Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/d493cc-3254-4d95-bdee-1a23e15f3b84/1/E7d_b0PflOY76P_uC3WM3xFdSrc.roa
File:                     E7d_b0PflOY76P_uC3WM3xFdSrc.roa (raw, json)
Hash identifier:          n1OXhuOXloaQfjIyVDut9dhlUxv9V7SaFL6+utmdzjI=
Subject key identifier:   13:B7:7F:6F:43:DF:94:E6:3B:E8:FF:EE:0B:75:8C:DF:11:5D:4A:B7
Certificate issuer:       /CN=b56458576ba23921dd792dc0052f8f82867d627b
Certificate serial:       0194221F5033496662CE32F69F93D78A64E2
Authority key identifier: B5:64:58:57:6B:A2:39:21:DD:79:2D:C0:05:2F:8F:82:86:7D:62:7B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tWRYV2uiOSHdeS3ABS-PgoZ9Yns.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/d493cc-3254-4d95-bdee-1a23e15f3b84/1/E7d_b0PflOY76P_uC3WM3xFdSrc.roa
Signing time:             Wed 01 Jan 2025 13:47:44 +0000
ROA not before:           Wed 01 Jan 2025 13:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56509
IP address blocks:        185.217.164.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/d493cc-3254-4d95-bdee-1a23e15f3b84/1/tWRYV2uiOSHdeS3ABS-PgoZ9Yns.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/d493cc-3254-4d95-bdee-1a23e15f3b84/1/tWRYV2uiOSHdeS3ABS-PgoZ9Yns.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tWRYV2uiOSHdeS3ABS-PgoZ9Yns.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:50:33:49:66:62:ce:32:f6:9f:93:d7:8a:64:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b56458576ba23921dd792dc0052f8f82867d627b
        Validity
            Not Before: Jan  1 13:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13b77f6f43df94e63be8ffee0b758cdf115d4ab7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:75:b9:2d:b7:79:ba:bb:80:7e:45:18:48:ec:
                    fe:43:d6:4b:37:ce:48:04:f3:c7:cd:34:65:66:12:
                    29:55:03:69:25:e0:f2:df:98:19:3d:c6:7e:97:99:
                    4f:ed:49:d9:ae:3e:1f:61:3e:17:d4:c2:5a:dc:93:
                    c1:07:79:20:8e:01:3a:5c:86:bb:3c:5b:d2:34:ae:
                    6b:cd:04:26:be:d7:d4:b1:b8:e3:57:c9:89:01:3b:
                    5b:2e:a4:13:2b:a4:9d:8c:4a:c2:7a:0d:b0:a1:b6:
                    3e:c3:32:f5:5d:37:69:e8:1e:5e:04:61:73:a7:21:
                    6b:61:70:23:98:40:13:f9:2e:71:3a:51:4f:06:d2:
                    19:1a:b5:4c:96:00:6a:ec:da:e6:0f:af:4f:96:61:
                    26:fb:d8:16:5c:74:0a:45:ce:0e:d8:34:bb:bf:46:
                    2c:29:a5:5a:6a:a3:0b:ce:94:05:80:6c:d0:ee:dd:
                    f5:44:3d:af:77:8a:f7:ef:88:49:4c:30:5e:3d:6f:
                    09:8c:db:26:60:83:ed:e9:d9:e7:1d:83:51:5c:d2:
                    c9:3e:c3:48:f6:6c:e1:0f:0a:f3:47:a9:7b:87:95:
                    8f:ab:6e:8e:a0:19:77:dc:f8:d6:ca:0f:ba:54:83:
                    cd:5e:13:19:05:8d:9b:5b:06:28:9d:1f:35:5f:c5:
                    86:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:B7:7F:6F:43:DF:94:E6:3B:E8:FF:EE:0B:75:8C:DF:11:5D:4A:B7
            X509v3 Authority Key Identifier:
                keyid:B5:64:58:57:6B:A2:39:21:DD:79:2D:C0:05:2F:8F:82:86:7D:62:7B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tWRYV2uiOSHdeS3ABS-PgoZ9Yns.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/d493cc-3254-4d95-bdee-1a23e15f3b84/1/E7d_b0PflOY76P_uC3WM3xFdSrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/d493cc-3254-4d95-bdee-1a23e15f3b84/1/tWRYV2uiOSHdeS3ABS-PgoZ9Yns.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.164.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8e:29:fb:9b:14:7b:fd:4d:df:6d:09:58:1a:27:bd:f1:50:16:
         51:0a:df:3d:9e:a8:ab:e9:5b:3a:b4:d6:86:28:fb:1d:0f:e5:
         71:fa:5f:13:7e:c4:16:79:87:07:30:b6:71:39:8a:62:37:93:
         d3:fa:e8:ca:3b:0a:6d:bb:f0:52:72:f6:1e:01:63:6f:6b:3c:
         18:1f:32:a4:f7:d7:2e:22:a3:50:2d:f6:00:21:38:0c:60:fb:
         72:49:18:86:09:82:d0:f2:2a:1b:b0:e9:e3:de:32:13:eb:9e:
         90:96:83:a5:a0:68:8c:1d:3b:f3:7a:63:52:1f:cf:5c:84:10:
         64:2f:e9:d1:fd:15:68:a1:da:cb:5b:09:77:f9:fa:05:54:ae:
         ca:66:35:2f:be:ee:66:dc:2b:0c:50:4a:23:c2:d5:aa:4b:65:
         9f:87:f3:26:39:8a:04:ec:f1:d1:6f:be:ef:b6:74:77:31:31:
         9f:0b:4a:fd:b0:bb:32:bc:02:be:1c:16:9c:8d:47:7e:46:21:
         5f:a4:8c:97:93:bb:27:88:3f:3d:5b:27:46:e2:94:b4:ce:88:
         8c:b5:bc:4f:a1:d1:f7:11:86:36:5c:32:84:22:fc:26:6a:23:
         46:3e:df:73:ca:3e:b4:24:df:23:82:da:6e:f2:45:c3:4e:36:
         2c:28:f7:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH1AzSWZizjL2n5PXimTiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI1NjQ1ODU3NmJhMjM5MjFkZDc5MmRjMDA1MmY4ZjgyODY3
ZDYyN2IwHhcNMjUwMTAxMTM0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2I3N2Y2ZjQzZGY5NGU2M2JlOGZmZWUwYjc1OGNkZjExNWQ0YWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33W5Lbd5uruAfkUYSOz+Q9ZLN85I
BPPHzTRlZhIpVQNpJeDy35gZPcZ+l5lP7UnZrj4fYT4X1MJa3JPBB3kgjgE6XIa7
PFvSNK5rzQQmvtfUsbjjV8mJATtbLqQTK6SdjErCeg2wobY+wzL1XTdp6B5eBGFz
pyFrYXAjmEAT+S5xOlFPBtIZGrVMlgBq7NrmD69PlmEm+9gWXHQKRc4O2DS7v0Ys
KaVaaqMLzpQFgGzQ7t31RD2vd4r374hJTDBePW8JjNsmYIPt6dnnHYNRXNLJPsNI
9mzhDwrzR6l7h5WPq26OoBl33PjWyg+6VIPNXhMZBY2bWwYonR81X8WG9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBO3f29D35TmO+j/7gt1jN8RXUq3MB8GA1UdIwQY
MBaAFLVkWFdrojkh3XktwAUvj4KGfWJ7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFdSWVYydWlPU0hkZVMzQUJTLVBnb1o5WW5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9kNDkzY2MtMzI1NC00ZDk1LWJkZWUt
MWEyM2UxNWYzYjg0LzEvRTdkX2IwUGZsT1k3NlBfdUMzV00zeEZkU3JjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9kNDkzY2MtMzI1NC00ZDk1LWJkZWUtMWEyM2UxNWYzYjg0
LzEvdFdSWVYydWlPU0hkZVMzQUJTLVBnb1o5WW5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudmkMA0G
CSqGSIb3DQEBCwUAA4IBAQCOKfubFHv9Td9tCVgaJ73xUBZRCt89nqir6Vs6tNaG
KPsdD+Vx+l8TfsQWeYcHMLZxOYpiN5PT+ujKOwptu/BScvYeAWNvazwYHzKk99cu
IqNQLfYAITgMYPtySRiGCYLQ8iobsOnj3jIT656QloOloGiMHTvzemNSH89chBBk
L+nR/RVoodrLWwl3+foFVK7KZjUvvu5m3CsMUEojwtWqS2Wfh/MmOYoE7PHRb77v
tnR3MTGfC0r9sLsyvAK+HBacjUd+RiFfpIyXk7sniD89WydG4pS0zoiMtbxPodH3
EYY2XDKEIvwmaiNGPt9zyj60JN8jgtpu8kXDTjYsKPcY
-----END CERTIFICATE-----