Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/B7HcX8a5R4VJ0aJu7BcgMxsPGeM.roa
File:                     B7HcX8a5R4VJ0aJu7BcgMxsPGeM.roa (raw, json)
Hash identifier:          +dMXfXtmqoKsILaxrYWUxAUDipxnRmqzhhjRXeSfmOo=
Subject key identifier:   07:B1:DC:5F:C6:B9:47:85:49:D1:A2:6E:EC:17:20:33:1B:0F:19:E3
Certificate issuer:       /CN=5e23518faa9b94a42d1a3b4d9f63b974394d0662
Certificate serial:       0194228E0D0ED75BDE48216EB003B6C4D83E
Authority key identifier: 5E:23:51:8F:AA:9B:94:A4:2D:1A:3B:4D:9F:63:B9:74:39:4D:06:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/XiNRj6qblKQtGjtNn2O5dDlNBmI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/B7HcX8a5R4VJ0aJu7BcgMxsPGeM.roa
Signing time:             Wed 01 Jan 2025 15:48:42 +0000
ROA not before:           Wed 01 Jan 2025 15:48:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42865
IP address blocks:        185.10.209.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/XiNRj6qblKQtGjtNn2O5dDlNBmI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/XiNRj6qblKQtGjtNn2O5dDlNBmI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/XiNRj6qblKQtGjtNn2O5dDlNBmI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:0d:0e:d7:5b:de:48:21:6e:b0:03:b6:c4:d8:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5e23518faa9b94a42d1a3b4d9f63b974394d0662
        Validity
            Not Before: Jan  1 15:48:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=07b1dc5fc6b9478549d1a26eec1720331b0f19e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:b1:34:6f:48:86:1c:0a:84:dc:49:19:ea:e1:
                    0d:f3:1f:e3:0d:dc:3e:3c:3a:27:88:32:c4:a3:f6:
                    f9:b5:ce:18:5e:7d:aa:21:3b:2c:13:b4:6a:f5:3e:
                    69:46:d7:cb:3d:a5:e7:ec:2a:8d:84:78:44:dd:ac:
                    99:92:21:84:30:2d:90:48:46:2c:ca:83:10:be:f5:
                    30:35:c4:50:30:03:a2:6d:b1:b7:92:37:9c:c2:f9:
                    59:0d:f8:bf:42:f2:d5:07:cb:06:79:30:dd:34:34:
                    6b:d3:1b:27:17:45:9a:92:d9:46:5c:b2:d2:a1:b6:
                    0b:7d:18:0f:c6:b9:d2:ef:8e:93:5f:26:95:31:ba:
                    10:59:9d:68:e7:22:f7:6f:91:57:a2:65:b7:cf:3b:
                    8c:12:ff:e3:ba:b7:ed:c8:48:03:41:a3:72:e5:1b:
                    c4:4f:16:d0:dc:62:fa:3c:f3:bf:15:33:60:8f:bd:
                    62:e0:aa:14:24:20:82:98:c3:01:83:2b:3e:68:23:
                    46:fe:76:86:63:ef:fd:ff:bb:f2:9d:43:93:5f:eb:
                    dc:cd:c8:bc:e6:28:e7:b5:32:58:8d:a2:1d:8f:0f:
                    f6:90:cb:81:0a:de:d3:78:56:e0:6e:31:36:a7:31:
                    df:41:d4:43:aa:46:d4:3f:16:54:07:81:58:05:df:
                    81:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:B1:DC:5F:C6:B9:47:85:49:D1:A2:6E:EC:17:20:33:1B:0F:19:E3
            X509v3 Authority Key Identifier:
                keyid:5E:23:51:8F:AA:9B:94:A4:2D:1A:3B:4D:9F:63:B9:74:39:4D:06:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XiNRj6qblKQtGjtNn2O5dDlNBmI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/B7HcX8a5R4VJ0aJu7BcgMxsPGeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/414b36-eca9-4e22-aed5-a48ac31dbbf0/1/XiNRj6qblKQtGjtNn2O5dDlNBmI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.10.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:09:7a:df:c4:68:53:c5:6c:de:cd:89:f0:4f:98:40:b7:5f:
         e0:91:d0:97:62:72:fd:cb:02:9f:98:3e:7d:45:4f:4e:e9:de:
         cb:46:4f:46:63:e2:5f:e7:6b:7a:fe:20:b5:d8:91:7b:69:79:
         d8:dd:2a:ff:7d:0b:54:38:bd:3e:47:05:7e:6e:a6:71:b3:c5:
         e4:e0:fd:37:33:ee:ac:a5:9d:f6:27:b0:9c:9d:6a:ec:9b:12:
         af:b8:e8:61:a0:cf:d9:ec:84:fa:19:69:92:e2:e8:5a:5a:30:
         b3:f9:43:51:12:0e:75:11:b4:16:94:12:29:9b:bf:75:74:64:
         6e:e5:ff:36:15:00:3d:9e:78:9e:db:be:27:3d:72:96:19:52:
         06:28:62:c7:fb:fa:b3:c9:f7:90:5c:51:06:f3:cc:7a:e1:9d:
         9f:47:18:7e:e7:1c:c8:ab:47:8a:40:17:88:d0:7a:6a:f9:3e:
         e5:a7:f5:fb:ea:f3:5a:2f:2e:75:16:e5:47:43:ca:a2:9e:66:
         a9:41:9b:52:9f:1c:f4:bd:8a:bd:9b:36:72:c8:26:b6:1c:bd:
         ad:55:b7:35:93:9c:dc:78:82:93:4f:79:8e:df:b4:e3:07:34:
         4d:ea:4b:06:16:a7:35:9e:5b:70:13:a7:2c:c5:8f:10:44:b8:
         fe:4c:69:36
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijg0O11veSCFusAO2xNg+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVlMjM1MThmYWE5Yjk0YTQyZDFhM2I0ZDlmNjNiOTc0Mzk0
ZDA2NjIwHhcNMjUwMTAxMTU0ODQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2IxZGM1ZmM2Yjk0Nzg1NDlkMWEyNmVlYzE3MjAzMzFiMGYxOWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw7E0b0iGHAqE3EkZ6uEN8x/jDdw+
PDoniDLEo/b5tc4YXn2qITssE7Rq9T5pRtfLPaXn7CqNhHhE3ayZkiGEMC2QSEYs
yoMQvvUwNcRQMAOibbG3kjecwvlZDfi/QvLVB8sGeTDdNDRr0xsnF0WaktlGXLLS
obYLfRgPxrnS746TXyaVMboQWZ1o5yL3b5FXomW3zzuMEv/jurftyEgDQaNy5RvE
TxbQ3GL6PPO/FTNgj71i4KoUJCCCmMMBgys+aCNG/naGY+/9/7vynUOTX+vczci8
5ijntTJYjaIdjw/2kMuBCt7TeFbgbjE2pzHfQdRDqkbUPxZUB4FYBd+BKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAex3F/GuUeFSdGibuwXIDMbDxnjMB8GA1UdIwQY
MBaAFF4jUY+qm5SkLRo7TZ9juXQ5TQZiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGlOUmo2cWJsS1F0R2p0Tm4yTzVkRGxOQm1JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82OS80MTRiMzYtZWNhOS00ZTIyLWFlZDUt
YTQ4YWMzMWRiYmYwLzEvQjdIY1g4YTVSNFZKMGFKdTdCY2dNeHNQR2VNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82OS80MTRiMzYtZWNhOS00ZTIyLWFlZDUtYTQ4YWMzMWRiYmYw
LzEvWGlOUmo2cWJsS1F0R2p0Tm4yTzVkRGxOQm1JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQrRMA0G
CSqGSIb3DQEBCwUAA4IBAQBLCXrfxGhTxWzezYnwT5hAt1/gkdCXYnL9ywKfmD59
RU9O6d7LRk9GY+Jf52t6/iC12JF7aXnY3Sr/fQtUOL0+RwV+bqZxs8Xk4P03M+6s
pZ32J7CcnWrsmxKvuOhhoM/Z7IT6GWmS4uhaWjCz+UNREg51EbQWlBIpm791dGRu
5f82FQA9nnie274nPXKWGVIGKGLH+/qzyfeQXFEG88x64Z2fRxh+5xzIq0eKQBeI
0Hpq+T7lp/X76vNaLy51FuVHQ8qinmapQZtSnxz0vYq9mzZyyCa2HL2tVbc1k5zc
eIKTT3mO37TjBzRN6ksGFqc1nltwE6csxY8QRLj+TGk2
-----END CERTIFICATE-----