Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/PejYz8HPGGclVll9vz9DLWCJzMQ.roa
File:                     PejYz8HPGGclVll9vz9DLWCJzMQ.roa (raw, json)
Hash identifier:          kVrf6QXYUJflpg6RS9qqGj+K93kGQxvjJpeCSRiFtPk=
Subject key identifier:   3D:E8:D8:CF:C1:CF:18:67:25:56:59:7D:BF:3F:43:2D:60:89:CC:C4
Certificate issuer:       /CN=bf88849a2eb5e9dd571a8e743bed7b9513d7a121
Certificate serial:       0195F1D2A9BDA64723A876148EE602C006FC
Authority key identifier: BF:88:84:9A:2E:B5:E9:DD:57:1A:8E:74:3B:ED:7B:95:13:D7:A1:21
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/v4iEmi616d1XGo50O-17lRPXoSE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/PejYz8HPGGclVll9vz9DLWCJzMQ.roa
Signing time:             Tue 01 Apr 2025 14:47:49 +0000
ROA not before:           Tue 01 Apr 2025 14:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35485
IP address blocks:        93.174.64.0/21 maxlen: 24
                          158.58.136.0/21 maxlen: 24
                          185.84.176.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/v4iEmi616d1XGo50O-17lRPXoSE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/v4iEmi616d1XGo50O-17lRPXoSE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/v4iEmi616d1XGo50O-17lRPXoSE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:f1:d2:a9:bd:a6:47:23:a8:76:14:8e:e6:02:c0:06:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bf88849a2eb5e9dd571a8e743bed7b9513d7a121
        Validity
            Not Before: Apr  1 14:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3de8d8cfc1cf18672556597dbf3f432d6089ccc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:0d:6e:21:36:09:f5:27:a8:bb:d3:03:c0:9e:
                    b0:5d:33:60:50:27:12:aa:6a:2b:34:4d:8b:5e:ae:
                    79:7d:4b:94:00:2f:bd:1e:de:7e:d6:7c:29:6c:03:
                    9b:93:8f:a4:c4:ad:b2:ee:31:f6:b2:6e:e4:67:33:
                    8c:c2:d2:6d:18:21:9e:2c:8e:f6:48:53:dd:c2:53:
                    02:3f:d7:5f:6c:90:c8:d5:53:04:b4:19:c2:e3:4b:
                    ad:4e:d3:3e:84:a7:d4:c1:84:82:97:a4:c8:d4:02:
                    c6:d5:58:0a:82:00:0f:92:01:8e:b1:3d:73:10:62:
                    c1:f3:24:15:ad:9b:e7:f2:82:eb:a5:f5:71:dd:45:
                    1a:87:67:1c:79:90:f8:eb:9b:8e:f9:00:1b:42:08:
                    fe:78:2f:0c:a2:5c:af:a5:d7:ca:f9:3c:3b:d5:c5:
                    87:6f:56:f3:1d:a0:d1:0c:c0:70:d8:fa:80:56:d9:
                    e3:83:dc:84:7a:85:3c:9c:15:8d:32:1f:f3:03:df:
                    14:21:60:c5:85:74:ca:db:a8:dc:b1:3c:b0:99:aa:
                    6f:94:25:b5:06:24:b2:6d:cc:ac:0c:49:34:12:e6:
                    3e:21:28:ca:1c:da:4a:7e:43:6f:9f:18:4b:ae:c5:
                    98:c2:db:b2:8f:95:e2:e8:e9:24:12:f7:c1:90:f0:
                    63:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:E8:D8:CF:C1:CF:18:67:25:56:59:7D:BF:3F:43:2D:60:89:CC:C4
            X509v3 Authority Key Identifier:
                keyid:BF:88:84:9A:2E:B5:E9:DD:57:1A:8E:74:3B:ED:7B:95:13:D7:A1:21

