Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/78/bf41b4-1db9-4aa2-ad74-b7c99ddac703/1/7oIgDgDNpX6XAW4lQ5qq69olmro.roa
File:                     7oIgDgDNpX6XAW4lQ5qq69olmro.roa (raw, json)
Hash identifier:          3Y/w0AZ9JHVMQciRUgte6R4EVpLThqmwyOoyqP/qwcw=
Subject key identifier:   EE:82:20:0E:00:CD:A5:7E:97:01:6E:25:43:9A:AA:EB:DA:25:9A:BA
Certificate issuer:       /CN=27e94278b3e1901863add61d7bdf2d273cf1340c
Certificate serial:       01941F8C1969DAD6F782B03E46E57FB492D4
Authority key identifier: 27:E9:42:78:B3:E1:90:18:63:AD:D6:1D:7B:DF:2D:27:3C:F1:34:0C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J-lCeLPhkBhjrdYde98tJzzxNAw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/78/bf41b4-1db9-4aa2-ad74-b7c99ddac703/1/7oIgDgDNpX6XAW4lQ5qq69olmro.roa
Signing time:             Wed 01 Jan 2025 01:47:42 +0000
ROA not before:           Wed 01 Jan 2025 01:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205780
IP address blocks:        185.206.96.0/24 maxlen: 24
                          185.206.97.0/24 maxlen: 24
                          185.206.98.0/24 maxlen: 24
                          185.206.99.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/78/bf41b4-1db9-4aa2-ad74-b7c99ddac703/1/J-lCeLPhkBhjrdYde98tJzzxNAw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/78/bf41b4-1db9-4aa2-ad74-b7c99ddac703/1/J-lCeLPhkBhjrdYde98tJzzxNAw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J-lCeLPhkBhjrdYde98tJzzxNAw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:19:69:da:d6:f7:82:b0:3e:46:e5:7f:b4:92:d4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27e94278b3e1901863add61d7bdf2d273cf1340c
        Validity
            Not Before: Jan  1 01:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee82200e00cda57e97016e25439aaaebda259aba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f2:59:3c:4f:88:b3:9b:53:6d:04:14:97:96:22:
                    d1:2b:d9:29:bc:5b:ba:ad:0a:08:be:6e:0b:5a:96:
                    c8:f3:46:a0:95:63:a7:8f:31:cf:b5:2a:0f:1a:3d:
                    f6:26:d3:1a:94:45:25:bd:21:e7:09:38:f6:23:6c:
                    9e:06:93:7e:65:94:b5:17:60:ae:9e:06:84:1e:ab:
                    ae:0e:ff:ac:11:66:9f:29:2f:58:51:ff:25:55:18:
                    c2:45:b9:73:b7:7b:74:0b:37:47:3f:b7:bf:e1:28:
                    e2:74:cb:85:2e:e1:14:0c:ca:00:d4:be:c7:bc:14:
                    26:ea:1d:e1:a7:68:9c:60:64:b2:36:24:e3:a9:3d:
                    02:00:83:7c:73:ba:1f:c3:05:6b:f6:62:00:8b:ac:
                    4f:ef:6b:2c:a5:c0:99:4c:78:e3:d4:0d:7f:f3:aa:
                    48:3a:b8:28:d5:0a:84:69:2b:16:f3:44:3a:67:3e:
                    6e:10:47:8a:0b:65:83:bd:3e:77:b7:b7:4c:b2:2b:
                    17:e4:a6:2d:16:62:f5:a1:a7:b6:eb:ec:f7:3d:36:
                    4e:69:03:ce:5b:af:70:cf:63:74:72:9d:e5:b7:ec:
                    e6:c6:a0:08:38:4a:88:06:fe:71:f3:3d:3a:40:25:
                    33:5b:f9:c7:f8:bb:1b:32:d6:08:95:f7:ae:48:a8:
                    e7:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:82:20:0E:00:CD:A5:7E:97:01:6E:25:43:9A:AA:EB:DA:25:9A:BA
