Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/75339a-5997-4a93-9ad6-65963777ba0a/1/nIYQEeYqHsjGk1HnsHfkMxRcQRo.roa
File:                     nIYQEeYqHsjGk1HnsHfkMxRcQRo.roa (raw, json)
Hash identifier:          ycX0NPtdV2a4EnLGQ1o3vCMrwecsVp9vTud4zqdQmCQ=
Subject key identifier:   9C:86:10:11:E6:2A:1E:C8:C6:93:51:E7:B0:77:E4:33:14:5C:41:1A
Certificate issuer:       /CN=106fc87874912b1813ac4292457abddc018e9b45
Certificate serial:       0194252083234EEBD0AA588040B01454F202
Authority key identifier: 10:6F:C8:78:74:91:2B:18:13:AC:42:92:45:7A:BD:DC:01:8E:9B:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EG_IeHSRKxgTrEKSRXq93AGOm0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/75339a-5997-4a93-9ad6-65963777ba0a/1/nIYQEeYqHsjGk1HnsHfkMxRcQRo.roa
Signing time:             Thu 02 Jan 2025 03:47:55 +0000
ROA not before:           Thu 02 Jan 2025 03:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33986
IP address blocks:        212.94.135.0/24 maxlen: 24
                          212.94.136.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/75339a-5997-4a93-9ad6-65963777ba0a/1/EG_IeHSRKxgTrEKSRXq93AGOm0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/75339a-5997-4a93-9ad6-65963777ba0a/1/EG_IeHSRKxgTrEKSRXq93AGOm0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EG_IeHSRKxgTrEKSRXq93AGOm0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 06:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:20:83:23:4e:eb:d0:aa:58:80:40:b0:14:54:f2:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=106fc87874912b1813ac4292457abddc018e9b45
        Validity
            Not Before: Jan  2 03:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9c861011e62a1ec8c69351e7b077e433145c411a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:57:21:04:39:c9:69:09:fc:c3:96:e6:19:1a:
                    6b:45:ec:0c:d9:05:76:d1:93:bf:80:0b:dc:a1:9b:
                    5b:06:37:45:71:15:3e:4e:fa:34:04:f4:cc:69:04:
                    e3:9b:c4:50:64:dc:0d:39:8b:63:2e:c9:c4:06:9b:
                    d3:2c:7d:f8:59:ce:5e:65:c4:94:f5:cb:73:d8:57:
                    2a:14:2c:e2:24:1f:f2:da:60:57:ea:07:11:0e:5c:
                    29:92:79:f1:25:b6:61:1c:51:bb:b6:14:c2:15:67:
                    d0:47:80:56:19:b0:0a:8e:84:7f:7a:64:5d:f3:17:
                    d5:7c:25:28:b6:13:25:05:ce:d4:47:b4:8e:85:9d:
                    e7:7a:9e:fb:c1:d9:67:e8:2f:a6:ac:83:4f:ba:5e:
                    7b:f1:e1:5f:c0:4b:25:ce:34:4c:c1:f1:41:6c:1e:
                    55:43:45:8e:a7:66:f1:82:89:18:6a:d3:34:ec:14:
                    48:55:f6:2b:ce:ec:02:d0:67:0d:e7:42:cc:cd:5e:
                    3b:5e:6e:5e:66:1f:5a:78:a9:b6:2e:6a:aa:f6:47:
                    08:a0:2d:99:2c:92:5f:17:6f:9a:2c:35:6c:91:fa:
                    22:0a:c9:ba:a6:01:b2:54:ae:b6:9c:bd:31:d9:dc:
                    7c:56:a9:e5:73:3b:47:df:fc:4e:dc:d6:85:f4:aa:
                    b6:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9C:86:10:11:E6:2A:1E:C8:C6:93:51:E7:B0:77:E4:33:14:5C:41:1A
            X509v3 Authority Key Identifier:
