Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/16/cbe7e5-dcc8-4265-8d7d-48ca33675a50/1/99MFFBjF3Dc4zTlDGHUkWaGScYw.roa
File:                     99MFFBjF3Dc4zTlDGHUkWaGScYw.roa (raw, json)
Hash identifier:          WeTl8ArSSJSSsmY/ooHSrE+g99Jv4JYzfunEC3Fj5PM=
Subject key identifier:   F7:D3:05:14:18:C5:DC:37:38:CD:39:43:18:75:24:59:A1:92:71:8C
Certificate issuer:       /CN=e673ff10d7a554fc51a7f99c1f61e1ceef9985bc
Certificate serial:       0194221FF45F1E300EE18E3E44E03A27AE41
Authority key identifier: E6:73:FF:10:D7:A5:54:FC:51:A7:F9:9C:1F:61:E1:CE:EF:99:85:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5nP_ENelVPxRp_mcH2Hhzu-Zhbw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/16/cbe7e5-dcc8-4265-8d7d-48ca33675a50/1/99MFFBjF3Dc4zTlDGHUkWaGScYw.roa
Signing time:             Wed 01 Jan 2025 13:48:27 +0000
ROA not before:           Wed 01 Jan 2025 13:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60631
IP address blocks:        185.7.212.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/16/cbe7e5-dcc8-4265-8d7d-48ca33675a50/1/5nP_ENelVPxRp_mcH2Hhzu-Zhbw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/16/cbe7e5-dcc8-4265-8d7d-48ca33675a50/1/5nP_ENelVPxRp_mcH2Hhzu-Zhbw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5nP_ENelVPxRp_mcH2Hhzu-Zhbw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:f4:5f:1e:30:0e:e1:8e:3e:44:e0:3a:27:ae:41
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e673ff10d7a554fc51a7f99c1f61e1ceef9985bc
        Validity
            Not Before: Jan  1 13:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f7d3051418c5dc3738cd394318752459a192718c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:ee:b8:83:19:4d:f0:d2:3b:85:5d:3f:5d:81:
                    80:10:b0:c9:6b:bd:91:e1:b8:8d:20:f2:b9:9e:86:
                    b5:ec:b4:5e:c0:9c:ba:ee:03:8b:99:34:89:07:ba:
                    c8:79:fd:ee:7e:22:a6:2f:3d:27:79:c1:af:06:c6:
                    8a:bf:fe:78:17:38:d0:bb:ef:79:57:dd:bb:5e:4e:
                    bd:dd:b4:75:49:2e:67:6b:98:64:c2:b3:0a:94:98:
                    50:30:07:62:c9:54:7b:ea:11:2d:f9:90:eb:b8:e2:
                    39:6e:44:90:f1:76:69:1b:ef:dd:36:ab:94:55:4e:
                    27:ca:34:5f:68:b6:17:13:7a:2b:2a:ee:91:b3:26:
                    61:57:02:8f:de:73:97:08:2f:3d:39:b4:ce:9f:2d:
                    fa:67:0b:1b:28:9d:b3:50:42:c7:0c:63:0e:81:95:
                    90:5e:94:f0:34:37:e9:e3:f9:f8:76:ed:1f:df:e0:
                    06:93:39:b8:28:03:d3:e3:43:e7:ab:08:f2:da:b3:
                    51:f9:84:4d:25:b4:1b:09:5a:2d:03:3f:99:7f:5b:
                    8e:5a:3c:e9:98:42:82:08:43:ae:c6:f7:1d:23:34:
                    e5:aa:63:27:6a:34:a1:38:c3:78:76:d3:5f:9c:58:
                    03:16:2b:62:a1:cd:ef:eb:b3:42:1d:96:7a:17:18:
                    54:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:D3:05:14:18:C5:DC:37:38:CD:39:43:18:75:24:59:A1:92:71:8C
            X509v3 Authority Key Identifier:
