Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/7x3gWCXocoFo7Hg7TWha5wGvZTk.roa
File:                     7x3gWCXocoFo7Hg7TWha5wGvZTk.roa (raw, json)
Hash identifier:          K180bZTq9p+t4Sz1GKZQlTGmGWQ/kcLvo4HYhpD25+8=
Subject key identifier:   EF:1D:E0:58:25:E8:72:81:68:EC:78:3B:4D:68:5A:E7:01:AF:65:39
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       0194258F4A7D8FF2AABC9658D72F23436542
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/7x3gWCXocoFo7Hg7TWha5wGvZTk.roa
Signing time:             Thu 02 Jan 2025 05:48:55 +0000
ROA not before:           Thu 02 Jan 2025 05:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43486
IP address blocks:        81.93.191.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:4a:7d:8f:f2:aa:bc:96:58:d7:2f:23:43:65:42
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 05:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef1de05825e8728168ec783b4d685ae701af6539
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:7b:17:06:03:94:6d:98:b3:85:04:62:5a:cc:
                    7d:28:d9:c5:72:2d:45:b8:43:bf:ed:22:9b:ed:04:
                    36:05:4b:09:9e:9d:d7:6b:69:29:f9:55:ee:9d:4e:
                    4e:86:54:e5:9f:d4:b3:fc:a6:dd:00:74:3a:8d:01:
                    25:81:a6:ae:90:60:5d:f3:2a:d7:9a:7c:84:96:73:
                    1c:47:11:cb:ce:50:6c:bf:32:6f:6f:6b:27:94:20:
                    f3:e9:dd:29:d0:d7:1a:ba:cf:20:de:74:cd:a2:41:
                    83:b7:26:ee:66:f5:c5:14:85:98:83:d1:f1:b8:60:
                    50:07:ea:10:c4:c7:de:37:96:6d:95:ee:51:24:2f:
                    82:a1:f2:a1:08:99:a8:d3:c2:ba:4f:74:62:bd:8f:
                    80:c3:f6:66:fe:fc:01:0f:29:7b:b1:70:93:8a:77:
                    7a:b6:0f:c4:21:be:a8:e5:0f:69:91:03:ca:47:5b:
                    7e:4f:c4:eb:8f:4b:5f:70:8a:44:8c:b7:a4:cf:e1:
                    aa:b2:ee:7c:c3:c9:95:38:9c:c5:8a:40:ab:a0:04:
                    2f:9a:9f:1f:d5:06:e5:5a:21:c7:d8:c5:82:ad:3a:
                    8c:ab:86:33:55:6b:0b:64:5f:28:79:8d:49:de:5f:
                    d5:f4:64:b0:54:2b:77:be:39:92:ed:16:12:ff:9a:
                    36:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:1D:E0:58:25:E8:72:81:68:EC:78:3B:4D:68:5A:E7:01:AF:65:39
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/7x3gWCXocoFo7Hg7TWha5wGvZTk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.93.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         03:75:06:ac:92:db:df:26:7f:4b:25:2b:7b:c1:f6:f7:69:2d:
         3b:c0:17:e2:5f:22:35:20:17:80:07:a1:3a:d9:3a:b0:25:64:
         ae:ba:c9:d6:25:d4:b4:27:d2:64:8a:ba:4c:91:6d:1c:da:20:
         be:3e:bd:e6:ee:6b:e4:71:e7:26:42:58:87:1f:8b:df:6f:b0:
         c8:82:2f:03:bf:6c:80:97:ad:7b:cc:0e:0e:b8:17:15:de:cd:
         73:06:5d:ae:2d:0a:c9:35:ba:fc:d3:96:d3:eb:ee:bd:34:bc:
         2c:80:29:52:93:82:11:7d:40:9b:7d:83:5a:05:ab:4c:00:3f:
         1b:0d:e4:c8:bc:1e:03:27:92:1e:0e:47:3b:3a:c7:70:5c:a0:
         7c:3c:95:eb:fe:67:4e:cb:97:4b:db:30:52:fe:16:2b:6b:c4:
         bf:f7:45:a7:b1:f9:37:2a:70:d6:e7:be:63:eb:e8:f1:38:38:
         20:d0:8a:df:d1:ae:85:c8:01:72:aa:11:3b:6e:cb:b8:77:87:
         e9:a4:f8:57:8f:54:ae:ff:43:0b:15:b3:d0:67:e4:42:8e:9e:
         79:e1:34:25:9e:98:0f:61:56:0c:ee:f1:a9:e3:d6:3e:26:b3:
         02:fd:93:f8:1e:f5:4a:20:c4:f5:b4:b3:3e:98:d8:99:7c:34:
         ab:b1:97:c8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj0p9j/KqvJZY1y8jQ2VCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjUwMTAyMDU0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjFkZTA1ODI1ZTg3MjgxNjhlYzc4M2I0ZDY4NWFlNzAxYWY2NTM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4nsXBgOUbZizhQRiWsx9KNnFci1F
uEO/7SKb7QQ2BUsJnp3Xa2kp+VXunU5OhlTln9Sz/KbdAHQ6jQElgaaukGBd8yrX
mnyElnMcRxHLzlBsvzJvb2snlCDz6d0p0Ncaus8g3nTNokGDtybuZvXFFIWYg9Hx
uGBQB+oQxMfeN5Ztle5RJC+CofKhCJmo08K6T3RivY+Aw/Zm/vwBDyl7sXCTind6
tg/EIb6o5Q9pkQPKR1t+T8Trj0tfcIpEjLekz+Gqsu58w8mVOJzFikCroAQvmp8f
1QblWiHH2MWCrTqMq4YzVWsLZF8oeY1J3l/V9GSwVCt3vjmS7RYS/5o2owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO8d4Fgl6HKBaOx4O01oWucBr2U5MB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvN3gzZ1dDWG9jb0ZvN0hnN1RXaGE1d0d2WlRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAUV2/MA0G
CSqGSIb3DQEBCwUAA4IBAQADdQasktvfJn9LJSt7wfb3aS07wBfiXyI1IBeAB6E6
2TqwJWSuusnWJdS0J9JkirpMkW0c2iC+Pr3m7mvkcecmQliHH4vfb7DIgi8Dv2yA
l617zA4OuBcV3s1zBl2uLQrJNbr805bT6+69NLwsgClSk4IRfUCbfYNaBatMAD8b
DeTIvB4DJ5IeDkc7OsdwXKB8PJXr/mdOy5dL2zBS/hYra8S/90Wnsfk3KnDW575j
6+jxODgg0Irf0a6FyAFyqhE7bsu4d4fppPhXj1Su/0MLFbPQZ+RCjp554TQlnpgP
YVYM7vGp49Y+JrMC/ZP4HvVKIMT1tLM+mNiZfDSrsZfI
-----END CERTIFICATE-----