                keyid:10:6F:C8:78:74:91:2B:18:13:AC:42:92:45:7A:BD:DC:01:8E:9B:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EG_IeHSRKxgTrEKSRXq93AGOm0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/75339a-5997-4a93-9ad6-65963777ba0a/1/nIYQEeYqHsjGk1HnsHfkMxRcQRo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/75339a-5997-4a93-9ad6-65963777ba0a/1/EG_IeHSRKxgTrEKSRXq93AGOm0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.94.135.0-212.94.136.255

    Signature Algorithm: sha256WithRSAEncryption
         69:84:1f:4d:13:b7:2e:0f:26:11:26:b6:b8:b1:4c:1c:d8:3a:
         3d:0c:09:1a:8f:33:43:23:61:d3:c1:70:1c:38:94:14:63:f8:
         67:03:07:b2:45:f1:53:d4:ad:b9:0c:0a:de:4b:a8:74:99:77:
         04:cd:85:36:bb:81:0e:37:75:17:e7:7a:9b:d2:b7:ca:68:06:
         4e:f0:62:6f:10:28:15:70:80:30:a3:cd:51:f9:3d:08:3b:b2:
         4a:c5:ae:f4:cb:84:01:b6:9a:ea:9c:48:63:9e:2f:3a:c1:07:
         2a:f6:58:fa:4b:1b:11:54:23:26:40:90:4c:8d:0b:23:42:65:
         19:b2:b1:13:91:75:5f:31:f1:7b:a0:80:30:05:4c:43:12:b9:
         19:cd:ff:e5:3c:50:39:d5:e4:55:fc:28:ff:4a:ce:18:42:65:
         c3:67:73:18:f0:5f:85:8a:10:19:b6:c0:e8:94:4b:d2:9d:3e:
         81:61:e5:22:a0:ba:40:5a:a0:6f:8f:b8:a4:2b:4f:b6:f4:8b:
         0a:8e:fb:af:88:96:b5:2b:6f:43:43:9a:d1:c5:c2:d1:f6:d6:
         80:49:04:bc:91:0c:1f:48:5c:b0:33:1a:d4:72:36:90:21:59:
         62:bb:fb:a3:d1:b9:32:41:14:e5:bc:50:a5:b9:9a:ed:af:7e:
         3c:a8:24:67
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQlIIMjTuvQqliAQLAUVPICMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNmZjODc4NzQ5MTJiMTgxM2FjNDI5MjQ1N2FiZGRjMDE4
ZTliNDUwHhcNMjUwMTAyMDM0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yzg2MTAxMWU2MmExZWM4YzY5MzUxZTdiMDc3ZTQzMzE0NWM0MTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1chBDnJaQn8w5bmGRprRewM2QV2
0ZO/gAvcoZtbBjdFcRU+Tvo0BPTMaQTjm8RQZNwNOYtjLsnEBpvTLH34Wc5eZcSU
9ctz2FcqFCziJB/y2mBX6gcRDlwpknnxJbZhHFG7thTCFWfQR4BWGbAKjoR/emRd
8xfVfCUothMlBc7UR7SOhZ3nep77wdln6C+mrINPul578eFfwEslzjRMwfFBbB5V
Q0WOp2bxgokYatM07BRIVfYrzuwC0GcN50LMzV47Xm5eZh9aeKm2Lmqq9kcIoC2Z
LJJfF2+aLDVskfoiCsm6pgGyVK62nL0x2dx8VqnlcztH3/xO3NaF9Kq20QIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJyGEBHmKh7IxpNR57B35DMUXEEaMB8GA1UdIwQY
MBaAFBBvyHh0kSsYE6xCkkV6vdwBjptFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUdfSWVIU1JLeGdUckVLU1JYcTkzQUdPbTBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi83NTMzOWEtNTk5Ny00YTkzLTlhZDYt
NjU5NjM3NzdiYTBhLzEvbklZUUVlWXFIc2pHazFIbnNIZmtNeFJjUVJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi83NTMzOWEtNTk5Ny00YTkzLTlhZDYtNjU5NjM3NzdiYTBh
LzEvRUdfSWVIU1JLeGdUckVLU1JYcTkzQUdPbTBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBADUXocD
BADUXogwDQYJKoZIhvcNAQELBQADggEBAGmEH00Tty4PJhEmtrixTBzYOj0MCRqP
M0MjYdPBcBw4lBRj+GcDB7JF8VPUrbkMCt5LqHSZdwTNhTa7gQ43dRfnepvSt8po
Bk7wYm8QKBVwgDCjzVH5PQg7skrFrvTLhAG2muqcSGOeLzrBByr2WPpLGxFUIyZA
kEyNCyNCZRmysRORdV8x8XuggDAFTEMSuRnN/+U8UDnV5FX8KP9KzhhCZcNncxjw
X4WKEBm2wOiUS9KdPoFh5SKgukBaoG+PuKQrT7b0iwqO+6+IlrUrb0NDmtHFwtH2
1oBJBLyRDB9IXLAzGtRyNpAhWWK7+6PRuTJBFOW8UKW5mu2vfjyoJGc=
-----END CERTIFICATE-----