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/v4iEmi616d1XGo50O-17lRPXoSE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/PejYz8HPGGclVll9vz9DLWCJzMQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/dbc58e-027b-4aac-9de6-23739b5fd84c/1/v4iEmi616d1XGo50O-17lRPXoSE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.174.64.0/21
                  158.58.136.0/21
                  185.84.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:2f:8d:d6:22:be:b0:f3:e1:1b:91:80:31:b7:5a:28:02:0c:
         a1:23:38:27:4c:fe:83:70:6a:42:ee:9f:2c:6d:d8:72:fc:8b:
         85:a0:f2:8c:77:18:10:17:da:6e:52:24:bc:fc:69:19:5f:82:
         a0:13:7b:ee:78:9f:45:64:68:7c:b0:ad:c2:4b:66:d6:8e:2a:
         17:0c:a2:b2:93:1e:54:55:3b:c2:e8:7f:56:d5:ef:9a:2f:71:
         c3:05:09:2e:1c:85:78:6d:74:c0:7b:15:fb:ff:9a:04:fc:55:
         86:6f:c9:b1:05:90:f7:5e:3e:cb:0c:29:aa:e5:ce:62:62:35:
         cd:80:d1:a0:b1:4e:51:0a:26:5e:85:bb:e3:9b:3a:04:da:51:
         21:4c:4e:26:7f:eb:92:93:c3:aa:84:42:16:5d:9a:9b:b1:13:
         8b:4b:f0:ae:14:1f:b6:d8:06:c6:76:43:a9:da:f8:4b:7c:4e:
         ba:30:93:f2:9e:76:00:d1:e5:65:cc:93:b5:22:0e:8a:8a:4e:
         41:31:be:63:e3:2a:f8:8f:45:32:db:eb:4d:b7:52:7d:c0:b3:
         a2:39:92:74:69:81:33:f1:b5:9b:76:95:ef:e2:82:29:68:c7:
         d1:29:12:f8:f5:2a:eb:c7:d1:c0:fe:5b:1b:26:0c:f4:a5:19:
         71:05:2e:55
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZXx0qm9pkcjqHYUjuYCwAb8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJmODg4NDlhMmViNWU5ZGQ1NzFhOGU3NDNiZWQ3Yjk1MTNk
N2ExMjEwHhcNMjUwNDAxMTQ0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGU4ZDhjZmMxY2YxODY3MjU1NjU5N2RiZjNmNDMyZDYwODljY2M0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsw1uITYJ9Seou9MDwJ6wXTNgUCcS
qmorNE2LXq55fUuUAC+9Ht5+1nwpbAObk4+kxK2y7jH2sm7kZzOMwtJtGCGeLI72
SFPdwlMCP9dfbJDI1VMEtBnC40utTtM+hKfUwYSCl6TI1ALG1VgKggAPkgGOsT1z
EGLB8yQVrZvn8oLrpfVx3UUah2cceZD465uO+QAbQgj+eC8MolyvpdfK+Tw71cWH
b1bzHaDRDMBw2PqAVtnjg9yEeoU8nBWNMh/zA98UIWDFhXTK26jcsTywmapvlCW1
BiSybcysDEk0EuY+ISjKHNpKfkNvnxhLrsWYwtuyj5Xi6OkkEvfBkPBjcwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFD3o2M/BzxhnJVZZfb8/Qy1giczEMB8GA1UdIwQY
MBaAFL+IhJoutendVxqOdDvte5UT16EhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdjRpRW1pNjE2ZDFYR281ME8tMTdsUlBYb1NFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS9kYmM1OGUtMDI3Yi00YWFjLTlkZTYt
MjM3MzliNWZkODRjLzEvUGVqWXo4SFBHR2NsVmxsOXZ6OURMV0NKek1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS9kYmM1OGUtMDI3Yi00YWFjLTlkZTYtMjM3MzliNWZkODRj
LzEvdjRpRW1pNjE2ZDFYR281ME8tMTdsUlBYb1NFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDXa5AAwQD
njqIAwQCuVSwMA0GCSqGSIb3DQEBCwUAA4IBAQAJL43WIr6w8+EbkYAxt1ooAgyh
IzgnTP6DcGpC7p8sbdhy/IuFoPKMdxgQF9puUiS8/GkZX4KgE3vueJ9FZGh8sK3C
S2bWjioXDKKykx5UVTvC6H9W1e+aL3HDBQkuHIV4bXTAexX7/5oE/FWGb8mxBZD3
Xj7LDCmq5c5iYjXNgNGgsU5RCiZehbvjmzoE2lEhTE4mf+uSk8OqhEIWXZqbsROL
S/CuFB+22AbGdkOp2vhLfE66MJPynnYA0eVlzJO1Ig6Kik5BMb5j4yr4j0Uy2+tN
t1J9wLOiOZJ0aYEz8bWbdpXv4oIpaMfRKRL49Srrx9HA/lsbJgz0pRlxBS5V
-----END CERTIFICATE-----