Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/7EWEqRw8RoS0w7RjmP6d3h3BbNg.roa
File:                     7EWEqRw8RoS0w7RjmP6d3h3BbNg.roa (raw, json)
Hash identifier:          vEThkmGM+/L+dTFRCTNlorDLU8NBYGnhWNxVYjPgD5c=
Subject key identifier:   EC:45:84:A9:1C:3C:46:84:B4:C3:B4:63:98:FE:9D:DE:1D:C1:6C:D8
Certificate issuer:       /CN=17067977efd14bc89fb0daba03bb0f600fbb0184
Certificate serial:       0195A956107B9C05CE4483747BF4B94D5CFE
Authority key identifier: 17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/7EWEqRw8RoS0w7RjmP6d3h3BbNg.roa
Signing time:             Tue 18 Mar 2025 12:59:04 +0000
ROA not before:           Tue 18 Mar 2025 12:59:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     138195
IP address blocks:        86.110.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:01:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a9:56:10:7b:9c:05:ce:44:83:74:7b:f4:b9:4d:5c:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=17067977efd14bc89fb0daba03bb0f600fbb0184
        Validity
            Not Before: Mar 18 12:59:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec4584a91c3c4684b4c3b46398fe9dde1dc16cd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:78:80:f8:72:d7:51:fc:a1:df:e2:f5:ba:59:
                    0b:4d:da:91:ea:a9:07:9e:1f:2a:38:c6:c4:66:2f:
                    0a:00:6a:0e:af:0f:0d:8a:fd:a4:29:86:8a:2e:dc:
                    a2:38:9f:ec:b0:33:2c:b7:f0:b0:73:aa:fb:85:3a:
                    19:42:d2:9f:9d:1a:16:13:7b:2b:c6:c7:99:19:13:
                    31:d6:4c:3d:d1:ef:4f:fb:f9:d9:9d:30:eb:4e:a0:
                    08:96:07:9d:8e:fe:ff:75:f8:e4:1b:2c:13:70:15:
                    18:c1:01:15:68:8e:ec:32:79:e8:79:05:f7:b2:ff:
                    11:bf:f4:5e:de:82:08:39:40:06:70:4b:32:8d:ee:
                    43:49:68:b6:e6:a1:b5:04:30:67:a7:1d:b8:fa:68:
                    be:a6:7c:28:ac:a4:c2:72:15:83:74:06:87:98:43:
                    85:54:c6:7c:11:69:24:55:eb:19:b4:24:b7:b8:16:
                    75:c8:29:15:1b:b1:ac:9b:83:56:c3:14:3d:54:01:
                    44:13:11:ef:35:7f:0f:c2:0c:d9:8e:43:e3:d9:37:
                    bd:f1:74:68:84:47:9d:01:eb:78:08:d4:2f:54:a6:
                    cf:01:a0:bc:dc:f2:26:74:61:0b:7a:07:4d:d9:c3:
                    b2:4f:52:b1:ee:49:9b:b8:50:88:4b:29:cd:b5:fa:
                    f1:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:45:84:A9:1C:3C:46:84:B4:C3:B4:63:98:FE:9D:DE:1D:C1:6C:D8
            X509v3 Authority Key Identifier:
                keyid:17:06:79:77:EF:D1:4B:C8:9F:B0:DA:BA:03:BB:0F:60:0F:BB:01:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/7EWEqRw8RoS0w7RjmP6d3h3BbNg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/e1ad7a-12e7-4fd0-b61e-d1a7772db076/1/FwZ5d-_RS8ifsNq6A7sPYA-7AYQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.110.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:3f:10:24:a2:6e:be:3d:1f:8e:cd:44:82:eb:bd:c0:73:6e:
         b0:f0:b5:b2:69:75:2c:be:96:ff:5f:24:1c:ed:05:8c:f9:b5:
         a8:98:d5:ad:23:27:b3:50:ee:ad:50:1d:3f:5d:e1:01:c5:7a:
         1d:93:92:51:cd:e2:de:28:8d:aa:c9:8f:13:7b:4f:e6:08:89:
         36:6e:15:fe:09:bd:e2:ca:2f:4a:7b:72:7a:3f:17:ca:7e:9a:
         20:bb:76:69:14:a5:7d:2b:49:1b:5e:1e:48:4a:c2:79:e2:7e:
         9f:78:83:07:7c:d7:88:be:46:9d:dc:3a:90:09:79:04:a7:6a:
         68:67:99:5c:38:e2:98:71:7b:4d:f3:28:99:df:4b:f8:1d:57:
         87:00:51:c1:ef:1e:da:0c:89:4e:3c:9c:c5:b4:64:e6:a8:89:
         b1:c1:6d:ac:54:a2:3f:e7:57:b6:54:a3:9a:72:4b:d8:1d:cd:
         6c:5d:dd:3f:cc:db:cb:78:b9:e3:49:a8:d0:9f:5a:dd:be:e8:
         53:d6:93:a6:44:74:51:17:59:06:76:5a:8b:bb:93:26:7d:1d:
         93:1d:af:86:69:ac:ef:89:42:33:79:cd:09:c6:8a:21:41:59:
         e2:38:fa:06:12:66:94:59:7b:80:1f:58:59:8e:60:5a:cf:61:
         22:4c:d4:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWpVhB7nAXORIN0e/S5TVz+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3MDY3OTc3ZWZkMTRiYzg5ZmIwZGFiYTAzYmIwZjYwMGZi
YjAxODQwHhcNMjUwMzE4MTI1OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzQ1ODRhOTFjM2M0Njg0YjRjM2I0NjM5OGZlOWRkZTFkYzE2Y2Q4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApXiA+HLXUfyh3+L1ulkLTdqR6qkH
nh8qOMbEZi8KAGoOrw8Niv2kKYaKLtyiOJ/ssDMst/Cwc6r7hToZQtKfnRoWE3sr
xseZGRMx1kw90e9P+/nZnTDrTqAIlgedjv7/dfjkGywTcBUYwQEVaI7sMnnoeQX3
sv8Rv/Re3oIIOUAGcEsyje5DSWi25qG1BDBnpx24+mi+pnworKTCchWDdAaHmEOF
VMZ8EWkkVesZtCS3uBZ1yCkVG7Gsm4NWwxQ9VAFEExHvNX8PwgzZjkPj2Te98XRo
hEedAet4CNQvVKbPAaC83PImdGELegdN2cOyT1Kx7kmbuFCISynNtfrxmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOxFhKkcPEaEtMO0Y5j+nd4dwWzYMB8GA1UdIwQY
MBaAFBcGeXfv0UvIn7DaugO7D2APuwGEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUt
ZDFhNzc3MmRiMDc2LzEvN0VXRXFSdzhSb1MwdzdSam1QNmQzaDNCYk5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS9lMWFkN2EtMTJlNy00ZmQwLWI2MWUtZDFhNzc3MmRiMDc2
LzEvRndaNWQtX1JTOGlmc05xNkE3c1BZQS03QVlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVm4/MA0G
CSqGSIb3DQEBCwUAA4IBAQAMPxAkom6+PR+OzUSC673Ac26w8LWyaXUsvpb/XyQc
7QWM+bWomNWtIyezUO6tUB0/XeEBxXodk5JRzeLeKI2qyY8Te0/mCIk2bhX+Cb3i
yi9Ke3J6PxfKfpogu3ZpFKV9K0kbXh5ISsJ54n6feIMHfNeIvkad3DqQCXkEp2po
Z5lcOOKYcXtN8yiZ30v4HVeHAFHB7x7aDIlOPJzFtGTmqImxwW2sVKI/51e2VKOa
ckvYHc1sXd0/zNvLeLnjSajQn1rdvuhT1pOmRHRRF1kGdlqLu5MmfR2THa+Gaazv
iUIzec0JxoohQVniOPoGEmaUWXuAH1hZjmBaz2EiTNQO
-----END CERTIFICATE-----