Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/5JoVlBjggwYd1CYpdyIbKap9zAU.roa
File:                     5JoVlBjggwYd1CYpdyIbKap9zAU.roa (raw, json)
Hash identifier:          nR0OhV2vQ3lIo6qyXhLT1OMc81lh3UDVXyOJtDFEIl4=
Subject key identifier:   E4:9A:15:94:18:E0:83:06:1D:D4:26:29:77:22:1B:29:AA:7D:CC:05
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       01973C74824067F394542A181440F733F081
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/5JoVlBjggwYd1CYpdyIbKap9zAU.roa
Signing time:             Wed 04 Jun 2025 19:39:17 +0000
ROA not before:           Wed 04 Jun 2025 19:39:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     249
IP address blocks:        74.112.156.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 10 Jun 2025 15:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:3c:74:82:40:67:f3:94:54:2a:18:14:40:f7:33:f0:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jun  4 19:39:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e49a159418e083061dd4262977221b29aa7dcc05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:1b:42:90:b1:35:5e:92:e0:48:c8:6b:ca:2d:
                    9e:91:62:90:e1:8c:6f:9e:63:13:56:e2:c0:77:f7:
                    7d:7d:59:bb:1f:48:be:41:28:68:25:be:20:34:dd:
                    17:b5:80:58:3b:51:2f:d9:c0:ad:0d:c7:b6:a8:a0:
                    83:85:75:da:19:f0:9e:8f:54:2e:d2:ad:86:ee:d1:
                    40:a3:37:7e:f9:7b:ad:c8:f4:79:df:5a:a3:48:6b:
                    39:ae:84:f2:5a:13:e0:f0:7c:98:94:87:81:c7:63:
                    25:b1:88:d3:25:0f:7a:35:f2:c6:c1:27:fd:27:4b:
                    7e:b8:c7:d1:1a:db:f5:50:ed:0e:fc:8f:0f:3f:b0:
                    ad:6e:f5:eb:01:d8:a8:fb:47:14:63:ba:d2:36:11:
                    56:ac:b8:59:8f:6e:c3:f4:1d:b5:50:21:d9:3d:ad:
                    bf:05:8c:b5:38:19:00:9f:d0:2f:9e:f8:a6:5d:74:
                    5e:c9:55:d2:bf:e8:08:ad:c4:9d:58:fd:72:09:d9:
                    26:ef:6d:43:e3:20:d9:4a:d2:78:a1:36:c9:84:74:
                    9c:d2:2c:80:a0:ba:dc:f4:16:0c:8e:d0:00:7b:ee:
                    f9:49:cd:a5:17:05:22:95:58:1f:dc:54:30:8b:d8:
                    ea:ca:49:a0:d6:b0:91:bd:51:df:37:de:8e:c7:5e:
                    e4:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:9A:15:94:18:E0:83:06:1D:D4:26:29:77:22:1B:29:AA:7D:CC:05
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/5JoVlBjggwYd1CYpdyIbKap9zAU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  74.112.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d9:72:52:f8:72:1f:26:09:d9:c9:1a:07:3f:e6:a5:58:db:f1:
         96:1e:35:ae:b2:9a:d3:fc:77:7b:2b:a4:32:a9:a9:12:a9:bf:
         43:11:4a:e2:7c:27:7b:c8:7e:60:7e:74:ed:6d:8f:97:a2:7a:
         2a:95:77:5b:2c:94:9c:65:69:ec:11:52:75:44:2d:f7:f9:86:
         f1:af:e0:41:cf:9f:66:8f:a7:c4:73:51:2d:7b:c1:21:1f:ab:
         01:1e:f9:56:38:a1:f6:3b:e3:7d:5f:f6:14:db:fd:ed:e0:59:
         fc:f9:97:90:01:65:5a:74:51:18:c9:32:6a:29:ca:b7:27:d6:
         5d:73:f7:51:a3:fb:fa:26:45:ae:e9:32:be:9f:46:b7:b4:64:
         16:29:b3:77:44:84:97:9b:69:70:db:01:9a:af:b9:e7:83:09:
         82:5b:3b:fb:1f:5d:53:e8:36:33:34:69:e6:83:71:68:b2:c7:
         be:d1:82:b1:f2:a9:67:c5:2d:fc:99:7c:13:fa:a1:61:31:4f:
         dd:9d:08:3c:94:df:98:f4:09:fd:9a:94:fc:33:4a:8e:b1:a2:
         4e:24:c8:72:19:41:02:5a:6d:31:34:69:b8:7e:90:39:ab:1e:
         da:ad:41:b2:03:4d:e5:26:74:e2:00:28:06:c3:a3:39:63:de:
         6e:fe:f6:0d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZc8dIJAZ/OUVCoYFED3M/CBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwNjA0MTkzOTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNDlhMTU5NDE4ZTA4MzA2MWRkNDI2Mjk3NzIyMWIyOWFhN2RjYzA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphtCkLE1XpLgSMhryi2ekWKQ4Yxv
nmMTVuLAd/d9fVm7H0i+QShoJb4gNN0XtYBYO1Ev2cCtDce2qKCDhXXaGfCej1Qu
0q2G7tFAozd++XutyPR531qjSGs5roTyWhPg8HyYlIeBx2MlsYjTJQ96NfLGwSf9
J0t+uMfRGtv1UO0O/I8PP7CtbvXrAdio+0cUY7rSNhFWrLhZj27D9B21UCHZPa2/
BYy1OBkAn9AvnvimXXReyVXSv+gIrcSdWP1yCdkm721D4yDZStJ4oTbJhHSc0iyA
oLrc9BYMjtAAe+75Sc2lFwUilVgf3FQwi9jqykmg1rCRvVHfN96Ox17kswIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOSaFZQY4IMGHdQmKXciGymqfcwFMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvNUpvVmxCamdnd1lkMUNZcGR5SWJLYXA5ekFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCSnCcMA0G
CSqGSIb3DQEBCwUAA4IBAQDZclL4ch8mCdnJGgc/5qVY2/GWHjWusprT/Hd7K6Qy
qakSqb9DEUrifCd7yH5gfnTtbY+XonoqlXdbLJScZWnsEVJ1RC33+Ybxr+BBz59m
j6fEc1Ete8EhH6sBHvlWOKH2O+N9X/YU2/3t4Fn8+ZeQAWVadFEYyTJqKcq3J9Zd
c/dRo/v6JkWu6TK+n0a3tGQWKbN3RISXm2lw2wGar7nngwmCWzv7H11T6DYzNGnm
g3Fosse+0YKx8qlnxS38mXwT+qFhMU/dnQg8lN+Y9An9mpT8M0qOsaJOJMhyGUEC
Wm0xNGm4fpA5qx7arUGyA03lJnTiACgGw6M5Y95u/vYN
-----END CERTIFICATE-----