Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/7yURIEiYXPhLVZDi97wbUcsfcDY.roa
File:                     7yURIEiYXPhLVZDi97wbUcsfcDY.roa (raw, json)
Hash identifier:          Ol8VywPbGCR2MgIy9CM4htLL8MW0LNUUW5y21OBGiZM=
Subject key identifier:   EF:25:11:20:48:98:5C:F8:4B:55:90:E2:F7:BC:1B:51:CB:1F:70:36
Certificate issuer:       /CN=c7983b3a9758fcbe78733d9155aed266c882a23c
Certificate serial:       019421B24E5BE3B5B365825A47CA68E7DEEA
Authority key identifier: C7:98:3B:3A:97:58:FC:BE:78:73:3D:91:55:AE:D2:66:C8:82:A2:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/x5g7OpdY_L54cz2RVa7SZsiCojw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/7yURIEiYXPhLVZDi97wbUcsfcDY.roa
Signing time:             Wed 01 Jan 2025 11:48:41 +0000
ROA not before:           Wed 01 Jan 2025 11:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30782
IP address blocks:        130.255.152.0/21 maxlen: 21
                          185.91.212.0/22 maxlen: 22
                          195.234.20.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/x5g7OpdY_L54cz2RVa7SZsiCojw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/x5g7OpdY_L54cz2RVa7SZsiCojw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/x5g7OpdY_L54cz2RVa7SZsiCojw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 11:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:4e:5b:e3:b5:b3:65:82:5a:47:ca:68:e7:de:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c7983b3a9758fcbe78733d9155aed266c882a23c
        Validity
            Not Before: Jan  1 11:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ef25112048985cf84b5590e2f7bc1b51cb1f7036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:f8:fa:f9:14:16:f5:31:8c:fe:c2:d5:ba:af:
                    39:ff:f4:9f:3c:2b:7e:4c:2d:97:d4:b1:27:bc:cc:
                    9c:dc:66:5c:be:b1:6c:52:31:1c:5c:a8:ba:ba:9d:
                    22:a0:03:5f:c2:8b:2f:91:ec:7b:d8:cf:a6:6d:8d:
                    25:8a:89:95:b5:3a:bb:53:b0:fd:75:58:73:75:b3:
                    2d:48:4d:8c:df:a1:f8:37:70:bd:e3:2c:9a:11:6b:
                    43:0b:41:a1:ed:50:42:99:cf:9c:81:b6:1b:9e:29:
                    3e:00:6a:70:34:d4:86:ba:5f:74:11:f8:66:5b:3a:
                    1d:d4:79:04:19:90:59:ee:2e:e4:6c:f7:91:bb:8b:
                    23:ad:bd:5e:90:f7:09:76:63:0c:26:02:c9:a5:b5:
                    47:cc:a4:74:67:02:dd:6e:90:a7:ab:b0:35:8f:29:
                    aa:85:40:cb:cb:a3:f6:0d:62:ba:8c:91:56:55:0a:
                    35:a8:64:51:42:6f:94:b3:92:1a:2e:9f:99:e5:d7:
                    38:f8:c4:5b:21:2e:da:a6:32:2f:b4:ae:50:b5:fe:
                    d9:2e:49:16:5e:90:0a:fa:5a:fa:b8:cc:5d:a1:6b:
                    42:04:a8:6c:4a:21:34:17:9b:80:6f:31:4f:10:94:
                    31:d3:96:3c:c0:ee:44:b0:37:ce:0a:e0:4a:fb:2a:
                    a4:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:25:11:20:48:98:5C:F8:4B:55:90:E2:F7:BC:1B:51:CB:1F:70:36
            X509v3 Authority Key Identifier:
                keyid:C7:98:3B:3A:97:58:FC:BE:78:73:3D:91:55:AE:D2:66:C8:82:A2:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/x5g7OpdY_L54cz2RVa7SZsiCojw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/7yURIEiYXPhLVZDi97wbUcsfcDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/811d16-b513-47ed-9e71-238405f2cde9/1/x5g7OpdY_L54cz2RVa7SZsiCojw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  130.255.152.0/21
                  185.91.212.0/22
                  195.234.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a3:d2:44:6b:18:8c:07:11:db:46:78:26:a6:a8:46:aa:79:5d:
         ad:1f:c7:73:c1:61:4b:16:e5:ba:b5:7d:90:42:5b:30:e6:b9:
         d7:2f:cd:2e:31:f2:25:c1:b4:fd:0f:94:42:25:fa:85:14:f5:
         5c:0f:38:d5:c1:88:b9:ee:66:d8:c4:d7:4b:66:90:fe:a0:d5:
         4f:0c:9b:14:07:2a:9f:f4:84:66:73:16:06:0d:5a:86:91:c8:
         f5:a9:95:7f:db:a5:f9:15:9b:22:ea:8c:f6:bd:62:1d:e7:02:
         fa:83:21:e5:5a:99:80:b0:27:01:aa:91:54:8d:57:fb:20:54:
         23:c4:15:fc:36:97:5f:bd:a6:9a:c5:3d:ba:d7:d2:a8:88:0f:
         b2:f6:c0:6a:30:3a:b2:71:dc:46:ee:02:bf:67:58:91:75:95:
         cf:2a:75:98:b3:4f:cc:33:8a:c6:85:47:9d:5a:27:c2:32:9d:
         02:34:ec:ce:42:d7:59:5a:d1:1f:78:b5:0d:c6:49:c8:ba:8f:
         2b:c8:ed:06:70:0e:db:d5:c6:87:5a:be:08:aa:d3:75:f5:e4:
         76:51:65:5d:6a:e9:b9:47:c0:11:a4:5e:3b:16:51:cb:07:c9:
         77:de:63:5e:12:55:86:42:4a:de:66:9f:19:2a:a9:3d:a5:f1:
         4b:d5:2b:04
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQhsk5b47WzZYJaR8po597qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM3OTgzYjNhOTc1OGZjYmU3ODczM2Q5MTU1YWVkMjY2Yzg4
MmEyM2MwHhcNMjUwMTAxMTE0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjI1MTEyMDQ4OTg1Y2Y4NGI1NTkwZTJmN2JjMWI1MWNiMWY3MDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPj6+RQW9TGM/sLVuq85//SfPCt+
TC2X1LEnvMyc3GZcvrFsUjEcXKi6up0ioANfwosvkex72M+mbY0liomVtTq7U7D9
dVhzdbMtSE2M36H4N3C94yyaEWtDC0Gh7VBCmc+cgbYbnik+AGpwNNSGul90Efhm
Wzod1HkEGZBZ7i7kbPeRu4sjrb1ekPcJdmMMJgLJpbVHzKR0ZwLdbpCnq7A1jymq
hUDLy6P2DWK6jJFWVQo1qGRRQm+Us5IaLp+Z5dc4+MRbIS7apjIvtK5Qtf7ZLkkW
XpAK+lr6uMxdoWtCBKhsSiE0F5uAbzFPEJQx05Y8wO5EsDfOCuBK+yqkfQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFO8lESBImFz4S1WQ4ve8G1HLH3A2MB8GA1UdIwQY
MBaAFMeYOzqXWPy+eHM9kVWu0mbIgqI8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveDVnN09wZFlfTDU0Y3oyUlZhN1Nac2lDb2p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC84MTFkMTYtYjUxMy00N2VkLTllNzEt
MjM4NDA1ZjJjZGU5LzEvN3lVUklFaVlYUGhMVlpEaTk3d2JVY3NmY0RZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC84MTFkMTYtYjUxMy00N2VkLTllNzEtMjM4NDA1ZjJjZGU5
LzEveDVnN09wZFlfTDU0Y3oyUlZhN1Nac2lDb2p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDgv+YAwQC
uVvUAwQBw+oUMA0GCSqGSIb3DQEBCwUAA4IBAQCj0kRrGIwHEdtGeCamqEaqeV2t
H8dzwWFLFuW6tX2QQlsw5rnXL80uMfIlwbT9D5RCJfqFFPVcDzjVwYi57mbYxNdL
ZpD+oNVPDJsUByqf9IRmcxYGDVqGkcj1qZV/26X5FZsi6oz2vWId5wL6gyHlWpmA
sCcBqpFUjVf7IFQjxBX8NpdfvaaaxT2619KoiA+y9sBqMDqycdxG7gK/Z1iRdZXP
KnWYs0/MM4rGhUedWifCMp0CNOzOQtdZWtEfeLUNxknIuo8ryO0GcA7b1caHWr4I
qtN19eR2UWVdaum5R8ARpF47FlHLB8l33mNeElWGQkreZp8ZKqk9pfFL1SsE
-----END CERTIFICATE-----