Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/61/8c9f19-a700-4832-be21-b0d5e8be853c/1/7dpbzZX7eYfnBG7vQSonxLufldI.roa
File:                     7dpbzZX7eYfnBG7vQSonxLufldI.roa (raw, json)
Hash identifier:          MAdnQYRbZ0ATJEdytmIxDRxyJPZ/GK0bSNF0Uiu38tw=
Subject key identifier:   ED:DA:5B:CD:95:FB:79:87:E7:04:6E:EF:41:2A:27:C4:BB:9F:95:D2
Certificate issuer:       /CN=e4457636e5ad66e1f0fbb2c10df29095e63e992f
Certificate serial:       019424B2C732CB8CD17C45BBE51BF86C72EC
Authority key identifier: E4:45:76:36:E5:AD:66:E1:F0:FB:B2:C1:0D:F2:90:95:E6:3E:99:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5EV2NuWtZuHw-7LBDfKQleY-mS8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/61/8c9f19-a700-4832-be21-b0d5e8be853c/1/7dpbzZX7eYfnBG7vQSonxLufldI.roa
Signing time:             Thu 02 Jan 2025 01:48:03 +0000
ROA not before:           Thu 02 Jan 2025 01:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210780
IP address blocks:        185.252.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/61/8c9f19-a700-4832-be21-b0d5e8be853c/1/5EV2NuWtZuHw-7LBDfKQleY-mS8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/61/8c9f19-a700-4832-be21-b0d5e8be853c/1/5EV2NuWtZuHw-7LBDfKQleY-mS8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5EV2NuWtZuHw-7LBDfKQleY-mS8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:c7:32:cb:8c:d1:7c:45:bb:e5:1b:f8:6c:72:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e4457636e5ad66e1f0fbb2c10df29095e63e992f
        Validity
            Not Before: Jan  2 01:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=edda5bcd95fb7987e7046eef412a27c4bb9f95d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e9:2f:a3:1e:4e:ca:92:56:45:0e:dd:dc:1a:
                    a8:1d:a3:60:94:d5:35:6a:dd:2b:20:ca:2a:c4:c6:
                    e4:26:0e:0c:71:3d:1d:03:36:c2:59:42:8d:8d:01:
                    3e:11:87:3d:4e:7d:e0:52:3d:a6:43:b6:7b:21:f4:
                    28:b9:59:74:2c:1c:38:3b:06:4c:ea:08:3a:20:20:
                    59:09:22:f6:69:47:56:1f:a0:f3:73:64:6d:85:52:
                    5e:83:ba:5c:b1:1d:25:83:2c:01:53:85:79:6a:b3:
                    99:13:25:70:d2:64:91:fe:ec:28:2a:00:de:dd:c3:
                    7d:2a:8c:ff:ed:6e:fa:06:04:30:a7:7c:5a:1c:bb:
                    9a:46:0b:18:23:2d:14:51:09:4d:f4:2f:19:49:47:
                    35:7b:ed:a1:7b:91:f3:fb:94:cd:0c:95:eb:f8:77:
                    72:7f:42:5a:f1:32:0b:cc:3c:7b:23:f2:79:e1:dc:
                    a8:50:d4:7f:0b:05:4f:7e:5d:85:d1:d4:34:8a:44:
                    80:a1:35:45:c7:59:d1:62:ce:34:53:01:39:e2:79:
                    79:56:4c:2c:59:a2:cd:5c:ec:97:16:6d:d6:40:e6:
                    6b:9c:92:ac:57:0b:e4:30:54:8c:0e:dd:7f:60:42:
                    71:5e:9a:d2:15:e7:a2:2b:e8:0a:fa:37:49:49:c4:
                    52:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:DA:5B:CD:95:FB:79:87:E7:04:6E:EF:41:2A:27:C4:BB:9F:95:D2
            X509v3 Authority Key Identifier:
                keyid:E4:45:76:36:E5:AD:66:E1:F0:FB:B2:C1:0D:F2:90:95:E6:3E:99:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5EV2NuWtZuHw-7LBDfKQleY-mS8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/61/8c9f19-a700-4832-be21-b0d5e8be853c/1/7dpbzZX7eYfnBG7vQSonxLufldI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/61/8c9f19-a700-4832-be21-b0d5e8be853c/1/5EV2NuWtZuHw-7LBDfKQleY-mS8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.252.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:de:71:c4:2b:23:7b:fe:cb:0f:83:55:a6:d6:56:21:fb:de:
         03:4c:7f:b5:44:14:78:72:67:1b:d6:56:e5:e1:b4:fe:40:32:
         ba:c1:bc:e4:2e:94:e1:d5:51:7e:e1:7b:ce:e1:38:e7:49:5a:
         b3:c5:fb:60:9b:8d:4a:60:e6:a5:aa:27:1e:b2:fe:06:e1:09:
         3d:46:6b:4b:93:aa:58:a4:fa:b2:b6:3a:e6:19:dc:7b:92:96:
         55:0e:7c:50:21:ad:1c:0d:33:c2:78:68:4e:34:ca:cf:fe:a4:
         07:73:e4:c2:fe:81:2f:12:3a:a8:aa:1c:30:a9:20:cd:d6:2f:
         c3:6b:b2:4a:80:58:fd:8b:55:d2:cf:8d:07:45:65:30:b9:0d:
         3f:45:51:a1:37:fd:ec:14:e7:4e:e5:a6:9b:7e:c6:4b:30:2e:
         fe:25:2d:75:aa:ac:ee:13:92:a4:98:e8:27:39:54:1f:b6:41:
         7b:a4:54:97:ef:c3:2c:f7:07:8a:79:d4:4f:ac:ab:71:30:43:
         b6:9c:ba:78:64:da:eb:7b:8e:eb:51:98:c9:89:40:fc:fa:77:
         10:72:07:6b:b9:8c:11:d5:f0:13:0e:da:66:c0:35:19:26:58:
         1c:0c:90:e7:16:7e:4a:58:16:58:05:56:82:b7:b1:f1:2a:8f:
         09:2e:6c:69
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQksscyy4zRfEW75Rv4bHLsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0NDU3NjM2ZTVhZDY2ZTFmMGZiYjJjMTBkZjI5MDk1ZTYz
ZTk5MmYwHhcNMjUwMTAyMDE0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGRhNWJjZDk1ZmI3OTg3ZTcwNDZlZWY0MTJhMjdjNGJiOWY5NWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnukvox5OypJWRQ7d3BqoHaNglNU1
at0rIMoqxMbkJg4McT0dAzbCWUKNjQE+EYc9Tn3gUj2mQ7Z7IfQouVl0LBw4OwZM
6gg6ICBZCSL2aUdWH6Dzc2RthVJeg7pcsR0lgywBU4V5arOZEyVw0mSR/uwoKgDe
3cN9Koz/7W76BgQwp3xaHLuaRgsYIy0UUQlN9C8ZSUc1e+2he5Hz+5TNDJXr+Hdy
f0Ja8TILzDx7I/J54dyoUNR/CwVPfl2F0dQ0ikSAoTVFx1nRYs40UwE54nl5Vkws
WaLNXOyXFm3WQOZrnJKsVwvkMFSMDt1/YEJxXprSFeeiK+gK+jdJScRSmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO3aW82V+3mH5wRu70EqJ8S7n5XSMB8GA1UdIwQY
MBaAFORFdjblrWbh8PuywQ3ykJXmPpkvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUVWMk51V3RadUh3LTdMQkRmS1FsZVktbVM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MS84YzlmMTktYTcwMC00ODMyLWJlMjEt
YjBkNWU4YmU4NTNjLzEvN2RwYnpaWDdlWWZuQkc3dlFTb254THVmbGRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MS84YzlmMTktYTcwMC00ODMyLWJlMjEtYjBkNWU4YmU4NTNj
LzEvNUVWMk51V3RadUh3LTdMQkRmS1FsZVktbVM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufzWMA0G
CSqGSIb3DQEBCwUAA4IBAQB13nHEKyN7/ssPg1Wm1lYh+94DTH+1RBR4cmcb1lbl
4bT+QDK6wbzkLpTh1VF+4XvO4TjnSVqzxftgm41KYOalqicesv4G4Qk9RmtLk6pY
pPqytjrmGdx7kpZVDnxQIa0cDTPCeGhONMrP/qQHc+TC/oEvEjqoqhwwqSDN1i/D
a7JKgFj9i1XSz40HRWUwuQ0/RVGhN/3sFOdO5aabfsZLMC7+JS11qqzuE5KkmOgn
OVQftkF7pFSX78Ms9weKedRPrKtxMEO2nLp4ZNrre47rUZjJiUD8+ncQcgdruYwR
1fATDtpmwDUZJlgcDJDnFn5KWBZYBVaCt7HxKo8JLmxp
-----END CERTIFICATE-----