Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/7CnGcezVNw1TpzWzTOqHPp8emz4.roa
File:                     7CnGcezVNw1TpzWzTOqHPp8emz4.roa (raw, json)
Hash identifier:          qf+OrrOLU0xpDvf8BTNnpgC563aS0FaSbobnYvio/M8=
Subject key identifier:   EC:29:C6:71:EC:D5:37:0D:53:A7:35:B3:4C:EA:87:3E:9F:1E:9B:3E
Certificate issuer:       /CN=0548cedf17029ed98a108113c6c109ecaccd82ec
Certificate serial:       019428280895D7F7F58FE7E1267BCE1D49AB
Authority key identifier: 05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/7CnGcezVNw1TpzWzTOqHPp8emz4.roa
Signing time:             Thu 02 Jan 2025 17:54:59 +0000
ROA not before:           Thu 02 Jan 2025 17:54:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3356
IP address blocks:        87.227.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:28:08:95:d7:f7:f5:8f:e7:e1:26:7b:ce:1d:49:ab
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0548cedf17029ed98a108113c6c109ecaccd82ec
        Validity
            Not Before: Jan  2 17:54:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec29c671ecd5370d53a735b34cea873e9f1e9b3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:92:9d:3f:fe:14:5b:5d:05:81:15:0f:e9:f8:
                    50:ff:93:27:cc:37:63:6a:c2:15:f3:ee:15:79:28:
                    a8:25:ff:2d:23:a9:87:e8:c1:b8:55:0b:37:37:a8:
                    ad:03:4a:f0:85:cf:7c:fe:93:d3:cd:c6:fb:94:c8:
                    ef:a8:00:97:60:9f:9e:32:67:e6:50:fc:16:b2:bb:
                    eb:0e:4c:e7:af:b1:51:ae:9b:96:c6:13:27:1b:77:
                    36:2c:1b:48:8d:d3:75:d7:09:e8:a9:03:c5:9e:2e:
                    fe:ac:ee:62:a8:9d:19:3c:1e:fd:c1:54:16:5d:ef:
                    a7:b6:42:53:87:23:d1:3c:8b:36:b4:5e:a4:cd:91:
                    85:b1:ce:fb:7a:f2:d3:bd:d5:6b:70:dd:23:71:4b:
                    98:ab:0f:eb:d8:af:1f:9d:45:39:3a:c6:64:75:f8:
                    70:0f:e9:22:42:65:75:16:f9:e8:a6:b8:cd:c4:7c:
                    48:5c:3e:30:4d:b2:ed:16:d2:82:6b:4c:80:4a:bd:
                    14:3b:d3:6d:59:fd:19:d8:4a:c7:9f:f3:19:cb:44:
                    28:19:94:7b:47:34:01:3d:0c:8b:6a:a8:bd:6f:17:
                    de:28:fc:d4:97:46:37:3f:50:19:49:9c:ef:a8:71:
                    2a:08:fe:a7:3d:b4:5e:b5:97:d2:fb:79:61:63:65:
                    00:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:29:C6:71:EC:D5:37:0D:53:A7:35:B3:4C:EA:87:3E:9F:1E:9B:3E
            X509v3 Authority Key Identifier:
                keyid:05:48:CE:DF:17:02:9E:D9:8A:10:81:13:C6:C1:09:EC:AC:CD:82:EC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BUjO3xcCntmKEIETxsEJ7KzNguw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/7CnGcezVNw1TpzWzTOqHPp8emz4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/09/541c05-8d7d-42b8-ab00-7fbbae6f9437/1/BUjO3xcCntmKEIETxsEJ7KzNguw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.227.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:0e:81:46:a6:8a:8d:13:ae:34:79:d6:56:ea:0e:62:3b:4a:
         fb:a0:d2:be:e3:35:e3:d0:d9:4e:74:c7:60:2f:80:03:3a:17:
         ad:33:33:4e:d5:68:41:eb:7a:7e:33:52:bb:5f:28:68:e9:f7:
         f1:22:02:19:2d:f0:ca:c2:69:89:99:b6:bb:74:29:92:69:eb:
         60:f9:61:5b:6e:5e:8b:1d:27:cf:19:c9:2d:cc:ae:a4:1a:fa:
         7e:e4:96:0d:41:22:81:e2:20:03:4e:a4:50:fb:3d:8b:d7:22:
         b7:7a:25:26:b4:92:bc:7c:3b:15:74:a4:e0:38:74:9b:c2:c3:
         0e:cf:42:61:16:18:4c:7d:a7:68:70:0d:1f:54:d4:fd:f1:b5:
         12:ff:f8:38:08:7d:77:12:f4:9f:c2:18:b0:78:5d:15:da:01:
         3f:b0:84:39:65:ab:3f:ec:e6:58:1b:f2:7e:29:d9:f7:58:a8:
         86:8f:4f:22:5f:d4:55:3f:f1:b8:ac:e2:ca:2e:a1:be:db:57:
         fb:d5:88:29:42:c5:88:e5:46:bb:a5:09:c6:6d:1a:4b:34:b7:
         62:82:d3:07:6e:0e:f1:06:16:75:36:8b:d3:bc:97:c0:38:7f:
         82:e6:23:e7:ac:22:6f:8d:06:4a:25:22:9e:a5:69:aa:a4:33:
         94:4a:3a:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoKAiV1/f1j+fhJnvOHUmrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1NDhjZWRmMTcwMjllZDk4YTEwODExM2M2YzEwOWVjYWNj
ZDgyZWMwHhcNMjUwMTAyMTc1NDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzI5YzY3MWVjZDUzNzBkNTNhNzM1YjM0Y2VhODczZTlmMWU5YjNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwZKdP/4UW10FgRUP6fhQ/5MnzDdj
asIV8+4VeSioJf8tI6mH6MG4VQs3N6itA0rwhc98/pPTzcb7lMjvqACXYJ+eMmfm
UPwWsrvrDkznr7FRrpuWxhMnG3c2LBtIjdN11wnoqQPFni7+rO5iqJ0ZPB79wVQW
Xe+ntkJThyPRPIs2tF6kzZGFsc77evLTvdVrcN0jcUuYqw/r2K8fnUU5OsZkdfhw
D+kiQmV1FvnoprjNxHxIXD4wTbLtFtKCa0yASr0UO9NtWf0Z2ErHn/MZy0QoGZR7
RzQBPQyLaqi9bxfeKPzUl0Y3P1AZSZzvqHEqCP6nPbRetZfS+3lhY2UAKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOwpxnHs1TcNU6c1s0zqhz6fHps+MB8GA1UdIwQY
MBaAFAVIzt8XAp7ZihCBE8bBCeyszYLsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAt
N2ZiYmFlNmY5NDM3LzEvN0NuR2NlelZOdzFUcHpXelRPcUhQcDhlbXo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOS81NDFjMDUtOGQ3ZC00MmI4LWFiMDAtN2ZiYmFlNmY5NDM3
LzEvQlVqTzN4Y0NudG1LRUlFVHhzRUo3S3pOZ3V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+POMA0G
CSqGSIb3DQEBCwUAA4IBAQAYDoFGpoqNE640edZW6g5iO0r7oNK+4zXj0NlOdMdg
L4ADOhetMzNO1WhB63p+M1K7Xyho6ffxIgIZLfDKwmmJmba7dCmSaetg+WFbbl6L
HSfPGcktzK6kGvp+5JYNQSKB4iADTqRQ+z2L1yK3eiUmtJK8fDsVdKTgOHSbwsMO
z0JhFhhMfadocA0fVNT98bUS//g4CH13EvSfwhiweF0V2gE/sIQ5Zas/7OZYG/J+
Kdn3WKiGj08iX9RVP/G4rOLKLqG+21f71YgpQsWI5Ua7pQnGbRpLNLdigtMHbg7x
BhZ1NovTvJfAOH+C5iPnrCJvjQZKJSKepWmqpDOUSjrS
-----END CERTIFICATE-----