Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/eda8ef-36d3-45d4-911e-5fa90c13e1b7/1/7AjGLQsJj7KXSqBNNqiLp45yitU.roa
File:                     7AjGLQsJj7KXSqBNNqiLp45yitU.roa (raw, json)
Hash identifier:          z05Ju9vFqoh0JjoPd8SpAqwh3plkGnHfuFRv3k0ibgU=
Subject key identifier:   EC:08:C6:2D:0B:09:8F:B2:97:4A:A0:4D:36:A8:8B:A7:8E:72:8A:D5
Certificate issuer:       /CN=f8cfdc0e5edb1cc323f9344fe2827c793e95ac6f
Certificate serial:       019425FC323D1FB6397D608385CEEB3FCE78
Authority key identifier: F8:CF:DC:0E:5E:DB:1C:C3:23:F9:34:4F:E2:82:7C:79:3E:95:AC:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-M_cDl7bHMMj-TRP4oJ8eT6VrG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/17/eda8ef-36d3-45d4-911e-5fa90c13e1b7/1/7AjGLQsJj7KXSqBNNqiLp45yitU.roa
Signing time:             Thu 02 Jan 2025 07:47:52 +0000
ROA not before:           Thu 02 Jan 2025 07:47:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3320
IP address blocks:        194.113.20.0/23 maxlen: 24
                          2001:678:b38::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/17/eda8ef-36d3-45d4-911e-5fa90c13e1b7/1/1-M_cDl7bHMMj-TRP4oJ8eT6VrG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/17/eda8ef-36d3-45d4-911e-5fa90c13e1b7/1/1-M_cDl7bHMMj-TRP4oJ8eT6VrG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-M_cDl7bHMMj-TRP4oJ8eT6VrG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:32:3d:1f:b6:39:7d:60:83:85:ce:eb:3f:ce:78
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8cfdc0e5edb1cc323f9344fe2827c793e95ac6f
        Validity
            Not Before: Jan  2 07:47:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec08c62d0b098fb2974aa04d36a88ba78e728ad5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b1:93:3a:43:13:90:0c:15:b0:5e:05:a3:6e:
                    20:bf:f0:cb:2e:c3:88:b3:ed:87:ad:b1:35:cc:d5:
                    f3:64:a4:29:9a:99:a8:8d:fe:ff:ac:4e:48:7a:92:
                    9b:28:60:4b:d6:1a:a2:90:49:bc:75:37:a6:ae:58:
                    c3:4d:61:a0:c3:ae:bf:bc:df:fe:89:53:db:72:ef:
                    dd:2e:2e:f0:8d:e8:48:9a:e2:3f:3b:0b:40:df:74:
                    d8:19:1e:38:90:32:30:52:ef:13:32:33:dd:d3:9e:
                    70:4e:c2:17:51:3b:88:de:d3:0a:d4:1a:4f:f1:b5:
                    8a:a2:73:c1:81:64:74:86:0c:8b:d5:28:1a:60:0e:
                    a8:0d:f4:13:f8:df:41:8f:8d:5e:90:b2:a6:b0:4a:
                    f4:06:9b:fa:a8:18:db:1c:19:56:14:d8:4a:82:b6:
                    77:90:13:c6:12:34:39:a1:60:d2:db:71:db:13:97:
                    53:80:db:51:e7:8f:c6:48:75:9f:07:76:e6:c5:3f:
                    12:06:57:5c:9d:38:8e:8d:ea:eb:2d:eb:16:fe:0f:
                    26:8c:ff:45:03:e1:2f:c8:a4:aa:4b:7a:4c:a2:f3:
                    4f:2f:5f:e0:0d:1a:39:1f:80:45:c4:43:0c:47:f5:
                    59:57:01:c4:9f:5a:06:1c:96:61:c0:d9:50:55:76:
                    32:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:08:C6:2D:0B:09:8F:B2:97:4A:A0:4D:36:A8:8B:A7:8E:72:8A:D5
            X509v3 Authority Key Identifier:
                keyid:F8:CF:DC:0E:5E:DB:1C:C3:23:F9:34:4F:E2:82:7C:79:3E:95:AC:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-M_cDl7bHMMj-TRP4oJ8eT6VrG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/eda8ef-36d3-45d4-911e-5fa90c13e1b7/1/7AjGLQsJj7KXSqBNNqiLp45yitU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/17/eda8ef-36d3-45d4-911e-5fa90c13e1b7/1/1-M_cDl7bHMMj-TRP4oJ8eT6VrG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.113.20.0/23
                IPv6:
                  2001:678:b38::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:c6:e6:80:d1:75:56:e0:f6:48:b0:73:4e:3a:e6:3d:eb:0a:
         c7:15:fa:1b:16:5e:9e:77:f4:bc:2d:bb:16:a3:8c:2b:37:12:
         06:93:d7:64:ed:53:82:35:87:be:7e:5a:96:53:5f:57:82:73:
         9e:d9:86:68:84:1a:cd:ca:c7:4c:04:a9:a7:31:b7:5c:72:7e:
         6b:7a:d1:89:42:d1:73:f4:c2:7e:be:23:8a:2a:86:04:a4:26:
         05:d0:2b:3a:1a:b8:1a:14:74:72:9a:6c:18:5f:cf:a7:b6:c0:
         09:0c:02:bb:56:49:a4:a4:8c:2e:0d:8f:9f:a6:15:86:0a:e1:
         1b:fd:17:9f:d6:d7:3e:a2:d4:dd:0b:b5:20:00:d3:f8:94:51:
         84:ab:25:47:e5:78:96:70:ff:83:13:fd:c2:e4:08:15:5e:fd:
         38:33:02:bb:74:7d:59:81:d7:03:30:ad:43:0d:68:3b:3f:be:
         7e:41:a2:40:53:04:61:87:aa:ff:56:27:b8:2e:35:2d:25:65:
         2c:80:1d:5e:6f:38:40:bd:40:c1:82:07:55:cc:78:3f:d9:7c:
         6c:12:af:3e:2c:9d:b7:40:4f:dc:85:51:c7:d8:dc:bf:5f:ee:
         1b:e4:73:06:84:38:68:f6:ed:6b:2a:52:e7:9e:cb:26:0c:c7:
         da:5c:20:06
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAZQl/DI9H7Y5fWCDhc7rP854MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4Y2ZkYzBlNWVkYjFjYzMyM2Y5MzQ0ZmUyODI3Yzc5M2U5
NWFjNmYwHhcNMjUwMTAyMDc0NzUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzA4YzYyZDBiMDk4ZmIyOTc0YWEwNGQzNmE4OGJhNzhlNzI4YWQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrGTOkMTkAwVsF4Fo24gv/DLLsOI
s+2HrbE1zNXzZKQpmpmojf7/rE5IepKbKGBL1hqikEm8dTemrljDTWGgw66/vN/+
iVPbcu/dLi7wjehImuI/OwtA33TYGR44kDIwUu8TMjPd055wTsIXUTuI3tMK1BpP
8bWKonPBgWR0hgyL1SgaYA6oDfQT+N9Bj41ekLKmsEr0Bpv6qBjbHBlWFNhKgrZ3
kBPGEjQ5oWDS23HbE5dTgNtR54/GSHWfB3bmxT8SBldcnTiOjerrLesW/g8mjP9F
A+EvyKSqS3pMovNPL1/gDRo5H4BFxEMMR/VZVwHEn1oGHJZhwNlQVXYy8wIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFOwIxi0LCY+yl0qgTTaoi6eOcorVMB8GA1UdIwQY
MBaAFPjP3A5e2xzDI/k0T+KCfHk+laxvMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1NX2NEbDdiSE1Nai1UUlA0b0o4ZVQ2VnJHOC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTcvZWRhOGVmLTM2ZDMtNDVkNC05MTFl
LTVmYTkwYzEzZTFiNy8xLzdBakdMUXNKajdLWFNxQk5OcWlMcDQ1eWl0VS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMTcvZWRhOGVmLTM2ZDMtNDVkNC05MTFlLTVmYTkwYzEzZTFi
Ny8xLzEtTV9jRGw3YkhNTWotVFJQNG9KOGVUNlZyRzguY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwMAYIKwYBBQUHAQcBAf8EITAfMAwEAgABMAYDBAHCcRQw
DwQCAAIwCQMHACABBngLODANBgkqhkiG9w0BAQsFAAOCAQEAO8bmgNF1VuD2SLBz
TjrmPesKxxX6GxZennf0vC27FqOMKzcSBpPXZO1TgjWHvn5allNfV4JzntmGaIQa
zcrHTASppzG3XHJ+a3rRiULRc/TCfr4jiiqGBKQmBdArOhq4GhR0cppsGF/Pp7bA
CQwCu1ZJpKSMLg2Pn6YVhgrhG/0Xn9bXPqLU3Qu1IADT+JRRhKslR+V4lnD/gxP9
wuQIFV79ODMCu3R9WYHXAzCtQw1oOz++fkGiQFMEYYeq/1YnuC41LSVlLIAdXm84
QL1AwYIHVcx4P9l8bBKvPiydt0BP3IVRx9jcv1/uG+RzBoQ4aPbtaypS557LJgzH
2lwgBg==
-----END CERTIFICATE-----