Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/7P_ZH1E1KoJ6xQcglt9Uw85RPUc.roa
File:                     7P_ZH1E1KoJ6xQcglt9Uw85RPUc.roa (raw, json)
Hash identifier:          s1qbON/wcpWGdCNZamOBb4gxMcbe8rCoVVOQc32HhbU=
Subject key identifier:   EC:FF:D9:1F:51:35:2A:82:7A:C5:07:20:96:DF:54:C3:CE:51:3D:47
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       0197C9C6DF30F2B938EF2DEFC674895F3E85
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/7P_ZH1E1KoJ6xQcglt9Uw85RPUc.roa
Signing time:             Wed 02 Jul 2025 06:15:43 +0000
ROA not before:           Wed 02 Jul 2025 06:15:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216312
IP address blocks:        45.66.230.0/24 maxlen: 24
                          94.156.166.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Jul 2025 16:26:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c9:c6:df:30:f2:b9:38:ef:2d:ef:c6:74:89:5f:3e:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jul  2 06:15:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ecffd91f51352a827ac5072096df54c3ce513d47
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:a7:13:ea:86:3c:1d:b3:d2:b8:41:4b:84:31:
                    02:42:7a:3c:bf:de:a4:98:50:74:8e:36:fd:02:a1:
                    63:5c:e9:1a:26:60:9d:f7:bc:69:5f:d7:7e:f1:33:
                    f5:fe:84:b6:06:f2:3a:32:75:4c:00:05:cb:61:74:
                    1e:49:0f:ca:aa:b6:26:e4:84:5a:69:6e:fc:29:e3:
                    fc:e0:30:ed:67:2a:8b:d9:1b:12:79:3c:d7:d1:f7:
                    e5:0f:37:92:8d:7f:4a:ab:05:99:42:38:24:56:6e:
                    a9:51:d0:32:2c:41:dc:ac:b3:a5:b4:8e:d8:99:70:
                    76:d8:13:64:44:1b:d0:a4:81:1c:87:0b:64:c1:c3:
                    eb:6b:f1:b6:11:1f:c8:0d:9a:3e:e6:e9:c9:72:1a:
                    5a:04:fe:a3:0f:d4:50:53:f2:6f:53:c6:f8:b3:32:
                    cd:5a:07:64:70:8c:d0:c9:28:81:05:36:8b:51:c2:
                    90:76:a8:67:6d:83:8f:8c:da:bd:a3:f8:b2:23:07:
                    7b:78:27:b6:e3:04:1f:43:fa:1d:b0:42:63:09:62:
                    8b:6c:38:22:e1:ba:f3:a9:8d:9d:c4:15:ff:23:b2:
                    0f:7e:49:11:1f:79:f0:a3:87:f2:30:83:9c:37:5f:
                    ce:c4:2b:79:5a:99:30:33:c5:98:a1:a4:da:cf:25:
                    ce:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:FF:D9:1F:51:35:2A:82:7A:C5:07:20:96:DF:54:C3:CE:51:3D:47
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/7P_ZH1E1KoJ6xQcglt9Uw85RPUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.66.230.0/24
                  94.156.166.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:05:ee:cf:49:dc:02:4c:99:9f:18:06:1c:33:c3:1c:3a:4f:
         0b:db:bc:18:b8:da:db:ae:b4:4b:69:b7:dc:b8:a5:57:dd:86:
         63:a1:ac:6b:4e:e9:f2:64:d9:49:04:e0:a7:72:55:e0:f6:6d:
         20:3f:71:d3:b8:be:df:f6:5f:31:0b:c0:55:94:8e:cd:04:43:
         2c:79:a7:45:96:85:68:5c:79:9c:ea:e4:0f:a7:da:aa:a2:45:
         8e:0a:2d:90:ca:dd:69:a8:f9:95:8c:a1:28:b7:5c:8a:a7:22:
         0c:ba:0b:e5:ce:30:1e:69:01:56:d2:43:8c:f0:e5:d8:c1:94:
         b0:99:25:4d:b5:16:fd:5b:06:d4:e2:51:0c:df:ba:6c:e0:c0:
         de:2c:d7:fa:fd:f8:1f:22:ee:fb:39:83:b6:ec:5b:08:46:20:
         30:4a:d3:05:99:9f:cf:70:ba:8b:80:dc:34:52:06:39:be:bd:
         c2:7a:53:01:ae:9c:b0:a2:2a:ad:a8:a9:b0:67:cd:22:d2:d5:
         68:bf:61:2f:87:49:4c:ed:b5:b6:c8:06:ed:ff:4d:54:64:71:
         0d:c0:72:d6:56:d4:d1:47:d5:e5:6e:49:a7:89:26:55:f5:bd:
         d7:0f:e9:be:6e:c6:b5:b2:66:3b:1b:f8:e2:ba:3f:98:37:b9:
         b6:f3:b9:d9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZfJxt8w8rk47y3vxnSJXz6FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNzAyMDYxNTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2ZmZDkxZjUxMzUyYTgyN2FjNTA3MjA5NmRmNTRjM2NlNTEzZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlqcT6oY8HbPSuEFLhDECQno8v96k
mFB0jjb9AqFjXOkaJmCd97xpX9d+8TP1/oS2BvI6MnVMAAXLYXQeSQ/KqrYm5IRa
aW78KeP84DDtZyqL2RsSeTzX0fflDzeSjX9KqwWZQjgkVm6pUdAyLEHcrLOltI7Y
mXB22BNkRBvQpIEchwtkwcPra/G2ER/IDZo+5unJchpaBP6jD9RQU/JvU8b4szLN
WgdkcIzQySiBBTaLUcKQdqhnbYOPjNq9o/iyIwd7eCe24wQfQ/odsEJjCWKLbDgi
4brzqY2dxBX/I7IPfkkRH3nwo4fyMIOcN1/OxCt5WpkwM8WYoaTazyXOcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOz/2R9RNSqCesUHIJbfVMPOUT1HMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvN1BfWkgxRTFLb0o2eFFjZ2x0OVV3ODVSUFVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALULmAwQA
XpymMA0GCSqGSIb3DQEBCwUAA4IBAQAwBe7PSdwCTJmfGAYcM8McOk8L27wYuNrb
rrRLabfcuKVX3YZjoaxrTunyZNlJBOCnclXg9m0gP3HTuL7f9l8xC8BVlI7NBEMs
eadFloVoXHmc6uQPp9qqokWOCi2Qyt1pqPmVjKEot1yKpyIMugvlzjAeaQFW0kOM
8OXYwZSwmSVNtRb9WwbU4lEM37ps4MDeLNf6/fgfIu77OYO27FsIRiAwStMFmZ/P
cLqLgNw0UgY5vr3CelMBrpywoiqtqKmwZ80i0tVov2Evh0lM7bW2yAbt/01UZHEN
wHLWVtTRR9XlbkmniSZV9b3XD+m+bsa1smY7G/jiuj+YN7m287nZ
-----END CERTIFICATE-----