Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/_7TYsPKESqg9ZhdLg9H_vT2Bl18.roa
File:                     _7TYsPKESqg9ZhdLg9H_vT2Bl18.roa (raw, json)
Hash identifier:          KjzGt9xR6o8j3waREEWwOJ/yJVVkFd0w7Czm3/D5T2s=
Subject key identifier:   FF:B4:D8:B0:F2:84:4A:A8:3D:66:17:4B:83:D1:FF:BD:3D:81:97:5F
Certificate issuer:       /CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
Certificate serial:       0194258F45A2E90CB4CB409DA80C9555AA16
Authority key identifier: 4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/_7TYsPKESqg9ZhdLg9H_vT2Bl18.roa
Signing time:             Thu 02 Jan 2025 05:48:53 +0000
ROA not before:           Thu 02 Jan 2025 05:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     27
IP address blocks:        82.112.101.200/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 09:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:45:a2:e9:0c:b4:cb:40:9d:a8:0c:95:55:aa:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d5a2921fbeb8a448e7ae1ec5a11b8ab898d22fd
        Validity
            Not Before: Jan  2 05:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ffb4d8b0f2844aa83d66174b83d1ffbd3d81975f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:04:3d:bf:63:18:2b:1f:eb:ce:63:51:4e:4d:
                    01:09:20:ff:a7:3f:b0:2b:c8:3f:4f:e6:2d:e6:4c:
                    d4:90:77:63:af:f2:da:30:55:20:b9:60:c4:01:7f:
                    b9:0d:86:94:06:dc:bf:7d:ad:93:3e:bb:6b:b9:e5:
                    d9:e2:9a:7d:59:f8:d1:ce:d2:e6:a2:be:a1:cb:04:
                    1f:60:08:f7:5c:a3:57:89:9d:9f:fb:51:7c:46:3d:
                    14:4f:53:05:81:ad:d2:e6:7d:ce:dc:59:e5:be:43:
                    3b:ab:51:54:3b:02:24:37:2c:6b:b5:aa:9b:2a:f5:
                    33:20:d6:58:54:d7:f2:b7:bd:b3:ee:fd:4c:0c:85:
                    f1:a1:e2:48:e9:4c:84:87:2b:ea:cf:49:51:c9:f0:
                    e1:ce:7d:1d:a0:b3:26:81:38:de:cf:7d:b5:13:a0:
                    b5:26:d3:ac:32:58:c1:37:5e:3b:93:0e:46:ec:33:
                    1a:58:c5:8c:40:12:22:37:2d:15:a9:f4:7c:35:88:
                    19:dd:22:d8:dc:1c:a8:99:eb:cf:ba:3c:1e:9f:03:
                    36:ea:93:d4:09:a9:fc:22:8d:e6:86:36:93:b2:bb:
                    80:5a:e0:97:53:86:0f:e3:ae:b2:b2:b0:09:7b:bb:
                    3f:70:18:22:41:9c:16:2f:01:b0:c6:03:46:2c:f3:
                    64:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:B4:D8:B0:F2:84:4A:A8:3D:66:17:4B:83:D1:FF:BD:3D:81:97:5F
            X509v3 Authority Key Identifier:
                keyid:4D:5A:29:21:FB:EB:8A:44:8E:7A:E1:EC:5A:11:B8:AB:89:8D:22:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TVopIfvrikSOeuHsWhG4q4mNIv0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/_7TYsPKESqg9ZhdLg9H_vT2Bl18.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/ee8b98-7240-4b62-acc5-780a25cd0dd9/1/TVopIfvrikSOeuHsWhG4q4mNIv0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.112.101.200/29

