Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/f8cda4-c818-4dc0-b605-163247eb0e07/1/F7_d7fgliowGPaZRFZI34xcsDus.roa
File:                     F7_d7fgliowGPaZRFZI34xcsDus.roa (raw, json)
Hash identifier:          +yscUhU7PFr7qP/8wMXAL6pAA3Z7ru6wJfgIp1yHZlI=
Subject key identifier:   17:BF:DD:ED:F8:25:8A:8C:06:3D:A6:51:15:92:37:E3:17:2C:0E:EB
Certificate issuer:       /CN=22f35c611c29234bf4b40b35990ddfa293a537f9
Certificate serial:       019425FD3BC35EC586CBFF44F8DDF604A082
Authority key identifier: 22:F3:5C:61:1C:29:23:4B:F4:B4:0B:35:99:0D:DF:A2:93:A5:37:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IvNcYRwpI0v0tAs1mQ3fopOlN_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/54/f8cda4-c818-4dc0-b605-163247eb0e07/1/F7_d7fgliowGPaZRFZI34xcsDus.roa
Signing time:             Thu 02 Jan 2025 07:49:00 +0000
ROA not before:           Thu 02 Jan 2025 07:49:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48492
IP address blocks:        185.75.224.0/22 maxlen: 24
                          185.181.108.0/22 maxlen: 24
                          2a0d:4f00::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/54/f8cda4-c818-4dc0-b605-163247eb0e07/1/IvNcYRwpI0v0tAs1mQ3fopOlN_k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/54/f8cda4-c818-4dc0-b605-163247eb0e07/1/IvNcYRwpI0v0tAs1mQ3fopOlN_k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IvNcYRwpI0v0tAs1mQ3fopOlN_k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:3b:c3:5e:c5:86:cb:ff:44:f8:dd:f6:04:a0:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22f35c611c29234bf4b40b35990ddfa293a537f9
        Validity
            Not Before: Jan  2 07:49:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17bfddedf8258a8c063da651159237e3172c0eeb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:7f:6e:7e:b7:bf:98:11:1e:81:3e:9f:1a:82:
                    ac:11:d8:3b:f8:fd:92:b8:51:88:41:82:fe:52:8b:
                    bb:48:89:eb:bb:66:6f:5a:28:7b:66:9f:42:6e:ae:
                    23:5f:bc:ef:62:f9:29:2c:24:49:f8:81:f0:11:25:
                    17:cb:0f:0b:ee:80:a2:c7:af:51:50:e3:f7:c7:f9:
                    28:2f:14:89:b0:d6:ae:b5:57:af:7d:92:2d:bb:bc:
                    5b:34:bc:97:d8:a6:05:eb:a2:da:3e:88:66:ca:4b:
                    8f:54:66:b5:f0:61:1c:ca:f7:fd:66:74:eb:3c:a1:
                    0b:30:18:af:37:c3:09:2f:e3:f5:c4:10:ca:6d:22:
                    ca:6e:20:50:8d:df:42:98:b9:f9:70:15:c2:1a:31:
                    75:60:66:38:3a:a2:09:00:76:d1:83:eb:4f:2a:1d:
                    b6:31:e6:01:b5:51:82:5e:83:ad:7c:06:8d:86:06:
                    a3:b6:61:fb:c7:28:36:84:ed:0e:a5:5c:cf:7f:4e:
                    4f:35:96:32:24:7d:bb:23:49:4c:55:23:26:2d:06:
                    0b:57:6c:bc:69:39:2f:49:61:2d:05:4f:61:3d:71:
                    37:60:17:bf:09:fa:7d:c6:c6:7d:8a:71:78:98:98:
                    33:39:49:ad:84:41:d3:c5:24:e2:62:1f:70:8c:10:
                    4b:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:BF:DD:ED:F8:25:8A:8C:06:3D:A6:51:15:92:37:E3:17:2C:0E:EB
            X509v3 Authority Key Identifier:
                keyid:22:F3:5C:61:1C:29:23:4B:F4:B4:0B:35:99:0D:DF:A2:93:A5:37:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IvNcYRwpI0v0tAs1mQ3fopOlN_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/f8cda4-c818-4dc0-b605-163247eb0e07/1/F7_d7fgliowGPaZRFZI34xcsDus.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/54/f8cda4-c818-4dc0-b605-163247eb0e07/1/IvNcYRwpI0v0tAs1mQ3fopOlN_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.224.0/22
                  185.181.108.0/22
                IPv6:
                  2a0d:4f00::/29

    Signature Algorithm: sha256WithRSAEncryption
         7c:14:5b:1a:5c:ad:4b:93:39:1f:fd:49:b4:a7:d3:9a:c9:f7:
         1a:c0:87:8e:aa:de:ef:82:d2:65:d0:82:d9:d7:a9:7e:6b:f8:
         2f:63:08:a8:1f:b8:43:9e:f8:58:94:2d:90:d0:dc:b3:58:38:
         3a:f9:6e:85:de:b6:45:52:9f:38:26:e8:84:2c:9f:35:96:98:
         f9:92:66:aa:ae:1b:df:50:f3:5f:78:ee:08:16:31:cb:27:e7:
         c8:17:d7:6d:ec:e5:71:fc:bb:a0:16:85:dd:4d:73:ad:4e:c5:
         01:b0:64:16:d1:66:ee:3e:d6:65:84:cf:89:01:94:50:69:7c:
         2d:d8:a2:76:97:56:95:53:f5:35:e2:cf:90:a4:36:d4:0b:e5:
         68:ec:14:a9:b0:e7:02:5a:70:2d:94:8d:d1:27:95:00:26:5c:
         65:11:d2:ba:a8:78:41:f1:0c:f3:90:d3:15:ca:91:1a:0e:03:
         f9:41:a6:73:85:bd:79:64:5f:d8:c6:d1:0f:42:17:38:aa:fa:
         35:ec:ab:07:81:da:c1:5b:ab:c9:7b:48:12:8a:b0:32:08:50:
         8f:56:01:13:00:14:1b:2a:3c:d5:0c:18:28:24:d5:49:90:86:
         3b:a6:42:dc:59:c5:9e:59:32:1f:dc:28:31:83:f1:c4:62:df:
         37:ce:e1:03
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQl/TvDXsWGy/9E+N32BKCCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyZjM1YzYxMWMyOTIzNGJmNGI0MGIzNTk5MGRkZmEyOTNh
NTM3ZjkwHhcNMjUwMTAyMDc0OTAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2JmZGRlZGY4MjU4YThjMDYzZGE2NTExNTkyMzdlMzE3MmMwZWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzX9ufre/mBEegT6fGoKsEdg7+P2S
uFGIQYL+Uou7SInru2ZvWih7Zp9Cbq4jX7zvYvkpLCRJ+IHwESUXyw8L7oCix69R
UOP3x/koLxSJsNautVevfZItu7xbNLyX2KYF66LaPohmykuPVGa18GEcyvf9ZnTr
PKELMBivN8MJL+P1xBDKbSLKbiBQjd9CmLn5cBXCGjF1YGY4OqIJAHbRg+tPKh22
MeYBtVGCXoOtfAaNhgajtmH7xyg2hO0OpVzPf05PNZYyJH27I0lMVSMmLQYLV2y8
aTkvSWEtBU9hPXE3YBe/Cfp9xsZ9inF4mJgzOUmthEHTxSTiYh9wjBBLlQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFBe/3e34JYqMBj2mURWSN+MXLA7rMB8GA1UdIwQY
MBaAFCLzXGEcKSNL9LQLNZkN36KTpTf5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXZOY1lSd3BJMHYwdEFzMW1RM2ZvcE9sTl9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC9mOGNkYTQtYzgxOC00ZGMwLWI2MDUt
MTYzMjQ3ZWIwZTA3LzEvRjdfZDdmZ2xpb3dHUGFaUkZaSTM0eGNzRHVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC9mOGNkYTQtYzgxOC00ZGMwLWI2MDUtMTYzMjQ3ZWIwZTA3
LzEvSXZOY1lSd3BJMHYwdEFzMW1RM2ZvcE9sTl9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuUvgAwQC
ubVsMA0EAgACMAcDBQMqDU8AMA0GCSqGSIb3DQEBCwUAA4IBAQB8FFsaXK1Lkzkf
/Um0p9OayfcawIeOqt7vgtJl0ILZ16l+a/gvYwioH7hDnvhYlC2Q0NyzWDg6+W6F
3rZFUp84JuiELJ81lpj5kmaqrhvfUPNfeO4IFjHLJ+fIF9dt7OVx/LugFoXdTXOt
TsUBsGQW0WbuPtZlhM+JAZRQaXwt2KJ2l1aVU/U14s+QpDbUC+Vo7BSpsOcCWnAt
lI3RJ5UAJlxlEdK6qHhB8QzzkNMVypEaDgP5QaZzhb15ZF/YxtEPQhc4qvo17KsH
gdrBW6vJe0gSirAyCFCPVgETABQbKjzVDBgoJNVJkIY7pkLcWcWeWTIf3Cgxg/HE
Yt83zuED
-----END CERTIFICATE-----