Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/63295f-18cb-4bfe-92e3-4ab5331cd935/1/3vDeAfLkiHCXh_bvB_uIne94H5g.roa
File:                     3vDeAfLkiHCXh_bvB_uIne94H5g.roa (raw, json)
Hash identifier:          b46TBjcEv5nDO9EWtbqceuM5D9jO8fm++JeI+6HPFkk=
Subject key identifier:   DE:F0:DE:01:F2:E4:88:70:97:87:F6:EF:07:FB:88:9D:EF:78:1F:98
Certificate issuer:       /CN=eb7bbbfef59509e7263986f780589ab1e7998423
Certificate serial:       01953C1CE9C74922BCCEBF24C1A8E906020E
Authority key identifier: EB:7B:BB:FE:F5:95:09:E7:26:39:86:F7:80:58:9A:B1:E7:99:84:23
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/63u7_vWVCecmOYb3gFiaseeZhCM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/63295f-18cb-4bfe-92e3-4ab5331cd935/1/3vDeAfLkiHCXh_bvB_uIne94H5g.roa
Signing time:             Tue 25 Feb 2025 07:58:02 +0000
ROA not before:           Tue 25 Feb 2025 07:58:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197502
IP address blocks:        213.192.116.0/23 maxlen: 23
                          213.192.118.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/63295f-18cb-4bfe-92e3-4ab5331cd935/1/63u7_vWVCecmOYb3gFiaseeZhCM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/63295f-18cb-4bfe-92e3-4ab5331cd935/1/63u7_vWVCecmOYb3gFiaseeZhCM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/63u7_vWVCecmOYb3gFiaseeZhCM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3c:1c:e9:c7:49:22:bc:ce:bf:24:c1:a8:e9:06:02:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eb7bbbfef59509e7263986f780589ab1e7998423
        Validity
            Not Before: Feb 25 07:58:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=def0de01f2e488709787f6ef07fb889def781f98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:bf:c3:91:fb:b5:ac:89:46:da:d4:b2:63:c0:
                    8c:5e:ab:5d:f6:d7:c1:ba:af:b8:dc:3f:77:3d:f8:
                    9a:1e:f1:2b:60:00:6e:75:17:39:bf:20:bb:7b:25:
                    c5:e3:eb:dd:9e:33:38:b1:48:cd:77:2c:2f:3d:05:
                    03:a8:06:25:83:f5:7d:f2:02:fe:04:09:2b:2a:ff:
                    4d:9e:dc:65:79:75:34:85:ea:9b:01:ac:8a:33:c7:
                    81:c5:68:2b:0d:b3:6b:c6:5d:bc:b1:4d:66:d2:f9:
                    2d:01:fe:f6:29:4e:92:14:26:b2:8f:53:c4:9c:70:
                    7b:90:40:b3:01:6e:7e:71:3b:07:6b:65:ed:ce:01:
                    50:6f:90:b2:dd:3e:19:dd:5b:7c:29:99:75:7d:a9:
                    3c:a9:3a:8c:23:3c:d1:64:3e:61:a2:b4:31:da:e6:
                    68:b6:7a:b5:18:c4:0d:55:6f:fc:f8:90:84:bc:c1:
                    1a:21:27:f7:db:d9:67:5d:6a:f4:10:13:05:0d:40:
                    33:10:b4:eb:4a:78:b7:91:1e:67:94:08:93:96:df:
                    1d:53:b2:7b:1f:b9:27:09:c3:e6:12:af:cf:cb:7d:
                    83:ed:09:75:21:80:74:cd:51:74:ec:e1:60:5f:fd:
                    06:ed:aa:85:84:52:7e:bf:49:29:8a:96:ed:68:f6:
                    7f:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:F0:DE:01:F2:E4:88:70:97:87:F6:EF:07:FB:88:9D:EF:78:1F:98
            X509v3 Authority Key Identifier:
                keyid:EB:7B:BB:FE:F5:95:09:E7:26:39:86:F7:80:58:9A:B1:E7:99:84:23

