Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/8d991e-3ece-4a11-b463-751cf3a5e1e1/1/7nWZ-fXLkbaN6kk-WpeVPSb_Shk.roa
File:                     7nWZ-fXLkbaN6kk-WpeVPSb_Shk.roa (raw, json)
Hash identifier:          +Nsf5cvVzwGmy0NBURwNVgZwqRNM1or+ZItAdRGNc3s=
Subject key identifier:   EE:75:99:F9:F5:CB:91:B6:8D:EA:49:3E:5A:97:95:3D:26:FF:4A:19
Certificate issuer:       /CN=14a6b0862b2b303b302c3c2349a5ac8d0f906b06
Certificate serial:       019420D5B141F69650B30CAB53FE1785CF14
Authority key identifier: 14:A6:B0:86:2B:2B:30:3B:30:2C:3C:23:49:A5:AC:8D:0F:90:6B:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FKawhisrMDswLDwjSaWsjQ-QawY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3a/8d991e-3ece-4a11-b463-751cf3a5e1e1/1/7nWZ-fXLkbaN6kk-WpeVPSb_Shk.roa
Signing time:             Wed 01 Jan 2025 07:47:42 +0000
ROA not before:           Wed 01 Jan 2025 07:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209318
IP address blocks:        77.95.115.0/24 maxlen: 24
                          85.209.208.0/22 maxlen: 24
                          2a09:9fc0::/29 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3a/8d991e-3ece-4a11-b463-751cf3a5e1e1/1/FKawhisrMDswLDwjSaWsjQ-QawY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3a/8d991e-3ece-4a11-b463-751cf3a5e1e1/1/FKawhisrMDswLDwjSaWsjQ-QawY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FKawhisrMDswLDwjSaWsjQ-QawY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 20 Apr 2025 13:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:b1:41:f6:96:50:b3:0c:ab:53:fe:17:85:cf:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=14a6b0862b2b303b302c3c2349a5ac8d0f906b06
        Validity
            Not Before: Jan  1 07:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee7599f9f5cb91b68dea493e5a97953d26ff4a19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:94:f0:a9:3c:41:19:10:f3:2a:45:48:e6:65:57:
                    2a:fe:e5:c0:e9:22:86:ce:a1:74:73:60:03:16:4e:
                    e6:46:5c:68:22:64:4c:4a:f8:e3:72:cf:25:10:73:
                    d6:32:63:a8:7c:d4:cc:8b:60:25:84:96:d2:4e:cc:
                    dd:4e:4c:f1:96:b3:51:5c:4b:a6:51:b1:92:12:b4:
                    24:e8:b4:ef:2c:c0:18:d9:ba:0a:fe:89:df:f5:ac:
                    bf:43:47:4e:45:ed:53:94:9e:b1:bb:82:85:e6:30:
                    4a:8f:5e:71:bf:f8:85:bc:8a:f6:90:26:02:ff:0e:
                    c9:4b:e2:e8:7f:a2:6c:ee:84:ea:1a:f3:f4:ae:d9:
                    53:b1:9e:d4:70:df:48:6a:1d:f0:b0:e6:9e:17:9f:
                    12:83:48:90:d7:e2:ee:d0:b1:34:b1:ef:96:e2:30:
                    1c:9e:6d:a1:e7:35:59:b7:e2:bc:13:63:f3:58:80:
                    ca:10:5a:9c:77:94:f9:8b:e4:f6:0e:2c:f0:36:5c:
                    f8:05:05:39:9a:13:f2:ba:63:3a:24:c0:c5:5a:67:
                    79:32:9e:a9:a7:6b:14:2d:9f:51:b8:6d:46:63:ff:
                    01:7a:b4:1d:2b:3b:91:d2:17:4d:13:88:50:8b:f5:
                    97:39:ca:76:41:62:26:14:07:da:d3:c7:73:ac:b4:
                    bd:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:75:99:F9:F5:CB:91:B6:8D:EA:49:3E:5A:97:95:3D:26:FF:4A:19
            X509v3 Authority Key Identifier:
                keyid:14:A6:B0:86:2B:2B:30:3B:30:2C:3C:23:49:A5:AC:8D:0F:90:6B:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FKawhisrMDswLDwjSaWsjQ-QawY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/8d991e-3ece-4a11-b463-751cf3a5e1e1/1/7nWZ-fXLkbaN6kk-WpeVPSb_Shk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/8d991e-3ece-4a11-b463-751cf3a5e1e1/1/FKawhisrMDswLDwjSaWsjQ-QawY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.95.115.0/24
                  85.209.208.0/22
                IPv6:
                  2a09:9fc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:e5:30:27:1d:c8:25:d0:3d:ce:49:6f:07:8d:0f:c6:75:e7:
         9d:12:4a:d6:0c:38:d3:a3:37:9c:65:6d:ce:0e:df:3a:8c:87:
         f4:6f:a5:90:5d:bd:50:ef:66:4e:31:d3:93:0f:1e:51:35:49:
         ad:66:cf:4e:57:d1:b5:f3:df:85:db:9c:41:24:f6:6d:a5:91:
         8b:43:9f:eb:78:6e:a6:ba:98:20:21:25:7f:ad:c0:95:f7:92:
         e3:7d:d3:9f:73:2e:64:2f:aa:e5:02:67:e7:57:5a:90:b5:05:
         f6:52:ba:87:9e:97:35:e4:63:9c:e9:12:34:ab:1b:58:d5:fa:
         cd:95:29:8a:c0:36:8b:be:b8:5c:5b:5c:05:02:61:70:2c:ab:
         40:14:ee:1f:01:45:55:4c:1d:78:f9:cd:81:03:35:0a:55:36:
         a6:6c:cd:76:9d:41:1a:8b:3e:e0:46:9e:03:b6:2f:45:fd:47:
         30:6a:2a:17:f2:ec:93:94:85:c2:52:aa:ee:8f:fc:5e:c8:79:
         03:2f:70:6a:59:35:40:af:f5:7d:a5:6f:a1:f2:d2:d5:de:ac:
         11:9a:a5:26:51:9d:51:13:3a:8f:ab:50:c2:5c:68:d6:e3:cc:
         67:33:89:53:e4:f4:d1:05:a2:be:30:c9:08:7b:1a:b9:48:86:
         69:99:77:f5
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQg1bFB9pZQswyrU/4Xhc8UMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE0YTZiMDg2MmIyYjMwM2IzMDJjM2MyMzQ5YTVhYzhkMGY5
MDZiMDYwHhcNMjUwMTAxMDc0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTc1OTlmOWY1Y2I5MWI2OGRlYTQ5M2U1YTk3OTUzZDI2ZmY0YTE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlPCpPEEZEPMqRUjmZVcq/uXA6SKG
zqF0c2ADFk7mRlxoImRMSvjjcs8lEHPWMmOofNTMi2AlhJbSTszdTkzxlrNRXEum
UbGSErQk6LTvLMAY2boK/onf9ay/Q0dORe1TlJ6xu4KF5jBKj15xv/iFvIr2kCYC
/w7JS+Lof6Js7oTqGvP0rtlTsZ7UcN9Iah3wsOaeF58Sg0iQ1+Lu0LE0se+W4jAc
nm2h5zVZt+K8E2PzWIDKEFqcd5T5i+T2DizwNlz4BQU5mhPyumM6JMDFWmd5Mp6p
p2sULZ9RuG1GY/8BerQdKzuR0hdNE4hQi/WXOcp2QWImFAfa08dzrLS96QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFO51mfn1y5G2jepJPlqXlT0m/0oZMB8GA1UdIwQY
MBaAFBSmsIYrKzA7MCw8I0mlrI0PkGsGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRkthd2hpc3JNRHN3TER3alNhV3NqUS1RYXdZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS84ZDk5MWUtM2VjZS00YTExLWI0NjMt
NzUxY2YzYTVlMWUxLzEvN25XWi1mWExrYmFONmtrLVdwZVZQU2JfU2hrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS84ZDk5MWUtM2VjZS00YTExLWI0NjMtNzUxY2YzYTVlMWUx
LzEvRkthd2hpc3JNRHN3TER3alNhV3NqUS1RYXdZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQATV9zAwQC
VdHQMA0EAgACMAcDBQMqCZ/AMA0GCSqGSIb3DQEBCwUAA4IBAQAI5TAnHcgl0D3O
SW8HjQ/GdeedEkrWDDjTozecZW3ODt86jIf0b6WQXb1Q72ZOMdOTDx5RNUmtZs9O
V9G189+F25xBJPZtpZGLQ5/reG6mupggISV/rcCV95LjfdOfcy5kL6rlAmfnV1qQ
tQX2UrqHnpc15GOc6RI0qxtY1frNlSmKwDaLvrhcW1wFAmFwLKtAFO4fAUVVTB14
+c2BAzUKVTambM12nUEaiz7gRp4Dti9F/UcwaioX8uyTlIXCUqruj/xeyHkDL3Bq
WTVAr/V9pW+h8tLV3qwRmqUmUZ1REzqPq1DCXGjW48xnM4lT5PTRBaK+MMkIexq5
SIZpmXf1
-----END CERTIFICATE-----