Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/18c8d5-089a-470e-906d-dc4e7988a28a/1/7E7gyymF8j2toEenFO04AQuZbVQ.roa
File:                     7E7gyymF8j2toEenFO04AQuZbVQ.roa (raw, json)
Hash identifier:          HKny0hIiEORMsHrCnF3pLBTGlpUFzpGxVsMxMmuOnho=
Subject key identifier:   EC:4E:E0:CB:29:85:F2:3D:AD:A0:47:A7:14:ED:38:01:0B:99:6D:54
Certificate issuer:       /CN=b41bb1cdd5b86be77806889d2e1b202acc27b225
Certificate serial:       0195B3385B11229A86AB2EED08F21AC565BD
Authority key identifier: B4:1B:B1:CD:D5:B8:6B:E7:78:06:88:9D:2E:1B:20:2A:CC:27:B2:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tBuxzdW4a-d4BoidLhsgKswnsiU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/18c8d5-089a-470e-906d-dc4e7988a28a/1/7E7gyymF8j2toEenFO04AQuZbVQ.roa
Signing time:             Thu 20 Mar 2025 11:02:49 +0000
ROA not before:           Thu 20 Mar 2025 11:02:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51200
IP address blocks:        193.176.156.0/24 maxlen: 24
                          193.242.105.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/18c8d5-089a-470e-906d-dc4e7988a28a/1/tBuxzdW4a-d4BoidLhsgKswnsiU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/18c8d5-089a-470e-906d-dc4e7988a28a/1/tBuxzdW4a-d4BoidLhsgKswnsiU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tBuxzdW4a-d4BoidLhsgKswnsiU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:b3:38:5b:11:22:9a:86:ab:2e:ed:08:f2:1a:c5:65:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b41bb1cdd5b86be77806889d2e1b202acc27b225
        Validity
            Not Before: Mar 20 11:02:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec4ee0cb2985f23dada047a714ed38010b996d54
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:30:30:d4:23:4e:e2:9e:02:b1:f9:de:5c:af:
                    9d:d1:d6:69:59:10:00:5c:50:91:09:20:3d:fe:0e:
                    73:66:fb:37:82:94:42:fc:f6:f7:79:d3:1d:c1:fb:
                    13:d2:cc:81:b2:d2:ba:d3:68:75:15:86:5d:ec:3b:
                    16:7f:87:9d:9d:fd:aa:f1:68:69:58:83:1b:b0:f4:
                    6e:24:b1:f2:57:8b:a2:03:b6:f2:a5:41:8e:f8:b6:
                    60:87:61:95:c9:e8:1a:94:b8:5f:87:a6:ef:9b:a5:
                    e4:83:90:34:46:8f:c8:e5:16:44:db:a4:c0:c8:d0:
                    80:e9:14:a9:63:96:75:e2:ee:e7:d9:fb:3c:d8:76:
                    ba:96:64:3e:af:b6:cf:e6:9b:f4:e2:4d:59:2c:54:
                    f5:27:9b:f4:16:b4:b5:df:20:52:d0:65:8a:25:93:
                    97:3b:2e:ce:6a:f4:51:41:01:ff:47:92:e0:93:cf:
                    6f:c5:bc:23:c0:75:32:f9:9c:3f:3e:29:65:54:c5:
                    4e:bc:50:70:c5:07:ad:f4:ce:d5:b5:ea:51:97:f4:
                    0d:d0:cf:8b:32:15:c9:56:ad:81:e3:2f:7c:00:81:
                    b0:a5:f3:b0:3c:bd:39:b0:f8:97:90:92:15:ea:a4:
                    97:d4:f8:74:f1:55:e0:06:ad:02:58:ff:b4:92:9c:
                    e1:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:4E:E0:CB:29:85:F2:3D:AD:A0:47:A7:14:ED:38:01:0B:99:6D:54
            X509v3 Authority Key Identifier:
                keyid:B4:1B:B1:CD:D5:B8:6B:E7:78:06:88:9D:2E:1B:20:2A:CC:27:B2:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tBuxzdW4a-d4BoidLhsgKswnsiU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/18c8d5-089a-470e-906d-dc4e7988a28a/1/7E7gyymF8j2toEenFO04AQuZbVQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/18c8d5-089a-470e-906d-dc4e7988a28a/1/tBuxzdW4a-d4BoidLhsgKswnsiU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.176.156.0/24
                  193.242.105.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:44:1a:eb:21:19:05:b9:e0:e2:1b:33:9f:16:02:1f:b1:f8:
         87:12:fa:5e:ff:dc:3c:f2:23:01:72:05:9d:e3:66:5c:c2:4f:
         2d:55:20:47:56:f8:d8:2a:f9:4e:10:9d:bb:c1:0f:98:ba:d1:
         eb:fd:e5:16:ad:ac:f5:d1:04:1f:e0:a2:af:8c:5e:a5:34:f9:
         96:77:36:c4:90:ed:85:22:53:b2:c1:04:7e:3c:99:bb:9e:b8:
         8a:d0:63:c0:3e:47:ad:b4:6d:42:24:ae:8f:ad:3b:1e:66:c8:
         36:01:78:33:96:33:9c:af:1d:59:e1:d0:62:b0:11:6a:87:8d:
         bd:83:ef:05:17:3f:8f:68:6c:c3:7f:ff:07:37:d1:d4:5e:6e:
         90:7c:2c:f1:f3:81:d1:e6:05:4b:f7:2c:35:d0:1d:6e:07:e8:
         f1:2f:6a:25:76:48:84:f0:62:72:bc:1e:c1:00:a4:97:d6:68:
         54:87:9d:7f:ba:16:cc:41:f7:85:16:05:a7:21:f8:aa:bd:5b:
         51:bf:e0:e4:ad:15:29:12:0c:59:1c:0f:b5:97:15:c2:7d:c6:
         4d:68:c9:b0:b6:f0:18:d6:45:38:c6:c5:01:f0:d2:86:94:52:
         dd:4e:ef:a3:ac:30:c5:82:fb:64:cc:39:64:64:81:a3:19:be:
         6c:34:8a:51
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWzOFsRIpqGqy7tCPIaxWW9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MWJiMWNkZDViODZiZTc3ODA2ODg5ZDJlMWIyMDJhY2My
N2IyMjUwHhcNMjUwMzIwMTEwMjQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzRlZTBjYjI5ODVmMjNkYWRhMDQ3YTcxNGVkMzgwMTBiOTk2ZDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTAw1CNO4p4CsfneXK+d0dZpWRAA
XFCRCSA9/g5zZvs3gpRC/Pb3edMdwfsT0syBstK602h1FYZd7DsWf4ednf2q8Whp
WIMbsPRuJLHyV4uiA7bypUGO+LZgh2GVyegalLhfh6bvm6Xkg5A0Ro/I5RZE26TA
yNCA6RSpY5Z14u7n2fs82Ha6lmQ+r7bP5pv04k1ZLFT1J5v0FrS13yBS0GWKJZOX
Oy7OavRRQQH/R5Lgk89vxbwjwHUy+Zw/PillVMVOvFBwxQet9M7VtepRl/QN0M+L
MhXJVq2B4y98AIGwpfOwPL05sPiXkJIV6qSX1Ph08VXgBq0CWP+0kpzh5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOxO4MsphfI9raBHpxTtOAELmW1UMB8GA1UdIwQY
MBaAFLQbsc3VuGvneAaInS4bICrMJ7IlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEJ1eHpkVzRhLWQ0Qm9pZExoc2dLc3duc2lVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC8xOGM4ZDUtMDg5YS00NzBlLTkwNmQt
ZGM0ZTc5ODhhMjhhLzEvN0U3Z3l5bUY4ajJ0b0VlbkZPMDRBUXVaYlZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC8xOGM4ZDUtMDg5YS00NzBlLTkwNmQtZGM0ZTc5ODhhMjhh
LzEvdEJ1eHpkVzRhLWQ0Qm9pZExoc2dLc3duc2lVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwbCcAwQA
wfJpMA0GCSqGSIb3DQEBCwUAA4IBAQBwRBrrIRkFueDiGzOfFgIfsfiHEvpe/9w8
8iMBcgWd42Zcwk8tVSBHVvjYKvlOEJ27wQ+YutHr/eUWraz10QQf4KKvjF6lNPmW
dzbEkO2FIlOywQR+PJm7nriK0GPAPkettG1CJK6PrTseZsg2AXgzljOcrx1Z4dBi
sBFqh429g+8FFz+PaGzDf/8HN9HUXm6QfCzx84HR5gVL9yw10B1uB+jxL2oldkiE
8GJyvB7BAKSX1mhUh51/uhbMQfeFFgWnIfiqvVtRv+DkrRUpEgxZHA+1lxXCfcZN
aMmwtvAY1kU4xsUB8NKGlFLdTu+jrDDFgvtkzDlkZIGjGb5sNIpR
-----END CERTIFICATE-----