Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/290a60-792f-4475-a9f4-e3b9e0bae6ab/1/R74uc9VabgDHgeKqSIY7mVcIlEk.roa
File:                     R74uc9VabgDHgeKqSIY7mVcIlEk.roa (raw, json)
Hash identifier:          SIBptA/iA+nbHhZMlZO1SsqsB2uTnNkUJty4C0HxQAw=
Subject key identifier:   47:BE:2E:73:D5:5A:6E:00:C7:81:E2:AA:48:86:3B:99:57:08:94:49
Certificate issuer:       /CN=7f1d58d62ddd7e47af2196fd754bb3ff2679892a
Certificate serial:       01942520C04B5A4A3DF01EA7713E66E83FC5
Authority key identifier: 7F:1D:58:D6:2D:DD:7E:47:AF:21:96:FD:75:4B:B3:FF:26:79:89:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fx1Y1i3dfkevIZb9dUuz_yZ5iSo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/290a60-792f-4475-a9f4-e3b9e0bae6ab/1/R74uc9VabgDHgeKqSIY7mVcIlEk.roa
Signing time:             Thu 02 Jan 2025 03:48:10 +0000
ROA not before:           Thu 02 Jan 2025 03:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60068
IP address blocks:        185.102.216.0/24 maxlen: 24
                          185.102.217.0/24 maxlen: 24
                          185.102.218.0/24 maxlen: 24
                          185.102.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/290a60-792f-4475-a9f4-e3b9e0bae6ab/1/fx1Y1i3dfkevIZb9dUuz_yZ5iSo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/290a60-792f-4475-a9f4-e3b9e0bae6ab/1/fx1Y1i3dfkevIZb9dUuz_yZ5iSo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fx1Y1i3dfkevIZb9dUuz_yZ5iSo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:20:c0:4b:5a:4a:3d:f0:1e:a7:71:3e:66:e8:3f:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7f1d58d62ddd7e47af2196fd754bb3ff2679892a
        Validity
            Not Before: Jan  2 03:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47be2e73d55a6e00c781e2aa48863b9957089449
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:6a:73:71:88:b6:fb:df:c9:ff:92:aa:23:8e:
                    82:0a:ed:b3:c9:ae:58:23:cd:2a:f8:2e:5b:eb:da:
                    e7:20:d7:df:42:96:98:82:de:a3:37:e0:39:57:8d:
                    b4:ed:47:52:a5:6e:9b:05:15:55:41:82:e2:34:4a:
                    cc:ff:42:51:e5:7e:74:95:41:aa:31:45:74:1c:34:
                    c4:87:75:8d:07:fc:20:2d:f7:43:3b:01:10:9b:0d:
                    06:26:e0:ee:be:a4:3b:8d:97:9e:e3:c8:00:32:eb:
                    53:c4:fc:06:88:1c:37:d7:96:5f:c0:79:3d:4a:66:
                    78:e5:25:34:10:41:75:d3:5d:3c:bf:d2:db:bc:ac:
                    3c:f8:7c:bb:0c:01:9d:8e:e5:7e:5e:84:2c:dc:6f:
                    e6:5f:68:3b:79:3a:bd:40:51:74:00:06:45:2d:24:
                    a3:38:f2:a3:6d:de:b7:84:46:5a:cc:71:c8:96:91:
                    40:9d:e7:1b:bb:74:86:47:8e:c0:e7:31:e0:4f:90:
                    00:69:ec:89:14:f1:f7:91:e5:74:00:1f:34:76:d4:
                    0b:a7:23:23:a1:3b:a7:7d:40:b4:0a:7b:43:4c:9b:
                    54:b7:b0:ef:9c:57:ea:7d:2f:db:a6:ba:c0:91:4b:
                    f8:6f:87:28:61:0a:e3:85:2e:3f:cd:52:e5:3d:09:
                    53:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:BE:2E:73:D5:5A:6E:00:C7:81:E2:AA:48:86:3B:99:57:08:94:49
