Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/E7e35y8VRa_NLqlZKZ_ible1HR8.roa
File:                     E7e35y8VRa_NLqlZKZ_ible1HR8.roa (raw, json)
Hash identifier:          aMvh1Am0sWICcnc0dolOBM50AEFHdoeONJogVpbNjHE=
Subject key identifier:   13:B7:B7:E7:2F:15:45:AF:CD:2E:A9:59:29:9F:E2:6E:57:B5:1D:1F
Certificate issuer:       /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial:       019519A250D302919B21575ECF0EFD77170D
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/E7e35y8VRa_NLqlZKZ_ible1HR8.roa
Signing time:             Tue 18 Feb 2025 15:17:02 +0000
ROA not before:           Tue 18 Feb 2025 15:17:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201949
IP address blocks:        87.229.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 08:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:19:a2:50:d3:02:91:9b:21:57:5e:cf:0e:fd:77:17:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
        Validity
            Not Before: Feb 18 15:17:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=13b7b7e72f1545afcd2ea959299fe26e57b51d1f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:54:e4:af:29:71:b9:d3:96:64:1d:d6:f3:cd:
                    7e:cc:ef:c9:60:4a:4c:27:12:83:98:ae:00:84:0a:
                    d1:51:73:c5:eb:d4:a7:88:a1:d9:e6:a7:11:93:8e:
                    58:ef:4c:57:29:de:3e:cb:29:fd:64:d8:05:fa:a5:
                    83:0b:83:29:63:0f:07:29:16:6d:ac:83:29:2e:bb:
                    c1:27:dc:ff:8b:6d:e8:9f:94:84:58:24:53:59:57:
                    9d:44:98:a5:b8:26:86:44:08:9e:15:dc:b8:6b:b9:
                    cf:cc:04:82:39:83:ca:82:37:24:26:dc:e8:08:ac:
                    03:7d:c4:6a:da:ba:ed:cf:5e:ab:82:5c:e2:81:f1:
                    27:df:26:d8:72:52:9b:6a:b1:1a:6b:29:fa:0e:5b:
                    ac:e1:28:b3:cc:8d:56:ab:cd:3e:cb:ea:87:37:1b:
                    aa:4c:d4:4a:64:df:8d:29:ef:cd:fc:28:83:f9:47:
                    19:fc:d2:19:e6:08:c6:b4:c9:95:31:45:ce:67:24:
                    34:e6:37:aa:52:33:1f:cb:41:89:c2:38:ba:fb:e9:
                    9c:00:11:c7:29:38:a4:87:8e:fd:52:60:f7:ea:90:
                    1d:9b:a0:c7:d3:ab:35:5a:27:4b:31:d3:8f:81:9e:
                    e2:c8:cd:18:da:fc:73:56:37:8e:6c:8e:06:78:0b:
                    80:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                13:B7:B7:E7:2F:15:45:AF:CD:2E:A9:59:29:9F:E2:6E:57:B5:1D:1F
            X509v3 Authority Key Identifier:
                keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/E7e35y8VRa_NLqlZKZ_ible1HR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.229.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:75:4d:d6:d5:53:a7:c1:a0:82:c2:25:1a:da:e6:2c:17:19:
         07:d0:37:3b:a0:bc:a4:8f:9f:e0:23:9a:e0:87:3c:26:15:1e:
         18:9b:18:34:8f:14:f9:d9:7d:70:12:60:eb:2a:ed:9a:bf:6c:
         f1:3b:a3:22:de:76:fc:1e:0c:20:70:d9:6b:44:70:ab:5e:4d:
         71:35:23:19:51:8d:17:9b:db:cb:77:1b:1c:bb:d2:74:a8:96:
         9a:a9:d8:8e:c7:53:08:68:d5:30:39:03:33:32:85:7c:5e:dc:
         b2:9b:b1:46:98:d2:b2:e1:7b:5a:87:ac:25:0b:00:7f:94:56:
         35:0b:4c:7b:50:19:3a:52:3a:43:97:16:93:8c:f1:f7:54:4c:
         25:a9:9d:5f:f2:dc:6f:a2:8d:f4:22:ea:ef:d8:18:f4:2e:ca:
         09:21:f1:2e:63:e4:a9:b8:32:94:b1:d0:28:df:a9:8d:85:75:
         ab:45:0e:4b:2d:17:19:29:0e:e9:90:81:a0:ad:ef:28:04:6c:
         98:bb:b1:82:fd:4d:a7:04:52:dc:7b:b6:29:a1:94:d9:0c:d3:
         96:c1:50:dc:42:8f:be:17:38:30:35:c3:04:9f:6e:6d:a9:18:
         db:ee:4c:c4:5a:b3:2f:9f:27:ea:dc:b9:5c:df:d5:a5:cc:21:
         80:0f:44:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUZolDTApGbIVdezw79dxcNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjUwMjE4MTUxNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxM2I3YjdlNzJmMTU0NWFmY2QyZWE5NTkyOTlmZTI2ZTU3YjUxZDFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx1TkrylxudOWZB3W881+zO/JYEpM
JxKDmK4AhArRUXPF69SniKHZ5qcRk45Y70xXKd4+yyn9ZNgF+qWDC4MpYw8HKRZt
rIMpLrvBJ9z/i23on5SEWCRTWVedRJiluCaGRAieFdy4a7nPzASCOYPKgjckJtzo
CKwDfcRq2rrtz16rglzigfEn3ybYclKbarEaayn6Dlus4SizzI1Wq80+y+qHNxuq
TNRKZN+NKe/N/CiD+UcZ/NIZ5gjGtMmVMUXOZyQ05jeqUjMfy0GJwji6++mcABHH
KTikh479UmD36pAdm6DH06s1WidLMdOPgZ7iyM0Y2vxzVjeObI4GeAuAMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBO3t+cvFUWvzS6pWSmf4m5XtR0fMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvRTdlMzV5OFZSYV9OTHFsWktaX2libGUxSFI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+VkMA0G
CSqGSIb3DQEBCwUAA4IBAQCidU3W1VOnwaCCwiUa2uYsFxkH0Dc7oLykj5/gI5rg
hzwmFR4Ymxg0jxT52X1wEmDrKu2av2zxO6Mi3nb8HgwgcNlrRHCrXk1xNSMZUY0X
m9vLdxscu9J0qJaaqdiOx1MIaNUwOQMzMoV8Xtyym7FGmNKy4Xtah6wlCwB/lFY1
C0x7UBk6UjpDlxaTjPH3VEwlqZ1f8txvoo30Iurv2Bj0LsoJIfEuY+SpuDKUsdAo
36mNhXWrRQ5LLRcZKQ7pkIGgre8oBGyYu7GC/U2nBFLce7YpoZTZDNOWwVDcQo++
FzgwNcMEn25tqRjb7kzEWrMvnyfq3Llc39WlzCGAD0Qw
-----END CERTIFICATE-----