Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/7rg1F4HgZ7zSeJoz-U_jPAZdhF4.roa
File:                     7rg1F4HgZ7zSeJoz-U_jPAZdhF4.roa (raw, json)
Hash identifier:          2/dtA+MhzA1yuRHIZr7zNjT01R2dWfLd5caA+s+aUIs=
Subject key identifier:   EE:B8:35:17:81:E0:67:BC:D2:78:9A:33:F9:4F:E3:3C:06:5D:84:5E
Certificate issuer:       /CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
Certificate serial:       0194221F87CEEC1F0985BD3023E91740DAC7
Authority key identifier: DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/7rg1F4HgZ7zSeJoz-U_jPAZdhF4.roa
Signing time:             Wed 01 Jan 2025 13:47:59 +0000
ROA not before:           Wed 01 Jan 2025 13:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25369
IP address blocks:        217.67.64.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:87:ce:ec:1f:09:85:bd:30:23:e9:17:40:da:c7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ddf8b45254e5470d1d4cce6fb7dfd4d0d83b5d59
        Validity
            Not Before: Jan  1 13:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eeb8351781e067bcd2789a33f94fe33c065d845e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:78:16:86:8f:13:3f:99:e2:74:cf:df:46:cd:
                    ea:9a:9e:3d:3d:e6:97:3d:c8:61:5d:12:a4:3d:eb:
                    91:2a:eb:5e:b4:8f:74:29:57:2f:55:e3:50:ec:a0:
                    f4:d1:12:e4:22:7b:ef:79:e5:d4:50:09:a8:c2:e1:
                    1b:4c:d5:88:a4:0d:72:c0:e8:01:82:fb:bc:e5:a3:
                    f8:b3:a0:9a:d4:41:8b:0d:dc:e9:b9:fe:62:7c:c3:
                    94:6e:d5:11:43:7b:0c:80:a1:92:c0:95:b1:f1:7b:
                    8d:be:54:e6:41:95:48:b4:5d:19:d8:e0:1e:ef:13:
                    2d:4e:ad:5c:ed:0a:e8:00:96:83:3c:7a:df:e8:8d:
                    76:0a:85:35:fa:a8:b6:e1:80:16:b7:76:09:85:dc:
                    9c:6f:d3:3d:a9:b5:d6:d2:57:9c:85:43:ba:d5:94:
                    8f:12:70:7a:6d:a2:cd:59:e3:ef:61:5e:ec:ed:8b:
                    2c:64:65:b2:dc:55:d0:d0:c4:da:7b:00:36:62:3e:
                    8f:b7:02:49:e5:19:bf:c4:00:ea:fb:c0:33:37:77:
                    ee:62:b4:e7:cd:32:ea:c3:a1:f3:3c:32:35:4c:ce:
                    5d:4f:52:55:20:8a:59:2d:31:02:06:e4:df:9d:51:
                    07:72:f5:b3:4b:da:93:3f:63:5f:30:06:25:3b:cf:
                    a2:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:B8:35:17:81:E0:67:BC:D2:78:9A:33:F9:4F:E3:3C:06:5D:84:5E
            X509v3 Authority Key Identifier:
                keyid:DD:F8:B4:52:54:E5:47:0D:1D:4C:CE:6F:B7:DF:D4:D0:D8:3B:5D:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/7rg1F4HgZ7zSeJoz-U_jPAZdhF4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/45/8fc746-fc08-4211-ba3b-893906fb7858/1/3fi0UlTlRw0dTM5vt9_U0Ng7XVk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.67.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         cf:79:90:a3:17:ef:80:bc:7f:a1:92:25:e9:c9:9e:39:e9:14:
         74:9f:0e:9e:ca:eb:c3:ac:74:4d:66:46:3b:ec:c5:bd:61:0f:
         e9:27:7f:76:7f:ca:5b:ad:48:6c:56:50:88:a4:f6:6e:86:40:
         ba:ce:5e:7e:f6:92:de:ca:58:ed:4d:af:e8:e0:5b:f3:f7:3f:
         04:66:7c:d9:40:b6:1a:0f:88:ab:33:a5:87:ed:f2:0e:7b:a4:
         b6:0e:40:c7:c8:a3:79:4a:c4:20:28:68:43:a1:06:17:b5:ca:
         59:27:b2:53:c9:3b:39:97:3a:91:60:96:84:32:b6:cf:6e:0c:
         1d:89:37:c0:ad:49:de:80:18:76:d7:db:03:0a:63:1b:81:0e:
         be:d6:13:b6:8e:ca:11:e0:85:41:2f:15:f7:30:6e:c4:45:e6:
         28:ad:73:75:ac:1a:e6:b9:58:b6:76:d0:79:c9:ee:f3:e8:69:
         5e:1a:0e:3c:19:23:8d:cb:58:9f:86:b3:4f:2c:01:eb:ec:68:
         15:ea:18:38:04:d2:5c:1e:8d:35:21:9f:56:7b:fe:7c:ea:8b:
         dc:b9:bf:81:47:c7:31:5b:a2:ce:e7:6e:93:63:da:f9:68:bf:
         50:66:a9:a7:22:ed:59:a4:76:7b:6a:8f:3d:4a:47:64:60:b8:
         40:4f:2b:1a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH4fO7B8Jhb0wI+kXQNrHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRkZjhiNDUyNTRlNTQ3MGQxZDRjY2U2ZmI3ZGZkNGQwZDgz
YjVkNTkwHhcNMjUwMTAxMTM0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWI4MzUxNzgxZTA2N2JjZDI3ODlhMzNmOTRmZTMzYzA2NWQ4NDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5XgWho8TP5nidM/fRs3qmp49PeaX
PchhXRKkPeuRKutetI90KVcvVeNQ7KD00RLkInvveeXUUAmowuEbTNWIpA1ywOgB
gvu85aP4s6Ca1EGLDdzpuf5ifMOUbtURQ3sMgKGSwJWx8XuNvlTmQZVItF0Z2OAe
7xMtTq1c7QroAJaDPHrf6I12CoU1+qi24YAWt3YJhdycb9M9qbXW0lechUO61ZSP
EnB6baLNWePvYV7s7YssZGWy3FXQ0MTaewA2Yj6PtwJJ5Rm/xADq+8AzN3fuYrTn
zTLqw6HzPDI1TM5dT1JVIIpZLTECBuTfnVEHcvWzS9qTP2NfMAYlO8+ilQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO64NReB4Ge80niaM/lP4zwGXYReMB8GA1UdIwQY
MBaAFN34tFJU5UcNHUzOb7ff1NDYO11ZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2It
ODkzOTA2ZmI3ODU4LzEvN3JnMUY0SGdaN3pTZUpvei1VX2pQQVpkaEY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80NS84ZmM3NDYtZmMwOC00MjExLWJhM2ItODkzOTA2ZmI3ODU4
LzEvM2ZpMFVsVGxSdzBkVE01dnQ5X1UwTmc3WFZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQC2UNAMA0G
CSqGSIb3DQEBCwUAA4IBAQDPeZCjF++AvH+hkiXpyZ456RR0nw6eyuvDrHRNZkY7
7MW9YQ/pJ392f8pbrUhsVlCIpPZuhkC6zl5+9pLeyljtTa/o4Fvz9z8EZnzZQLYa
D4irM6WH7fIOe6S2DkDHyKN5SsQgKGhDoQYXtcpZJ7JTyTs5lzqRYJaEMrbPbgwd
iTfArUnegBh219sDCmMbgQ6+1hO2jsoR4IVBLxX3MG7EReYorXN1rBrmuVi2dtB5
ye7z6GleGg48GSONy1ifhrNPLAHr7GgV6hg4BNJcHo01IZ9We/586ovcub+BR8cx
W6LO526TY9r5aL9QZqmnIu1ZpHZ7ao89SkdkYLhATysa
-----END CERTIFICATE-----