:31:9d:de:cd:d0:6c:f1:28:a7:
                    0d:44:26:67:47:64:00:2c:39:19:a4:a9:55:58:64:
                    53:e1:6a:78:7b:d7:49:b0:c4:a7:0a:9f:35:b8:00:
                    40:a4:e7:9f:09:eb:17:8e:17:df:f7:f1:35:d8:55:
                    e4:da:00:67:d7:23:7a:ae:81:76:60:68:34:a2:c1:
                    4f:57:51:51:7b:a1:41:b4:8d:46:d0:62:8a:38:95:
                    ee:9c:c2:33:30:93:7f:8a:9d:86:62:4f:c7:d0:d8:
                    a0:84:a9:2e:d7:7d:26:71:9b:82:04:5f:25:12:21:
                    1a:15:78:67:35:7f:4a:e2:87:86:32:d2:6d:10:b3:
                    62:09:34:8b:55:ed:d8:86:39:04:26:ec:1e:06:84:
                    d0:12:85:f4:a2:99:0a:b1:00:23:5d:58:41:9c:a6:
                    30:57:d6:13:a4:c2:27:cc:36:24:3e:52:b6:cd:ad:
                    c4:2e:49:ab:28:e4:2f:24:f1:be:cd:32:0e:f2:3d:
                    f7:44:df:d2:d9:d0:17:fa:d7:92:1f:c0:a2:15:81:
                    8d:35:44:54:14:cd:b6:6b:b2:c4:ae:86:57:ba:12:
                    02:04:a9:28:51:40:db:94:1f:79:62:fb:84:1a:c9:
                    78:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:04:BE:0F:5A:60:17:D5:FD:27:11:51:81:B2:0C:A8:5D:5E:20:FE
            X509v3 Authority Key Identifier:
                keyid:39:73:2D:CD:0C:35:42:61:44:F9:F0:26:75:41:79:DF:AE:BE:89:58

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OXMtzQw1QmFE-fAmdUF5366-iVg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/EQS-D1pgF9X9JxFRgbIMqF1eIP4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/237106-d08d-4aa0-ac82-f60af2a82060/1/OXMtzQw1QmFE-fAmdUF5366-iVg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.200.2.0/24
                IPv6:
                  2a0f:97c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         9f:62:a6:c8:d9:38:d2:2a:e4:61:e8:1c:89:bd:8e:90:0e:8c:
         36:ec:56:db:5b:3c:9f:af:2a:85:52:81:5a:78:10:32:1a:42:
         fd:c7:4d:bf:2f:f7:88:49:bc:77:3f:6c:47:34:46:f8:7e:fa:
         15:90:a7:a6:60:04:3b:94:49:c5:97:6e:2a:ba:ca:3d:69:22:
         3b:bd:11:97:0a:b2:90:4a:29:d7:01:c4:3e:b8:fa:c9:58:3a:
         71:c3:e8:c6:8c:21:88:a3:c3:21:65:26:3f:6d:3e:7e:c6:4f:
         db:93:58:77:02:4c:a7:6d:bd:e0:51:3c:16:46:0f:51:83:a1:
         24:65:d1:27:f4:b0:05:39:58:79:ce:70:85:07:13:21:77:78:
         ef:ef:54:66:7c:35:eb:a1:d9:2f:82:5c:85:e2:77:c8:da:7f:
         5b:68:45:9c:47:71:7a:19:b2:47:fb:66:3f:d4:f5:80:76:a7:
         f7:cc:2d:e3:ff:7a:e4:6b:44:fe:fe:39:fc:b3:13:67:39:e2:
         95:b7:14:72:54:f3:a2:7b:51:80:87:05:b3:db:00:63:e3:99:
         fb:50:e9:da:71:ea:81:88:55:38:b7:74:f6:4d:e0:a8:fa:bd:
         8e:a1:ff:d1:76:9f:fc:82:57:61:ed:32:9a:64:9e:1b:85:0d:
         c1:79:85:81
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRP+3D3eXECAPpGcsN/tbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5NzMyZGNkMGMzNTQyNjE0NGY5ZjAyNjc1NDE3OWRmYWVi
ZTg5NTgwHhcNMjUwMTAxMjM0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTA0YmUwZjVhNjAxN2Q1ZmQyNzExNTE4MWIyMGNhODVkNWUyMGZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwb07QFlanQYSq/L4FT4nLqMkj7cx
nd7N0GzxKKcNRCZnR2QALDkZpKlVWGRT4Wp4e9dJsMSnCp81uABApOefCesXjhff
9/E12FXk2gBn1yN6roF2YGg0osFPV1FRe6FBtI1G0GKKOJXunMIzMJN/ip2GYk/H
0NighKku130mcZuCBF8lEiEaFXhnNX9K4oeGMtJtELNiCTSLVe3YhjkEJuweBoTQ
EoX0opkKsQAjXVhBnKYwV9YTpMInzDYkPlK2za3ELkmrKOQvJPG+zTIO8j33RN/S
2dAX+teSH8CiFYGNNURUFM22a7LEroZXuhICBKkoUUDblB95YvuEGsl4DQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBEEvg9aYBfV/ScRUYGyDKhdXiD+MB8GA1UdIwQY
MBaAFDlzLc0MNUJhRPnwJnVBed+uvolYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT1hNdHpRdzFRbUZFLWZBbWRVRjUzNjYtaVZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy8yMzcxMDYtZDA4ZC00YWEwLWFjODIt
ZjYwYWYyYTgyMDYwLzEvRVFTLUQxcGdGOVg5SnhGUmdiSU1xRjFlSVA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy8yMzcxMDYtZDA4ZC00YWEwLWFjODItZjYwYWYyYTgyMDYw
LzEvT1hNdHpRdzFRbUZFLWZBbWRVRjUzNjYtaVZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwcgCMA0E
AgACMAcDBQMqD5fAMA0GCSqGSIb3DQEBCwUAA4IBAQCfYqbI2TjSKuRh6ByJvY6Q
Dow27FbbWzyfryqFUoFaeBAyGkL9x02/L/eISbx3P2xHNEb4fvoVkKemYAQ7lEnF
l24quso9aSI7vRGXCrKQSinXAcQ+uPrJWDpxw+jGjCGIo8MhZSY/bT5+xk/bk1h3
Akynbb3gUTwWRg9Rg6EkZdEn9LAFOVh5znCFBxMhd3jv71RmfDXrodkvglyF4nfI
2n9baEWcR3F6GbJH+2Y/1PWAdqf3zC3j/3rka0T+/jn8sxNnOeKVtxRyVPOie1GA
hwWz2wBj45n7UOnaceqBiFU4t3T2TeCo+r2Oof/Rdp/8gldh7TKaZJ4bhQ3BeYWB
-----END CERTIFICATE-----