Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/7m4fpAGLnYeYzw_LpbbgUyrtkQ4.roa
File:                     7m4fpAGLnYeYzw_LpbbgUyrtkQ4.roa (raw, json)
Hash identifier:          QCn0wSKzzt7ZbsRCL3R6XrUlE4vfiZ5prjFMeQ+ZRnk=
Subject key identifier:   EE:6E:1F:A4:01:8B:9D:87:98:CF:0F:CB:A5:B6:E0:53:2A:ED:91:0E
Certificate issuer:       /CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
Certificate serial:       019428241ADF4E16C996AEB036BC7377A76F
Authority key identifier: 86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/7m4fpAGLnYeYzw_LpbbgUyrtkQ4.roa
Signing time:             Thu 02 Jan 2025 17:50:42 +0000
ROA not before:           Thu 02 Jan 2025 17:50:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400909
IP address blocks:        82.163.228.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:1a:df:4e:16:c9:96:ae:b0:36:bc:73:77:a7:6f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cce06e70df970d90abfe3cbe7fa882f467b1e4
        Validity
            Not Before: Jan  2 17:50:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee6e1fa4018b9d8798cf0fcba5b6e0532aed910e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:e2:31:92:5b:9d:87:50:ce:a6:2b:58:e7:a6:
                    c4:f5:2c:59:f6:88:cd:a6:98:a5:38:c6:40:97:83:
                    03:91:01:59:87:19:86:09:53:ba:7a:2d:58:88:fa:
                    85:cd:7a:fc:cf:92:40:f8:8c:1e:ad:a2:1c:5a:60:
                    d1:d9:c5:9b:9e:6a:99:e7:a2:ce:ef:20:a1:ec:df:
                    2a:a0:15:c8:91:a7:b4:c2:1d:62:3b:13:f7:f8:3b:
                    c3:11:d7:4e:15:c0:af:19:d6:4c:6e:ce:c4:f5:f0:
                    84:49:65:b6:07:06:94:80:8e:e2:74:38:d6:7c:24:
                    45:17:a3:af:da:be:d3:13:cd:32:e7:21:55:63:47:
                    9c:6f:c2:85:dc:12:6a:27:78:52:25:52:15:2a:22:
                    1c:68:9e:11:72:a3:7d:17:6e:14:61:12:4a:58:d7:
                    b7:88:23:c1:16:e4:eb:30:a8:85:8f:f4:31:18:3a:
                    c9:05:b9:13:e4:fd:9f:64:13:bd:27:ea:eb:10:5c:
                    2b:e3:09:66:50:75:c6:e3:19:98:0d:b0:2c:43:eb:
                    f3:17:9d:ae:56:f1:00:3a:be:c1:c5:f0:20:78:78:
                    7e:ec:dc:7c:ae:7c:64:37:ae:06:bb:1c:36:29:26:
                    d4:31:72:51:df:7a:38:9b:89:d0:85:62:e3:62:bd:
                    74:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:6E:1F:A4:01:8B:9D:87:98:CF:0F:CB:A5:B6:E0:53:2A:ED:91:0E
            X509v3 Authority Key Identifier:
