Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/dlvlasHfc3b1fbcTo_PLBzJ1mfQ.roa
File:                     dlvlasHfc3b1fbcTo_PLBzJ1mfQ.roa (raw, json)
Hash identifier:          LGoN4h+lFODxJpkay/6tUpw87ICNKQ0aRzFKrBTOiSU=
Subject key identifier:   76:5B:E5:6A:C1:DF:73:76:F5:7D:B7:13:A3:F3:CB:07:32:75:99:F4
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       01975AB7B482CB7AF6A740B39BF661D02E40
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/dlvlasHfc3b1fbcTo_PLBzJ1mfQ.roa
Signing time:             Tue 10 Jun 2025 16:41:18 +0000
ROA not before:           Tue 10 Jun 2025 16:41:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21840
IP address blocks:        85.208.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 14 Jun 2025 07:00:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5a:b7:b4:82:cb:7a:f6:a7:40:b3:9b:f6:61:d0:2e:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jun 10 16:41:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=765be56ac1df7376f57db713a3f3cb07327599f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:43:24:20:98:ef:63:34:42:f1:dc:7b:37:36:
                    7f:6c:1c:ee:20:11:25:ad:52:cc:b2:f5:b4:20:ce:
                    64:8a:1e:a8:85:8b:bf:a2:c5:9b:a0:fb:ff:79:7e:
                    47:8e:b2:d7:f1:4a:bd:52:69:01:66:78:51:23:f5:
                    cd:b6:98:f0:ac:91:a7:44:6f:bb:85:32:0a:21:27:
                    c9:db:f6:72:f7:00:27:04:ee:bf:f9:ed:8c:5d:c3:
                    6e:85:4b:b4:65:c9:8f:2e:ff:38:d9:7d:9d:d5:bb:
                    dd:b9:8a:24:7c:0c:82:37:41:49:ad:89:e0:1a:42:
                    95:6d:4c:a8:e8:2a:d2:0c:af:80:23:e5:e0:7e:2e:
                    57:6c:73:25:de:d4:75:69:7c:90:c8:89:7d:9c:ac:
                    d4:e6:82:73:c3:07:ec:16:e6:f3:22:35:e1:15:23:
                    78:b8:8c:92:98:ac:4b:ef:83:13:fc:c5:97:b7:28:
                    f8:62:5c:9c:c5:a4:67:0a:38:50:90:a6:cf:5e:a2:
                    7d:61:3c:95:27:de:a7:bc:a6:ba:a0:2c:61:10:21:
                    a9:b1:72:83:48:79:24:82:b6:97:f7:15:72:57:3b:
                    59:f1:55:9e:c6:f7:b6:1f:21:ce:40:ec:63:4f:65:
                    2b:49:6b:73:c3:de:c8:65:b0:96:03:33:fa:f1:a3:
                    7a:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:5B:E5:6A:C1:DF:73:76:F5:7D:B7:13:A3:F3:CB:07:32:75:99:F4
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/dlvlasHfc3b1fbcTo_PLBzJ1mfQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:2f:a1:af:7e:ae:39:bb:a7:6c:65:78:0d:16:4a:14:04:71:
         65:5c:e5:30:36:53:86:01:26:79:0f:e3:dc:fb:07:bb:f2:52:
         a6:04:e6:06:0a:b6:f3:a2:41:dd:2f:0b:96:e1:cf:fd:cd:3e:
         53:15:72:20:37:ec:0c:d7:b9:d1:fa:52:4a:8c:39:c6:a3:e9:
         1f:dc:92:a0:6f:c8:07:8a:df:58:58:1a:18:df:c4:8d:35:c4:
         7f:14:45:b5:f3:7d:c3:31:d8:35:64:41:72:1a:7e:9d:2f:42:
         e8:39:75:0b:c1:b1:09:c6:f1:3f:51:7d:2e:41:a6:54:ec:be:
         7c:ec:34:3a:8f:d9:79:0b:8c:bc:55:57:a0:f3:2d:80:cc:53:
         ce:00:78:bb:ad:01:36:2b:2d:33:5b:c6:75:57:2b:e3:3f:dc:
         4a:03:db:b6:d1:d9:32:53:e0:61:cc:2d:1d:2e:45:1c:5d:f9:
         c0:69:44:23:d5:14:28:0c:ac:48:d7:47:81:1e:24:c9:99:d3:
         11:80:3c:d7:73:b1:49:a3:da:f4:74:ab:ad:81:f4:24:32:5d:
         92:1b:16:6b:08:f6:c8:0f:96:c2:d0:f8:26:3f:72:43:74:aa:
         c1:1c:b4:f1:21:42:8c:42:da:ac:c8:b3:8c:e0:4d:42:c7:e7:
         a6:30:d7:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdat7SCy3r2p0Czm/Zh0C5AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwNjEwMTY0MTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NjViZTU2YWMxZGY3Mzc2ZjU3ZGI3MTNhM2YzY2IwNzMyNzU5OWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkEMkIJjvYzRC8dx7NzZ/bBzuIBEl
rVLMsvW0IM5kih6ohYu/osWboPv/eX5HjrLX8Uq9UmkBZnhRI/XNtpjwrJGnRG+7
hTIKISfJ2/Zy9wAnBO6/+e2MXcNuhUu0ZcmPLv842X2d1bvduYokfAyCN0FJrYng
GkKVbUyo6CrSDK+AI+Xgfi5XbHMl3tR1aXyQyIl9nKzU5oJzwwfsFubzIjXhFSN4
uIySmKxL74MT/MWXtyj4YlycxaRnCjhQkKbPXqJ9YTyVJ96nvKa6oCxhECGpsXKD
SHkkgraX9xVyVztZ8VWexve2HyHOQOxjT2UrSWtzw97IZbCWAzP68aN6nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHZb5WrB33N29X23E6PzywcydZn0MB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvZGx2bGFzSGZjM2IxZmJjVG9fUExCekoxbWZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdAIMA0G
CSqGSIb3DQEBCwUAA4IBAQCHL6Gvfq45u6dsZXgNFkoUBHFlXOUwNlOGASZ5D+Pc
+we78lKmBOYGCrbzokHdLwuW4c/9zT5TFXIgN+wM17nR+lJKjDnGo+kf3JKgb8gH
it9YWBoY38SNNcR/FEW1833DMdg1ZEFyGn6dL0LoOXULwbEJxvE/UX0uQaZU7L58
7DQ6j9l5C4y8VVeg8y2AzFPOAHi7rQE2Ky0zW8Z1VyvjP9xKA9u20dkyU+BhzC0d
LkUcXfnAaUQj1RQoDKxI10eBHiTJmdMRgDzXc7FJo9r0dKutgfQkMl2SGxZrCPbI
D5bC0PgmP3JDdKrBHLTxIUKMQtqsyLOM4E1Cx+emMNc+
-----END CERTIFICATE-----