Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ec/0338f3-0802-4e5b-9241-60bf71937104/1/y5zHo6daLtznM6YyOsYqUp-odjg.roa
File:                     y5zHo6daLtznM6YyOsYqUp-odjg.roa (raw, json)
Hash identifier:          jHrEQD+W4TVeVi8oEScgmYIF6Mmipa4IpJr32ELwoTo=
Subject key identifier:   CB:9C:C7:A3:A7:5A:2E:DC:E7:33:A6:32:3A:C6:2A:52:9F:A8:76:38
Certificate issuer:       /CN=e0a008a80d8ff262625e65fe258769158b2998f0
Certificate serial:       019424450CA9F0019046712AF8F0A465F237
Authority key identifier: E0:A0:08:A8:0D:8F:F2:62:62:5E:65:FE:25:87:69:15:8B:29:98:F0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4KAIqA2P8mJiXmX-JYdpFYspmPA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ec/0338f3-0802-4e5b-9241-60bf71937104/1/y5zHo6daLtznM6YyOsYqUp-odjg.roa
Signing time:             Wed 01 Jan 2025 23:48:12 +0000
ROA not before:           Wed 01 Jan 2025 23:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47767
IP address blocks:        94.124.184.0/21 maxlen: 24
                          2a03:9780::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ec/0338f3-0802-4e5b-9241-60bf71937104/1/4KAIqA2P8mJiXmX-JYdpFYspmPA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ec/0338f3-0802-4e5b-9241-60bf71937104/1/4KAIqA2P8mJiXmX-JYdpFYspmPA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4KAIqA2P8mJiXmX-JYdpFYspmPA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:0c:a9:f0:01:90:46:71:2a:f8:f0:a4:65:f2:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e0a008a80d8ff262625e65fe258769158b2998f0
        Validity
            Not Before: Jan  1 23:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb9cc7a3a75a2edce733a6323ac62a529fa87638
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:2a:de:53:d0:6c:89:3e:ea:89:5c:cf:4e:d6:
                    19:2e:8a:0d:fd:54:fb:6e:ef:09:48:27:00:9e:f6:
                    79:45:68:96:f3:fb:5e:85:dc:2c:56:cb:9a:b1:97:
                    18:f8:d0:d5:f8:28:42:21:a9:3c:b9:0c:cc:86:83:
                    04:14:30:ce:1a:68:b5:1d:8e:cb:d1:bd:dc:c9:c8:
                    7a:d3:7f:9c:fe:68:36:cc:c9:71:46:c9:3e:43:2c:
                    14:40:01:d8:53:ad:df:36:68:05:80:8e:dc:6d:23:
                    b9:40:7b:5e:62:ef:78:08:4f:8d:0b:09:f9:08:95:
                    eb:7a:af:bd:fd:c5:16:eb:55:55:8c:a3:67:b8:9f:
                    76:db:4b:90:f6:56:3b:27:84:cd:fb:43:14:29:c3:
                    eb:29:3d:77:80:6e:0e:47:ff:4e:a6:6d:90:f3:d4:
                    59:9e:82:d6:e3:ea:24:f9:fe:d4:6d:b9:64:fb:0c:
                    e2:1f:35:e0:fb:84:57:d0:17:9e:62:f2:16:50:b1:
                    6e:20:e8:2f:b0:7d:c3:a4:38:e1:17:c6:12:73:e0:
                    1b:12:0b:4b:5e:20:f1:91:39:c0:5a:b8:f7:f8:fb:
                    10:bb:4a:2c:77:0f:c4:66:db:51:28:cc:49:34:e0:
                    ed:6c:ea:7f:69:50:32:f5:ff:d7:99:b8:bd:d5:4d:
                    a2:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:9C:C7:A3:A7:5A:2E:DC:E7:33:A6:32:3A:C6:2A:52:9F:A8:76:38
            X509v3 Authority Key Identifier:
                keyid:E0:A0:08:A8:0D:8F:F2:62:62:5E:65:FE:25:87:69:15:8B:29:98:F0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4KAIqA2P8mJiXmX-JYdpFYspmPA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/0338f3-0802-4e5b-9241-60bf71937104/1/y5zHo6daLtznM6YyOsYqUp-odjg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ec/0338f3-0802-4e5b-9241-60bf71937104/1/4KAIqA2P8mJiXmX-JYdpFYspmPA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.124.184.0/21
                IPv6:
                  2a03:9780::/32

    Signature Algorithm: sha256WithRSAEncryption
         7b:57:98:dc:02:aa:bd:b0:5c:75:7e:59:a6:7d:85:5b:34:82:
         04:2f:6b:73:2b:07:c1:93:89:de:53:30:ca:d6:66:4a:8e:43:
         7d:cd:f1:a8:5a:e7:e5:57:1a:76:22:f2:60:55:e5:75:b0:87:
         3a:e0:85:5a:22:6e:1a:82:32:f1:ca:73:cd:5a:a5:41:c3:2a:
         44:8d:b5:31:98:23:4d:0a:22:40:cb:02:89:63:9e:de:13:79:
         d7:57:db:05:b6:54:08:5b:f0:c4:28:f7:be:74:7d:7f:5a:5b:
         5a:76:99:9c:7c:2a:6a:75:bc:be:0b:e4:e5:4e:b0:a1:5d:f3:
         c7:44:bf:56:7b:88:a5:37:09:5a:75:ef:fb:8b:ed:31:1d:06:
         08:03:8e:48:a7:51:13:89:f5:65:4d:b9:45:aa:0a:e4:00:d1:
         9f:4f:a2:11:1a:93:a6:07:38:ce:38:7b:3c:cc:2b:94:08:ea:
         7b:95:7e:80:5f:b3:03:af:bc:a2:50:dc:69:35:d2:44:8b:a8:
         f0:ab:ac:f9:ff:58:a9:17:45:0c:a5:34:e7:03:ae:f7:bd:aa:
         b8:37:c7:72:a7:17:61:43:e6:27:f9:d1:93:d4:9d:98:09:46:
         78:3c:51:4d:c3:f6:b7:97:1e:cc:9e:9a:f8:e8:15:db:07:eb:
         08:a2:c7:09
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQkRQyp8AGQRnEq+PCkZfI3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUwYTAwOGE4MGQ4ZmYyNjI2MjVlNjVmZTI1ODc2OTE1OGIy
OTk4ZjAwHhcNMjUwMTAxMjM0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjljYzdhM2E3NWEyZWRjZTczM2E2MzIzYWM2MmE1MjlmYTg3NjM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAryreU9BsiT7qiVzPTtYZLooN/VT7
bu8JSCcAnvZ5RWiW8/tehdwsVsuasZcY+NDV+ChCIak8uQzMhoMEFDDOGmi1HY7L
0b3cych603+c/mg2zMlxRsk+QywUQAHYU63fNmgFgI7cbSO5QHteYu94CE+NCwn5
CJXreq+9/cUW61VVjKNnuJ9220uQ9lY7J4TN+0MUKcPrKT13gG4OR/9Opm2Q89RZ
noLW4+ok+f7Ubblk+wziHzXg+4RX0BeeYvIWULFuIOgvsH3DpDjhF8YSc+AbEgtL
XiDxkTnAWrj3+PsQu0osdw/EZttRKMxJNODtbOp/aVAy9f/Xmbi91U2iOQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMucx6OnWi7c5zOmMjrGKlKfqHY4MB8GA1UdIwQY
MBaAFOCgCKgNj/JiYl5l/iWHaRWLKZjwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNEtBSXFBMlA4bUppWG1YLUpZZHBGWXNwbVBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYy8wMzM4ZjMtMDgwMi00ZTViLTkyNDEt
NjBiZjcxOTM3MTA0LzEveTV6SG82ZGFMdHpuTTZZeU9zWXFVcC1vZGpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYy8wMzM4ZjMtMDgwMi00ZTViLTkyNDEtNjBiZjcxOTM3MTA0
LzEvNEtBSXFBMlA4bUppWG1YLUpZZHBGWXNwbVBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQDXny4MA0E
AgACMAcDBQAqA5eAMA0GCSqGSIb3DQEBCwUAA4IBAQB7V5jcAqq9sFx1flmmfYVb
NIIEL2tzKwfBk4neUzDK1mZKjkN9zfGoWuflVxp2IvJgVeV1sIc64IVaIm4agjLx
ynPNWqVBwypEjbUxmCNNCiJAywKJY57eE3nXV9sFtlQIW/DEKPe+dH1/Wltadpmc
fCpqdby+C+TlTrChXfPHRL9We4ilNwlade/7i+0xHQYIA45Ip1ETifVlTblFqgrk
ANGfT6IRGpOmBzjOOHs8zCuUCOp7lX6AX7MDr7yiUNxpNdJEi6jwq6z5/1ipF0UM
pTTnA673vaq4N8dypxdhQ+Yn+dGT1J2YCUZ4PFFNw/a3lx7Mnpr46BXbB+sIoscJ
-----END CERTIFICATE-----