            X509v3 Authority Key Identifier:
                keyid:7F:1D:58:D6:2D:DD:7E:47:AF:21:96:FD:75:4B:B3:FF:26:79:89:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fx1Y1i3dfkevIZb9dUuz_yZ5iSo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/290a60-792f-4475-a9f4-e3b9e0bae6ab/1/R74uc9VabgDHgeKqSIY7mVcIlEk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/290a60-792f-4475-a9f4-e3b9e0bae6ab/1/fx1Y1i3dfkevIZb9dUuz_yZ5iSo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.102.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:fa:81:65:32:aa:ab:cc:fa:8b:fe:5a:dc:98:66:e6:5b:ed:
         79:a6:5b:cb:0b:f5:a8:51:60:c7:50:00:83:07:fb:2b:ba:c1:
         8f:5a:d6:06:62:5b:7b:76:80:8d:a8:fd:56:8f:5d:bb:ec:f0:
         08:ee:3b:14:fa:c5:6d:19:ad:75:69:dd:38:15:1e:9b:3e:93:
         05:02:ca:03:9d:ff:0f:fb:8f:ec:c3:7b:4e:7d:40:bc:10:4a:
         ee:01:f7:4d:e7:63:b6:c2:68:74:c1:67:47:0f:95:c2:98:29:
         a3:f8:a2:8e:2f:21:af:24:d6:9f:3f:d1:7d:3b:f5:eb:24:59:
         37:9e:08:f0:26:f5:6b:7c:c7:51:c1:67:29:73:5f:c1:bf:fd:
         38:24:75:28:46:fe:e5:8a:52:b3:3d:d2:81:52:c9:26:2b:9a:
         33:e0:8a:bf:c8:22:1b:45:14:f2:34:fb:c0:54:9f:3b:2b:1b:
         d6:c3:c3:65:e5:90:08:ec:f6:3b:53:88:fb:c4:78:60:ed:68:
         e7:0f:e9:3f:b0:bc:0e:bb:53:0d:4c:a2:05:f3:4c:ae:f0:f7:
         98:0c:ce:a0:a0:79:88:37:02:c3:5c:fd:76:ae:76:7e:43:c2:
         c7:ec:6e:a7:e3:ee:2e:86:d8:be:8f:85:f5:a3:dd:58:a3:1c:
         5c:c1:5c:98
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIMBLWko98B6ncT5m6D/FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdmMWQ1OGQ2MmRkZDdlNDdhZjIxOTZmZDc1NGJiM2ZmMjY3
OTg5MmEwHhcNMjUwMTAyMDM0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2JlMmU3M2Q1NWE2ZTAwYzc4MWUyYWE0ODg2M2I5OTU3MDg5NDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+GpzcYi2+9/J/5KqI46CCu2zya5Y
I80q+C5b69rnINffQpaYgt6jN+A5V4207UdSpW6bBRVVQYLiNErM/0JR5X50lUGq
MUV0HDTEh3WNB/wgLfdDOwEQmw0GJuDuvqQ7jZee48gAMutTxPwGiBw315ZfwHk9
SmZ45SU0EEF10108v9LbvKw8+Hy7DAGdjuV+XoQs3G/mX2g7eTq9QFF0AAZFLSSj
OPKjbd63hEZazHHIlpFAnecbu3SGR47A5zHgT5AAaeyJFPH3keV0AB80dtQLpyMj
oTunfUC0CntDTJtUt7DvnFfqfS/bprrAkUv4b4coYQrjhS4/zVLlPQlT/QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEe+LnPVWm4Ax4HiqkiGO5lXCJRJMB8GA1UdIwQY
MBaAFH8dWNYt3X5HryGW/XVLs/8meYkqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZngxWTFpM2Rma2V2SVpiOWRVdXpfeVo1aVNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8yOTBhNjAtNzkyZi00NDc1LWE5ZjQt
ZTNiOWUwYmFlNmFiLzEvUjc0dWM5VmFiZ0RIZ2VLcVNJWTdtVmNJbEVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8yOTBhNjAtNzkyZi00NDc1LWE5ZjQtZTNiOWUwYmFlNmFi
LzEvZngxWTFpM2Rma2V2SVpiOWRVdXpfeVo1aVNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWbYMA0G
CSqGSIb3DQEBCwUAA4IBAQCo+oFlMqqrzPqL/lrcmGbmW+15plvLC/WoUWDHUACD
B/srusGPWtYGYlt7doCNqP1Wj1277PAI7jsU+sVtGa11ad04FR6bPpMFAsoDnf8P
+4/sw3tOfUC8EEruAfdN52O2wmh0wWdHD5XCmCmj+KKOLyGvJNafP9F9O/XrJFk3
ngjwJvVrfMdRwWcpc1/Bv/04JHUoRv7lilKzPdKBUskmK5oz4Iq/yCIbRRTyNPvA
VJ87KxvWw8Nl5ZAI7PY7U4j7xHhg7WjnD+k/sLwOu1MNTKIF80yu8PeYDM6goHmI
NwLDXP12rnZ+Q8LH7G6n4+4uhti+j4X1o91YoxxcwVyY
-----END CERTIFICATE-----