Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a0/d33ce0-69a0-4ba3-b3c9-998278f4fbb2/1/U7MrjrMFOwWnR4h117sJMVUvits.roa
File:                     U7MrjrMFOwWnR4h117sJMVUvits.roa (raw, json)
Hash identifier:          htjbTluQYwPg60synTRHWeZ9MgvIenRnyRzzuYY2Zr4=
Subject key identifier:   53:B3:2B:8E:B3:05:3B:05:A7:47:88:75:D7:BB:09:31:55:2F:8A:DB
Certificate issuer:       /CN=93b76ac9f7a84ad790ad57c880bc9f862ad4c9e7
Certificate serial:       0197F49535F880EFADD608C4DC2DF5EC6597
Authority key identifier: 93:B7:6A:C9:F7:A8:4A:D7:90:AD:57:C8:80:BC:9F:86:2A:D4:C9:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/k7dqyfeoSteQrVfIgLyfhirUyec.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a0/d33ce0-69a0-4ba3-b3c9-998278f4fbb2/1/U7MrjrMFOwWnR4h117sJMVUvits.roa
Signing time:             Thu 10 Jul 2025 13:45:08 +0000
ROA not before:           Thu 10 Jul 2025 13:45:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210008
IP address blocks:        94.136.236.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a0/d33ce0-69a0-4ba3-b3c9-998278f4fbb2/1/k7dqyfeoSteQrVfIgLyfhirUyec.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a0/d33ce0-69a0-4ba3-b3c9-998278f4fbb2/1/k7dqyfeoSteQrVfIgLyfhirUyec.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/k7dqyfeoSteQrVfIgLyfhirUyec.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 07:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:f4:95:35:f8:80:ef:ad:d6:08:c4:dc:2d:f5:ec:65:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=93b76ac9f7a84ad790ad57c880bc9f862ad4c9e7
        Validity
            Not Before: Jul 10 13:45:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=53b32b8eb3053b05a7478875d7bb0931552f8adb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:2a:8a:af:94:b0:a3:8a:ef:90:17:8e:11:9b:
                    8c:63:47:ab:8f:7e:76:fd:67:5a:06:1b:be:8d:0f:
                    c9:11:c4:91:25:5d:84:86:77:22:0b:2e:28:1a:4b:
                    c6:09:51:1b:51:e4:f6:10:b7:31:da:f4:b5:8b:34:
                    54:3d:9b:4b:94:0a:0a:c7:b0:2e:a5:eb:40:84:17:
                    2c:e8:9f:bd:8a:5a:c8:ec:a4:35:c7:f0:66:7b:d9:
                    8e:94:1c:62:d9:d7:dd:83:6d:d8:c1:0a:ed:66:b0:
                    5b:05:22:ff:2b:b7:d4:f5:53:04:3b:04:e7:3f:0d:
                    61:dc:e5:d7:36:24:a4:54:5a:4b:67:36:d1:c8:63:
                    b5:90:62:d6:83:bf:5d:47:1b:dd:5c:84:c0:05:a9:
                    b6:93:02:eb:a1:66:f9:b0:7e:d0:01:50:1d:7c:9b:
                    7a:0c:c6:56:02:73:db:cb:2e:18:00:25:4c:19:af:
                    89:8e:63:4a:92:42:cc:64:70:7a:57:59:d2:86:93:
                    25:c3:5f:71:6e:24:c6:29:64:f7:15:6c:2f:ac:ed:
                    d3:4b:7f:a6:c6:a3:74:af:e9:26:1e:04:11:50:4e:
                    07:97:f2:77:87:0b:af:34:55:67:4c:d9:f0:ee:61:
                    1a:2b:0f:fb:e2:56:8a:17:cd:c8:35:f0:f7:3e:a1:
                    a5:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:B3:2B:8E:B3:05:3B:05:A7:47:88:75:D7:BB:09:31:55:2F:8A:DB
            X509v3 Authority Key Identifier:
