Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/5ac21d-7616-4eef-85d7-63b52aa7f8da/1/P7UI9wbXQO7767Ee_OeO-FbHpEk.roa
File:                     P7UI9wbXQO7767Ee_OeO-FbHpEk.roa (raw, json)
Hash identifier:          3nnbFB8QPYfC95SG+310oNK9akUzhHQ/muxTMob6BTg=
Subject key identifier:   3F:B5:08:F7:06:D7:40:EE:FB:EB:B1:1E:FC:E7:8E:F8:56:C7:A4:49
Certificate issuer:       /CN=b732762a5e861e976de53d14786f39e3a669681b
Certificate serial:       01977CDC3D8186F7E17E00C71C91B41BFA99
Authority key identifier: B7:32:76:2A:5E:86:1E:97:6D:E5:3D:14:78:6F:39:E3:A6:69:68:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tzJ2Kl6GHpdt5T0UeG8546ZpaBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/5ac21d-7616-4eef-85d7-63b52aa7f8da/1/P7UI9wbXQO7767Ee_OeO-FbHpEk.roa
Signing time:             Tue 17 Jun 2025 07:48:17 +0000
ROA not before:           Tue 17 Jun 2025 07:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214169
IP address blocks:        185.172.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/5ac21d-7616-4eef-85d7-63b52aa7f8da/1/tzJ2Kl6GHpdt5T0UeG8546ZpaBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/5ac21d-7616-4eef-85d7-63b52aa7f8da/1/tzJ2Kl6GHpdt5T0UeG8546ZpaBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tzJ2Kl6GHpdt5T0UeG8546ZpaBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Jul 2025 01:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:7c:dc:3d:81:86:f7:e1:7e:00:c7:1c:91:b4:1b:fa:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b732762a5e861e976de53d14786f39e3a669681b
        Validity
            Not Before: Jun 17 07:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3fb508f706d740eefbebb11efce78ef856c7a449
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:c7:d3:da:c9:d8:b1:a5:09:c9:56:1f:e0:55:
                    2b:5c:aa:cb:16:ca:d2:2b:50:b5:0b:6a:35:e7:e0:
                    8a:98:f5:83:fc:8d:a6:fb:2f:c3:6a:5c:63:fc:8d:
                    5b:df:85:4b:1e:ae:21:93:21:73:21:25:72:dc:39:
                    dc:7d:59:07:9e:cd:7f:f2:89:71:40:e2:6a:09:2b:
                    ab:3d:01:4d:37:3c:59:1a:47:22:d0:80:04:ab:b6:
                    d4:2b:8d:85:6b:92:9d:04:54:fa:2e:47:16:ea:bc:
                    49:b8:73:45:25:55:71:79:12:a8:61:a0:cc:50:80:
                    db:57:af:6f:b8:17:8f:bf:42:a5:e9:fc:d3:8d:91:
                    09:56:fb:5b:c2:2d:91:f5:83:e4:f4:bd:0b:a3:85:
                    73:39:6e:d3:02:ec:f7:5c:7a:f5:2b:34:af:f1:ae:
                    72:3e:00:5c:e4:bd:86:73:e0:eb:98:a0:df:6f:1f:
                    6b:0f:1a:11:40:19:55:e4:7f:d9:62:c9:46:5c:5d:
                    7c:7e:0d:d9:12:45:28:4a:1c:c0:b9:da:dd:34:51:
                    73:08:ab:3a:e3:4b:07:ec:6d:e5:f0:db:5b:4c:1b:
                    a5:92:29:18:d6:4c:79:d7:01:d2:5d:8f:45:04:60:
                    64:54:a4:9d:b3:aa:27:cd:1e:07:2a:d6:bf:ff:25:
                    7b:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:B5:08:F7:06:D7:40:EE:FB:EB:B1:1E:FC:E7:8E:F8:56:C7:A4:49
            X509v3 Authority Key Identifier:
                keyid:B7:32:76:2A:5E:86:1E:97:6D:E5:3D:14:78:6F:39:E3:A6:69:68:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tzJ2Kl6GHpdt5T0UeG8546ZpaBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/5ac21d-7616-4eef-85d7-63b52aa7f8da/1/P7UI9wbXQO7767Ee_OeO-FbHpEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/5ac21d-7616-4eef-85d7-63b52aa7f8da/1/tzJ2Kl6GHpdt5T0UeG8546ZpaBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:5f:10:c1:e5:0b:b6:84:6d:02:f7:7c:8e:41:20:2b:e0:8c:
         e5:ff:86:fd:db:22:27:29:a7:d2:81:8a:ef:69:af:5f:7d:99:
         fe:5c:a2:9e:14:61:6a:a9:05:eb:a6:4c:78:ff:23:59:d1:02:
         ba:aa:b7:15:ad:d7:1d:e9:5f:0e:9b:e2:ba:04:ae:89:54:81:
         a7:28:35:1e:60:5b:e4:88:3e:c1:8f:b5:46:13:d3:70:26:41:
         5b:dc:a8:e4:dc:d8:dc:a7:39:92:05:71:dc:c8:60:68:ca:61:
         d0:f4:eb:11:8e:a8:e4:36:3b:aa:a8:a6:5f:ef:b0:0c:02:b0:
         c9:10:2b:ca:13:99:5e:7d:21:e0:6c:0b:0e:c1:1b:12:51:2e:
         82:79:a2:a7:bc:a7:1a:18:12:a4:3b:ad:4b:46:76:d1:6e:3c:
         3f:b3:d8:b6:eb:fa:e5:8a:25:3f:45:b8:b7:07:94:bd:af:b6:
         1a:21:97:ff:02:b4:c7:3f:e1:b2:c0:f0:2b:eb:29:bc:2d:41:
         75:72:8f:d2:e7:f4:44:91:38:f2:5c:2f:1b:e6:09:d4:ea:bd:
         8b:7a:37:00:92:89:af:0f:10:00:57:1b:28:f7:d0:fc:99:e9:
         71:49:5c:6d:30:78:3d:45:1e:04:2f:64:aa:a5:2b:84:52:6e:
         31:6b:95:4d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZd83D2BhvfhfgDHHJG0G/qZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3MzI3NjJhNWU4NjFlOTc2ZGU1M2QxNDc4NmYzOWUzYTY2
OTY4MWIwHhcNMjUwNjE3MDc0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmI1MDhmNzA2ZDc0MGVlZmJlYmIxMWVmY2U3OGVmODU2YzdhNDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzcfT2snYsaUJyVYf4FUrXKrLFsrS
K1C1C2o15+CKmPWD/I2m+y/Dalxj/I1b34VLHq4hkyFzISVy3DncfVkHns1/8olx
QOJqCSurPQFNNzxZGkci0IAEq7bUK42Fa5KdBFT6LkcW6rxJuHNFJVVxeRKoYaDM
UIDbV69vuBePv0Kl6fzTjZEJVvtbwi2R9YPk9L0Lo4VzOW7TAuz3XHr1KzSv8a5y
PgBc5L2Gc+DrmKDfbx9rDxoRQBlV5H/ZYslGXF18fg3ZEkUoShzAudrdNFFzCKs6
40sH7G3l8NtbTBulkikY1kx51wHSXY9FBGBkVKSds6onzR4HKta//yV7gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD+1CPcG10Du++uxHvznjvhWx6RJMB8GA1UdIwQY
MBaAFLcydipehh6XbeU9FHhvOeOmaWgbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdHpKMktsNkdIcGR0NVQwVWVHODU0NlpwYUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny81YWMyMWQtNzYxNi00ZWVmLTg1ZDct
NjNiNTJhYTdmOGRhLzEvUDdVSTl3YlhRTzc3NjdFZV9PZU8tRmJIcEVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny81YWMyMWQtNzYxNi00ZWVmLTg1ZDctNjNiNTJhYTdmOGRh
LzEvdHpKMktsNkdIcGR0NVQwVWVHODU0NlpwYUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuazMMA0G
CSqGSIb3DQEBCwUAA4IBAQBKXxDB5Qu2hG0C93yOQSAr4Izl/4b92yInKafSgYrv
aa9ffZn+XKKeFGFqqQXrpkx4/yNZ0QK6qrcVrdcd6V8Om+K6BK6JVIGnKDUeYFvk
iD7Bj7VGE9NwJkFb3Kjk3NjcpzmSBXHcyGBoymHQ9OsRjqjkNjuqqKZf77AMArDJ
ECvKE5lefSHgbAsOwRsSUS6CeaKnvKcaGBKkO61LRnbRbjw/s9i26/rliiU/Rbi3
B5S9r7YaIZf/ArTHP+GywPAr6ym8LUF1co/S5/REkTjyXC8b5gnU6r2LejcAkomv
DxAAVxso99D8melxSVxtMHg9RR4EL2SqpSuEUm4xa5VN
-----END CERTIFICATE-----