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/63u7_vWVCecmOYb3gFiaseeZhCM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/63295f-18cb-4bfe-92e3-4ab5331cd935/1/3vDeAfLkiHCXh_bvB_uIne94H5g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/63295f-18cb-4bfe-92e3-4ab5331cd935/1/63u7_vWVCecmOYb3gFiaseeZhCM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.192.116.0-213.192.118.255

    Signature Algorithm: sha256WithRSAEncryption
         37:ea:d7:19:ba:6b:5f:72:3a:ba:74:72:f2:41:50:01:40:92:
         be:58:6b:44:cb:83:b2:0f:81:a9:b7:62:88:78:3f:a1:d6:f2:
         ad:50:25:7e:6b:63:6e:c6:36:52:75:19:95:e5:9f:b0:61:cf:
         7c:3c:04:c6:69:48:a5:03:b0:77:84:fb:8b:b9:48:f0:a8:29:
         c4:6d:6c:00:ec:09:bb:7a:85:23:64:2d:84:61:57:46:f6:a0:
         32:b6:73:30:d3:51:58:81:d5:cf:8a:c0:d5:2a:41:26:dc:07:
         8a:83:04:16:f3:08:7e:11:d1:c5:0e:e4:d5:3f:cb:2a:9f:8d:
         51:c1:ac:6d:74:15:f1:b9:92:1d:74:8d:6b:3d:26:1f:1c:f4:
         2d:a8:6a:50:00:94:9f:65:43:f6:89:4d:b6:f2:3a:bb:c6:b2:
         38:d0:1f:3a:ac:fa:ba:4d:2d:2c:82:8f:5b:ba:4c:b7:1e:5a:
         cc:25:02:62:26:fd:9f:a9:ae:c7:a0:df:eb:9a:2f:e7:94:ec:
         91:b2:66:6d:c0:b0:d1:68:1c:81:92:e5:bb:79:73:e9:cf:9e:
         47:b6:96:4b:fe:17:72:ab:a9:66:96:c3:8d:4e:f7:4c:a1:f9:
         20:ed:28:17:0c:49:db:f5:ba:d6:87:9f:a0:c0:42:a8:db:62:
         85:15:84:68
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZU8HOnHSSK8zr8kwajpBgIOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGViN2JiYmZlZjU5NTA5ZTcyNjM5ODZmNzgwNTg5YWIxZTc5
OTg0MjMwHhcNMjUwMjI1MDc1ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZWYwZGUwMWYyZTQ4ODcwOTc4N2Y2ZWYwN2ZiODg5ZGVmNzgxZjk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3r/Dkfu1rIlG2tSyY8CMXqtd9tfB
uq+43D93PfiaHvErYABudRc5vyC7eyXF4+vdnjM4sUjNdywvPQUDqAYlg/V98gL+
BAkrKv9NntxleXU0heqbAayKM8eBxWgrDbNrxl28sU1m0vktAf72KU6SFCayj1PE
nHB7kECzAW5+cTsHa2XtzgFQb5Cy3T4Z3Vt8KZl1fak8qTqMIzzRZD5horQx2uZo
tnq1GMQNVW/8+JCEvMEaISf329lnXWr0EBMFDUAzELTrSni3kR5nlAiTlt8dU7J7
H7knCcPmEq/Py32D7Ql1IYB0zVF07OFgX/0G7aqFhFJ+v0kpipbtaPZ/QwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFN7w3gHy5Ihwl4f27wf7iJ3veB+YMB8GA1UdIwQY
MBaAFOt7u/71lQnnJjmG94BYmrHnmYQjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNjN1N192V1ZDZWNtT1liM2dGaWFzZWVaaENNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi82MzI5NWYtMThjYi00YmZlLTkyZTMt
NGFiNTMzMWNkOTM1LzEvM3ZEZUFmTGtpSENYaF9idkJfdUluZTk0SDVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi82MzI5NWYtMThjYi00YmZlLTkyZTMtNGFiNTMzMWNkOTM1
LzEvNjN1N192V1ZDZWNtT1liM2dGaWFzZWVaaENNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALVwHQD
BADVwHYwDQYJKoZIhvcNAQELBQADggEBADfq1xm6a19yOrp0cvJBUAFAkr5Ya0TL
g7IPgam3Yoh4P6HW8q1QJX5rY27GNlJ1GZXln7Bhz3w8BMZpSKUDsHeE+4u5SPCo
KcRtbADsCbt6hSNkLYRhV0b2oDK2czDTUViB1c+KwNUqQSbcB4qDBBbzCH4R0cUO
5NU/yyqfjVHBrG10FfG5kh10jWs9Jh8c9C2oalAAlJ9lQ/aJTbbyOrvGsjjQHzqs
+rpNLSyCj1u6TLceWswlAmIm/Z+prseg3+uaL+eU7JGyZm3AsNFoHIGS5bt5c+nP
nke2lkv+F3KrqWaWw41O90yh+SDtKBcMSdv1utaHn6DAQqjbYoUVhGg=
-----END CERTIFICATE-----