Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/300195-7e7b-4e99-a52d-caf4fa072682/1/7DjRNlYtbNd5bWrkd68Y0hn_S8U.roa
File:                     7DjRNlYtbNd5bWrkd68Y0hn_S8U.roa (raw, json)
Hash identifier:          cnlLc3cQObaHjRU9oZ4ntBC1caogWw9gydNQ78TPtE8=
Subject key identifier:   EC:38:D1:36:56:2D:6C:D7:79:6D:6A:E4:77:AF:18:D2:19:FF:4B:C5
Certificate issuer:       /CN=159ba29a75ae1325c0382fb484b321d68d154384
Certificate serial:       019763BF6812FB9CCA690F7F737167EAEE3B
Authority key identifier: 15:9B:A2:9A:75:AE:13:25:C0:38:2F:B4:84:B3:21:D6:8D:15:43:84
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FZuimnWuEyXAOC-0hLMh1o0VQ4Q.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/300195-7e7b-4e99-a52d-caf4fa072682/1/7DjRNlYtbNd5bWrkd68Y0hn_S8U.roa
Signing time:             Thu 12 Jun 2025 10:46:17 +0000
ROA not before:           Thu 12 Jun 2025 10:46:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62164
IP address blocks:        217.61.240.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/300195-7e7b-4e99-a52d-caf4fa072682/1/FZuimnWuEyXAOC-0hLMh1o0VQ4Q.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/300195-7e7b-4e99-a52d-caf4fa072682/1/FZuimnWuEyXAOC-0hLMh1o0VQ4Q.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FZuimnWuEyXAOC-0hLMh1o0VQ4Q.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:63:bf:68:12:fb:9c:ca:69:0f:7f:73:71:67:ea:ee:3b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=159ba29a75ae1325c0382fb484b321d68d154384
        Validity
            Not Before: Jun 12 10:46:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec38d136562d6cd7796d6ae477af18d219ff4bc5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:23:27:57:a8:4c:4c:fc:2c:e8:84:29:ce:4b:
                    d4:ba:91:e0:e5:ba:f2:35:87:e6:4d:e0:29:f4:2d:
                    2a:cb:87:b4:aa:fe:75:b1:0e:63:ac:21:06:b9:20:
                    b8:45:91:ab:2e:d4:e3:11:6f:a3:32:b8:29:fd:37:
                    af:da:75:76:11:fe:1f:75:73:32:70:31:d4:c2:d6:
                    40:3a:07:5e:eb:3f:7c:e0:79:06:f2:71:98:38:fb:
                    e7:62:63:64:8d:87:99:85:dc:42:1f:1e:1d:94:42:
                    87:9a:61:36:6f:5b:58:1d:60:f3:58:0d:b9:8a:b0:
                    de:fc:78:65:23:05:ce:69:dd:2c:03:ce:4c:49:fb:
                    dc:72:a6:a4:c9:90:d3:dd:f0:6f:d3:32:3d:80:7a:
                    a9:64:11:92:ee:9d:eb:3d:d2:6c:5c:92:0d:b8:88:
                    01:7a:1d:06:0a:33:aa:e5:b8:75:49:4e:b8:bc:5a:
                    55:98:68:79:ca:d7:bb:96:85:58:89:61:2c:ee:d9:
                    40:c1:d7:d6:da:e1:1f:7b:8f:d3:13:22:21:8f:5d:
                    8a:5b:dc:f6:bc:60:eb:80:70:b9:38:6a:7d:aa:0c:
                    db:ec:5c:33:bc:cb:b4:3e:55:93:28:51:d7:e2:32:
                    82:36:1c:74:6b:30:f2:c1:64:e3:95:c9:cc:e8:29:
                    22:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:38:D1:36:56:2D:6C:D7:79:6D:6A:E4:77:AF:18:D2:19:FF:4B:C5
            X509v3 Authority Key Identifier:
                keyid:15:9B:A2:9A:75:AE:13:25:C0:38:2F:B4:84:B3:21:D6:8D:15:43:84

