Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/eea9d1-239b-4349-8b45-b5bacdd0779d/1/F0L-7P2Vilk9HCqFohJsqZcHd3Q.roa
File:                     F0L-7P2Vilk9HCqFohJsqZcHd3Q.roa (raw, json)
Hash identifier:          fTuIh58gxrXX3Bba7KkC9bw1yhp77tWXLVMb0qHV7oo=
Subject key identifier:   17:42:FE:EC:FD:95:8A:59:3D:1C:2A:85:A2:12:6C:A9:97:07:77:74
Certificate issuer:       /CN=f2246346ddb3e6ba6e890005b88148d2d6ce9971
Certificate serial:       0194258F5D610CB51CABACD031DDE795F2BD
Authority key identifier: F2:24:63:46:DD:B3:E6:BA:6E:89:00:05:B8:81:48:D2:D6:CE:99:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8iRjRt2z5rpuiQAFuIFI0tbOmXE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/eea9d1-239b-4349-8b45-b5bacdd0779d/1/F0L-7P2Vilk9HCqFohJsqZcHd3Q.roa
Signing time:             Thu 02 Jan 2025 05:48:59 +0000
ROA not before:           Thu 02 Jan 2025 05:48:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205718
IP address blocks:        185.208.220.0/22 maxlen: 22
                          2a09:8ac0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/eea9d1-239b-4349-8b45-b5bacdd0779d/1/8iRjRt2z5rpuiQAFuIFI0tbOmXE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/eea9d1-239b-4349-8b45-b5bacdd0779d/1/8iRjRt2z5rpuiQAFuIFI0tbOmXE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8iRjRt2z5rpuiQAFuIFI0tbOmXE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:5d:61:0c:b5:1c:ab:ac:d0:31:dd:e7:95:f2:bd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f2246346ddb3e6ba6e890005b88148d2d6ce9971
        Validity
            Not Before: Jan  2 05:48:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1742feecfd958a593d1c2a85a2126ca997077774
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:54:4c:d8:12:5e:d4:09:c4:a8:8b:e6:4f:1a:
                    6d:8b:72:d2:45:1d:27:85:90:0f:73:a3:36:1d:19:
                    b0:0a:19:4a:d7:1c:d9:e1:53:65:20:de:04:1b:54:
                    7e:c9:d1:45:33:a3:aa:15:8e:e4:d9:e4:71:6f:dd:
                    e3:ac:e5:6b:97:6e:fa:e0:71:48:94:80:86:42:17:
                    5d:99:f5:b4:c1:2a:9f:41:6d:3f:00:57:7d:25:e8:
                    45:20:45:66:10:d6:f7:99:f6:52:86:8c:3a:92:83:
                    50:b3:95:66:27:13:ce:29:b0:43:73:cd:93:fb:7d:
                    44:85:ad:e2:f7:e5:dc:87:39:82:f9:f6:c8:fe:90:
                    74:b9:ec:8c:01:f2:fe:cb:db:18:2d:19:cf:c7:67:
                    80:4a:ac:72:f6:d1:56:19:63:7b:67:65:45:f2:8c:
                    3a:36:f2:69:06:ec:1f:a3:ef:9c:32:bc:a9:e1:d4:
                    87:7f:22:21:df:44:19:15:a0:2c:09:0d:80:97:05:
                    f2:6e:c3:8b:3b:06:38:77:b4:9c:9c:57:1e:19:59:
                    90:17:ed:07:b6:19:df:1e:6e:dc:a5:9b:98:cc:76:
                    f7:f0:ad:16:47:64:db:3d:a4:21:17:24:08:e7:22:
                    bc:a8:12:18:d7:07:13:e0:e6:7c:1a:eb:b1:b0:d6:
                    eb:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:42:FE:EC:FD:95:8A:59:3D:1C:2A:85:A2:12:6C:A9:97:07:77:74
            X509v3 Authority Key Identifier:
                keyid:F2:24:63:46:DD:B3:E6:BA:6E:89:00:05:B8:81:48:D2:D6:CE:99:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8iRjRt2z5rpuiQAFuIFI0tbOmXE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/eea9d1-239b-4349-8b45-b5bacdd0779d/1/F0L-7P2Vilk9HCqFohJsqZcHd3Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/eea9d1-239b-4349-8b45-b5bacdd0779d/1/8iRjRt2z5rpuiQAFuIFI0tbOmXE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.208.220.0/22
                IPv6:
                  2a09:8ac0::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:ad:e8:0b:9e:b5:e5:59:ec:1a:50:ef:b5:6a:e7:9d:63:b8:
         11:27:06:f7:b6:be:57:ec:dc:8f:bd:31:ab:08:97:d2:50:38:
         95:d8:7d:5a:72:cb:92:80:2f:82:a1:72:28:91:a9:ba:00:1c:
         9e:2b:55:65:82:4b:80:0d:ee:7e:51:13:04:9b:63:40:95:01:
         9e:54:aa:1c:3f:6c:3f:48:3a:d6:3e:a3:e5:e7:3c:06:5e:b6:
         b8:e8:17:5d:40:a9:4a:22:05:50:2c:db:be:26:e9:6e:02:c7:
         48:26:b5:9e:e2:09:32:7d:1f:03:8f:8e:7a:79:d9:2c:4e:44:
         7a:50:3e:a1:35:03:35:0b:a1:40:0a:08:f9:c9:6e:43:01:be:
         30:8d:85:70:c2:f1:a0:6f:f3:fd:69:a5:15:3e:ad:38:f4:89:
         db:b1:43:05:01:88:75:50:47:fa:be:6f:17:08:fa:bc:f1:1e:
         2f:72:c6:41:09:1b:16:09:76:97:b1:1d:cd:92:27:93:4e:d5:
         7a:dd:bc:6b:ec:79:22:05:e0:81:ea:60:49:48:ad:64:7c:6e:
         b1:20:b2:38:b3:bf:ce:ea:f9:d9:b4:73:7b:74:a3:21:8a:fe:
         8f:ba:0a:10:3a:e3:40:02:75:4d:63:45:b4:64:8a:5b:b9:1b:
         e2:06:15:f6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlj11hDLUcq6zQMd3nlfK9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYyMjQ2MzQ2ZGRiM2U2YmE2ZTg5MDAwNWI4ODE0OGQyZDZj
ZTk5NzEwHhcNMjUwMTAyMDU0ODU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzQyZmVlY2ZkOTU4YTU5M2QxYzJhODVhMjEyNmNhOTk3MDc3Nzc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlRM2BJe1AnEqIvmTxpti3LSRR0n
hZAPc6M2HRmwChlK1xzZ4VNlIN4EG1R+ydFFM6OqFY7k2eRxb93jrOVrl2764HFI
lICGQhddmfW0wSqfQW0/AFd9JehFIEVmENb3mfZShow6koNQs5VmJxPOKbBDc82T
+31Eha3i9+XchzmC+fbI/pB0ueyMAfL+y9sYLRnPx2eASqxy9tFWGWN7Z2VF8ow6
NvJpBuwfo++cMryp4dSHfyIh30QZFaAsCQ2AlwXybsOLOwY4d7ScnFceGVmQF+0H
thnfHm7cpZuYzHb38K0WR2TbPaQhFyQI5yK8qBIY1wcT4OZ8GuuxsNbrPwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFBdC/uz9lYpZPRwqhaISbKmXB3d0MB8GA1UdIwQY
MBaAFPIkY0bds+a6bokABbiBSNLWzplxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGlSalJ0Mno1cnB1aVFBRnVJRkkwdGJPbVhFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9lZWE5ZDEtMjM5Yi00MzQ5LThiNDUt
YjViYWNkZDA3NzlkLzEvRjBMLTdQMlZpbGs5SENxRm9oSnNxWmNIZDNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9lZWE5ZDEtMjM5Yi00MzQ5LThiNDUtYjViYWNkZDA3Nzlk
LzEvOGlSalJ0Mno1cnB1aVFBRnVJRkkwdGJPbVhFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCudDcMA0E
AgACMAcDBQAqCYrAMA0GCSqGSIb3DQEBCwUAA4IBAQAqregLnrXlWewaUO+1aued
Y7gRJwb3tr5X7NyPvTGrCJfSUDiV2H1acsuSgC+CoXIokam6AByeK1VlgkuADe5+
URMEm2NAlQGeVKocP2w/SDrWPqPl5zwGXra46BddQKlKIgVQLNu+JuluAsdIJrWe
4gkyfR8Dj456edksTkR6UD6hNQM1C6FACgj5yW5DAb4wjYVwwvGgb/P9aaUVPq04
9InbsUMFAYh1UEf6vm8XCPq88R4vcsZBCRsWCXaXsR3NkieTTtV63bxr7HkiBeCB
6mBJSK1kfG6xILI4s7/O6vnZtHN7dKMhiv6PugoQOuNAAnVNY0W0ZIpbuRviBhX2
-----END CERTIFICATE-----