Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/5f3a02-0650-4e5c-b8d0-c701f279c6de/1/ctxe5Lnf-P92Y-aRF-aTwCxvQ-Y.roa
File:                     ctxe5Lnf-P92Y-aRF-aTwCxvQ-Y.roa (raw, json)
Hash identifier:          JuvYZG1KASTZcCfggftiqfbWLqoSmP/ETYKyhfPlx0Q=
Subject key identifier:   72:DC:5E:E4:B9:DF:F8:FF:76:63:E6:91:17:E6:93:C0:2C:6F:43:E6
Certificate issuer:       /CN=eb91e993a4a40ce7e5d9c86325f186df069ecacd
Certificate serial:       019427B5C6816EB095319FD566B44121921B
Authority key identifier: EB:91:E9:93:A4:A4:0C:E7:E5:D9:C8:63:25:F1:86:DF:06:9E:CA:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/65Hpk6SkDOfl2chjJfGG3waeys0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/5f3a02-0650-4e5c-b8d0-c701f279c6de/1/ctxe5Lnf-P92Y-aRF-aTwCxvQ-Y.roa
Signing time:             Thu 02 Jan 2025 15:50:11 +0000
ROA not before:           Thu 02 Jan 2025 15:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212552
IP address blocks:        194.146.123.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b8/5f3a02-0650-4e5c-b8d0-c701f279c6de/1/65Hpk6SkDOfl2chjJfGG3waeys0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b8/5f3a02-0650-4e5c-b8d0-c701f279c6de/1/65Hpk6SkDOfl2chjJfGG3waeys0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/65Hpk6SkDOfl2chjJfGG3waeys0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 18:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:c6:81:6e:b0:95:31:9f:d5:66:b4:41:21:92:1b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb91e993a4a40ce7e5d9c86325f186df069ecacd
        Validity
            Not Before: Jan  2 15:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=72dc5ee4b9dff8ff7663e69117e693c02c6f43e6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:53:ba:0b:18:75:44:18:c9:96:bc:96:d7:22:
                    44:17:5d:bd:ac:f6:e7:11:ef:16:8b:36:34:f8:b6:
                    b7:98:19:eb:b6:c4:7c:8f:5d:e5:d4:6a:41:e8:21:
                    8d:63:b4:e8:f7:75:6a:b8:3d:28:b1:6a:8c:da:2f:
                    00:af:66:c6:d8:5b:64:41:53:1c:ff:67:07:63:4f:
                    f1:5e:98:81:9c:3c:30:1c:42:98:c3:ba:10:74:7e:
                    03:05:ed:90:64:eb:46:24:94:e1:74:b4:81:d8:fa:
                    34:10:98:69:74:bf:ab:bf:c1:23:ed:28:46:4a:0a:
                    c9:4d:7d:b9:b7:b2:d5:97:fa:94:26:ad:30:66:fb:
                    bc:49:5a:fd:9a:20:ff:9b:cb:fa:20:f8:4c:1b:b1:
                    4b:6f:07:13:e9:4b:cd:af:ae:37:bb:e4:49:68:02:
                    9e:8b:d9:d1:04:0d:81:00:92:81:32:f1:74:3f:31:
                    00:5e:9f:e5:3a:6a:79:6d:87:73:e2:81:84:40:db:
                    40:60:e7:6b:54:28:bc:9e:17:0c:3c:68:9d:8c:17:
                    9f:6f:a8:c7:46:fb:b8:01:17:31:eb:31:7e:a8:c3:
                    ca:e1:98:70:c3:b7:e5:d8:fd:be:46:77:f1:f9:32:
                    0a:d1:69:e4:98:a2:e7:af:eb:6f:08:09:00:6f:cf:
                    21:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:DC:5E:E4:B9:DF:F8:FF:76:63:E6:91:17:E6:93:C0:2C:6F:43:E6
            X509v3 Authority Key Identifier:
