Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3c/60eb48-279d-4afe-8d8a-1daa951c71b7/1/f7H4NvJn5XG9ZEVLvo3rzyryem0.roa
File:                     f7H4NvJn5XG9ZEVLvo3rzyryem0.roa (raw, json)
Hash identifier:          FIvnUTIH/WyzVRn7SNngTErOpdYKzvrkMjSyoAbXEio=
Subject key identifier:   7F:B1:F8:36:F2:67:E5:71:BD:64:45:4B:BE:8D:EB:CF:2A:F2:7A:6D
Certificate issuer:       /CN=aac223fb1942115e48a9754207292d00a082ecdf
Certificate serial:       019427B5BB1BA887027E056EB7A83450D504
Authority key identifier: AA:C2:23:FB:19:42:11:5E:48:A9:75:42:07:29:2D:00:A0:82:EC:DF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qsIj-xlCEV5IqXVCByktAKCC7N8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3c/60eb48-279d-4afe-8d8a-1daa951c71b7/1/f7H4NvJn5XG9ZEVLvo3rzyryem0.roa
Signing time:             Thu 02 Jan 2025 15:50:08 +0000
ROA not before:           Thu 02 Jan 2025 15:50:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199362
IP address blocks:        185.17.20.0/22 maxlen: 22
                          185.144.120.0/22 maxlen: 22
                          2a03:e640::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3c/60eb48-279d-4afe-8d8a-1daa951c71b7/1/qsIj-xlCEV5IqXVCByktAKCC7N8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3c/60eb48-279d-4afe-8d8a-1daa951c71b7/1/qsIj-xlCEV5IqXVCByktAKCC7N8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qsIj-xlCEV5IqXVCByktAKCC7N8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:bb:1b:a8:87:02:7e:05:6e:b7:a8:34:50:d5:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=aac223fb1942115e48a9754207292d00a082ecdf
        Validity
            Not Before: Jan  2 15:50:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7fb1f836f267e571bd64454bbe8debcf2af27a6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:9b:7c:f8:b6:9a:0f:e4:16:5c:df:14:76:57:
                    e7:cf:4e:f1:88:f3:13:2f:76:02:ea:4c:c9:a7:68:
                    b4:02:5c:cd:01:01:9c:b4:5a:a4:0f:1b:fb:7d:34:
                    6f:bf:09:66:51:88:5f:b4:e5:fc:1e:07:49:49:f3:
                    35:93:82:1e:0a:0e:a8:27:19:f1:cc:fc:aa:06:3d:
                    13:b5:41:3e:e2:c2:7f:32:f2:c4:7a:a2:70:67:61:
                    74:fb:db:b1:63:f3:5f:8e:e2:85:66:97:c1:f8:9c:
                    46:9e:25:ea:9f:98:8b:84:cd:ed:eb:fe:4f:14:37:
                    47:ef:d3:ba:0b:70:aa:69:55:b6:02:91:52:4d:11:
                    0a:4b:6c:a0:4d:04:19:c8:19:70:48:44:92:0d:9b:
                    21:5c:14:b8:81:61:b2:fc:eb:2c:b9:ec:55:c4:12:
                    32:f7:9e:f0:f3:be:dd:ee:b0:7e:1c:aa:1d:c4:90:
                    d9:0e:e0:ec:53:f0:4e:8f:56:81:b7:99:df:aa:02:
                    c5:07:60:a8:28:b2:4a:ce:17:3e:68:10:fb:3f:a2:
                    f8:34:ac:46:7d:81:ea:a6:85:dd:28:6d:2c:a9:65:
                    9e:e8:1c:bc:47:8d:b7:c6:1a:02:49:30:95:74:f1:
                    95:2d:fb:06:7b:0d:50:58:e4:11:81:30:c8:6c:ad:
                    14:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:B1:F8:36:F2:67:E5:71:BD:64:45:4B:BE:8D:EB:CF:2A:F2:7A:6D
            X509v3 Authority Key Identifier:
                keyid:AA:C2:23:FB:19:42:11:5E:48:A9:75:42:07:29:2D:00:A0:82:EC:DF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qsIj-xlCEV5IqXVCByktAKCC7N8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/60eb48-279d-4afe-8d8a-1daa951c71b7/1/f7H4NvJn5XG9ZEVLvo3rzyryem0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3c/60eb48-279d-4afe-8d8a-1daa951c71b7/1/qsIj-xlCEV5IqXVCByktAKCC7N8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.17.20.0/22
                  185.144.120.0/22
                IPv6:
                  2a03:e640::/32

    Signature Algorithm: sha256WithRSAEncryption
         3f:32:f6:8a:8b:6c:97:92:9e:2b:74:b7:d1:1b:4e:bf:6e:ae:
         f4:21:42:59:28:b1:1b:d5:33:be:e5:d0:c3:74:a4:1a:eb:0d:
         21:43:22:af:f9:15:00:bd:56:6c:80:fc:9e:4d:8b:ff:0a:c7:
         85:c5:11:14:fe:1d:24:71:83:9f:36:d8:f5:90:bb:66:5d:fb:
         bc:d1:79:40:9a:ff:f0:fc:74:89:89:e2:4a:8e:61:ff:fd:5d:
         91:18:dc:12:2e:e8:80:48:36:ea:c1:ca:6d:50:05:ff:99:86:
         0f:9a:35:79:7f:96:9d:58:84:96:ae:f9:48:f9:61:fd:f3:3e:
         34:d3:8e:9d:d7:fa:82:d4:bd:f7:ec:9a:2a:fa:60:de:5e:cf:
         8e:49:c1:07:2b:b5:a3:21:d9:26:cc:7f:91:b5:89:bc:e2:54:
         41:08:59:40:d3:48:86:1d:bb:8a:34:28:b7:a1:11:a3:53:ee:
         e6:29:2c:9b:11:e1:51:ca:06:5f:01:b7:98:6b:ab:7c:72:54:
         67:5c:dd:e4:ce:83:6e:c9:34:92:1a:1a:50:c5:c3:19:c0:a9:
         01:f1:5d:80:aa:96:9b:1f:53:ca:cc:3a:ed:e0:80:26:1d:db:
         ea:01:89:54:45:16:8f:fb:c5:fa:87:73:5e:ff:a4:89:d5:74:
         ca:b7:34:0d
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQntbsbqIcCfgVut6g0UNUEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFhYzIyM2ZiMTk0MjExNWU0OGE5NzU0MjA3MjkyZDAwYTA4
MmVjZGYwHhcNMjUwMTAyMTU1MDA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmIxZjgzNmYyNjdlNTcxYmQ2NDQ1NGJiZThkZWJjZjJhZjI3YTZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4pt8+LaaD+QWXN8Udlfnz07xiPMT
L3YC6kzJp2i0AlzNAQGctFqkDxv7fTRvvwlmUYhftOX8HgdJSfM1k4IeCg6oJxnx
zPyqBj0TtUE+4sJ/MvLEeqJwZ2F0+9uxY/NfjuKFZpfB+JxGniXqn5iLhM3t6/5P
FDdH79O6C3CqaVW2ApFSTREKS2ygTQQZyBlwSESSDZshXBS4gWGy/OssuexVxBIy
957w877d7rB+HKodxJDZDuDsU/BOj1aBt5nfqgLFB2CoKLJKzhc+aBD7P6L4NKxG
fYHqpoXdKG0sqWWe6By8R423xhoCSTCVdPGVLfsGew1QWOQRgTDIbK0UpwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFH+x+DbyZ+VxvWRFS76N688q8nptMB8GA1UdIwQY
MBaAFKrCI/sZQhFeSKl1QgcpLQCgguzfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcXNJai14bENFVjVJcVhWQ0J5a3RBS0NDN044LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYy82MGViNDgtMjc5ZC00YWZlLThkOGEt
MWRhYTk1MWM3MWI3LzEvZjdINE52Sm41WEc5WkVWTHZvM3J6eXJ5ZW0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYy82MGViNDgtMjc5ZC00YWZlLThkOGEtMWRhYTk1MWM3MWI3
LzEvcXNJai14bENFVjVJcVhWQ0J5a3RBS0NDN044LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuREUAwQC
uZB4MA0EAgACMAcDBQAqA+ZAMA0GCSqGSIb3DQEBCwUAA4IBAQA/MvaKi2yXkp4r
dLfRG06/bq70IUJZKLEb1TO+5dDDdKQa6w0hQyKv+RUAvVZsgPyeTYv/CseFxREU
/h0kcYOfNtj1kLtmXfu80XlAmv/w/HSJieJKjmH//V2RGNwSLuiASDbqwcptUAX/
mYYPmjV5f5adWISWrvlI+WH98z40046d1/qC1L337Joq+mDeXs+OScEHK7WjIdkm
zH+RtYm84lRBCFlA00iGHbuKNCi3oRGjU+7mKSybEeFRygZfAbeYa6t8clRnXN3k
zoNuyTSSGhpQxcMZwKkB8V2AqpabH1PKzDrt4IAmHdvqAYlURRaP+8X6h3Ne/6SJ
1XTKtzQN
-----END CERTIFICATE-----