                keyid:93:B7:6A:C9:F7:A8:4A:D7:90:AD:57:C8:80:BC:9F:86:2A:D4:C9:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/k7dqyfeoSteQrVfIgLyfhirUyec.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/d33ce0-69a0-4ba3-b3c9-998278f4fbb2/1/U7MrjrMFOwWnR4h117sJMVUvits.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a0/d33ce0-69a0-4ba3-b3c9-998278f4fbb2/1/k7dqyfeoSteQrVfIgLyfhirUyec.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.136.236.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:58:ba:8d:7f:e2:45:38:7d:a7:c9:60:95:c3:a2:52:7f:53:
         2b:44:02:2f:a4:63:84:8c:cf:4d:52:ab:b3:a6:e6:10:5b:95:
         4a:d6:56:78:48:dd:27:c8:d4:c8:c9:3f:5f:09:24:2b:ca:63:
         3c:ed:07:79:d5:b8:9a:d7:01:d4:65:b8:98:34:9e:eb:b1:08:
         a0:74:49:13:a9:c7:fc:19:80:93:25:bd:7f:74:84:1f:5c:90:
         02:a3:61:7d:fe:b2:9a:fc:13:f9:12:8d:c2:bb:09:8b:85:9c:
         6a:e2:2d:8e:42:85:7e:4d:68:b0:6c:5e:a7:86:a0:fe:f0:e4:
         22:09:68:b4:97:14:43:48:b2:c7:6b:82:d7:c4:d4:72:72:6c:
         a6:85:01:2a:e8:1c:f3:01:ad:23:cc:06:b5:58:7c:2b:5a:f9:
         ee:6f:fc:bc:73:a2:0c:fc:cf:0a:b2:fd:96:ed:26:8a:6a:38:
         c4:36:9f:d3:71:02:b8:96:13:91:42:5a:4e:3a:99:24:ef:dc:
         b5:34:a5:7b:e7:df:61:bd:e7:f1:e0:ec:70:ca:0f:bf:fa:01:
         24:ae:55:9a:95:e3:8d:f7:ff:86:9f:ee:ed:a1:f3:46:be:33:
         53:71:aa:41:32:83:67:1f:fb:69:42:2a:bd:02:2e:86:d4:8e:
         f5:63:07:05
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZf0lTX4gO+t1gjE3C317GWXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkzYjc2YWM5ZjdhODRhZDc5MGFkNTdjODgwYmM5Zjg2MmFk
NGM5ZTcwHhcNMjUwNzEwMTM0NTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1M2IzMmI4ZWIzMDUzYjA1YTc0Nzg4NzVkN2JiMDkzMTU1MmY4YWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjCqKr5Swo4rvkBeOEZuMY0erj352
/WdaBhu+jQ/JEcSRJV2EhnciCy4oGkvGCVEbUeT2ELcx2vS1izRUPZtLlAoKx7Au
petAhBcs6J+9ilrI7KQ1x/Bme9mOlBxi2dfdg23YwQrtZrBbBSL/K7fU9VMEOwTn
Pw1h3OXXNiSkVFpLZzbRyGO1kGLWg79dRxvdXITABam2kwLroWb5sH7QAVAdfJt6
DMZWAnPbyy4YACVMGa+JjmNKkkLMZHB6V1nShpMlw19xbiTGKWT3FWwvrO3TS3+m
xqN0r+kmHgQRUE4Hl/J3hwuvNFVnTNnw7mEaKw/74laKF83INfD3PqGleQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFOzK46zBTsFp0eIdde7CTFVL4rbMB8GA1UdIwQY
MBaAFJO3asn3qErXkK1XyIC8n4Yq1MnnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvazdkcXlmZW9TdGVRclZmSWdMeWZoaXJVeWVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMC9kMzNjZTAtNjlhMC00YmEzLWIzYzkt
OTk4Mjc4ZjRmYmIyLzEvVTdNcmpyTUZPd1duUjRoMTE3c0pNVlV2aXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMC9kMzNjZTAtNjlhMC00YmEzLWIzYzktOTk4Mjc4ZjRmYmIy
LzEvazdkcXlmZW9TdGVRclZmSWdMeWZoaXJVeWVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBXojsMA0G
CSqGSIb3DQEBCwUAA4IBAQBXWLqNf+JFOH2nyWCVw6JSf1MrRAIvpGOEjM9NUquz
puYQW5VK1lZ4SN0nyNTIyT9fCSQrymM87Qd51bia1wHUZbiYNJ7rsQigdEkTqcf8
GYCTJb1/dIQfXJACo2F9/rKa/BP5Eo3CuwmLhZxq4i2OQoV+TWiwbF6nhqD+8OQi
CWi0lxRDSLLHa4LXxNRycmymhQEq6BzzAa0jzAa1WHwrWvnub/y8c6IM/M8Ksv2W
7SaKajjENp/TcQK4lhORQlpOOpkk79y1NKV7599hvefx4Oxwyg+/+gEkrlWaleON
9/+Gn+7tofNGvjNTcapBMoNnH/tpQiq9Ai6G1I71YwcF
-----END CERTIFICATE-----