                keyid:E6:73:FF:10:D7:A5:54:FC:51:A7:F9:9C:1F:61:E1:CE:EF:99:85:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5nP_ENelVPxRp_mcH2Hhzu-Zhbw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/16/cbe7e5-dcc8-4265-8d7d-48ca33675a50/1/99MFFBjF3Dc4zTlDGHUkWaGScYw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/16/cbe7e5-dcc8-4265-8d7d-48ca33675a50/1/5nP_ENelVPxRp_mcH2Hhzu-Zhbw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.212.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:c4:98:4f:ca:1d:43:43:a6:69:20:c8:8b:9b:d3:5f:d2:e6:
         a4:d8:78:a5:5a:ca:ad:56:4d:30:e1:d5:70:19:67:ad:de:b3:
         87:65:75:18:5a:cb:c0:dd:f7:ed:5d:f6:36:5d:26:3e:0d:94:
         c2:43:b0:7c:33:8f:4d:f4:2c:69:35:6b:43:87:77:5d:24:90:
         33:00:77:df:67:85:96:8f:e4:50:78:ed:03:90:7f:2d:48:f9:
         9b:79:7e:a7:d1:50:b0:80:3b:cc:a8:fd:ba:00:d5:ee:27:5c:
         67:25:1c:cf:91:66:d1:c8:bb:0e:f5:0d:5d:77:80:ba:02:8b:
         c6:d1:16:dd:f8:8a:68:a5:c7:34:3a:ee:94:94:42:a0:2b:d8:
         90:34:b3:48:22:06:20:15:6a:b1:d3:2f:0b:c1:6b:42:41:a2:
         57:b5:99:d3:2c:bd:16:fc:3b:d0:43:9e:e1:a5:9d:d6:fb:c1:
         de:61:b3:a1:34:34:da:1d:c0:95:15:4e:61:51:7b:c3:93:f9:
         22:67:79:36:59:a3:06:f1:c5:d2:e5:f7:5e:ee:89:99:e8:b7:
         9c:5f:43:9c:61:33:cc:ba:cf:28:23:a5:d5:97:ef:83:b6:f1:
         26:94:cc:00:1f:d7:38:46:e4:e4:6b:ee:8c:1c:df:75:e6:02:
         86:d9:f2:6f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH/RfHjAO4Y4+ROA6J65BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU2NzNmZjEwZDdhNTU0ZmM1MWE3Zjk5YzFmNjFlMWNlZWY5
OTg1YmMwHhcNMjUwMTAxMTM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmN2QzMDUxNDE4YzVkYzM3MzhjZDM5NDMxODc1MjQ1OWExOTI3MThjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0O64gxlN8NI7hV0/XYGAELDJa72R
4biNIPK5noa17LRewJy67gOLmTSJB7rIef3ufiKmLz0necGvBsaKv/54FzjQu+95
V927Xk693bR1SS5na5hkwrMKlJhQMAdiyVR76hEt+ZDruOI5bkSQ8XZpG+/dNquU
VU4nyjRfaLYXE3orKu6RsyZhVwKP3nOXCC89ObTOny36ZwsbKJ2zUELHDGMOgZWQ
XpTwNDfp4/n4du0f3+AGkzm4KAPT40Pnqwjy2rNR+YRNJbQbCVotAz+Zf1uOWjzp
mEKCCEOuxvcdIzTlqmMnajShOMN4dtNfnFgDFitioc3v67NCHZZ6FxhUgwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPfTBRQYxdw3OM05Qxh1JFmhknGMMB8GA1UdIwQY
MBaAFOZz/xDXpVT8Uaf5nB9h4c7vmYW8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNW5QX0VOZWxWUHhScF9tY0gySGh6dS1aaGJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNi9jYmU3ZTUtZGNjOC00MjY1LThkN2Qt
NDhjYTMzNjc1YTUwLzEvOTlNRkZCakYzRGM0elRsREdIVWtXYUdTY1l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNi9jYmU3ZTUtZGNjOC00MjY1LThkN2QtNDhjYTMzNjc1YTUw
LzEvNW5QX0VOZWxWUHhScF9tY0gySGh6dS1aaGJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQfUMA0G
CSqGSIb3DQEBCwUAA4IBAQACxJhPyh1DQ6ZpIMiLm9Nf0uak2HilWsqtVk0w4dVw
GWet3rOHZXUYWsvA3fftXfY2XSY+DZTCQ7B8M49N9CxpNWtDh3ddJJAzAHffZ4WW
j+RQeO0DkH8tSPmbeX6n0VCwgDvMqP26ANXuJ1xnJRzPkWbRyLsO9Q1dd4C6AovG
0Rbd+Ipopcc0Ou6UlEKgK9iQNLNIIgYgFWqx0y8LwWtCQaJXtZnTLL0W/DvQQ57h
pZ3W+8HeYbOhNDTaHcCVFU5hUXvDk/kiZ3k2WaMG8cXS5fde7omZ6LecX0OcYTPM
us8oI6XVl++DtvEmlMwAH9c4RuTka+6MHN915gKG2fJv
-----END CERTIFICATE-----