Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/41/7711d9-7f7c-4edb-a687-d6f04e708454/1/e7A-mRDgO875HCDrxITlnnJ3Ki0.roa
File:                     e7A-mRDgO875HCDrxITlnnJ3Ki0.roa (raw, json)
Hash identifier:          7vWhmuACkkydDfcxmeEEUNVhiR5m0fscFivB+SuNzME=
Subject key identifier:   7B:B0:3E:99:10:E0:3B:CE:F9:1C:20:EB:C4:84:E5:9E:72:77:2A:2D
Certificate issuer:       /CN=6398ec15bc039c5a6042fbe90484456be02da7b9
Certificate serial:       019424B3FF48F40E4B8E65408E69E8C30E07
Authority key identifier: 63:98:EC:15:BC:03:9C:5A:60:42:FB:E9:04:84:45:6B:E0:2D:A7:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y5jsFbwDnFpgQvvpBIRFa-Atp7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/41/7711d9-7f7c-4edb-a687-d6f04e708454/1/e7A-mRDgO875HCDrxITlnnJ3Ki0.roa
Signing time:             Thu 02 Jan 2025 01:49:23 +0000
ROA not before:           Thu 02 Jan 2025 01:49:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51284
IP address blocks:        193.161.0.0/24 maxlen: 24
                          193.201.146.128/25 maxlen: 25
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/41/7711d9-7f7c-4edb-a687-d6f04e708454/1/Y5jsFbwDnFpgQvvpBIRFa-Atp7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/41/7711d9-7f7c-4edb-a687-d6f04e708454/1/Y5jsFbwDnFpgQvvpBIRFa-Atp7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y5jsFbwDnFpgQvvpBIRFa-Atp7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:ff:48:f4:0e:4b:8e:65:40:8e:69:e8:c3:0e:07
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6398ec15bc039c5a6042fbe90484456be02da7b9
        Validity
            Not Before: Jan  2 01:49:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7bb03e9910e03bcef91c20ebc484e59e72772a2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:1a:0c:b7:a7:c8:f5:92:36:93:0e:8c:2c:f3:
                    54:9a:ec:a9:ba:b9:f0:19:8d:72:84:0e:03:3a:79:
                    0a:3d:2b:69:38:d5:e7:6d:b9:fb:56:48:6c:1c:e2:
                    65:da:72:bb:76:bd:cd:df:33:2a:23:a0:57:41:fb:
                    16:d8:f8:bb:cd:b3:51:60:2f:78:5d:1e:b2:51:20:
                    59:74:e1:37:e3:6b:16:43:3b:df:0e:94:a6:11:0d:
                    38:fe:19:14:ac:19:13:1a:57:e9:ca:bc:ed:41:92:
                    06:03:b7:03:2e:e2:b0:7d:38:f2:ca:4a:04:65:e1:
                    80:07:d2:54:23:63:fb:33:f7:65:1b:27:86:e0:1d:
                    26:2d:35:66:7b:fa:6b:b8:8f:3b:7f:cd:c9:27:f6:
                    99:19:8d:ef:82:e3:85:67:75:0b:55:f7:e9:82:26:
                    44:0f:61:1b:35:ce:b0:c4:be:36:33:fb:14:ed:60:
                    34:89:b7:1b:72:58:0c:43:bb:9b:e7:65:21:aa:40:
                    a6:29:0b:d2:b3:cd:99:e3:a8:bb:37:b7:72:c8:f6:
                    73:ef:3a:14:bc:c3:ca:39:30:0b:ca:24:12:8d:6f:
                    e6:91:7a:22:8e:61:aa:75:c2:12:8b:67:ec:14:7f:
                    aa:80:6f:fd:c3:65:2c:32:8c:5d:91:8c:54:f3:df:
                    0c:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:B0:3E:99:10:E0:3B:CE:F9:1C:20:EB:C4:84:E5:9E:72:77:2A:2D
            X509v3 Authority Key Identifier:
