Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/d29a5f-a52c-4c79-9303-a77caac4625c/1/7sLKGVGT_a4aX4JcAS8Cl-dwrZk.roa
File:                     7sLKGVGT_a4aX4JcAS8Cl-dwrZk.roa (raw, json)
Hash identifier:          IALVV6z17EuCMGIEd1EYplZQwtixCOladk+EbbZKzBM=
Subject key identifier:   EE:C2:CA:19:51:93:FD:AE:1A:5F:82:5C:01:2F:02:97:E7:70:AD:99
Certificate issuer:       /CN=1d13cd3dde789d294793afce938a533c02bb84d1
Certificate serial:       01981C576361B2AA6C24D7425498A8E0196F
Authority key identifier: 1D:13:CD:3D:DE:78:9D:29:47:93:AF:CE:93:8A:53:3C:02:BB:84:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HRPNPd54nSlHk6_Ok4pTPAK7hNE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/d29a5f-a52c-4c79-9303-a77caac4625c/1/7sLKGVGT_a4aX4JcAS8Cl-dwrZk.roa
Signing time:             Fri 18 Jul 2025 07:02:25 +0000
ROA not before:           Fri 18 Jul 2025 07:02:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210204
IP address blocks:        185.235.60.0/24 maxlen: 24
                          2a14:d900::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/d29a5f-a52c-4c79-9303-a77caac4625c/1/HRPNPd54nSlHk6_Ok4pTPAK7hNE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/d29a5f-a52c-4c79-9303-a77caac4625c/1/HRPNPd54nSlHk6_Ok4pTPAK7hNE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HRPNPd54nSlHk6_Ok4pTPAK7hNE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 26 Jul 2025 21:50:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:1c:57:63:61:b2:aa:6c:24:d7:42:54:98:a8:e0:19:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1d13cd3dde789d294793afce938a533c02bb84d1
        Validity
            Not Before: Jul 18 07:02:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eec2ca195193fdae1a5f825c012f0297e770ad99
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:bc:58:f8:b0:c5:dc:9e:21:d0:a9:6e:8a:5e:
                    b4:a1:92:83:c8:15:41:a6:76:c2:27:de:91:55:31:
                    30:49:a2:44:05:6e:11:0d:f7:06:cb:4e:f1:33:38:
                    83:b3:90:26:ff:6c:28:e0:56:39:b9:73:a0:80:9a:
                    c6:47:19:1b:27:8f:b5:e8:45:2f:bf:40:18:b6:f8:
                    48:73:1c:39:69:37:cb:4d:c0:74:80:cd:bb:7a:9c:
                    2b:dd:d1:eb:8a:00:de:db:5b:97:39:a5:87:05:23:
                    b2:11:6a:24:dd:0e:b6:14:07:1c:b7:78:16:93:25:
                    1e:88:1b:c2:49:f4:ad:48:15:40:36:9e:84:38:d7:
                    f2:2c:11:e3:b6:42:c6:9c:d2:83:ae:d7:9d:eb:b8:
                    36:dc:d9:82:c0:c5:76:41:4d:ad:22:2f:4a:8a:5d:
                    0d:75:51:1e:c5:62:9e:01:75:a4:5c:55:88:31:90:
                    1c:16:00:2b:ee:1c:6a:73:97:0f:13:e3:80:f3:e1:
                    63:51:d3:f6:47:c8:c3:d1:69:57:45:6c:4f:88:69:
                    84:8c:29:23:0a:d7:1f:54:ea:18:31:8c:81:6d:6c:
                    59:31:22:6c:ad:6d:dc:f4:32:1f:53:0f:ec:6d:17:
                    e0:d5:55:f0:84:65:20:00:e8:d3:13:67:17:d5:b6:
                    d1:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:C2:CA:19:51:93:FD:AE:1A:5F:82:5C:01:2F:02:97:E7:70:AD:99
            X509v3 Authority Key Identifier:
                keyid:1D:13:CD:3D:DE:78:9D:29:47:93:AF:CE:93:8A:53:3C:02:BB:84:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HRPNPd54nSlHk6_Ok4pTPAK7hNE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/d29a5f-a52c-4c79-9303-a77caac4625c/1/7sLKGVGT_a4aX4JcAS8Cl-dwrZk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/d29a5f-a52c-4c79-9303-a77caac4625c/1/HRPNPd54nSlHk6_Ok4pTPAK7hNE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.60.0/24
                IPv6:
                  2a14:d900::/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:e0:9c:99:eb:e2:77:0a:68:60:30:ae:f9:38:42:f1:ce:67:
         23:92:b3:d1:5b:eb:64:9c:40:5f:e2:4c:c5:6b:af:f4:19:4a:
         70:8b:48:c4:6d:3b:80:d1:08:d5:c5:87:9f:c0:7b:ef:da:5f:
         c4:1c:c8:d0:04:eb:c0:6f:d7:e4:45:b5:a3:8a:27:2a:68:6c:
         0e:dd:8c:7f:4d:9b:2c:42:5b:12:ee:8b:88:07:ae:80:b0:16:
         a4:83:8e:7a:b0:1b:21:11:9e:fb:6d:c3:ae:08:54:7d:1a:36:
         91:91:79:3c:c3:6c:8e:e0:0e:2f:5f:f1:b4:97:d0:de:35:fd:
         53:b1:3f:55:6e:ab:ab:8f:40:a9:67:20:93:98:c0:27:6f:4d:
         f2:d0:a8:99:44:28:60:b0:e4:be:91:ff:d9:35:77:ec:a6:c5:
         c9:c0:5d:3c:35:0c:44:74:17:ae:fb:b0:f2:59:5b:91:05:7d:
         10:37:30:db:3a:57:d9:51:8b:81:19:23:ba:b3:21:8b:31:8e:
         78:da:2a:b6:86:fc:ee:15:3b:de:35:5e:9d:2e:31:93:bd:c7:
         07:bd:8b:c2:96:18:c2:91:47:1a:99:7c:0d:05:5e:f5:74:4c:
         45:f2:67:20:c0:71:c1:6f:c8:df:f1:11:02:a9:c8:eb:76:04:
         ff:f0:6f:39
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZgcV2NhsqpsJNdCVJio4BlvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMTNjZDNkZGU3ODlkMjk0NzkzYWZjZTkzOGE1MzNjMDJi
Yjg0ZDEwHhcNMjUwNzE4MDcwMjI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWMyY2ExOTUxOTNmZGFlMWE1ZjgyNWMwMTJmMDI5N2U3NzBhZDk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6rxY+LDF3J4h0Kluil60oZKDyBVB
pnbCJ96RVTEwSaJEBW4RDfcGy07xMziDs5Am/2wo4FY5uXOggJrGRxkbJ4+16EUv
v0AYtvhIcxw5aTfLTcB0gM27epwr3dHrigDe21uXOaWHBSOyEWok3Q62FAcct3gW
kyUeiBvCSfStSBVANp6EONfyLBHjtkLGnNKDrted67g23NmCwMV2QU2tIi9Kil0N
dVEexWKeAXWkXFWIMZAcFgAr7hxqc5cPE+OA8+FjUdP2R8jD0WlXRWxPiGmEjCkj
CtcfVOoYMYyBbWxZMSJsrW3c9DIfUw/sbRfg1VXwhGUgAOjTE2cX1bbRhQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO7CyhlRk/2uGl+CXAEvApfncK2ZMB8GA1UdIwQY
MBaAFB0TzT3eeJ0pR5OvzpOKUzwCu4TRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFJQTlBkNTRuU2xIazZfT2s0cFRQQUs3aE5FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9kMjlhNWYtYTUyYy00Yzc5LTkzMDMt
YTc3Y2FhYzQ2MjVjLzEvN3NMS0dWR1RfYTRhWDRKY0FTOENsLWR3clprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9kMjlhNWYtYTUyYy00Yzc5LTkzMDMtYTc3Y2FhYzQ2MjVj
LzEvSFJQTlBkNTRuU2xIazZfT2s0cFRQQUs3aE5FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAues8MA0E
AgACMAcDBQMqFNkAMA0GCSqGSIb3DQEBCwUAA4IBAQCK4JyZ6+J3CmhgMK75OELx
zmcjkrPRW+tknEBf4kzFa6/0GUpwi0jEbTuA0QjVxYefwHvv2l/EHMjQBOvAb9fk
RbWjiicqaGwO3Yx/TZssQlsS7ouIB66AsBakg456sBshEZ77bcOuCFR9GjaRkXk8
w2yO4A4vX/G0l9DeNf1TsT9Vbqurj0CpZyCTmMAnb03y0KiZRChgsOS+kf/ZNXfs
psXJwF08NQxEdBeu+7DyWVuRBX0QNzDbOlfZUYuBGSO6syGLMY542iq2hvzuFTve
NV6dLjGTvccHvYvClhjCkUcamXwNBV71dExF8mcgwHHBb8jf8RECqcjrdgT/8G85
-----END CERTIFICATE-----