Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/7f2z3Xn8S-DvfoObW3dEJfDj3hw.roa
File:                     7f2z3Xn8S-DvfoObW3dEJfDj3hw.roa (raw, json)
Hash identifier:          yWmEvhW970ZV11OFBtarFo2cjEH+EORNq92vuqhI/h8=
Subject key identifier:   ED:FD:B3:DD:79:FC:4B:E0:EF:7E:83:9B:5B:77:44:25:F0:E3:DE:1C
Certificate issuer:       /CN=beba48c7e2c9e05eda546d899146b89f799df85d
Certificate serial:       01942825C51D65C099B8A939AA0B1E369010
Authority key identifier: BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/7f2z3Xn8S-DvfoObW3dEJfDj3hw.roa
Signing time:             Thu 02 Jan 2025 17:52:31 +0000
ROA not before:           Thu 02 Jan 2025 17:52:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     44899
IP address blocks:        193.110.236.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:c5:1d:65:c0:99:b8:a9:39:aa:0b:1e:36:90:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=beba48c7e2c9e05eda546d899146b89f799df85d
        Validity
            Not Before: Jan  2 17:52:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=edfdb3dd79fc4be0ef7e839b5b774425f0e3de1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:f7:a3:56:13:46:6b:8b:c8:84:b4:d0:c7:f0:
                    07:26:55:36:8e:77:b8:ae:35:c6:78:20:ac:25:2e:
                    ad:90:0e:7b:66:09:69:f9:a3:00:4e:4b:00:00:8d:
                    f0:de:8b:7a:33:db:83:82:f8:80:91:9d:ee:bc:2f:
                    03:d4:7c:ea:96:29:4a:6a:f9:a0:15:0a:a1:57:70:
                    6b:4f:a8:d7:32:d1:29:1e:e8:4e:5a:a8:d6:cc:51:
                    1c:78:12:9e:79:b1:f0:69:df:a5:49:16:83:72:61:
                    f8:6e:bd:31:e0:3a:5a:f9:94:11:b7:6d:78:39:ff:
                    17:90:74:66:61:90:d3:26:15:d0:19:16:8e:0d:74:
                    4d:87:b5:78:04:d9:06:47:1b:f4:60:cc:75:4d:b4:
                    4a:c0:61:fd:19:22:7a:d8:64:1a:32:fd:79:7c:af:
                    a3:a7:5d:8d:bb:4c:c5:74:d8:81:b0:3e:5c:66:d2:
                    e8:72:90:04:da:8d:f2:ca:1b:a1:59:25:34:4f:e6:
                    63:76:1c:f6:25:1e:de:c0:8d:af:8e:68:df:ad:d4:
                    49:b6:9a:1a:f7:b7:97:b3:7e:be:3d:81:6d:42:f9:
                    b3:7c:d1:f3:53:83:0f:28:02:b7:ae:35:31:8e:e1:
                    bd:61:3a:bf:3c:17:8b:60:90:2f:2b:cc:bd:32:56:
                    d1:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:FD:B3:DD:79:FC:4B:E0:EF:7E:83:9B:5B:77:44:25:F0:E3:DE:1C
            X509v3 Authority Key Identifier:
                keyid:BE:BA:48:C7:E2:C9:E0:5E:DA:54:6D:89:91:46:B8:9F:79:9D:F8:5D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vrpIx-LJ4F7aVG2JkUa4n3md-F0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/7f2z3Xn8S-DvfoObW3dEJfDj3hw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6d/7f8821-1566-43f4-ab26-3d522181a2c4/1/vrpIx-LJ4F7aVG2JkUa4n3md-F0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.110.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         57:f5:3d:b0:d1:6a:4e:d4:e9:0d:7a:2d:47:ab:5c:55:c3:48:
         d2:fa:00:61:e8:e5:fa:a3:45:18:34:86:67:6a:41:66:59:5b:
         81:1c:66:79:17:11:1c:95:c1:a6:0f:76:80:fc:4a:9a:97:5b:
         88:f1:12:ed:f2:fd:27:8b:6a:6b:5e:ac:00:8a:60:8e:ae:92:
         3f:9c:fd:78:0f:2a:b4:60:77:d0:e1:34:1e:ca:b4:19:cf:b9:
         27:a3:58:b8:62:44:93:66:34:12:23:c1:92:69:ad:b5:ec:4a:
         a1:c7:e1:a3:21:48:dc:29:70:38:02:d7:2e:18:29:b7:7e:8d:
         0a:5e:9a:e9:0e:a4:ae:c0:a9:12:2c:37:47:44:f2:d5:88:15:
         75:be:e9:8a:b2:d7:39:fe:03:c6:9a:b8:b8:b0:0a:a9:f9:29:
         eb:f6:c3:ec:da:11:34:e1:df:5a:d7:bd:65:0b:c4:91:31:3e:
         e4:61:08:6e:0f:e7:45:76:05:0d:72:11:d1:03:63:13:14:b8:
         9c:b6:8c:49:f9:9c:62:f3:5d:58:44:1b:86:8c:4d:a7:d3:5a:
         af:00:9f:58:25:0b:4f:91:c7:ca:e4:69:38:13:94:4e:66:19:
         d8:0a:b4:4e:32:f8:ec:a9:ba:3d:5e:72:74:ed:cc:f6:1b:aa:
         1f:29:06:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJcUdZcCZuKk5qgseNpAQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJlYmE0OGM3ZTJjOWUwNWVkYTU0NmQ4OTkxNDZiODlmNzk5
ZGY4NWQwHhcNMjUwMTAyMTc1MjMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGZkYjNkZDc5ZmM0YmUwZWY3ZTgzOWI1Yjc3NDQyNWYwZTNkZTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfejVhNGa4vIhLTQx/AHJlU2jne4
rjXGeCCsJS6tkA57Zglp+aMATksAAI3w3ot6M9uDgviAkZ3uvC8D1HzqlilKavmg
FQqhV3BrT6jXMtEpHuhOWqjWzFEceBKeebHwad+lSRaDcmH4br0x4Dpa+ZQRt214
Of8XkHRmYZDTJhXQGRaODXRNh7V4BNkGRxv0YMx1TbRKwGH9GSJ62GQaMv15fK+j
p12Nu0zFdNiBsD5cZtLocpAE2o3yyhuhWSU0T+Zjdhz2JR7ewI2vjmjfrdRJtpoa
97eXs36+PYFtQvmzfNHzU4MPKAK3rjUxjuG9YTq/PBeLYJAvK8y9MlbRnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO39s915/Evg736Dm1t3RCXw494cMB8GA1UdIwQY
MBaAFL66SMfiyeBe2lRtiZFGuJ95nfhdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYt
M2Q1MjIxODFhMmM0LzEvN2YyejNYbjhTLUR2Zm9PYlczZEVKZkRqM2h3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZC83Zjg4MjEtMTU2Ni00M2Y0LWFiMjYtM2Q1MjIxODFhMmM0
LzEvdnJwSXgtTEo0RjdhVkcySmtVYTRuM21kLUYwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwW7sMA0G
CSqGSIb3DQEBCwUAA4IBAQBX9T2w0WpO1OkNei1Hq1xVw0jS+gBh6OX6o0UYNIZn
akFmWVuBHGZ5FxEclcGmD3aA/Eqal1uI8RLt8v0ni2prXqwAimCOrpI/nP14Dyq0
YHfQ4TQeyrQZz7kno1i4YkSTZjQSI8GSaa217Eqhx+GjIUjcKXA4AtcuGCm3fo0K
XprpDqSuwKkSLDdHRPLViBV1vumKstc5/gPGmri4sAqp+Snr9sPs2hE04d9a171l
C8SRMT7kYQhuD+dFdgUNchHRA2MTFLictoxJ+Zxi811YRBuGjE2n01qvAJ9YJQtP
kcfK5Gk4E5ROZhnYCrROMvjsqbo9XnJ07cz2G6ofKQY9
-----END CERTIFICATE-----