                keyid:EB:91:E9:93:A4:A4:0C:E7:E5:D9:C8:63:25:F1:86:DF:06:9E:CA:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/65Hpk6SkDOfl2chjJfGG3waeys0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/5f3a02-0650-4e5c-b8d0-c701f279c6de/1/ctxe5Lnf-P92Y-aRF-aTwCxvQ-Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/5f3a02-0650-4e5c-b8d0-c701f279c6de/1/65Hpk6SkDOfl2chjJfGG3waeys0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.146.123.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:61:dc:0b:2a:30:f4:b0:3d:39:10:16:61:0f:87:ae:a0:a2:
         3e:32:ba:eb:94:45:7e:4b:06:72:21:b8:d9:0d:51:9e:f3:c4:
         2d:61:fc:2c:2a:a0:34:23:ad:58:a7:0f:70:fc:5b:79:86:9e:
         cf:b6:d1:ed:85:ac:0d:5a:b3:98:a2:79:9a:63:84:2b:4e:ca:
         1d:78:a2:2c:79:2d:d5:6a:65:26:42:b6:43:00:d2:6e:8c:b4:
         af:25:3a:4c:8c:59:22:ec:76:17:a4:77:c8:20:a6:46:32:f0:
         a5:b0:69:7b:23:b7:57:2e:f0:c9:f7:fc:f9:fc:22:3d:af:21:
         7f:a3:b6:99:42:8e:9a:a6:de:4d:9d:2c:c8:e5:36:6c:9b:23:
         58:6f:e5:56:26:4d:ea:21:37:22:13:85:d6:94:9d:99:1e:47:
         7d:be:93:5d:a0:35:ee:40:ec:3e:0c:a6:3f:b7:61:97:e2:01:
         ae:19:68:fc:f3:3b:05:8c:92:d3:c3:3e:d3:f9:82:c8:74:67:
         0a:46:e1:a8:7f:c1:0a:20:d3:e0:a9:36:70:bb:71:dd:54:44:
         f4:6f:cd:04:3b:91:16:43:9d:84:e9:92:54:8d:77:1b:a8:d6:
         06:0e:44:bb:d9:35:be:ff:b1:ba:6f:46:88:72:63:31:84:4f:
         98:dd:f2:58
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntcaBbrCVMZ/VZrRBIZIbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViOTFlOTkzYTRhNDBjZTdlNWQ5Yzg2MzI1ZjE4NmRmMDY5
ZWNhY2QwHhcNMjUwMTAyMTU1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmRjNWVlNGI5ZGZmOGZmNzY2M2U2OTExN2U2OTNjMDJjNmY0M2U2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA61O6Cxh1RBjJlryW1yJEF129rPbn
Ee8WizY0+La3mBnrtsR8j13l1GpB6CGNY7To93VquD0osWqM2i8Ar2bG2FtkQVMc
/2cHY0/xXpiBnDwwHEKYw7oQdH4DBe2QZOtGJJThdLSB2Po0EJhpdL+rv8Ej7ShG
SgrJTX25t7LVl/qUJq0wZvu8SVr9miD/m8v6IPhMG7FLbwcT6UvNr643u+RJaAKe
i9nRBA2BAJKBMvF0PzEAXp/lOmp5bYdz4oGEQNtAYOdrVCi8nhcMPGidjBefb6jH
Rvu4ARcx6zF+qMPK4Zhww7fl2P2+Rnfx+TIK0WnkmKLnr+tvCAkAb88hXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHLcXuS53/j/dmPmkRfmk8Asb0PmMB8GA1UdIwQY
MBaAFOuR6ZOkpAzn5dnIYyXxht8GnsrNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjVIcGs2U2tET2ZsMmNoakpmR0czd2FleXMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC81ZjNhMDItMDY1MC00ZTVjLWI4ZDAt
YzcwMWYyNzljNmRlLzEvY3R4ZTVMbmYtUDkyWS1hUkYtYVR3Q3h2US1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC81ZjNhMDItMDY1MC00ZTVjLWI4ZDAtYzcwMWYyNzljNmRl
LzEvNjVIcGs2U2tET2ZsMmNoakpmR0czd2FleXMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpJ7MA0G
CSqGSIb3DQEBCwUAA4IBAQAFYdwLKjD0sD05EBZhD4euoKI+MrrrlEV+SwZyIbjZ
DVGe88QtYfwsKqA0I61Ypw9w/Ft5hp7PttHthawNWrOYonmaY4QrTsodeKIseS3V
amUmQrZDANJujLSvJTpMjFki7HYXpHfIIKZGMvClsGl7I7dXLvDJ9/z5/CI9ryF/
o7aZQo6apt5NnSzI5TZsmyNYb+VWJk3qITciE4XWlJ2ZHkd9vpNdoDXuQOw+DKY/
t2GX4gGuGWj88zsFjJLTwz7T+YLIdGcKRuGof8EKINPgqTZwu3HdVET0b80EO5EW
Q52E6ZJUjXcbqNYGDkS72TW+/7G6b0aIcmMxhE+Y3fJY
-----END CERTIFICATE-----