Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/7HQ_1EAe_1IX7rDF-TdfN822BVQ.roa
File:                     7HQ_1EAe_1IX7rDF-TdfN822BVQ.roa (raw, json)
Hash identifier:          vxC6quYdceeyESFYcI+ecz9PBbv66IlrZRnCAuS1UOg=
Subject key identifier:   EC:74:3F:D4:40:1E:FF:52:17:EE:B0:C5:F9:37:5F:37:CD:B6:05:54
Certificate issuer:       /CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
Certificate serial:       019424454EAD255E3B2134298CBFDF889BAE
Authority key identifier: 56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/7HQ_1EAe_1IX7rDF-TdfN822BVQ.roa
Signing time:             Wed 01 Jan 2025 23:48:29 +0000
ROA not before:           Wed 01 Jan 2025 23:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15819
IP address blocks:        212.98.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 06:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:4e:ad:25:5e:3b:21:34:29:8c:bf:df:88:9b:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=568fe35cc962633a2757af10a0e6e8ab6d01f4c9
        Validity
            Not Before: Jan  1 23:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec743fd4401eff5217eeb0c5f9375f37cdb60554
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:0b:2d:07:21:a4:3f:f0:b3:85:c6:2e:a5:90:
                    d4:c4:46:b9:6f:29:46:02:4e:94:1e:c9:af:de:b9:
                    a1:e2:00:4b:fb:9d:ec:6d:46:9b:8a:c4:6a:56:0d:
                    18:e0:a7:a5:d1:a4:86:07:e8:52:00:79:d5:ea:26:
                    87:b5:e2:e1:3d:38:0a:54:bd:73:73:53:92:7f:6d:
                    29:45:18:20:78:ff:95:bf:fe:f4:b6:46:21:2f:49:
                    41:4a:05:f4:bb:eb:30:13:73:76:15:a7:1b:a5:69:
                    02:9a:b6:e0:35:70:c7:10:50:ac:9b:d8:22:04:5e:
                    da:d7:89:72:70:8e:91:c0:aa:a5:17:4e:99:22:2c:
                    d2:93:3e:71:1b:20:69:af:9f:6e:ba:70:4b:1f:68:
                    72:c7:6d:9c:ae:fd:c9:ef:37:ec:05:14:b6:96:b2:
                    7b:25:15:a7:8a:87:fa:27:95:be:51:27:79:ec:b1:
                    9f:6e:9a:2a:48:32:bb:c2:51:0c:84:2c:ec:98:c3:
                    74:94:33:dc:a6:a4:90:ab:41:f5:bb:c2:e0:0c:15:
                    6a:23:a1:92:b2:11:ad:03:19:7e:2b:af:e9:95:e8:
                    2c:de:4c:56:98:45:9a:c1:fe:e6:5c:85:9f:8e:27:
                    5c:ed:39:83:0a:ed:de:04:d6:90:9f:c4:79:b1:fb:
                    cb:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:74:3F:D4:40:1E:FF:52:17:EE:B0:C5:F9:37:5F:37:CD:B6:05:54
            X509v3 Authority Key Identifier:
                keyid:56:8F:E3:5C:C9:62:63:3A:27:57:AF:10:A0:E6:E8:AB:6D:01:F4:C9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Vo_jXMliYzonV68QoOboq20B9Mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/7HQ_1EAe_1IX7rDF-TdfN822BVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/08/37ebe6-8bfe-4c1f-a183-83d648f79746/1/Vo_jXMliYzonV68QoOboq20B9Mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.98.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:3f:3d:d9:86:cc:30:d2:12:6d:2f:81:66:c6:6a:a0:59:a9:
         c3:69:01:05:10:85:fd:d1:b3:ac:c4:9d:d4:68:3a:37:03:c3:
         16:54:96:1b:dc:11:fc:23:67:93:bf:fe:dd:1f:1a:ae:18:e5:
         21:3d:17:5b:bb:bb:78:46:ee:39:68:44:e7:15:6f:22:e0:42:
         0f:df:2f:3f:ef:6d:5c:50:5d:d9:e1:d2:1c:c0:7d:fc:2c:27:
         53:c2:d2:1c:3d:33:4c:29:17:78:06:4e:d8:96:a0:29:94:6f:
         54:6f:8d:83:ac:9b:62:81:c8:86:21:78:52:9c:3f:9e:59:19:
         e5:9f:20:63:90:0a:ef:2c:e2:e1:4e:9e:98:4e:0b:24:2e:0a:
         c0:53:ac:f8:7c:7f:e3:94:89:19:8f:44:dd:bd:a1:1c:24:b8:
         3f:1c:fd:17:8f:de:9b:22:a6:74:01:38:7b:82:89:21:3e:c9:
         89:22:5f:b2:56:c1:b8:0e:c5:ef:da:28:e6:f6:97:76:dd:08:
         b4:0e:8b:23:3e:3a:cf:1d:61:1c:c1:46:6b:77:2c:ea:fe:70:
         ca:41:07:e1:c0:ae:5d:a4:57:8e:9b:9e:39:3c:3e:c3:39:5c:
         70:23:fb:90:bc:7f:f7:2f:a7:42:c5:5e:3a:54:76:31:8b:8a:
         35:90:24:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRU6tJV47ITQpjL/fiJuuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU2OGZlMzVjYzk2MjYzM2EyNzU3YWYxMGEwZTZlOGFiNmQw
MWY0YzkwHhcNMjUwMTAxMjM0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzc0M2ZkNDQwMWVmZjUyMTdlZWIwYzVmOTM3NWYzN2NkYjYwNTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5AstByGkP/CzhcYupZDUxEa5bylG
Ak6UHsmv3rmh4gBL+53sbUabisRqVg0Y4Kel0aSGB+hSAHnV6iaHteLhPTgKVL1z
c1OSf20pRRggeP+Vv/70tkYhL0lBSgX0u+swE3N2FacbpWkCmrbgNXDHEFCsm9gi
BF7a14lycI6RwKqlF06ZIizSkz5xGyBpr59uunBLH2hyx22crv3J7zfsBRS2lrJ7
JRWniof6J5W+USd57LGfbpoqSDK7wlEMhCzsmMN0lDPcpqSQq0H1u8LgDBVqI6GS
shGtAxl+K6/plegs3kxWmEWawf7mXIWfjidc7TmDCu3eBNaQn8R5sfvLhwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOx0P9RAHv9SF+6wxfk3XzfNtgVUMB8GA1UdIwQY
MBaAFFaP41zJYmM6J1evEKDm6KttAfTJMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMt
ODNkNjQ4Zjc5NzQ2LzEvN0hRXzFFQWVfMUlYN3JERi1UZGZOODIyQlZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC8zN2ViZTYtOGJmZS00YzFmLWExODMtODNkNjQ4Zjc5NzQ2
LzEvVm9falhNbGlZem9uVjY4UW9PYm9xMjBCOU1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GLfMA0G
CSqGSIb3DQEBCwUAA4IBAQAzPz3Zhsww0hJtL4FmxmqgWanDaQEFEIX90bOsxJ3U
aDo3A8MWVJYb3BH8I2eTv/7dHxquGOUhPRdbu7t4Ru45aETnFW8i4EIP3y8/721c
UF3Z4dIcwH38LCdTwtIcPTNMKRd4Bk7YlqAplG9Ub42DrJtigciGIXhSnD+eWRnl
nyBjkArvLOLhTp6YTgskLgrAU6z4fH/jlIkZj0TdvaEcJLg/HP0Xj96bIqZ0ATh7
gokhPsmJIl+yVsG4DsXv2ijm9pd23Qi0DosjPjrPHWEcwUZrdyzq/nDKQQfhwK5d
pFeOm545PD7DOVxwI/uQvH/3L6dCxV46VHYxi4o1kCR5
-----END CERTIFICATE-----