Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6f/ede4a3-8f20-400a-b876-f78c2206575a/1/7nFNN3l5GD-t-2xZtD0Zf8RWyQ4.roa
File:                     7nFNN3l5GD-t-2xZtD0Zf8RWyQ4.roa (raw, json)
Hash identifier:          vqDVEIya4bFoWJhti8KO9chSYpm+4SzzmfR2K9/w2/k=
Subject key identifier:   EE:71:4D:37:79:79:18:3F:AD:FB:6C:59:B4:3D:19:7F:C4:56:C9:0E
Certificate issuer:       /CN=8ce735129f777a25bf84727206bf978d9a1db200
Certificate serial:       019421B19B8ABCC8863212FD7D77D26B1855
Authority key identifier: 8C:E7:35:12:9F:77:7A:25:BF:84:72:72:06:BF:97:8D:9A:1D:B2:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jOc1Ep93eiW_hHJyBr-XjZodsgA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6f/ede4a3-8f20-400a-b876-f78c2206575a/1/7nFNN3l5GD-t-2xZtD0Zf8RWyQ4.roa
Signing time:             Wed 01 Jan 2025 11:47:55 +0000
ROA not before:           Wed 01 Jan 2025 11:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201786
IP address blocks:        185.63.196.0/22 maxlen: 22
                          2a03:e60::/34 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6f/ede4a3-8f20-400a-b876-f78c2206575a/1/jOc1Ep93eiW_hHJyBr-XjZodsgA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6f/ede4a3-8f20-400a-b876-f78c2206575a/1/jOc1Ep93eiW_hHJyBr-XjZodsgA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jOc1Ep93eiW_hHJyBr-XjZodsgA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:9b:8a:bc:c8:86:32:12:fd:7d:77:d2:6b:18:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8ce735129f777a25bf84727206bf978d9a1db200
        Validity
            Not Before: Jan  1 11:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee714d377979183fadfb6c59b43d197fc456c90e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:f8:d3:f3:34:5c:ac:fe:03:0d:9e:9a:aa:34:
                    3a:c1:3f:95:66:0d:a8:1a:01:b0:2a:f2:d3:0b:84:
                    32:7b:6f:f6:ab:02:3d:7e:30:0a:ee:45:77:3f:1f:
                    e5:46:08:ea:66:07:68:ab:68:f7:f3:c8:df:36:36:
                    86:d4:5f:4c:2e:65:f2:fc:14:da:85:1f:dc:62:08:
                    c2:d5:68:4c:48:00:49:3c:5b:45:ef:d2:82:fd:d0:
                    0f:32:6a:3f:a5:3c:de:cd:88:23:32:da:bd:49:57:
                    89:af:a3:f0:07:04:43:68:cb:7d:0e:b8:38:89:d2:
                    38:ba:a8:2e:ad:22:80:89:63:9d:38:a4:52:3e:4b:
                    d1:f2:fb:bf:fb:90:f3:ad:62:a5:b9:7c:83:03:fe:
                    e6:4c:b6:de:09:4a:6d:ef:f3:11:99:09:ce:37:d0:
                    61:04:cd:8e:3c:ee:8d:71:86:15:e5:e8:f9:08:e9:
                    b0:bb:54:41:f8:08:29:26:e9:17:1f:6f:95:8f:e7:
                    30:d5:b2:63:a8:56:25:ad:92:ec:b4:48:ee:e3:64:
                    7d:a1:d0:62:ab:19:1c:64:62:16:12:25:59:07:43:
                    dd:4c:48:68:96:fe:f2:cd:8d:f0:d1:8b:b7:55:0e:
                    ce:15:13:83:50:6d:31:51:51:9b:79:92:81:4e:d3:
                    2b:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:71:4D:37:79:79:18:3F:AD:FB:6C:59:B4:3D:19:7F:C4:56:C9:0E
            X509v3 Authority Key Identifier:
                keyid:8C:E7:35:12:9F:77:7A:25:BF:84:72:72:06:BF:97:8D:9A:1D:B2:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jOc1Ep93eiW_hHJyBr-XjZodsgA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/ede4a3-8f20-400a-b876-f78c2206575a/1/7nFNN3l5GD-t-2xZtD0Zf8RWyQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6f/ede4a3-8f20-400a-b876-f78c2206575a/1/jOc1Ep93eiW_hHJyBr-XjZodsgA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.63.196.0/22
                IPv6:
                  2a03:e60::/34

    Signature Algorithm: sha256WithRSAEncryption
         5e:ba:d0:56:2d:a4:85:eb:d7:c6:ad:89:1e:d0:d8:d8:31:78:
         bb:ad:69:b7:fa:dd:33:6b:d0:58:1f:9e:2c:67:67:96:83:5a:
         32:c7:4a:0a:8a:dc:b6:61:e9:d4:87:0c:58:27:72:12:19:5b:
         5f:95:aa:3d:a5:b9:fd:43:8b:15:57:ce:03:af:fa:fc:83:0e:
         59:71:bc:2c:85:d9:4f:e5:3a:1f:e1:ff:5d:80:80:40:56:73:
         f5:50:42:6b:c0:b4:e3:fa:16:ee:3f:71:13:5b:93:06:d5:c6:
         38:d0:ab:4c:19:7c:2f:9c:b9:52:dc:d1:72:7e:b6:d8:41:84:
         6d:95:07:95:d1:b1:0f:0a:e6:03:e5:a4:fd:43:27:2e:6f:4a:
         fd:1a:4f:85:45:f4:d6:8c:e6:41:45:b6:e2:55:06:b2:f3:f6:
         65:1c:68:13:0e:0f:de:46:bd:e1:ca:3a:31:30:86:b3:75:bf:
         2c:b0:e5:d6:07:22:6a:a1:1e:b6:de:d7:a7:1d:e2:d4:8e:79:
         9e:6b:49:58:21:61:f3:49:90:7c:c4:97:a7:80:d7:85:bd:bd:
         a7:ff:a2:b5:6b:57:3d:fc:fc:40:41:0b:07:cb:d4:a8:13:bd:
         d3:f6:aa:e4:7b:5e:88:e8:7c:7c:26:f6:ae:e7:db:f1:f6:ea:
         3d:66:a3:d9
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQhsZuKvMiGMhL9fXfSaxhVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjZTczNTEyOWY3NzdhMjViZjg0NzI3MjA2YmY5NzhkOWEx
ZGIyMDAwHhcNMjUwMTAxMTE0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTcxNGQzNzc5NzkxODNmYWRmYjZjNTliNDNkMTk3ZmM0NTZjOTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwfjT8zRcrP4DDZ6aqjQ6wT+VZg2o
GgGwKvLTC4Qye2/2qwI9fjAK7kV3Px/lRgjqZgdoq2j388jfNjaG1F9MLmXy/BTa
hR/cYgjC1WhMSABJPFtF79KC/dAPMmo/pTzezYgjMtq9SVeJr6PwBwRDaMt9Drg4
idI4uqgurSKAiWOdOKRSPkvR8vu/+5DzrWKluXyDA/7mTLbeCUpt7/MRmQnON9Bh
BM2OPO6NcYYV5ej5COmwu1RB+AgpJukXH2+Vj+cw1bJjqFYlrZLstEju42R9odBi
qxkcZGIWEiVZB0PdTEholv7yzY3w0Yu3VQ7OFRODUG0xUVGbeZKBTtMr8wIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFO5xTTd5eRg/rftsWbQ9GX/EVskOMB8GA1UdIwQY
MBaAFIznNRKfd3olv4Rycga/l42aHbIAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvak9jMUVwOTNlaVdfaEhKeUJyLVhqWm9kc2dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Zi9lZGU0YTMtOGYyMC00MDBhLWI4NzYt
Zjc4YzIyMDY1NzVhLzEvN25GTk4zbDVHRC10LTJ4WnREMFpmOFJXeVE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Zi9lZGU0YTMtOGYyMC00MDBhLWI4NzYtZjc4YzIyMDY1NzVh
LzEvak9jMUVwOTNlaVdfaEhKeUJyLVhqWm9kc2dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCuT/EMA4E
AgACMAgDBgYqAw5gADANBgkqhkiG9w0BAQsFAAOCAQEAXrrQVi2khevXxq2JHtDY
2DF4u61pt/rdM2vQWB+eLGdnloNaMsdKCorctmHp1IcMWCdyEhlbX5WqPaW5/UOL
FVfOA6/6/IMOWXG8LIXZT+U6H+H/XYCAQFZz9VBCa8C04/oW7j9xE1uTBtXGONCr
TBl8L5y5UtzRcn622EGEbZUHldGxDwrmA+Wk/UMnLm9K/RpPhUX01ozmQUW24lUG
svP2ZRxoEw4P3ka94co6MTCGs3W/LLDl1gciaqEett7Xpx3i1I55nmtJWCFh80mQ
fMSXp4DXhb29p/+itWtXPfz8QEELB8vUqBO90/aq5HteiOh8fCb2rufb8fbqPWaj
2Q==
-----END CERTIFICATE-----