Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b6/742a04-17af-4f40-a140-604584895925/1/2M47-6eKALJ6FmiVAowRa7gLSUI.roa
File:                     2M47-6eKALJ6FmiVAowRa7gLSUI.roa (raw, json)
Hash identifier:          sTE5YWztn/a2MX2OSX/0Yz9OgI3CBWwdi/QI1zYZYUk=
Subject key identifier:   D8:CE:3B:FB:A7:8A:00:B2:7A:16:68:95:02:8C:11:6B:B8:0B:49:42
Certificate issuer:       /CN=e8477ad21cb789143313c40b19f8cc0023de88a6
Certificate serial:       0196CE089324ABB9BE4B5D328F4397F3A1D5
Authority key identifier: E8:47:7A:D2:1C:B7:89:14:33:13:C4:0B:19:F8:CC:00:23:DE:88:A6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6Ed60hy3iRQzE8QLGfjMACPeiKY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b6/742a04-17af-4f40-a140-604584895925/1/2M47-6eKALJ6FmiVAowRa7gLSUI.roa
Signing time:             Wed 14 May 2025 09:03:10 +0000
ROA not before:           Wed 14 May 2025 09:03:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49127
IP address blocks:        86.106.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b6/742a04-17af-4f40-a140-604584895925/1/6Ed60hy3iRQzE8QLGfjMACPeiKY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b6/742a04-17af-4f40-a140-604584895925/1/6Ed60hy3iRQzE8QLGfjMACPeiKY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6Ed60hy3iRQzE8QLGfjMACPeiKY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ce:08:93:24:ab:b9:be:4b:5d:32:8f:43:97:f3:a1:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e8477ad21cb789143313c40b19f8cc0023de88a6
        Validity
            Not Before: May 14 09:03:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d8ce3bfba78a00b27a166895028c116bb80b4942
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:42:c8:1d:f7:4c:e2:73:b3:a7:52:42:c2:52:
                    62:48:5d:a2:68:f3:78:35:7e:a5:3b:bc:09:18:df:
                    5d:ee:8c:48:76:cc:e2:57:a3:95:fb:67:56:cf:53:
                    ae:cb:3d:f0:cc:24:16:b0:de:68:7d:ed:55:f3:14:
                    8b:5b:86:c1:08:f2:aa:4d:1b:69:93:74:0a:27:cf:
                    7b:6a:08:e7:be:82:ae:40:ec:3b:26:f9:ae:b8:52:
                    0b:8e:78:dc:4d:77:08:80:be:a3:e8:78:f2:96:39:
                    bd:a5:a6:d7:d6:04:18:72:2a:17:18:30:9b:9d:35:
                    73:32:dc:41:25:76:e3:09:ee:7b:ad:05:37:be:f8:
                    7d:e3:ea:a7:ea:2c:38:84:62:a8:29:a1:5b:35:59:
                    11:13:2a:20:7a:58:7a:41:6e:d9:bd:4d:ce:c8:ea:
                    31:f2:85:89:29:45:ea:d0:48:9a:dc:47:03:18:38:
                    1c:f4:52:42:f7:e7:df:f2:ab:31:ba:3a:48:4d:30:
                    62:35:84:b2:0a:0f:a1:f8:19:20:d7:d4:04:d1:aa:
                    ef:5b:33:6c:ad:fa:df:79:ff:13:66:98:30:a5:20:
                    74:20:8a:76:41:da:6f:0e:64:18:a1:a1:e4:32:79:
                    90:7c:df:1f:05:f2:ad:02:f0:b4:41:2b:02:6e:c7:
                    32:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:CE:3B:FB:A7:8A:00:B2:7A:16:68:95:02:8C:11:6B:B8:0B:49:42
            X509v3 Authority Key Identifier:
                keyid:E8:47:7A:D2:1C:B7:89:14:33:13:C4:0B:19:F8:CC:00:23:DE:88:A6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6Ed60hy3iRQzE8QLGfjMACPeiKY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/742a04-17af-4f40-a140-604584895925/1/2M47-6eKALJ6FmiVAowRa7gLSUI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b6/742a04-17af-4f40-a140-604584895925/1/6Ed60hy3iRQzE8QLGfjMACPeiKY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.106.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c5:7b:85:35:86:3a:52:09:2f:08:3e:9e:b6:89:0b:08:9b:5e:
         22:98:24:7c:b2:31:6d:68:59:da:bd:c8:3e:7e:10:d9:a5:29:
         31:53:f6:1e:ab:d5:37:25:96:48:dd:45:83:52:28:31:bb:e4:
         8b:ad:db:63:02:04:4d:87:78:4f:8b:88:b2:1f:c9:0a:07:5c:
         ba:20:7d:92:cc:fe:ee:59:47:f2:13:0e:09:9d:d0:30:d5:ac:
         98:ff:72:77:bd:7f:14:48:e9:67:38:3a:88:ae:70:72:0b:08:
         89:a9:cc:a4:59:fb:63:85:fc:1d:47:c9:e0:3d:b2:bb:6d:5a:
         31:c5:b9:57:75:02:2a:19:ad:06:61:96:19:61:5b:e7:f9:ff:
         cd:aa:b6:e6:98:66:66:98:e4:cc:ec:26:b7:8b:b7:fa:92:53:
         b5:0d:de:8a:17:8a:88:a6:9e:c8:19:f7:04:1f:73:17:e2:de:
         37:58:55:71:f5:15:6a:91:30:ee:a8:d9:67:3c:27:5a:c3:e8:
         8c:83:6b:75:e0:3f:a5:35:ec:4d:62:32:ab:99:17:df:8d:25:
         05:4a:e8:5d:56:05:04:60:0f:4e:ad:18:92:99:0b:75:ef:0c:
         40:f4:3b:b4:35:0c:d9:44:1c:05:5d:25:6e:30:18:63:20:ce:
         7d:c6:07:c3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbOCJMkq7m+S10yj0OX86HVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDc3YWQyMWNiNzg5MTQzMzEzYzQwYjE5ZjhjYzAwMjNk
ZTg4YTYwHhcNMjUwNTE0MDkwMzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOGNlM2JmYmE3OGEwMGIyN2ExNjY4OTUwMjhjMTE2YmI4MGI0OTQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo0LIHfdM4nOzp1JCwlJiSF2iaPN4
NX6lO7wJGN9d7oxIdsziV6OV+2dWz1Ouyz3wzCQWsN5ofe1V8xSLW4bBCPKqTRtp
k3QKJ897agjnvoKuQOw7JvmuuFILjnjcTXcIgL6j6Hjyljm9pabX1gQYcioXGDCb
nTVzMtxBJXbjCe57rQU3vvh94+qn6iw4hGKoKaFbNVkREyogelh6QW7ZvU3OyOox
8oWJKUXq0Eia3EcDGDgc9FJC9+ff8qsxujpITTBiNYSyCg+h+Bkg19QE0arvWzNs
rfrfef8TZpgwpSB0IIp2QdpvDmQYoaHkMnmQfN8fBfKtAvC0QSsCbscyhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNjOO/unigCyehZolQKMEWu4C0lCMB8GA1UdIwQY
MBaAFOhHetIct4kUMxPECxn4zAAj3oimMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVkNjBoeTNpUlF6RThRTEdmak1BQ1BlaUtZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNi83NDJhMDQtMTdhZi00ZjQwLWExNDAt
NjA0NTg0ODk1OTI1LzEvMk00Ny02ZUtBTEo2Rm1pVkFvd1JhN2dMU1VJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNi83NDJhMDQtMTdhZi00ZjQwLWExNDAtNjA0NTg0ODk1OTI1
LzEvNkVkNjBoeTNpUlF6RThRTEdmak1BQ1BlaUtZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVmpLMA0G
CSqGSIb3DQEBCwUAA4IBAQDFe4U1hjpSCS8IPp62iQsIm14imCR8sjFtaFnavcg+
fhDZpSkxU/Yeq9U3JZZI3UWDUigxu+SLrdtjAgRNh3hPi4iyH8kKB1y6IH2SzP7u
WUfyEw4JndAw1ayY/3J3vX8USOlnODqIrnByCwiJqcykWftjhfwdR8ngPbK7bVox
xblXdQIqGa0GYZYZYVvn+f/NqrbmmGZmmOTM7Ca3i7f6klO1Dd6KF4qIpp7IGfcE
H3MX4t43WFVx9RVqkTDuqNlnPCdaw+iMg2t14D+lNexNYjKrmRffjSUFSuhdVgUE
YA9OrRiSmQt17wxA9Du0NQzZRBwFXSVuMBhjIM59xgfD
-----END CERTIFICATE-----