Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/Ez6MidRPe5LQpNIKcMIlDDxqM0k.roa
File:                     Ez6MidRPe5LQpNIKcMIlDDxqM0k.roa (raw, json)
Hash identifier:          lzxRqXFCKs825IDBkMl92TH7obbAVfFngY9gP73oEx0=
Subject key identifier:   13:3E:8C:89:D4:4F:7B:92:D0:A4:D2:0A:70:C2:25:0C:3C:6A:33:49
Certificate issuer:       /CN=d271ea06b1a756cbf46ae046484bbd3e4fce4ca5
Certificate serial:       0195657B151C0175F99B2847F493ED71A7E7
Authority key identifier: D2:71:EA:06:B1:A7:56:CB:F4:6A:E0:46:48:4B:BD:3E:4F:CE:4C:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0nHqBrGnVsv0auBGSEu9Pk_OTKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/Ez6MidRPe5LQpNIKcMIlDDxqM0k.roa
Signing time:             Wed 05 Mar 2025 08:45:19 +0000
ROA not before:           Wed 05 Mar 2025 08:45:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        78.153.96.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/0nHqBrGnVsv0auBGSEu9Pk_OTKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/0nHqBrGnVsv0auBGSEu9Pk_OTKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0nHqBrGnVsv0auBGSEu9Pk_OTKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:65:7b:15:1c:01:75:f9:9b:28:47:f4:93:ed:71:a7:e7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d271ea06b1a756cbf46ae046484bbd3e4fce4ca5
        Validity
            Not Before: Mar  5 08:45:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=133e8c89d44f7b92d0a4d20a70c2250c3c6a3349
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:bd:1a:70:ce:19:96:65:bb:1c:96:ea:06:84:
                    f6:58:ad:30:0c:ce:b3:e6:40:58:4d:91:e0:22:60:
                    d9:b8:23:7a:60:f8:a8:a5:32:98:2b:db:02:e5:d6:
                    b7:40:88:9f:5e:23:66:c9:bc:b5:69:31:9b:b7:cf:
                    4b:79:c5:85:ec:a1:4a:34:ff:dc:3f:c4:14:e1:8c:
                    bf:fc:de:04:f0:7e:a2:cb:f1:7c:ae:dd:6e:5b:95:
                    94:a5:17:b7:17:a0:0f:aa:0d:76:39:e1:b6:31:00:
                    1e:c6:1e:15:ca:83:b5:40:31:78:01:8c:40:f3:df:
                    99:5d:88:d9:aa:2c:a3:a9:58:be:d3:73:ac:24:43:
                    d0:8d:a4:49:03:1d:e0:b1:8f:07:33:ff:3f:d6:fe:
                    e4:24:3a:d4:b1:34:2c:17:f2:2c:77:7c:ee:35:89:
                    27:9d:d7:c9:d1:b2:c7:41:53:de:40:23:0d:46:96:
                    5d:a9:17:45:89:a6:d4:0b:10:b6:bd:b4:0c:58:6d:
                    86:b5:57:63:41:f5:17:18:9f:44:fa:bd:4f:d4:52:
                    7a:6f:a3:0f:8d:e9:8f:e9:95:70:2a:89:64:bf:f6:
                    fa:26:4b:d2:d5:f5:cf:2c:1f:4e:d5:ea:6e:5e:8b:
                    48:3c:21:36:6b:34:09:51:4c:aa:63:94:42:70:23:
                    f3:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:3E:8C:89:D4:4F:7B:92:D0:A4:D2:0A:70:C2:25:0C:3C:6A:33:49
            X509v3 Authority Key Identifier:
                keyid:D2:71:EA:06:B1:A7:56:CB:F4:6A:E0:46:48:4B:BD:3E:4F:CE:4C:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0nHqBrGnVsv0auBGSEu9Pk_OTKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/Ez6MidRPe5LQpNIKcMIlDDxqM0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/acec3d-775e-4d0e-8433-fc3d5c2230b2/1/0nHqBrGnVsv0auBGSEu9Pk_OTKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  78.153.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         52:e2:fa:21:a4:3a:3a:43:26:d4:65:52:ae:8a:17:01:85:cf:
         6f:3f:36:8c:99:8b:ba:02:4c:89:ca:10:46:95:77:bc:e0:66:
         3f:a0:6f:8b:f4:e0:d3:71:ed:a8:a1:2b:5a:26:d2:f7:63:7c:
         a6:e6:14:9f:a3:63:7e:15:31:66:75:4d:70:1e:18:91:c0:6f:
         3d:25:21:06:2d:05:2f:ca:c2:b4:1f:6b:55:d4:42:5d:bf:30:
         1f:6a:c7:31:c4:7e:36:74:a2:75:36:de:63:6e:64:07:f2:4b:
         45:1e:5d:12:5f:1d:e9:e6:45:46:44:20:f7:fd:a8:ad:07:56:
         e2:4d:bb:05:1c:8c:79:9e:06:62:87:42:9d:76:ce:1e:69:aa:
         e0:7c:2b:36:5e:fd:01:e8:78:59:86:5b:d0:3a:28:48:56:29:
         a6:6e:6c:1c:dc:c0:ef:97:25:a2:14:90:fc:bb:95:ed:74:d3:
         6f:d7:3e:b5:97:de:17:0d:e6:ea:11:b2:39:b3:40:67:18:d6:
         0d:14:f5:aa:74:14:af:bd:57:dc:04:f9:e1:78:f0:b6:0f:a0:
         17:81:08:e1:37:94:97:ff:0f:42:6f:5f:85:e2:59:ed:b5:87:
         78:7a:2d:4b:99:4b:6b:53:49:ee:7d:eb:9c:92:85:0b:43:a8:
         d3:b5:cf:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVlexUcAXX5myhH9JPtcafnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyNzFlYTA2YjFhNzU2Y2JmNDZhZTA0NjQ4NGJiZDNlNGZj
ZTRjYTUwHhcNMjUwMzA1MDg0NTE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMzNlOGM4OWQ0NGY3YjkyZDBhNGQyMGE3MGMyMjUwYzNjNmEzMzQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6L0acM4ZlmW7HJbqBoT2WK0wDM6z
5kBYTZHgImDZuCN6YPiopTKYK9sC5da3QIifXiNmyby1aTGbt89LecWF7KFKNP/c
P8QU4Yy//N4E8H6iy/F8rt1uW5WUpRe3F6APqg12OeG2MQAexh4VyoO1QDF4AYxA
89+ZXYjZqiyjqVi+03OsJEPQjaRJAx3gsY8HM/8/1v7kJDrUsTQsF/Isd3zuNYkn
ndfJ0bLHQVPeQCMNRpZdqRdFiabUCxC2vbQMWG2GtVdjQfUXGJ9E+r1P1FJ6b6MP
jemP6ZVwKolkv/b6JkvS1fXPLB9O1epuXotIPCE2azQJUUyqY5RCcCPz4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBM+jInUT3uS0KTSCnDCJQw8ajNJMB8GA1UdIwQY
MBaAFNJx6gaxp1bL9GrgRkhLvT5PzkylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMG5IcUJyR25Wc3YwYXVCR1NFdTlQa19PVEtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9hY2VjM2QtNzc1ZS00ZDBlLTg0MzMt
ZmMzZDVjMjIzMGIyLzEvRXo2TWlkUlBlNUxRcE5JS2NNSWxERHhxTTBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9hY2VjM2QtNzc1ZS00ZDBlLTg0MzMtZmMzZDVjMjIzMGIy
LzEvMG5IcUJyR25Wc3YwYXVCR1NFdTlQa19PVEtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQETplgMA0G
CSqGSIb3DQEBCwUAA4IBAQBS4vohpDo6QybUZVKuihcBhc9vPzaMmYu6AkyJyhBG
lXe84GY/oG+L9ODTce2ooStaJtL3Y3ym5hSfo2N+FTFmdU1wHhiRwG89JSEGLQUv
ysK0H2tV1EJdvzAfascxxH42dKJ1Nt5jbmQH8ktFHl0SXx3p5kVGRCD3/aitB1bi
TbsFHIx5ngZih0Kdds4eaargfCs2Xv0B6HhZhlvQOihIVimmbmwc3MDvlyWiFJD8
u5XtdNNv1z61l94XDebqEbI5s0BnGNYNFPWqdBSvvVfcBPnhePC2D6AXgQjhN5SX
/w9Cb1+F4lnttYd4ei1LmUtrU0nufeuckoULQ6jTtc9o
-----END CERTIFICATE-----