Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/b55ef1-ca63-4ca1-a659-f9720285e797/1/q7HJcy0sw4LMamMsrbQZ9rl4cVI.roa
File:                     q7HJcy0sw4LMamMsrbQZ9rl4cVI.roa (raw, json)
Hash identifier:          F/OMkAbTzMuRC01PoKqTK5BDI1LCPjMGC3GeJkdGUbI=
Subject key identifier:   AB:B1:C9:73:2D:2C:C3:82:CC:6A:63:2C:AD:B4:19:F6:B9:78:71:52
Certificate issuer:       /CN=6f074d2efb5f3e1d35c291f8a11c0bc0be7ec1b8
Certificate serial:       019424447D7A710D5F7243DD4C1A0D23727C
Authority key identifier: 6F:07:4D:2E:FB:5F:3E:1D:35:C2:91:F8:A1:1C:0B:C0:BE:7E:C1:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bwdNLvtfPh01wpH4oRwLwL5-wbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7f/b55ef1-ca63-4ca1-a659-f9720285e797/1/q7HJcy0sw4LMamMsrbQZ9rl4cVI.roa
Signing time:             Wed 01 Jan 2025 23:47:35 +0000
ROA not before:           Wed 01 Jan 2025 23:47:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     965
IP address blocks:        193.108.130.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7f/b55ef1-ca63-4ca1-a659-f9720285e797/1/bwdNLvtfPh01wpH4oRwLwL5-wbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7f/b55ef1-ca63-4ca1-a659-f9720285e797/1/bwdNLvtfPh01wpH4oRwLwL5-wbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bwdNLvtfPh01wpH4oRwLwL5-wbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 20:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:44:7d:7a:71:0d:5f:72:43:dd:4c:1a:0d:23:72:7c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f074d2efb5f3e1d35c291f8a11c0bc0be7ec1b8
        Validity
            Not Before: Jan  1 23:47:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=abb1c9732d2cc382cc6a632cadb419f6b9787152
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:b5:5e:4d:1a:79:75:58:99:66:12:5e:72:82:
                    bf:8e:9d:d7:b9:98:76:58:3d:5c:8c:9c:e5:23:c4:
                    fe:6a:f4:5b:25:18:af:3e:77:68:15:f8:88:fa:85:
                    76:d2:e4:54:b1:35:75:11:c1:36:9d:f8:eb:c0:68:
                    c4:a2:8b:bd:8c:93:6b:be:6f:78:4b:b4:fb:20:43:
                    63:96:d8:39:27:b5:3a:e0:1f:a6:2b:eb:35:05:e4:
                    f1:46:23:c4:e1:7f:07:fc:fd:97:b2:67:8f:ea:90:
                    25:b1:c5:f2:0b:df:ff:36:7e:f9:e9:3e:11:b6:a2:
                    8a:ce:aa:f1:ef:84:c5:c8:0e:89:bd:42:8a:02:8b:
                    44:2a:2b:55:66:4f:cc:95:a7:34:2c:84:fe:2f:67:
                    5b:97:3f:aa:df:8b:ff:2f:a0:b4:a2:92:4d:eb:bb:
                    23:9b:1c:94:9c:92:04:ec:a2:09:42:4c:0d:11:8a:
                    49:dc:62:3d:a8:58:91:43:86:66:ee:ef:4f:c0:0d:
                    b6:50:0b:7d:fc:ed:a8:ca:77:15:d5:95:3a:f5:ca:
                    19:40:f2:15:c6:a5:5c:a4:39:9b:2e:75:be:a7:4c:
                    b1:f3:7f:f5:36:dc:7f:0e:de:e8:d3:27:9e:bf:c7:
                    81:fc:96:86:99:f8:48:0d:30:52:db:3e:73:3a:43:
                    d7:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:B1:C9:73:2D:2C:C3:82:CC:6A:63:2C:AD:B4:19:F6:B9:78:71:52
            X509v3 Authority Key Identifier:
                keyid:6F:07:4D:2E:FB:5F:3E:1D:35:C2:91:F8:A1:1C:0B:C0:BE:7E:C1:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bwdNLvtfPh01wpH4oRwLwL5-wbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/b55ef1-ca63-4ca1-a659-f9720285e797/1/q7HJcy0sw4LMamMsrbQZ9rl4cVI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/b55ef1-ca63-4ca1-a659-f9720285e797/1/bwdNLvtfPh01wpH4oRwLwL5-wbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.108.130.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:db:9a:03:83:2f:a5:33:fb:dc:49:7d:65:36:43:41:d4:7d:
         d7:a7:b0:1c:f0:9c:a8:12:70:4a:a7:c5:da:91:4a:51:e5:d9:
         fe:97:06:9f:b6:78:eb:bf:9e:f4:fa:e8:9e:92:5d:62:4a:df:
         e1:e0:7b:54:38:9e:c3:f0:f5:d0:2f:5c:75:af:99:89:76:a8:
         c5:35:9e:0b:1c:de:ed:a0:e3:a5:dc:7b:04:f2:cf:63:d4:54:
         a7:0f:8a:48:57:2e:84:6c:cc:5f:ac:93:b4:76:15:5f:a9:13:
         b5:77:0b:2e:ed:0f:af:27:b1:d2:5a:0f:6e:51:41:60:d6:5e:
         66:7f:26:72:f7:5e:96:1b:b2:9f:62:24:95:5e:37:98:35:46:
         75:cf:7b:1a:f1:eb:7b:6e:f4:98:36:ef:d4:3b:35:e6:24:47:
         17:b1:61:8e:59:5d:48:d8:98:7d:8e:96:cd:9f:34:6b:82:98:
         29:c4:91:96:83:bc:de:78:3a:c2:f5:bd:f4:75:93:6b:12:9b:
         ff:b2:11:2e:e7:a2:ff:18:a9:a2:37:07:c5:5c:eb:19:f2:cf:
         a1:5d:ac:bb:e1:81:e9:03:32:86:0f:de:87:1a:62:e6:e8:6a:
         df:8a:20:ec:2c:3d:9d:de:7f:6e:50:74:91:f6:ce:81:70:c3:
         56:67:a7:17
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRH16cQ1fckPdTBoNI3J8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmMDc0ZDJlZmI1ZjNlMWQzNWMyOTFmOGExMWMwYmMwYmU3
ZWMxYjgwHhcNMjUwMTAxMjM0NzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmIxYzk3MzJkMmNjMzgyY2M2YTYzMmNhZGI0MTlmNmI5Nzg3MTUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrVeTRp5dViZZhJecoK/jp3XuZh2
WD1cjJzlI8T+avRbJRivPndoFfiI+oV20uRUsTV1EcE2nfjrwGjEoou9jJNrvm94
S7T7IENjltg5J7U64B+mK+s1BeTxRiPE4X8H/P2XsmeP6pAlscXyC9//Nn756T4R
tqKKzqrx74TFyA6JvUKKAotEKitVZk/Mlac0LIT+L2dblz+q34v/L6C0opJN67sj
mxyUnJIE7KIJQkwNEYpJ3GI9qFiRQ4Zm7u9PwA22UAt9/O2oyncV1ZU69coZQPIV
xqVcpDmbLnW+p0yx83/1Ntx/Dt7o0yeev8eB/JaGmfhIDTBS2z5zOkPXWwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKuxyXMtLMOCzGpjLK20Gfa5eHFSMB8GA1UdIwQY
MBaAFG8HTS77Xz4dNcKR+KEcC8C+fsG4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYndkTkx2dGZQaDAxd3BING9Sd0x3TDUtd2JnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9iNTVlZjEtY2E2My00Y2ExLWE2NTkt
Zjk3MjAyODVlNzk3LzEvcTdISmN5MHN3NExNYW1Nc3JiUVo5cmw0Y1ZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9iNTVlZjEtY2E2My00Y2ExLWE2NTktZjk3MjAyODVlNzk3
LzEvYndkTkx2dGZQaDAxd3BING9Sd0x3TDUtd2JnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwWyCMA0G
CSqGSIb3DQEBCwUAA4IBAQCS25oDgy+lM/vcSX1lNkNB1H3Xp7Ac8JyoEnBKp8Xa
kUpR5dn+lwaftnjrv570+uiekl1iSt/h4HtUOJ7D8PXQL1x1r5mJdqjFNZ4LHN7t
oOOl3HsE8s9j1FSnD4pIVy6EbMxfrJO0dhVfqRO1dwsu7Q+vJ7HSWg9uUUFg1l5m
fyZy916WG7KfYiSVXjeYNUZ1z3sa8et7bvSYNu/UOzXmJEcXsWGOWV1I2Jh9jpbN
nzRrgpgpxJGWg7zeeDrC9b30dZNrEpv/shEu56L/GKmiNwfFXOsZ8s+hXay74YHp
AzKGD96HGmLm6GrfiiDsLD2d3n9uUHSR9s6BcMNWZ6cX
-----END CERTIFICATE-----