Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/7mKsLxZ1YUursivxbDFLaTJwj3E.roa
File:                     7mKsLxZ1YUursivxbDFLaTJwj3E.roa (raw, json)
Hash identifier:          FPzsPJGqWdwrFvseNY78lYszDWnEn2Sc/ADORiyM6K8=
Subject key identifier:   EE:62:AC:2F:16:75:61:4B:AB:B2:2B:F1:6C:31:4B:69:32:70:8F:71
Certificate issuer:       /CN=a7c7544e8b482d2311903706eed724049fe385bf
Certificate serial:       01942143D0AA908257E1A06A4D750772274F
Authority key identifier: A7:C7:54:4E:8B:48:2D:23:11:90:37:06:EE:D7:24:04:9F:E3:85:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/p8dUTotILSMRkDcG7tckBJ_jhb8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/7mKsLxZ1YUursivxbDFLaTJwj3E.roa
Signing time:             Wed 01 Jan 2025 09:47:59 +0000
ROA not before:           Wed 01 Jan 2025 09:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211141
IP address blocks:        185.120.182.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/p8dUTotILSMRkDcG7tckBJ_jhb8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/p8dUTotILSMRkDcG7tckBJ_jhb8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/p8dUTotILSMRkDcG7tckBJ_jhb8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:d0:aa:90:82:57:e1:a0:6a:4d:75:07:72:27:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a7c7544e8b482d2311903706eed724049fe385bf
        Validity
            Not Before: Jan  1 09:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee62ac2f1675614babb22bf16c314b6932708f71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:ce:41:e2:41:35:33:3a:20:4c:93:88:31:fc:
                    59:fd:d6:4d:d4:ba:a0:8f:69:e1:03:54:e9:37:15:
                    7c:6e:10:39:2a:40:e5:2e:7c:8d:03:9b:2b:8f:e0:
                    be:25:2e:58:7d:cc:8f:22:28:24:6a:a6:6f:b7:78:
                    20:de:2e:10:54:50:bd:36:41:a4:c0:6b:ed:58:93:
                    dc:98:92:16:2f:2d:11:46:2c:a9:32:5c:cd:6b:54:
                    dd:27:a4:4f:f7:47:57:5c:91:59:e9:96:1f:96:22:
                    2c:63:5b:c1:10:41:16:f5:b8:67:89:47:98:64:4b:
                    3c:c1:28:a1:0f:c1:3e:6a:a0:e5:6a:23:1a:a8:06:
                    ce:60:11:51:d9:eb:57:76:47:15:80:2b:37:6b:43:
                    10:b1:85:37:14:84:b1:12:9d:24:de:2c:a8:db:8f:
                    1a:64:57:33:65:62:c4:54:fa:59:8a:4d:62:16:03:
                    23:cf:66:dc:f4:fb:49:b8:bb:9c:58:ce:b6:94:de:
                    55:6a:7c:a9:c3:62:c6:3c:d3:d8:49:a6:98:ac:d8:
                    a6:d0:e5:54:56:b4:cc:03:ca:b1:71:34:27:e2:de:
                    b8:0d:29:13:e3:21:5b:79:5e:06:a0:c4:7a:c9:cb:
                    b8:f3:5f:62:59:87:4b:cf:b4:53:19:af:2c:a9:6d:
                    8f:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:62:AC:2F:16:75:61:4B:AB:B2:2B:F1:6C:31:4B:69:32:70:8F:71
            X509v3 Authority Key Identifier:
                keyid:A7:C7:54:4E:8B:48:2D:23:11:90:37:06:EE:D7:24:04:9F:E3:85:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/p8dUTotILSMRkDcG7tckBJ_jhb8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/7mKsLxZ1YUursivxbDFLaTJwj3E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/2d5960-c66d-42df-95d2-4052450c90a9/1/p8dUTotILSMRkDcG7tckBJ_jhb8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.182.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:91:e2:8c:b4:3c:bd:20:eb:95:c3:56:c3:c6:a8:2c:e4:02:
         fc:b2:54:f6:5f:8d:10:43:5a:8c:bf:b5:33:50:b9:d8:a7:db:
         7e:70:19:c4:2c:0d:dd:97:24:b8:cf:32:d2:fb:e5:65:ed:6b:
         82:68:1f:61:15:1b:b4:77:07:82:f3:dc:3d:7f:df:58:73:d7:
         f3:c7:8d:fa:f8:70:0f:e1:de:96:88:3e:0f:52:a3:80:04:f6:
         50:1a:e4:46:4d:3c:d0:a4:9c:c9:fa:c1:06:71:e5:52:73:45:
         c9:c6:0f:86:1e:92:50:56:ec:8e:b7:d3:68:38:6e:b8:43:99:
         5c:31:39:b1:a7:f6:dd:c6:df:af:ee:2a:85:27:9f:c2:46:19:
         d8:b8:a8:32:83:ae:f2:54:94:94:b5:c6:4b:f4:0b:4f:27:ca:
         02:94:c5:ef:4b:83:28:ce:d3:58:b1:2a:62:80:38:e4:e3:95:
         41:de:cb:43:d2:71:b5:0b:09:36:86:e3:28:65:b7:5b:8f:ae:
         50:aa:71:80:52:9e:6e:fc:9e:51:d6:96:e1:c0:12:2b:fa:68:
         8c:07:e5:78:b0:ae:42:01:ca:0e:c8:89:80:8a:0d:44:e6:99:
         b3:86:26:ba:9e:3c:17:fb:fb:89:8e:fa:c8:cb:04:b4:b1:06:
         5e:de:1e:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ9CqkIJX4aBqTXUHcidPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE3Yzc1NDRlOGI0ODJkMjMxMTkwMzcwNmVlZDcyNDA0OWZl
Mzg1YmYwHhcNMjUwMTAxMDk0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTYyYWMyZjE2NzU2MTRiYWJiMjJiZjE2YzMxNGI2OTMyNzA4ZjcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk85B4kE1MzogTJOIMfxZ/dZN1Lqg
j2nhA1TpNxV8bhA5KkDlLnyNA5srj+C+JS5YfcyPIigkaqZvt3gg3i4QVFC9NkGk
wGvtWJPcmJIWLy0RRiypMlzNa1TdJ6RP90dXXJFZ6ZYfliIsY1vBEEEW9bhniUeY
ZEs8wSihD8E+aqDlaiMaqAbOYBFR2etXdkcVgCs3a0MQsYU3FISxEp0k3iyo248a
ZFczZWLEVPpZik1iFgMjz2bc9PtJuLucWM62lN5Vanypw2LGPNPYSaaYrNim0OVU
VrTMA8qxcTQn4t64DSkT4yFbeV4GoMR6ycu4819iWYdLz7RTGa8sqW2PSQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5irC8WdWFLq7Ir8WwxS2kycI9xMB8GA1UdIwQY
MBaAFKfHVE6LSC0jEZA3Bu7XJASf44W/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcDhkVVRvdElMU01Sa0RjRzd0Y2tCSl9qaGI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC8yZDU5NjAtYzY2ZC00MmRmLTk1ZDIt
NDA1MjQ1MGM5MGE5LzEvN21Lc0x4WjFZVXVyc2l2eGJERkxhVEp3ajNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC8yZDU5NjAtYzY2ZC00MmRmLTk1ZDItNDA1MjQ1MGM5MGE5
LzEvcDhkVVRvdElMU01Sa0RjRzd0Y2tCSl9qaGI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXi2MA0G
CSqGSIb3DQEBCwUAA4IBAQBEkeKMtDy9IOuVw1bDxqgs5AL8slT2X40QQ1qMv7Uz
ULnYp9t+cBnELA3dlyS4zzLS++Vl7WuCaB9hFRu0dweC89w9f99Yc9fzx436+HAP
4d6WiD4PUqOABPZQGuRGTTzQpJzJ+sEGceVSc0XJxg+GHpJQVuyOt9NoOG64Q5lc
MTmxp/bdxt+v7iqFJ5/CRhnYuKgyg67yVJSUtcZL9AtPJ8oClMXvS4MoztNYsSpi
gDjk45VB3stD0nG1Cwk2huMoZbdbj65QqnGAUp5u/J5R1pbhwBIr+miMB+V4sK5C
AcoOyImAig1E5pmzhia6njwX+/uJjvrIywS0sQZe3h7W
-----END CERTIFICATE-----