Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/b04b2e-73e6-4887-8df1-3722df073603/1/Akqk3eS0tGv3sCrORGF18yZDc-U.roa
File:                     Akqk3eS0tGv3sCrORGF18yZDc-U.roa (raw, json)
Hash identifier:          0oVDhjWMqNLY0nJTpKvFpLGgr/SKbou2eArpI2Ah8Sw=
Subject key identifier:   02:4A:A4:DD:E4:B4:B4:6B:F7:B0:2A:CE:44:61:75:F3:26:43:73:E5
Certificate issuer:       /CN=e7334ad9b3fc521030be99a5157211b663216c94
Certificate serial:       01961873005510C1921AAF0CE20B1246FB21
Authority key identifier: E7:33:4A:D9:B3:FC:52:10:30:BE:99:A5:15:72:11:B6:63:21:6C:94
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5zNK2bP8UhAwvpmlFXIRtmMhbJQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/b04b2e-73e6-4887-8df1-3722df073603/1/Akqk3eS0tGv3sCrORGF18yZDc-U.roa
Signing time:             Wed 09 Apr 2025 02:48:31 +0000
ROA not before:           Wed 09 Apr 2025 02:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208649
IP address blocks:        185.75.221.0/24 maxlen: 24
                          185.75.221.0/25 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/b04b2e-73e6-4887-8df1-3722df073603/1/5zNK2bP8UhAwvpmlFXIRtmMhbJQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/b04b2e-73e6-4887-8df1-3722df073603/1/5zNK2bP8UhAwvpmlFXIRtmMhbJQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5zNK2bP8UhAwvpmlFXIRtmMhbJQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:18:73:00:55:10:c1:92:1a:af:0c:e2:0b:12:46:fb:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7334ad9b3fc521030be99a5157211b663216c94
        Validity
            Not Before: Apr  9 02:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=024aa4dde4b4b46bf7b02ace446175f3264373e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:8b:c7:ee:5b:21:9f:bf:21:88:b7:c7:68:05:
                    14:3e:af:e8:2c:0b:f4:f8:fd:d1:55:7f:03:45:5e:
                    2e:40:2d:50:3e:4e:65:c6:b9:96:01:2f:7c:20:e5:
                    e4:d6:23:e7:0a:05:0a:4f:76:9f:f2:b1:ca:a6:9f:
                    73:33:b9:f0:4e:6d:ec:4b:75:41:d3:fe:7e:2c:d0:
                    3f:34:16:fb:16:44:40:84:9f:61:ed:f8:92:4f:69:
                    8c:59:63:30:d7:f7:e5:a2:a0:22:9a:67:92:cd:8b:
                    57:38:79:7b:f3:52:11:2c:75:c9:06:57:93:1d:ed:
                    55:bf:a0:9d:3e:f0:69:ab:0d:4f:70:2c:68:9e:26:
                    0b:7d:b7:cc:fd:58:23:74:b0:36:4d:66:73:a0:70:
                    82:42:93:47:91:06:94:9c:cb:7e:5c:9f:3d:b7:f2:
                    b4:ee:9f:ef:e5:6a:0d:b4:f0:cb:29:43:c0:83:2e:
                    a9:25:60:41:0e:a1:38:ab:a8:5c:90:1a:bf:5e:70:
                    16:f9:7e:df:0d:df:59:3d:fe:8c:ef:70:3c:35:c0:
                    b1:b5:bb:f9:87:7f:48:82:33:ae:43:b3:92:f6:fa:
                    50:c2:ca:0a:e6:31:11:fe:2e:44:cd:0d:3c:b4:63:
                    33:37:2c:0e:75:a5:6b:b9:6b:ff:a4:5b:e0:4c:91:
                    10:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:4A:A4:DD:E4:B4:B4:6B:F7:B0:2A:CE:44:61:75:F3:26:43:73:E5
            X509v3 Authority Key Identifier:
                keyid:E7:33:4A:D9:B3:FC:52:10:30:BE:99:A5:15:72:11:B6:63:21:6C:94

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5zNK2bP8UhAwvpmlFXIRtmMhbJQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b04b2e-73e6-4887-8df1-3722df073603/1/Akqk3eS0tGv3sCrORGF18yZDc-U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/b04b2e-73e6-4887-8df1-3722df073603/1/5zNK2bP8UhAwvpmlFXIRtmMhbJQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9f:b4:3d:90:29:05:9c:cf:c3:e3:f3:fc:ba:df:a6:51:2c:1f:
         59:99:4a:dd:f3:24:3e:1d:df:59:65:8b:39:3a:72:83:d6:a2:
         3b:3e:ea:f2:b7:98:a5:69:2a:f7:01:2e:7f:16:6e:fc:00:7b:
         24:c2:23:36:d3:3a:0e:46:df:de:74:b8:70:64:16:69:61:df:
         97:66:7e:25:8e:02:1b:36:73:e6:2a:09:0f:70:c7:5c:c2:b7:
         f0:1f:c5:18:88:92:f2:58:86:61:a8:ef:a4:be:a0:5a:b0:ba:
         7d:b0:02:7b:f3:0f:27:6d:2d:6b:ae:49:4b:c1:a2:71:d7:1b:
         77:53:df:0f:be:8f:83:a8:ca:82:78:07:3e:4c:4b:3e:ee:e9:
         fb:cc:bc:ea:cc:84:71:6e:7a:ad:b4:b4:f6:aa:44:31:0c:e3:
         ae:88:30:f4:7b:36:f7:c4:d8:b2:5c:24:3f:d4:f5:50:fd:f6:
         14:50:af:b0:8f:48:07:0b:e0:90:75:2c:97:6b:6c:46:de:05:
         0a:cb:94:1d:65:37:79:e0:6b:b6:e6:93:f5:9f:c9:e7:b7:86:
         54:01:aa:cb:cf:67:32:3c:44:f0:c0:fc:b5:80:57:5b:29:de:
         a2:bd:68:31:73:df:ed:97:f5:37:a5:db:ba:fe:4d:5b:76:5a:
         c7:24:24:95
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYYcwBVEMGSGq8M4gsSRvshMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3MzM0YWQ5YjNmYzUyMTAzMGJlOTlhNTE1NzIxMWI2NjMy
MTZjOTQwHhcNMjUwNDA5MDI0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjRhYTRkZGU0YjRiNDZiZjdiMDJhY2U0NDYxNzVmMzI2NDM3M2U1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq4vH7lshn78hiLfHaAUUPq/oLAv0
+P3RVX8DRV4uQC1QPk5lxrmWAS98IOXk1iPnCgUKT3af8rHKpp9zM7nwTm3sS3VB
0/5+LNA/NBb7FkRAhJ9h7fiST2mMWWMw1/floqAimmeSzYtXOHl781IRLHXJBleT
He1Vv6CdPvBpqw1PcCxoniYLfbfM/VgjdLA2TWZzoHCCQpNHkQaUnMt+XJ89t/K0
7p/v5WoNtPDLKUPAgy6pJWBBDqE4q6hckBq/XnAW+X7fDd9ZPf6M73A8NcCxtbv5
h39IgjOuQ7OS9vpQwsoK5jER/i5EzQ08tGMzNywOdaVruWv/pFvgTJEQ8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAJKpN3ktLRr97AqzkRhdfMmQ3PlMB8GA1UdIwQY
MBaAFOczStmz/FIQML6ZpRVyEbZjIWyUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNXpOSzJiUDhVaEF3dnBtbEZYSVJ0bU1oYkpRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9iMDRiMmUtNzNlNi00ODg3LThkZjEt
MzcyMmRmMDczNjAzLzEvQWtxazNlUzB0R3Yzc0NyT1JHRjE4eVpEYy1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9iMDRiMmUtNzNlNi00ODg3LThkZjEtMzcyMmRmMDczNjAz
LzEvNXpOSzJiUDhVaEF3dnBtbEZYSVJ0bU1oYkpRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuUvdMA0G
CSqGSIb3DQEBCwUAA4IBAQCftD2QKQWcz8Pj8/y636ZRLB9ZmUrd8yQ+Hd9ZZYs5
OnKD1qI7Puryt5ilaSr3AS5/Fm78AHskwiM20zoORt/edLhwZBZpYd+XZn4ljgIb
NnPmKgkPcMdcwrfwH8UYiJLyWIZhqO+kvqBasLp9sAJ78w8nbS1rrklLwaJx1xt3
U98Pvo+DqMqCeAc+TEs+7un7zLzqzIRxbnqttLT2qkQxDOOuiDD0ezb3xNiyXCQ/
1PVQ/fYUUK+wj0gHC+CQdSyXa2xG3gUKy5QdZTd54Gu25pP1n8nnt4ZUAarLz2cy
PETwwPy1gFdbKd6ivWgxc9/tl/U3pdu6/k1bdlrHJCSV
-----END CERTIFICATE-----