                keyid:86:CC:E0:6E:70:DF:97:0D:90:AB:FE:3C:BE:7F:A8:82:F4:67:B1:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hszgbnDflw2Qq_48vn-ogvRnseQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/7m4fpAGLnYeYzw_LpbbgUyrtkQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/66f05c-741c-4720-bc7e-89714a7e8d58/1/hszgbnDflw2Qq_48vn-ogvRnseQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.163.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:18:e1:0a:ad:4e:c4:b0:30:5e:23:12:8d:74:41:2b:c9:0b:
         a5:d3:ce:3d:76:54:31:21:90:b8:f8:bb:f8:db:18:c9:5f:1e:
         cc:3f:0d:9f:2b:7b:db:ce:4b:a3:48:7e:db:d2:50:d5:8b:62:
         2e:ff:e7:cb:46:6d:ee:79:dd:39:09:b8:fc:3a:fb:d0:2a:e4:
         d5:1e:b3:e8:ac:b6:e9:35:99:71:17:d0:2d:4d:de:04:b6:c6:
         1e:41:5a:3f:f7:b6:1d:0b:da:1c:ad:97:a8:b3:61:fb:40:4a:
         81:e1:d0:bf:b8:d8:cc:a9:cc:69:58:d0:95:fe:38:94:40:c5:
         97:b6:53:e0:50:0b:a9:37:3b:23:ae:3f:a5:f3:59:e1:7a:1e:
         16:91:f5:13:e3:fc:35:5a:7a:58:64:62:db:3d:43:9c:6d:50:
         a7:08:d8:71:2f:e9:bf:00:42:87:70:79:f9:73:c2:f7:1e:c2:
         ef:cc:24:59:ca:ac:cc:09:cf:0b:9b:e6:8e:21:16:57:79:03:
         25:f2:32:13:75:31:19:46:9a:67:14:2b:15:8c:9a:ac:ca:fd:
         5e:c2:4f:9b:a6:ad:7b:a4:25:b0:ae:d4:a2:9d:ea:8f:7b:0a:
         31:09:da:29:d4:05:1a:df:4d:05:8f:d1:f7:5d:8b:97:8b:db:
         7b:c6:bc:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJBrfThbJlq6wNrxzd6dvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2NlMDZlNzBkZjk3MGQ5MGFiZmUzY2JlN2ZhODgyZjQ2
N2IxZTQwHhcNMjUwMTAyMTc1MDQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTZlMWZhNDAxOGI5ZDg3OThjZjBmY2JhNWI2ZTA1MzJhZWQ5MTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk+Ixkludh1DOpitY56bE9SxZ9ojN
ppilOMZAl4MDkQFZhxmGCVO6ei1YiPqFzXr8z5JA+IweraIcWmDR2cWbnmqZ56LO
7yCh7N8qoBXIkae0wh1iOxP3+DvDEddOFcCvGdZMbs7E9fCESWW2BwaUgI7idDjW
fCRFF6Ov2r7TE80y5yFVY0ecb8KF3BJqJ3hSJVIVKiIcaJ4RcqN9F24UYRJKWNe3
iCPBFuTrMKiFj/QxGDrJBbkT5P2fZBO9J+rrEFwr4wlmUHXG4xmYDbAsQ+vzF52u
VvEAOr7BxfAgeHh+7Nx8rnxkN64Guxw2KSbUMXJR33o4m4nQhWLjYr10MQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5uH6QBi52HmM8Py6W24FMq7ZEOMB8GA1UdIwQY
MBaAFIbM4G5w35cNkKv+PL5/qIL0Z7HkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2Ut
ODk3MTRhN2U4ZDU4LzEvN200ZnBBR0xuWWVZendfTHBiYmdVeXJ0a1E0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC82NmYwNWMtNzQxYy00NzIwLWJjN2UtODk3MTRhN2U4ZDU4
LzEvaHN6Z2JuRGZsdzJRcV80OHZuLW9ndlJuc2VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCUqPkMA0G
CSqGSIb3DQEBCwUAA4IBAQAoGOEKrU7EsDBeIxKNdEEryQul0849dlQxIZC4+Lv4
2xjJXx7MPw2fK3vbzkujSH7b0lDVi2Iu/+fLRm3ued05Cbj8OvvQKuTVHrPorLbp
NZlxF9AtTd4EtsYeQVo/97YdC9ocrZeos2H7QEqB4dC/uNjMqcxpWNCV/jiUQMWX
tlPgUAupNzsjrj+l81nheh4WkfUT4/w1WnpYZGLbPUOcbVCnCNhxL+m/AEKHcHn5
c8L3HsLvzCRZyqzMCc8Lm+aOIRZXeQMl8jITdTEZRppnFCsVjJqsyv1ewk+bpq17
pCWwrtSineqPewoxCdop1AUa300Fj9H3XYuXi9t7xrwg
-----END CERTIFICATE-----