            X509v3 Authority Key Identifier:
                keyid:27:E9:42:78:B3:E1:90:18:63:AD:D6:1D:7B:DF:2D:27:3C:F1:34:0C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J-lCeLPhkBhjrdYde98tJzzxNAw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/78/bf41b4-1db9-4aa2-ad74-b7c99ddac703/1/7oIgDgDNpX6XAW4lQ5qq69olmro.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/78/bf41b4-1db9-4aa2-ad74-b7c99ddac703/1/J-lCeLPhkBhjrdYde98tJzzxNAw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         68:c3:f2:39:af:71:41:f1:bd:9a:6f:10:c3:f5:ad:61:14:7c:
         28:f0:ba:77:f3:d5:cf:2f:2f:33:75:17:45:c5:25:1c:8e:5b:
         10:34:54:5b:dc:35:e4:71:2a:4c:41:ed:e4:25:2d:8f:5d:dc:
         93:12:3c:78:65:b2:e0:93:2b:bd:2d:2f:a9:7b:55:b8:cf:e7:
         98:52:b8:b0:2b:81:3e:bf:50:ff:62:36:4e:66:f3:6c:21:19:
         83:d0:66:98:b2:a7:96:c1:ae:d3:40:90:6b:76:89:fc:c2:16:
         5e:47:d1:f4:e0:08:06:c3:c3:53:c0:53:76:a1:69:6d:c1:bb:
         90:d7:b1:2a:db:e0:01:5b:9d:69:af:06:61:86:17:e5:a1:9e:
         3d:19:3a:32:0e:75:0d:3f:84:7b:c4:f3:8f:0d:47:c1:1f:9f:
         0f:d5:6f:65:96:d7:90:f9:18:2b:7d:43:ce:da:81:0f:d4:2e:
         48:a9:5b:d4:d0:6b:55:98:36:6d:fd:57:85:2a:57:3f:de:a9:
         f7:ae:d7:cb:c3:fe:71:26:9c:49:f1:c9:ad:ad:f9:d9:ef:34:
         5b:a8:91:31:0a:6c:9b:26:a5:77:5e:b7:b6:70:f7:9a:a5:30:
         d3:7d:18:fb:67:01:d4:94:92:f8:44:7b:fd:55:cb:36:a9:06:
         c8:dd:c4:f1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjBlp2tb3grA+RuV/tJLUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3ZTk0Mjc4YjNlMTkwMTg2M2FkZDYxZDdiZGYyZDI3M2Nm
MTM0MGMwHhcNMjUwMTAxMDE0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTgyMjAwZTAwY2RhNTdlOTcwMTZlMjU0MzlhYWFlYmRhMjU5YWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8lk8T4izm1NtBBSXliLRK9kpvFu6
rQoIvm4LWpbI80aglWOnjzHPtSoPGj32JtMalEUlvSHnCTj2I2yeBpN+ZZS1F2Cu
ngaEHquuDv+sEWafKS9YUf8lVRjCRblzt3t0CzdHP7e/4SjidMuFLuEUDMoA1L7H
vBQm6h3hp2icYGSyNiTjqT0CAIN8c7ofwwVr9mIAi6xP72sspcCZTHjj1A1/86pI
Orgo1QqEaSsW80Q6Zz5uEEeKC2WDvT53t7dMsisX5KYtFmL1oae26+z3PTZOaQPO
W69wz2N0cp3lt+zmxqAIOEqIBv5x8z06QCUzW/nH+LsbMtYIlfeuSKjncQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO6CIA4AzaV+lwFuJUOaquvaJZq6MB8GA1UdIwQY
MBaAFCfpQniz4ZAYY63WHXvfLSc88TQMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSi1sQ2VMUGhrQmhqcmRZZGU5OHRKenp4TkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OC9iZjQxYjQtMWRiOS00YWEyLWFkNzQt
YjdjOTlkZGFjNzAzLzEvN29JZ0RnRE5wWDZYQVc0bFE1cXE2OW9sbXJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OC9iZjQxYjQtMWRiOS00YWEyLWFkNzQtYjdjOTlkZGFjNzAz
LzEvSi1sQ2VMUGhrQmhqcmRZZGU5OHRKenp4TkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuc5gMA0G
CSqGSIb3DQEBCwUAA4IBAQBow/I5r3FB8b2abxDD9a1hFHwo8Lp389XPLy8zdRdF
xSUcjlsQNFRb3DXkcSpMQe3kJS2PXdyTEjx4ZbLgkyu9LS+pe1W4z+eYUriwK4E+
v1D/YjZOZvNsIRmD0GaYsqeWwa7TQJBrdon8whZeR9H04AgGw8NTwFN2oWltwbuQ
17Eq2+ABW51prwZhhhfloZ49GToyDnUNP4R7xPOPDUfBH58P1W9llteQ+RgrfUPO
2oEP1C5IqVvU0GtVmDZt/VeFKlc/3qn3rtfLw/5xJpxJ8cmtrfnZ7zRbqJExCmyb
JqV3Xre2cPeapTDTfRj7ZwHUlJL4RHv9Vcs2qQbI3cTx
-----END CERTIFICATE-----