Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/7EKI8p6PMJObDFV0trfc180wlJk.roa
File:                     7EKI8p6PMJObDFV0trfc180wlJk.roa (raw, json)
Hash identifier:          PnKiqGQTgx/WF0ITX+g4HnQ7tRuvb0lmVC/xx2F+YKg=
Subject key identifier:   EC:42:88:F2:9E:8F:30:93:9B:0C:55:74:B6:B7:DC:D7:CD:30:94:99
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       019421B2401FBDCA0C37563AB179570AF2C1
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/7EKI8p6PMJObDFV0trfc180wlJk.roa
Signing time:             Wed 01 Jan 2025 11:48:37 +0000
ROA not before:           Wed 01 Jan 2025 11:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209281
IP address blocks:        213.232.76.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 11:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:40:1f:bd:ca:0c:37:56:3a:b1:79:57:0a:f2:c1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  1 11:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec4288f29e8f30939b0c5574b6b7dcd7cd309499
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:7f:1b:fa:09:ea:5e:52:ac:a4:70:fd:40:fb:
                    d6:fe:d5:5a:71:b8:12:47:a9:63:5f:3c:f6:36:8f:
                    7b:51:48:19:3c:d7:29:a9:c1:7b:52:a7:ba:74:d9:
                    a2:d0:ff:b2:14:5d:1e:5b:0f:0c:3d:a7:ab:01:32:
                    77:1b:95:08:a9:47:b4:50:3a:48:ad:70:34:0f:05:
                    d1:e3:a4:28:70:dd:65:55:55:66:71:df:8d:1d:87:
                    a1:db:07:4e:52:24:7f:dc:0a:8b:89:51:29:2b:72:
                    3e:70:a6:de:d8:32:d9:ab:1f:4e:4e:ff:c9:c3:d5:
                    f5:0f:a8:fb:30:82:d8:ca:e0:26:46:b1:3d:7a:ff:
                    c3:3e:d3:40:a9:a2:b9:26:cb:48:bc:15:af:49:27:
                    41:2f:94:0a:eb:9b:0d:f0:d0:a6:4d:b6:02:e6:2f:
                    4d:46:d4:98:96:3b:04:f4:e0:a1:9b:4b:6f:7a:29:
                    d0:99:29:c9:a8:76:ae:b5:d2:12:23:06:00:65:df:
                    36:4a:b1:ad:6c:1d:63:6e:dc:da:1f:69:9d:23:35:
                    58:f5:9a:ed:a3:ec:75:1d:bb:a0:89:d4:5a:de:bd:
                    ce:69:ab:ea:33:1f:43:b4:4b:c8:ff:86:b1:27:b6:
                    e0:21:e9:1a:12:24:7f:b0:f3:35:16:ed:44:25:cd:
                    10:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:42:88:F2:9E:8F:30:93:9B:0C:55:74:B6:B7:DC:D7:CD:30:94:99
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/7EKI8p6PMJObDFV0trfc180wlJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.232.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:bf:ec:68:08:5d:20:5b:db:5b:4f:ac:30:c6:3e:92:ff:26:
         d9:36:48:ec:98:ed:bc:02:18:b1:0a:e0:8d:5b:22:3c:7e:ce:
         92:38:d7:53:bc:6d:88:25:d5:9c:d6:30:cb:de:ac:da:54:b2:
         b2:5c:bd:b7:8a:f3:e4:10:ce:34:49:30:e1:f8:31:e6:80:00:
         b0:8b:e1:99:2f:87:96:0c:2e:8e:55:76:67:07:22:12:28:8b:
         1a:a3:5b:50:d8:ac:90:93:bd:29:59:01:d7:60:72:f3:57:2f:
         2f:de:4c:32:7e:1f:da:be:fb:16:66:93:9e:04:d3:97:13:2f:
         46:21:16:31:5b:26:28:1e:6b:f4:db:06:61:1b:6a:6c:d3:17:
         be:9d:2f:e5:f2:35:25:6c:47:d5:e9:3c:6c:fc:5b:fb:68:f8:
         44:b5:d0:0b:4d:d1:c4:fd:b1:a1:17:7a:43:83:86:37:00:d9:
         de:a4:d5:a5:34:a8:79:2a:7c:22:33:71:55:cc:b1:69:22:b6:
         c1:88:7c:fe:e9:f7:ff:1e:8c:24:7f:e9:c2:19:88:ab:80:e3:
         27:fd:6a:91:75:f2:86:95:0f:a6:b1:c0:70:6a:90:25:1f:56:
         34:30:f9:3b:78:d3:6e:97:5c:cb:9e:77:9a:48:80:0e:c3:b3:
         d8:f1:e4:82
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhskAfvcoMN1Y6sXlXCvLBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjUwMTAxMTE0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzQyODhmMjllOGYzMDkzOWIwYzU1NzRiNmI3ZGNkN2NkMzA5NDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApX8b+gnqXlKspHD9QPvW/tVacbgS
R6ljXzz2No97UUgZPNcpqcF7Uqe6dNmi0P+yFF0eWw8MPaerATJ3G5UIqUe0UDpI
rXA0DwXR46QocN1lVVVmcd+NHYeh2wdOUiR/3AqLiVEpK3I+cKbe2DLZqx9OTv/J
w9X1D6j7MILYyuAmRrE9ev/DPtNAqaK5JstIvBWvSSdBL5QK65sN8NCmTbYC5i9N
RtSYljsE9OChm0tveinQmSnJqHautdISIwYAZd82SrGtbB1jbtzaH2mdIzVY9Zrt
o+x1HbugidRa3r3OaavqMx9DtEvI/4axJ7bgIekaEiR/sPM1Fu1EJc0QMwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOxCiPKejzCTmwxVdLa33NfNMJSZMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvN0VLSThwNlBNSk9iREZWMHRyZmMxODB3bEprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC1ehMMA0G
CSqGSIb3DQEBCwUAA4IBAQAPv+xoCF0gW9tbT6wwxj6S/ybZNkjsmO28AhixCuCN
WyI8fs6SONdTvG2IJdWc1jDL3qzaVLKyXL23ivPkEM40STDh+DHmgACwi+GZL4eW
DC6OVXZnByISKIsao1tQ2KyQk70pWQHXYHLzVy8v3kwyfh/avvsWZpOeBNOXEy9G
IRYxWyYoHmv02wZhG2ps0xe+nS/l8jUlbEfV6Txs/Fv7aPhEtdALTdHE/bGhF3pD
g4Y3ANnepNWlNKh5KnwiM3FVzLFpIrbBiHz+6ff/Howkf+nCGYirgOMn/WqRdfKG
lQ+mscBwapAlH1Y0MPk7eNNul1zLnneaSIAOw7PY8eSC
-----END CERTIFICATE-----