Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/8EQPiSjQEYby_XgXqAmaDuC4v4s.roa
File:                     8EQPiSjQEYby_XgXqAmaDuC4v4s.roa (raw, json)
Hash identifier:          8d10+B2y/tYDuhscsgeyLhd3jc337orMULwx5SPapmY=
Subject key identifier:   F0:44:0F:89:28:D0:11:86:F2:FD:78:17:A8:09:9A:0E:E0:B8:BF:8B
Certificate issuer:       /CN=1e5b334965788794d6f147a2f004d13be3257dc4
Certificate serial:       01958A0664FF156A1FFA3C4F47F28150D3A9
Authority key identifier: 1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/8EQPiSjQEYby_XgXqAmaDuC4v4s.roa
Signing time:             Wed 12 Mar 2025 11:03:49 +0000
ROA not before:           Wed 12 Mar 2025 11:03:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7018
IP address blocks:        152.89.193.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 13:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:8a:06:64:ff:15:6a:1f:fa:3c:4f:47:f2:81:50:d3:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e5b334965788794d6f147a2f004d13be3257dc4
        Validity
            Not Before: Mar 12 11:03:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f0440f8928d01186f2fd7817a8099a0ee0b8bf8b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:78:68:05:e1:3a:40:af:32:7b:69:03:c4:e8:
                    c2:ab:61:37:92:d7:e2:2f:09:13:a9:00:8b:d3:f2:
                    3a:58:fc:a0:b2:c6:ea:e6:a0:52:81:3a:40:c3:39:
                    37:dd:c2:16:4a:f6:8b:f2:74:99:6f:3e:35:c2:11:
                    38:a5:ac:ab:67:1d:be:d1:2d:f1:4e:60:14:3a:a5:
                    40:80:b2:ac:b0:5f:91:c0:c8:2e:7d:0e:5c:53:ec:
                    6d:e9:cf:ee:c7:af:ea:bb:5e:83:ec:99:58:fe:38:
                    02:58:75:68:47:08:9d:7c:07:c7:6d:cf:be:8f:b4:
                    f3:1e:b0:45:c4:45:4c:dc:f5:fd:d6:11:55:e0:08:
                    8f:55:f9:ae:0f:f2:fc:17:cc:3a:7d:c3:c6:21:3f:
                    bc:03:2c:45:d7:0e:a2:3e:04:f8:10:31:68:50:bc:
                    c8:62:bd:76:00:1e:05:0b:91:7c:d0:61:c0:25:89:
                    67:32:97:34:74:22:4c:04:50:b5:7e:7c:05:52:14:
                    6c:1b:cc:cc:ae:92:fc:3e:d7:a8:07:e9:5b:96:75:
                    74:19:12:d3:70:39:fc:28:36:d9:f0:0c:22:13:4b:
                    a8:5d:52:bf:ab:e8:30:58:0b:15:65:df:9f:6b:48:
                    e5:29:e5:7a:40:c8:8c:14:cc:2a:81:24:e4:bd:7d:
                    a4:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:44:0F:89:28:D0:11:86:F2:FD:78:17:A8:09:9A:0E:E0:B8:BF:8B
            X509v3 Authority Key Identifier:
                keyid:1E:5B:33:49:65:78:87:94:D6:F1:47:A2:F0:04:D1:3B:E3:25:7D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HlszSWV4h5TW8Uei8ATRO-MlfcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/8EQPiSjQEYby_XgXqAmaDuC4v4s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/9ba38a-4852-413d-9cd2-9990e2d9eafe/1/HlszSWV4h5TW8Uei8ATRO-MlfcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.89.193.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:c4:02:cf:ee:07:c6:2b:81:1c:65:2c:1a:fb:63:49:f6:dd:
         0f:16:d4:a0:1e:bd:24:27:fb:75:62:99:98:d2:a7:ab:3a:38:
         a9:a8:19:1c:0c:4d:33:56:28:b5:c4:47:2f:6e:b3:4f:66:49:
         61:39:f3:0c:ce:cd:2a:e1:16:8f:65:0b:a8:cb:3c:21:3f:e5:
         cc:17:54:73:7d:c0:f1:30:bb:0e:a0:fe:68:86:7f:b1:df:d1:
         54:93:28:09:e8:26:38:4a:87:56:47:dc:14:0f:7e:26:fc:71:
         67:f4:1c:e4:29:1d:55:76:c8:fd:9d:f4:ea:62:8b:c5:44:20:
         a5:f6:3d:3d:53:b0:f0:2e:1c:4f:e6:0a:c9:e0:18:25:40:b2:
         a6:4f:1f:c2:29:86:25:1f:13:7a:d5:07:1a:fb:bd:e6:59:6d:
         44:ae:f5:04:2a:89:e0:aa:38:44:a9:54:2c:0b:76:67:d5:01:
         58:08:03:16:84:4b:3e:8d:ba:38:3d:88:ed:4d:ef:47:02:0e:
         1d:df:a6:69:5f:e5:55:5d:2a:6e:2c:bb:bb:0e:4c:6e:b2:6b:
         41:76:c3:21:5c:b7:cf:72:cf:b3:9d:cc:82:8b:7d:c4:eb:2d:
         d9:c7:59:60:8d:a4:eb:94:05:95:96:9d:8e:fb:c4:8f:07:45:
         ac:9b:bc:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWKBmT/FWof+jxPR/KBUNOpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlNWIzMzQ5NjU3ODg3OTRkNmYxNDdhMmYwMDRkMTNiZTMy
NTdkYzQwHhcNMjUwMzEyMTEwMzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDQ0MGY4OTI4ZDAxMTg2ZjJmZDc4MTdhODA5OWEwZWUwYjhiZjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxXhoBeE6QK8ye2kDxOjCq2E3ktfi
LwkTqQCL0/I6WPygssbq5qBSgTpAwzk33cIWSvaL8nSZbz41whE4payrZx2+0S3x
TmAUOqVAgLKssF+RwMgufQ5cU+xt6c/ux6/qu16D7JlY/jgCWHVoRwidfAfHbc++
j7TzHrBFxEVM3PX91hFV4AiPVfmuD/L8F8w6fcPGIT+8AyxF1w6iPgT4EDFoULzI
Yr12AB4FC5F80GHAJYlnMpc0dCJMBFC1fnwFUhRsG8zMrpL8PteoB+lblnV0GRLT
cDn8KDbZ8AwiE0uoXVK/q+gwWAsVZd+fa0jlKeV6QMiMFMwqgSTkvX2kXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPBED4ko0BGG8v14F6gJmg7guL+LMB8GA1UdIwQY
MBaAFB5bM0lleIeU1vFHovAE0TvjJX3EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDIt
OTk5MGUyZDllYWZlLzEvOEVRUGlTalFFWWJ5X1hnWHFBbWFEdUM0djRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC85YmEzOGEtNDg1Mi00MTNkLTljZDItOTk5MGUyZDllYWZl
LzEvSGxzelNXVjRoNVRXOFVlaThBVFJPLU1sZmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAmFnBMA0G
CSqGSIb3DQEBCwUAA4IBAQBBxALP7gfGK4EcZSwa+2NJ9t0PFtSgHr0kJ/t1YpmY
0qerOjipqBkcDE0zVii1xEcvbrNPZklhOfMMzs0q4RaPZQuoyzwhP+XMF1RzfcDx
MLsOoP5ohn+x39FUkygJ6CY4SodWR9wUD34m/HFn9BzkKR1Vdsj9nfTqYovFRCCl
9j09U7DwLhxP5grJ4BglQLKmTx/CKYYlHxN61Qca+73mWW1ErvUEKongqjhEqVQs
C3Zn1QFYCAMWhEs+jbo4PYjtTe9HAg4d36ZpX+VVXSpuLLu7DkxusmtBdsMhXLfP
cs+zncyCi33E6y3Zx1lgjaTrlAWVlp2O+8SPB0Wsm7xN
-----END CERTIFICATE-----