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FZuimnWuEyXAOC-0hLMh1o0VQ4Q.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/300195-7e7b-4e99-a52d-caf4fa072682/1/7DjRNlYtbNd5bWrkd68Y0hn_S8U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/300195-7e7b-4e99-a52d-caf4fa072682/1/FZuimnWuEyXAOC-0hLMh1o0VQ4Q.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  217.61.240.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:a9:fb:1f:c9:77:84:72:f6:ec:2c:a2:f3:76:5d:8d:af:68:
         c5:03:d6:bb:6f:b8:9e:80:e5:ae:e2:21:21:d3:3b:52:af:d8:
         92:9e:20:2d:fb:8d:e0:ff:5f:94:68:68:ca:e6:8d:e7:cf:32:
         48:12:32:66:a9:26:39:11:2b:00:32:c8:6d:50:56:5a:89:e1:
         29:eb:17:0c:9b:6a:38:f8:d3:24:95:09:21:a8:dc:4c:16:de:
         9e:2d:10:10:b5:cf:d3:b4:bb:06:f2:85:a9:4b:4c:6e:b3:40:
         00:b2:5a:91:03:2f:4a:cd:57:1b:d1:7a:31:db:25:fa:50:a7:
         87:6b:49:38:94:0a:4b:d1:85:64:02:98:02:78:c6:30:f3:ec:
         1e:4d:4d:6d:bb:ef:4e:47:1c:04:5b:6c:aa:db:3f:4b:70:6e:
         f8:23:81:c6:10:57:3f:68:8f:b3:cb:3d:84:24:15:a3:b3:6c:
         92:8a:07:ce:53:cf:17:19:2c:29:0c:e7:c1:b3:f0:d5:cf:45:
         cd:20:f1:40:c4:d5:59:97:ed:75:00:21:dd:74:e5:99:ad:93:
         79:1e:5a:14:53:70:ef:39:eb:57:10:1c:fd:87:0e:f8:f5:2b:
         22:4a:d1:a4:0f:df:6e:53:33:3a:dc:ce:73:bd:55:a2:48:ef:
         3a:28:53:97
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdjv2gS+5zKaQ9/c3Fn6u47MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1OWJhMjlhNzVhZTEzMjVjMDM4MmZiNDg0YjMyMWQ2OGQx
NTQzODQwHhcNMjUwNjEyMTA0NjE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzM4ZDEzNjU2MmQ2Y2Q3Nzk2ZDZhZTQ3N2FmMThkMjE5ZmY0YmM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCMnV6hMTPws6IQpzkvUupHg5bry
NYfmTeAp9C0qy4e0qv51sQ5jrCEGuSC4RZGrLtTjEW+jMrgp/Tev2nV2Ef4fdXMy
cDHUwtZAOgde6z984HkG8nGYOPvnYmNkjYeZhdxCHx4dlEKHmmE2b1tYHWDzWA25
irDe/HhlIwXOad0sA85MSfvccqakyZDT3fBv0zI9gHqpZBGS7p3rPdJsXJINuIgB
eh0GCjOq5bh1SU64vFpVmGh5yte7loVYiWEs7tlAwdfW2uEfe4/TEyIhj12KW9z2
vGDrgHC5OGp9qgzb7FwzvMu0PlWTKFHX4jKCNhx0azDywWTjlcnM6CkiTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOw40TZWLWzXeW1q5HevGNIZ/0vFMB8GA1UdIwQY
MBaAFBWbopp1rhMlwDgvtISzIdaNFUOEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlp1aW1uV3VFeVhBT0MtMGhMTWgxbzBWUTRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS8zMDAxOTUtN2U3Yi00ZTk5LWE1MmQt
Y2FmNGZhMDcyNjgyLzEvN0RqUk5sWXRiTmQ1Yldya2Q2OFkwaG5fUzhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS8zMDAxOTUtN2U3Yi00ZTk5LWE1MmQtY2FmNGZhMDcyNjgy
LzEvRlp1aW1uV3VFeVhBT0MtMGhMTWgxbzBWUTRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA2T3wMA0G
CSqGSIb3DQEBCwUAA4IBAQCTqfsfyXeEcvbsLKLzdl2Nr2jFA9a7b7iegOWu4iEh
0ztSr9iSniAt+43g/1+UaGjK5o3nzzJIEjJmqSY5ESsAMshtUFZaieEp6xcMm2o4
+NMklQkhqNxMFt6eLRAQtc/TtLsG8oWpS0xus0AAslqRAy9KzVcb0Xox2yX6UKeH
a0k4lApL0YVkApgCeMYw8+weTU1tu+9ORxwEW2yq2z9LcG74I4HGEFc/aI+zyz2E
JBWjs2ySigfOU88XGSwpDOfBs/DVz0XNIPFAxNVZl+11ACHddOWZrZN5HloUU3Dv
OetXEBz9hw749SsiStGkD99uUzM63M5zvVWiSO86KFOX
-----END CERTIFICATE-----