                keyid:63:98:EC:15:BC:03:9C:5A:60:42:FB:E9:04:84:45:6B:E0:2D:A7:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y5jsFbwDnFpgQvvpBIRFa-Atp7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/41/7711d9-7f7c-4edb-a687-d6f04e708454/1/e7A-mRDgO875HCDrxITlnnJ3Ki0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/41/7711d9-7f7c-4edb-a687-d6f04e708454/1/Y5jsFbwDnFpgQvvpBIRFa-Atp7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.161.0.0/24
                  193.201.146.128/25

    Signature Algorithm: sha256WithRSAEncryption
         0b:14:3f:06:c6:d9:c0:bf:b8:8f:fa:c2:45:10:5b:0e:f8:47:
         a2:a3:b2:a3:ba:09:a2:4b:d4:65:ac:b9:05:fe:c6:47:bf:20:
         08:ab:d4:32:0f:44:5e:20:c3:5b:e1:0a:59:2b:69:bb:fe:7d:
         8e:db:20:e1:fb:98:4c:d9:ca:00:a0:17:86:4b:0f:80:8a:75:
         63:3b:09:c9:0b:ed:4b:a7:4b:3b:35:a6:d0:f8:f4:4c:ed:8c:
         59:e6:9d:15:2c:2d:b7:99:64:c0:32:03:05:90:53:5c:bd:f6:
         34:3e:9e:86:d3:d3:f0:9d:d2:52:50:08:1b:b0:1d:1e:42:d8:
         7c:2d:95:9a:07:b7:a7:09:4a:a4:c9:7a:de:26:45:5e:1f:59:
         47:e9:18:16:36:9d:a6:6e:41:2f:ca:b0:96:d2:e8:1c:f8:52:
         34:b7:8c:fd:de:f4:b6:90:61:60:9d:c5:40:79:61:d6:9f:6a:
         1c:a3:00:4a:13:9a:c6:f5:63:5b:2c:a2:87:64:b8:5e:1f:5d:
         3a:44:f3:5a:8d:ad:6f:47:c0:dc:23:d6:51:52:42:5c:b0:b8:
         95:1a:d5:07:b1:4d:c1:34:e4:5a:d3:06:3f:6d:57:a3:ca:7c:
         27:d9:99:3e:4d:09:53:82:45:5f:11:49:e8:87:d3:95:8d:96:
         97:b2:fd:7e
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgISAZQks/9I9A5LjmVAjmnoww4HMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzOThlYzE1YmMwMzljNWE2MDQyZmJlOTA0ODQ0NTZiZTAy
ZGE3YjkwHhcNMjUwMTAyMDE0OTIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmIwM2U5OTEwZTAzYmNlZjkxYzIwZWJjNDg0ZTU5ZTcyNzcyYTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApBoMt6fI9ZI2kw6MLPNUmuypurnw
GY1yhA4DOnkKPStpONXnbbn7VkhsHOJl2nK7dr3N3zMqI6BXQfsW2Pi7zbNRYC94
XR6yUSBZdOE342sWQzvfDpSmEQ04/hkUrBkTGlfpyrztQZIGA7cDLuKwfTjyykoE
ZeGAB9JUI2P7M/dlGyeG4B0mLTVme/pruI87f83JJ/aZGY3vguOFZ3ULVffpgiZE
D2EbNc6wxL42M/sU7WA0ibcbclgMQ7ub52UhqkCmKQvSs82Z46i7N7dyyPZz7zoU
vMPKOTALyiQSjW/mkXoijmGqdcISi2fsFH+qgG/9w2UsMoxdkYxU898MUQIDAQAB
o4ICEDCCAgwwHQYDVR0OBBYEFHuwPpkQ4DvO+Rwg68SE5Z5ydyotMB8GA1UdIwQY
MBaAFGOY7BW8A5xaYEL76QSERWvgLae5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTVqc0Zid0RuRnBnUXZ2cEJJUkZhLUF0cDdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MS83NzExZDktN2Y3Yy00ZWRiLWE2ODct
ZDZmMDRlNzA4NDU0LzEvZTdBLW1SRGdPODc1SENEcnhJVGxubkozS2kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MS83NzExZDktN2Y3Yy00ZWRiLWE2ODctZDZmMDRlNzA4NDU0
LzEvWTVqc0Zid0RuRnBnUXZ2cEJJUkZhLUF0cDdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCYGCCsGAQUFBwEHAQH/BBcwFTATBAIAATANAwQAwaEAAwUH
wcmSgDANBgkqhkiG9w0BAQsFAAOCAQEACxQ/BsbZwL+4j/rCRRBbDvhHoqOyo7oJ
okvUZay5Bf7GR78gCKvUMg9EXiDDW+EKWStpu/59jtsg4fuYTNnKAKAXhksPgIp1
YzsJyQvtS6dLOzWm0Pj0TO2MWeadFSwtt5lkwDIDBZBTXL32ND6ehtPT8J3SUlAI
G7AdHkLYfC2Vmge3pwlKpMl63iZFXh9ZR+kYFjadpm5BL8qwltLoHPhSNLeM/d70
tpBhYJ3FQHlh1p9qHKMAShOaxvVjWyyih2S4Xh9dOkTzWo2tb0fA3CPWUVJCXLC4
lRrVB7FNwTTkWtMGP21Xo8p8J9mZPk0JU4JFXxFJ6IfTlY2Wl7L9fg==
-----END CERTIFICATE-----