Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/c88555-abb7-4b10-ab64-19c5427e416f/1/Ad7sRIt_14WqsoXSVJnhtt5pR6I.roa
File:                     Ad7sRIt_14WqsoXSVJnhtt5pR6I.roa (raw, json)
Hash identifier:          d1H2UkdaZjL8z/VCs5Y8T9oYvq5D7T8CQrV9qDD8uXE=
Subject key identifier:   01:DE:EC:44:8B:7F:D7:85:AA:B2:85:D2:54:99:E1:B6:DE:69:47:A2
Certificate issuer:       /CN=494d0eaf80250ab8248989be71a4039718d6935a
Certificate serial:       0194258F419F5F13162650E74853B0ACB564
Authority key identifier: 49:4D:0E:AF:80:25:0A:B8:24:89:89:BE:71:A4:03:97:18:D6:93:5A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SU0Or4AlCrgkiYm-caQDlxjWk1o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/c88555-abb7-4b10-ab64-19c5427e416f/1/Ad7sRIt_14WqsoXSVJnhtt5pR6I.roa
Signing time:             Thu 02 Jan 2025 05:48:52 +0000
ROA not before:           Thu 02 Jan 2025 05:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42275
IP address blocks:        85.208.68.0/22 maxlen: 24
                          2a09:8340::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/c88555-abb7-4b10-ab64-19c5427e416f/1/SU0Or4AlCrgkiYm-caQDlxjWk1o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/c88555-abb7-4b10-ab64-19c5427e416f/1/SU0Or4AlCrgkiYm-caQDlxjWk1o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SU0Or4AlCrgkiYm-caQDlxjWk1o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 16:01:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:41:9f:5f:13:16:26:50:e7:48:53:b0:ac:b5:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=494d0eaf80250ab8248989be71a4039718d6935a
        Validity
            Not Before: Jan  2 05:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01deec448b7fd785aab285d25499e1b6de6947a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:4e:90:17:9d:df:aa:cb:00:c8:41:13:c7:77:
                    db:ba:58:30:a0:22:e7:44:ed:0f:23:a0:55:03:b0:
                    82:06:59:c0:85:7c:50:b2:bc:89:97:d7:3a:df:0f:
                    af:1e:97:1b:24:ce:7c:9d:ef:1f:a1:a9:69:6b:00:
                    2a:df:06:21:be:4d:d2:60:61:d1:c7:6f:ca:4a:3c:
                    00:7a:55:28:cf:3f:42:5c:23:1a:26:c0:2a:81:e2:
                    c7:d6:28:60:0d:5a:02:44:f3:e0:b5:f3:cc:e0:f6:
                    92:d4:a6:6e:cb:3f:e1:e8:1f:f4:e9:76:7a:05:34:
                    fe:b5:06:1d:a9:bd:3d:3a:bd:c9:72:ef:13:62:07:
                    d8:46:2a:e4:14:d6:a5:82:18:b3:98:29:2f:2d:a7:
                    27:fd:71:ca:fd:0d:fd:66:38:ab:54:2b:a7:9a:62:
                    9e:50:52:6c:6a:c6:ef:1e:98:f3:35:73:8c:a8:f7:
                    b5:3f:f7:0e:7f:56:e4:24:9f:ed:35:fb:9a:44:a6:
                    b7:2e:58:e3:0d:6e:ec:24:64:7c:0d:4a:28:ea:6b:
                    02:71:5b:33:6f:89:a9:47:75:3b:bc:1b:66:da:54:
                    ce:6a:a9:72:f1:d2:ca:aa:4e:bd:8d:a8:0c:62:35:
                    f1:85:f9:2d:b1:e1:3b:33:3b:56:6d:e1:f7:03:2b:
                    e1:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:DE:EC:44:8B:7F:D7:85:AA:B2:85:D2:54:99:E1:B6:DE:69:47:A2
            X509v3 Authority Key Identifier:
                keyid:49:4D:0E:AF:80:25:0A:B8:24:89:89:BE:71:A4:03:97:18:D6:93:5A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SU0Or4AlCrgkiYm-caQDlxjWk1o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c88555-abb7-4b10-ab64-19c5427e416f/1/Ad7sRIt_14WqsoXSVJnhtt5pR6I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/c88555-abb7-4b10-ab64-19c5427e416f/1/SU0Or4AlCrgkiYm-caQDlxjWk1o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.208.68.0/22
                IPv6:
                  2a09:8340::/29

    Signature Algorithm: sha256WithRSAEncryption
         2e:00:9f:f7:d8:31:d6:2f:42:2b:42:41:fe:a2:43:bf:c8:0b:
         a3:aa:10:98:c0:43:3d:82:50:16:d6:04:86:92:22:61:2c:3f:
         c9:a6:90:e3:80:ff:29:f8:a0:bc:34:6d:94:dd:ac:7b:c3:a6:
         72:4d:b8:19:de:52:aa:c0:d5:a4:4a:47:56:b2:b2:f6:27:6f:
         6e:e1:a2:3f:fc:af:fe:d5:89:b2:69:1c:64:d8:3a:eb:b2:d3:
         fb:fb:75:9e:05:3f:03:af:ad:39:ee:fe:9a:d6:9c:18:ae:18:
         8c:5b:7b:52:c5:7a:bb:5e:f6:98:c1:95:d3:02:c0:85:bf:8b:
         cd:b4:98:89:c1:a0:14:f8:e9:97:55:e7:6c:12:9f:ff:d3:d0:
         57:47:08:0a:08:d6:96:57:21:34:26:34:46:1b:17:43:ba:d0:
         73:55:3e:90:c6:bb:a0:2c:f2:5c:ba:34:3d:6c:63:bc:8b:07:
         c8:62:f7:24:e2:7c:7e:3b:78:50:43:0c:71:80:87:48:1d:68:
         ab:99:86:f6:b5:35:a2:78:0d:e4:1c:95:03:00:e6:60:aa:b0:
         09:db:a7:f9:f0:ee:32:24:b3:a4:e8:1b:5f:f0:4f:46:0e:c2:
         c1:ff:fd:b8:f1:01:2c:75:8f:26:98:0f:8d:9f:05:97:a4:b6:
         96:31:86:c2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlj0GfXxMWJlDnSFOwrLVkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5NGQwZWFmODAyNTBhYjgyNDg5ODliZTcxYTQwMzk3MThk
NjkzNWEwHhcNMjUwMTAyMDU0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWRlZWM0NDhiN2ZkNzg1YWFiMjg1ZDI1NDk5ZTFiNmRlNjk0N2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqU6QF53fqssAyEETx3fbulgwoCLn
RO0PI6BVA7CCBlnAhXxQsryJl9c63w+vHpcbJM58ne8foalpawAq3wYhvk3SYGHR
x2/KSjwAelUozz9CXCMaJsAqgeLH1ihgDVoCRPPgtfPM4PaS1KZuyz/h6B/06XZ6
BTT+tQYdqb09Or3Jcu8TYgfYRirkFNalghizmCkvLacn/XHK/Q39ZjirVCunmmKe
UFJsasbvHpjzNXOMqPe1P/cOf1bkJJ/tNfuaRKa3LljjDW7sJGR8DUoo6msCcVsz
b4mpR3U7vBtm2lTOaqly8dLKqk69jagMYjXxhfktseE7MztWbeH3AyvhVwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFAHe7ESLf9eFqrKF0lSZ4bbeaUeiMB8GA1UdIwQY
MBaAFElNDq+AJQq4JImJvnGkA5cY1pNaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1UwT3I0QWxDcmdraVltLWNhUURseGpXazFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9jODg1NTUtYWJiNy00YjEwLWFiNjQt
MTljNTQyN2U0MTZmLzEvQWQ3c1JJdF8xNFdxc29YU1ZKbmh0dDVwUjZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9jODg1NTUtYWJiNy00YjEwLWFiNjQtMTljNTQyN2U0MTZm
LzEvU1UwT3I0QWxDcmdraVltLWNhUURseGpXazFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCVdBEMA0E
AgACMAcDBQMqCYNAMA0GCSqGSIb3DQEBCwUAA4IBAQAuAJ/32DHWL0IrQkH+okO/
yAujqhCYwEM9glAW1gSGkiJhLD/JppDjgP8p+KC8NG2U3ax7w6ZyTbgZ3lKqwNWk
SkdWsrL2J29u4aI//K/+1YmyaRxk2DrrstP7+3WeBT8Dr6057v6a1pwYrhiMW3tS
xXq7XvaYwZXTAsCFv4vNtJiJwaAU+OmXVedsEp//09BXRwgKCNaWVyE0JjRGGxdD
utBzVT6QxrugLPJcujQ9bGO8iwfIYvck4nx+O3hQQwxxgIdIHWirmYb2tTWieA3k
HJUDAOZgqrAJ26f58O4yJLOk6Btf8E9GDsLB//248QEsdY8mmA+NnwWXpLaWMYbC
-----END CERTIFICATE-----