    Signature Algorithm: sha256WithRSAEncryption
         8a:d5:b0:9d:e6:ad:7a:e1:71:95:15:12:6b:61:b3:44:7d:c9:
         84:80:18:61:e9:cd:85:f7:2e:26:b9:dc:e5:7b:be:0f:9c:7c:
         87:90:8e:7c:d4:da:5e:85:0e:d1:84:de:18:02:89:89:f8:bd:
         5c:47:51:24:b3:7c:30:fc:f5:da:fd:7e:8c:28:4d:ae:8c:26:
         27:fb:26:fa:72:b8:5f:b0:0f:2a:b0:de:2f:bf:34:a2:30:64:
         7f:f4:5c:d9:e3:2d:71:66:77:8a:8c:46:1c:e5:c1:b3:ae:0e:
         f0:70:d6:da:bb:19:7a:c7:bb:a9:25:6c:a8:15:e0:af:8b:2c:
         0f:26:13:6f:35:38:6a:6e:5b:b7:3f:a7:8c:48:26:fa:29:12:
         7f:5b:db:e7:fd:08:10:10:3f:77:82:50:3d:f1:6a:c1:80:9c:
         7c:9d:28:8a:75:8a:55:7f:20:8c:b9:53:fd:2f:95:3c:04:16:
         ce:46:9c:56:7d:58:df:10:b0:e4:18:56:03:0a:5a:46:3c:64:
         e1:7d:eb:05:64:bf:4a:c3:43:a1:99:99:58:f2:f8:b4:7a:08:
         e2:d1:9c:fc:2b:a1:b7:f8:31:f4:6a:0f:13:fe:7f:b0:cb:2a:
         40:72:cd:04:57:18:3b:da:de:dc:6c:85:b8:06:69:96:3b:92:
         3f:51:4d:2d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQlj0Wi6Qy0y0CdqAyVVaoWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkNWEyOTIxZmJlYjhhNDQ4ZTdhZTFlYzVhMTFiOGFiODk4
ZDIyZmQwHhcNMjUwMTAyMDU0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmI0ZDhiMGYyODQ0YWE4M2Q2NjE3NGI4M2QxZmZiZDNkODE5NzVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1QQ9v2MYKx/rzmNRTk0BCSD/pz+w
K8g/T+Yt5kzUkHdjr/LaMFUguWDEAX+5DYaUBty/fa2TPrtrueXZ4pp9WfjRztLm
or6hywQfYAj3XKNXiZ2f+1F8Rj0UT1MFga3S5n3O3FnlvkM7q1FUOwIkNyxrtaqb
KvUzINZYVNfyt72z7v1MDIXxoeJI6UyEhyvqz0lRyfDhzn0doLMmgTjez321E6C1
JtOsMljBN147kw5G7DMaWMWMQBIiNy0VqfR8NYgZ3SLY3ByomevPujwenwM26pPU
Can8Io3mhjaTsruAWuCXU4YP466ysrAJe7s/cBgiQZwWLwGwxgNGLPNkDQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFP+02LDyhEqoPWYXS4PR/709gZdfMB8GA1UdIwQY
MBaAFE1aKSH764pEjnrh7FoRuKuJjSL9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUt
NzgwYTI1Y2QwZGQ5LzEvXzdUWXNQS0VTcWc5WmhkTGc5SF92VDJCbDE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9lZThiOTgtNzI0MC00YjYyLWFjYzUtNzgwYTI1Y2QwZGQ5
LzEvVFZvcElmdnJpa1NPZXVIc1doRzRxNG1OSXYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCAGCCsGAQUFBwEHAQH/BBEwDzANBAIAATAHAwUDUnBlyDAN
BgkqhkiG9w0BAQsFAAOCAQEAitWwneateuFxlRUSa2GzRH3JhIAYYenNhfcuJrnc
5Xu+D5x8h5COfNTaXoUO0YTeGAKJifi9XEdRJLN8MPz12v1+jChNrowmJ/sm+nK4
X7APKrDeL780ojBkf/Rc2eMtcWZ3ioxGHOXBs64O8HDW2rsZese7qSVsqBXgr4ss
DyYTbzU4am5btz+njEgm+ikSf1vb5/0IEBA/d4JQPfFqwYCcfJ0oinWKVX8gjLlT
/S+VPAQWzkacVn1Y3xCw5BhWAwpaRjxk4X3rBWS/SsNDoZmZWPL4tHoI4tGc/Cuh
t/gx9GoPE/5/sMsqQHLNBFcYO9re3GyFuAZpljuSP1FNLQ==
-----END CERTIFICATE-----