Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/7zUat0wnhEFvsfWDpUmOuzS3wM8.roa
File:                     7zUat0wnhEFvsfWDpUmOuzS3wM8.roa (raw, json)
Hash identifier:          AZqVpQmxHRnvymlYYs39WPODWB8GXGJoSAb4BhFOvsc=
Subject key identifier:   EF:35:1A:B7:4C:27:84:41:6F:B1:F5:83:A5:49:8E:BB:34:B7:C0:CF
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       0194A93FED831E0437BD65E543B859BAD627
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/7zUat0wnhEFvsfWDpUmOuzS3wM8.roa
Signing time:             Mon 27 Jan 2025 19:32:06 +0000
ROA not before:           Mon 27 Jan 2025 19:32:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210546
IP address blocks:        147.45.198.0/24 maxlen: 24
                          147.45.199.0/24 maxlen: 24
                          147.45.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:a9:3f:ed:83:1e:04:37:bd:65:e5:43:b8:59:ba:d6:27
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Jan 27 19:32:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef351ab74c2784416fb1f583a5498ebb34b7c0cf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:6b:10:58:88:ea:f2:1f:db:92:f7:4e:6c:84:
                    a1:9f:a8:8c:fc:26:eb:0c:72:ae:66:58:7b:35:61:
                    2c:a5:ec:2c:4b:96:b7:8d:e8:a5:8e:c6:46:62:f3:
                    d0:4e:58:f1:3a:9c:a6:54:a0:e8:bd:ba:dc:ca:90:
                    78:c6:48:b3:2d:40:26:a5:c0:80:2d:a9:66:0e:bc:
                    02:c9:47:92:07:64:70:a4:69:44:1d:62:d9:5a:ec:
                    bf:14:59:f0:6e:c6:bf:7e:ff:0a:2b:8f:da:59:21:
                    d0:5d:10:95:1d:bc:fb:41:e7:07:41:35:b1:8c:b3:
                    a0:7c:f8:fc:b7:86:18:6f:ca:ca:4a:71:f0:ec:46:
                    6b:2a:9c:bc:5b:4a:eb:20:2a:c5:de:b5:8e:ab:f2:
                    8b:b2:15:a9:5b:f4:af:00:e6:e0:31:5b:48:70:78:
                    b8:81:c3:0d:e6:d9:f7:a6:e5:e1:29:99:45:50:01:
                    6f:57:77:3f:47:c5:a8:08:6b:aa:82:88:3f:2e:1d:
                    69:cb:42:bc:aa:38:8c:fe:4e:05:39:ab:51:b6:15:
                    2a:ac:d5:56:fa:5b:0a:e1:52:53:5a:98:5f:94:7d:
                    3b:3d:aa:c9:93:21:53:59:d5:b1:e3:8a:b6:14:61:
                    cf:a8:22:8e:2a:96:3a:b9:f7:33:27:9f:f6:79:c5:
                    bc:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:35:1A:B7:4C:27:84:41:6F:B1:F5:83:A5:49:8E:BB:34:B7:C0:CF
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/7zUat0wnhEFvsfWDpUmOuzS3wM8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.198.0/23
                  147.45.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:70:e3:95:47:af:31:7a:16:6d:87:70:08:90:e3:f1:ac:4a:
         0a:af:c9:cf:41:77:7f:52:67:29:93:d8:af:e2:6f:9f:b8:a1:
         c9:40:6c:ca:67:61:10:8a:cb:10:da:d3:ac:69:4b:d8:cc:43:
         94:b2:3e:0a:6d:00:ac:2d:8a:e8:34:55:74:f5:8b:db:09:0c:
         79:88:82:44:eb:5b:f0:25:55:09:8b:ec:67:00:3c:69:bb:2b:
         b7:dd:60:52:d0:4e:47:38:be:75:93:42:99:a5:8c:84:55:4c:
         7e:4c:7b:3c:fe:87:11:0a:f7:2d:90:54:58:2b:39:1a:e3:d5:
         67:38:75:4c:0e:d0:38:38:91:6a:b3:7a:48:45:37:ca:88:18:
         c3:ee:57:04:98:c6:a3:4d:87:d5:e5:dc:23:a8:8f:5f:01:6c:
         2a:01:da:e0:ba:50:f0:88:1b:69:36:70:61:f6:6e:88:e9:45:
         24:6a:e9:fc:f4:5a:0d:51:12:9a:92:ed:be:c8:e5:7d:69:4b:
         e9:4a:4c:a6:01:11:f4:58:cc:14:c5:19:99:39:9e:57:1a:8e:
         96:9d:62:55:d4:23:af:be:71:d1:71:9d:4e:b0:0f:24:03:a4:
         e6:e2:8c:af:5c:9b:c5:35:c4:69:45:bf:e6:2e:70:a6:2a:a0:
         1a:52:7b:4d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZSpP+2DHgQ3vWXlQ7hZutYnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwMTI3MTkzMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjM1MWFiNzRjMjc4NDQxNmZiMWY1ODNhNTQ5OGViYjM0YjdjMGNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2sQWIjq8h/bkvdObIShn6iM/Cbr
DHKuZlh7NWEspewsS5a3jeiljsZGYvPQTljxOpymVKDovbrcypB4xkizLUAmpcCA
LalmDrwCyUeSB2RwpGlEHWLZWuy/FFnwbsa/fv8KK4/aWSHQXRCVHbz7QecHQTWx
jLOgfPj8t4YYb8rKSnHw7EZrKpy8W0rrICrF3rWOq/KLshWpW/SvAObgMVtIcHi4
gcMN5tn3puXhKZlFUAFvV3c/R8WoCGuqgog/Lh1py0K8qjiM/k4FOatRthUqrNVW
+lsK4VJTWphflH07ParJkyFTWdWx44q2FGHPqCKOKpY6ufczJ5/2ecW8VwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFO81GrdMJ4RBb7H1g6VJjrs0t8DPMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEvN3pVYXQwd25oRUZ2c2ZXRHBVbU91elMzd004LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBky3GAwQA
ky3aMA0GCSqGSIb3DQEBCwUAA4IBAQBdcOOVR68xehZth3AIkOPxrEoKr8nPQXd/
Umcpk9iv4m+fuKHJQGzKZ2EQissQ2tOsaUvYzEOUsj4KbQCsLYroNFV09YvbCQx5
iIJE61vwJVUJi+xnADxpuyu33WBS0E5HOL51k0KZpYyEVUx+THs8/ocRCvctkFRY
Kzka49VnOHVMDtA4OJFqs3pIRTfKiBjD7lcEmMajTYfV5dwjqI9fAWwqAdrgulDw
iBtpNnBh9m6I6UUkaun89FoNURKaku2+yOV9aUvpSkymARH0WMwUxRmZOZ5XGo6W
nWJV1COvvnHRcZ1OsA8kA6Tm4oyvXJvFNcRpRb/mLnCmKqAaUntN
-----END CERTIFICATE-----