Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/f7jihsbQZQOjudWmankbYdgvSd0.roa
File:                     f7jihsbQZQOjudWmankbYdgvSd0.roa (raw, json)
Hash identifier:          Kmr8nTMHln2GoQ9z1uNdCIRV8UiFMuI6zP59QLBGAfA=
Subject key identifier:   7F:B8:E2:86:C6:D0:65:03:A3:B9:D5:A6:6A:79:1B:61:D8:2F:49:DD
Certificate issuer:       /CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
Certificate serial:       019421442D4ADF2164B32695F07FA3D51716
Authority key identifier: 1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/f7jihsbQZQOjudWmankbYdgvSd0.roa
Signing time:             Wed 01 Jan 2025 09:48:23 +0000
ROA not before:           Wed 01 Jan 2025 09:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205379
IP address blocks:        145.14.7.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:2d:4a:df:21:64:b3:26:95:f0:7f:a3:d5:17:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
        Validity
            Not Before: Jan  1 09:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7fb8e286c6d06503a3b9d5a66a791b61d82f49dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:72:ee:5b:57:68:21:cf:fd:05:7a:4c:a8:30:
                    6d:dd:d1:a8:b2:ec:2f:de:2f:10:ca:a6:ac:e6:88:
                    55:d1:30:02:ad:f2:bf:41:33:e0:75:07:b6:a5:69:
                    47:71:e8:dd:34:8f:85:48:4e:56:a7:67:e3:88:a9:
                    7f:bb:1b:2c:6a:08:23:14:bd:c1:3b:8d:61:c5:34:
                    cd:bf:75:c8:0c:7e:08:47:75:d9:b6:18:31:6d:a0:
                    e8:ce:10:12:e0:1e:ce:95:cf:e0:fa:de:ee:74:6e:
                    d3:ca:99:ae:15:9c:33:c9:7c:4e:4f:2c:db:a6:2c:
                    76:23:7c:ff:b2:f6:4b:b4:74:4a:4b:8a:f0:cb:2f:
                    ae:ba:ba:c6:b0:77:55:f9:83:f6:2c:6d:27:01:3b:
                    7e:f1:a0:7a:72:d5:c5:ba:82:4f:c5:94:7d:49:c4:
                    e1:41:64:77:ba:a7:2a:dc:64:b8:31:8c:ee:05:06:
                    a0:17:38:be:b7:e5:9d:51:4d:08:8c:16:16:21:6e:
                    6a:a5:79:de:36:62:f2:9b:7a:68:1b:47:16:69:f6:
                    ca:66:08:97:80:9d:03:49:4d:0d:50:51:a9:07:5c:
                    e8:64:2d:39:47:40:b9:9e:68:66:b0:42:ed:f5:61:
                    67:5d:73:a1:bf:d3:54:d0:9e:19:2c:3f:8b:f4:fd:
                    6f:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:B8:E2:86:C6:D0:65:03:A3:B9:D5:A6:6A:79:1B:61:D8:2F:49:DD
            X509v3 Authority Key Identifier:
                keyid:1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/f7jihsbQZQOjudWmankbYdgvSd0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  145.14.7.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:ba:2e:29:56:89:86:30:cd:1e:e4:c9:ae:1b:d7:bb:87:35:
         04:47:c2:b4:3e:75:b2:4e:bc:20:36:40:e1:72:75:02:85:b5:
         83:46:e3:ed:a6:ff:92:40:92:4b:fb:5a:66:14:d2:57:53:cd:
         eb:0d:f7:38:57:6e:18:81:bb:c2:fb:7d:cd:ec:21:10:71:61:
         f6:f0:ed:7d:70:fa:2a:61:68:78:26:5a:13:ec:42:9a:3c:b2:
         24:2a:e1:4e:99:17:5b:0e:89:1a:0c:dd:a4:09:e9:96:be:20:
         23:2a:1c:a5:cd:63:10:43:fc:d2:7c:b0:61:3e:a7:f0:12:e1:
         79:5b:45:68:ba:0b:2d:88:74:f2:c0:30:bc:0e:8c:02:24:e9:
         81:15:e2:3d:64:4b:1b:a1:04:05:c3:4d:0d:7d:94:21:07:a0:
         c0:22:70:69:c6:0d:35:9e:3c:b3:ea:6b:3c:f4:77:95:2a:e9:
         7d:e7:5b:62:ce:0c:52:70:11:a1:94:74:b0:15:3d:60:33:3d:
         08:96:f4:75:25:cb:92:74:d2:de:9b:1f:4a:e2:f6:a5:c1:4f:
         c7:8a:e1:e4:33:34:58:c9:ba:73:6d:9a:f5:b8:1a:4d:16:77:
         ac:7c:8a:6d:d8:b9:8d:ac:80:97:2b:c5:7d:e7:c9:8f:35:bf:
         4b:4e:02:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRC1K3yFksyaV8H+j1RcWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2IwNmJmNDEzMDBkYzRkMzBmM2QwZTE4MGM5Yjk1ZDJi
Y2RkZmYwHhcNMjUwMTAxMDk0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmI4ZTI4NmM2ZDA2NTAzYTNiOWQ1YTY2YTc5MWI2MWQ4MmY0OWRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwnLuW1doIc/9BXpMqDBt3dGosuwv
3i8Qyqas5ohV0TACrfK/QTPgdQe2pWlHcejdNI+FSE5Wp2fjiKl/uxssaggjFL3B
O41hxTTNv3XIDH4IR3XZthgxbaDozhAS4B7Olc/g+t7udG7TypmuFZwzyXxOTyzb
pix2I3z/svZLtHRKS4rwyy+uurrGsHdV+YP2LG0nATt+8aB6ctXFuoJPxZR9ScTh
QWR3uqcq3GS4MYzuBQagFzi+t+WdUU0IjBYWIW5qpXneNmLym3poG0cWafbKZgiX
gJ0DSU0NUFGpB1zoZC05R0C5nmhmsELt9WFnXXOhv9NU0J4ZLD+L9P1vxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFH+44obG0GUDo7nVpmp5G2HYL0ndMB8GA1UdIwQY
MBaAFBx7Br9BMA3E0w89DhgMm5XSvN3/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAt
MjRmZGRjNmQxNDdiLzEvZjdqaWhzYlFaUU9qdWRXbWFua2JZZGd2U2QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAtMjRmZGRjNmQxNDdi
LzEvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkQ4HMA0G
CSqGSIb3DQEBCwUAA4IBAQBsui4pVomGMM0e5MmuG9e7hzUER8K0PnWyTrwgNkDh
cnUChbWDRuPtpv+SQJJL+1pmFNJXU83rDfc4V24YgbvC+33N7CEQcWH28O19cPoq
YWh4JloT7EKaPLIkKuFOmRdbDokaDN2kCemWviAjKhylzWMQQ/zSfLBhPqfwEuF5
W0VougstiHTywDC8DowCJOmBFeI9ZEsboQQFw00NfZQhB6DAInBpxg01njyz6ms8
9HeVKul951tizgxScBGhlHSwFT1gMz0IlvR1JcuSdNLemx9K4valwU/HiuHkMzRY
ybpzbZr1uBpNFnesfIpt2LmNrICXK8V958mPNb9LTgLM
-----END CERTIFICATE-----