Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/7pl-SuA3Gp3HIl0-4oO-hbqh1VI.roa
File:                     7pl-SuA3Gp3HIl0-4oO-hbqh1VI.roa (raw, json)
Hash identifier:          1NAj5UfDOdJhzCucpweNiw3LcFLBqoVu4h4q4LN/d2E=
Subject key identifier:   EE:99:7E:4A:E0:37:1A:9D:C7:22:5D:3E:E2:83:BE:85:BA:A1:D5:52
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0196CD2DC30C4D9A42B087FA688DB5F5EEB6
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/7pl-SuA3Gp3HIl0-4oO-hbqh1VI.roa
Signing time:             Wed 14 May 2025 05:04:10 +0000
ROA not before:           Wed 14 May 2025 05:04:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210618
IP address blocks:        85.153.208.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 13 Jun 2025 10:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:cd:2d:c3:0c:4d:9a:42:b0:87:fa:68:8d:b5:f5:ee:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: May 14 05:04:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee997e4ae0371a9dc7225d3ee283be85baa1d552
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:83:7b:5f:0e:36:ac:d7:36:c1:50:87:17:63:
                    e7:14:50:93:da:89:c6:0e:79:13:ec:e5:4c:fe:c1:
                    19:2a:2e:fa:da:c9:3f:7d:80:90:7a:f3:b1:06:85:
                    27:54:69:c2:94:75:86:ba:6c:c3:01:87:15:1d:5f:
                    62:ea:e7:e3:30:4c:fa:95:d6:dd:cc:35:97:cb:b6:
                    bd:1b:de:dd:18:3b:a2:2f:a4:cd:b4:06:2e:f2:1d:
                    95:c7:5d:0a:1c:65:dc:28:9c:51:f0:2d:02:07:5b:
                    ed:10:07:33:75:6b:47:03:89:2f:2c:bc:90:8a:d4:
                    bf:76:9e:ba:eb:1d:d7:b8:d2:aa:bc:85:ca:f4:69:
                    a3:2f:86:1a:67:7b:e5:36:b1:8f:6c:d4:77:e7:06:
                    62:9f:65:9a:45:f9:5b:8d:34:a4:ad:02:60:3a:84:
                    a8:8f:e4:5f:0b:8e:49:2a:79:1d:fc:ce:4a:96:b0:
                    8d:a6:ed:c9:6a:24:52:17:d7:eb:d6:7e:d1:4c:3a:
                    a4:38:3f:04:a2:ff:eb:ce:3e:89:e7:9e:31:a9:e5:
                    3a:cb:90:b4:a3:dc:b1:9e:a2:0c:e9:8e:c9:6f:a8:
                    94:66:7f:32:83:e5:04:e3:ca:9d:52:92:41:30:bf:
                    c6:7a:a2:77:ee:a8:be:30:87:6e:69:cd:ed:dc:a4:
                    09:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:99:7E:4A:E0:37:1A:9D:C7:22:5D:3E:E2:83:BE:85:BA:A1:D5:52
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/7pl-SuA3Gp3HIl0-4oO-hbqh1VI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.153.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:0e:46:78:c0:87:8c:26:e3:f3:ed:87:26:99:09:e3:34:fa:
         2d:00:ac:6e:ff:cd:f6:20:f3:4b:17:a5:04:89:d2:50:25:a5:
         db:66:4d:cb:82:a8:db:c3:b3:ec:17:08:64:c8:d6:0d:61:e9:
         e2:fe:09:46:8d:ff:b0:b6:98:a3:03:77:15:a2:ab:6f:96:2b:
         5c:0a:73:6f:6c:e9:ca:2a:1d:7b:7a:e6:29:89:92:2b:63:9d:
         75:75:db:a4:dd:dc:80:56:f2:79:53:0f:a6:b5:ea:35:d2:d5:
         f3:97:28:06:40:98:35:6f:6a:ef:a5:c7:24:ec:2c:90:81:48:
         82:46:5e:4d:40:cb:c7:43:42:f6:5b:39:76:32:34:13:0c:ef:
         4a:1d:35:0b:15:67:1a:1c:54:4b:37:89:91:bf:8f:0a:1e:6f:
         62:02:2d:8d:b2:4d:35:ed:c2:c0:7c:12:a1:8a:c6:14:5e:06:
         eb:c8:65:ea:49:39:af:f1:0e:19:d7:37:6a:d7:26:0b:aa:4d:
         d8:ff:bd:1d:c5:35:05:84:d2:70:de:67:21:da:88:31:5c:59:
         be:ef:39:c2:07:c5:1d:21:c9:bf:0d:49:a0:d9:50:00:e4:99:
         d3:e7:e0:a3:1c:cd:87:9b:1b:56:1e:29:d9:a7:b1:b9:c9:8f:
         60:30:ed:5c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbNLcMMTZpCsIf6aI219e62MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwNTE0MDUwNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTk5N2U0YWUwMzcxYTlkYzcyMjVkM2VlMjgzYmU4NWJhYTFkNTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8oN7Xw42rNc2wVCHF2PnFFCT2onG
DnkT7OVM/sEZKi762sk/fYCQevOxBoUnVGnClHWGumzDAYcVHV9i6ufjMEz6ldbd
zDWXy7a9G97dGDuiL6TNtAYu8h2Vx10KHGXcKJxR8C0CB1vtEAczdWtHA4kvLLyQ
itS/dp666x3XuNKqvIXK9GmjL4YaZ3vlNrGPbNR35wZin2WaRflbjTSkrQJgOoSo
j+RfC45JKnkd/M5KlrCNpu3JaiRSF9fr1n7RTDqkOD8Eov/rzj6J554xqeU6y5C0
o9yxnqIM6Y7Jb6iUZn8yg+UE48qdUpJBML/GeqJ37qi+MIduac3t3KQJZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO6ZfkrgNxqdxyJdPuKDvoW6odVSMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvN3BsLVN1QTNHcDNISWwwLTRvTy1oYnFoMVZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVZnQMA0G
CSqGSIb3DQEBCwUAA4IBAQCLDkZ4wIeMJuPz7YcmmQnjNPotAKxu/832IPNLF6UE
idJQJaXbZk3Lgqjbw7PsFwhkyNYNYeni/glGjf+wtpijA3cVoqtvlitcCnNvbOnK
Kh17euYpiZIrY511dduk3dyAVvJ5Uw+mteo10tXzlygGQJg1b2rvpcck7CyQgUiC
Rl5NQMvHQ0L2Wzl2MjQTDO9KHTULFWcaHFRLN4mRv48KHm9iAi2Nsk017cLAfBKh
isYUXgbryGXqSTmv8Q4Z1zdq1yYLqk3Y/70dxTUFhNJw3mch2ogxXFm+7znCB8Ud
Icm/DUmg2VAA5JnT5+CjHM2HmxtWHinZp7G5yY9gMO1c
-----END CERTIFICATE-----
Generated at Thu Jun 12 16:38:46 2025 by rpki-client