Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/207167-d551-41ba-86a8-2f50ea27213c/1/K7Q4iSU5tGlQaFLDbZ74ga5u7QI.roa
File:                     K7Q4iSU5tGlQaFLDbZ74ga5u7QI.roa (raw, json)
Hash identifier:          4IoPifHHzLWAa9SoaMyYdsFHlPVY27b7G1cPfRmMmFw=
Subject key identifier:   2B:B4:38:89:25:39:B4:69:50:68:52:C3:6D:9E:F8:81:AE:6E:ED:02
Certificate issuer:       /CN=68038d4cacbd41919952eb3709c16533838900e3
Certificate serial:       0195E6F45F9B048A8FC25FAFB0C96F88CF84
Authority key identifier: 68:03:8D:4C:AC:BD:41:91:99:52:EB:37:09:C1:65:33:83:89:00:E3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aAONTKy9QZGZUus3CcFlM4OJAOM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/207167-d551-41ba-86a8-2f50ea27213c/1/K7Q4iSU5tGlQaFLDbZ74ga5u7QI.roa
Signing time:             Sun 30 Mar 2025 12:08:49 +0000
ROA not before:           Sun 30 Mar 2025 12:08:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211476
IP address blocks:        185.182.70.0/24 maxlen: 24
                          185.182.71.0/24 maxlen: 24
                          2a0f:3680::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/207167-d551-41ba-86a8-2f50ea27213c/1/aAONTKy9QZGZUus3CcFlM4OJAOM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/207167-d551-41ba-86a8-2f50ea27213c/1/aAONTKy9QZGZUus3CcFlM4OJAOM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aAONTKy9QZGZUus3CcFlM4OJAOM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 09:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:e6:f4:5f:9b:04:8a:8f:c2:5f:af:b0:c9:6f:88:cf:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68038d4cacbd41919952eb3709c16533838900e3
        Validity
            Not Before: Mar 30 12:08:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2bb438892539b469506852c36d9ef881ae6eed02
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:b5:db:91:f9:79:c3:30:5f:5c:35:5f:79:09:
                    8a:98:50:b4:40:71:c8:a0:71:91:6a:34:1b:b4:6f:
                    43:ca:35:b5:dd:06:34:93:ba:b0:99:16:6c:f3:f1:
                    fc:ef:fc:d7:a7:8b:3c:26:86:6c:77:49:9b:68:94:
                    99:b6:2a:b9:17:78:4a:28:77:c9:28:c0:55:c2:f6:
                    42:97:0b:47:28:8d:ac:51:aa:3e:69:28:ff:ef:14:
                    ea:88:71:ca:28:76:ff:b8:fe:84:ef:b8:71:ff:b6:
                    65:54:23:31:28:0e:fc:b7:a2:88:56:1b:89:41:b9:
                    db:5d:d5:ef:cd:d6:da:c7:6a:30:3f:96:b2:ae:4a:
                    ea:29:53:c4:54:e8:fe:46:27:db:43:b1:b4:52:79:
                    44:0a:1a:93:0f:6d:31:3f:3d:e0:4d:8b:6d:28:6f:
                    4c:df:d6:c5:e7:0d:77:d6:fb:bd:9b:4f:cd:ee:5c:
                    d9:c6:a5:7d:59:a2:a6:5b:c1:b1:31:4a:7d:b9:47:
                    ce:40:82:4b:ee:17:29:d3:52:0b:51:e6:a1:6d:80:
                    14:7e:14:a8:b9:df:e4:be:71:47:ee:38:25:5a:c0:
                    20:97:7a:7f:82:90:46:3a:b8:ec:fb:4b:9a:7a:dd:
                    89:44:6d:dd:70:4f:0e:c1:b9:74:91:6a:17:4d:a3:
                    79:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:B4:38:89:25:39:B4:69:50:68:52:C3:6D:9E:F8:81:AE:6E:ED:02
            X509v3 Authority Key Identifier:
                keyid:68:03:8D:4C:AC:BD:41:91:99:52:EB:37:09:C1:65:33:83:89:00:E3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aAONTKy9QZGZUus3CcFlM4OJAOM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/207167-d551-41ba-86a8-2f50ea27213c/1/K7Q4iSU5tGlQaFLDbZ74ga5u7QI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/207167-d551-41ba-86a8-2f50ea27213c/1/aAONTKy9QZGZUus3CcFlM4OJAOM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.182.70.0/23
                IPv6:
                  2a0f:3680::/32

    Signature Algorithm: sha256WithRSAEncryption
         37:f0:09:04:d4:db:23:45:6a:aa:a6:82:92:14:fe:dd:d8:f1:
         23:fe:0e:2e:08:98:dd:07:80:25:e2:56:97:0c:01:77:ca:61:
         ef:d9:6b:d6:22:8a:b9:28:8d:fe:0d:d1:a4:a6:14:65:d8:0b:
         4e:bb:9e:5c:26:8d:ab:87:c2:c8:52:35:96:8c:9f:9b:f4:8e:
         61:e2:69:c9:68:1b:0b:82:ec:06:68:c3:8f:f7:b4:30:4d:8f:
         92:91:b3:3e:6a:d9:4f:53:bc:00:21:b6:70:df:98:05:63:66:
         f0:73:2e:4f:ae:5f:06:58:37:fb:7d:8c:00:4b:66:bf:d9:7d:
         d7:e1:59:f7:9d:60:b7:57:a9:a0:bd:9d:f8:f5:81:1e:83:cf:
         97:1a:0b:02:04:96:27:a8:22:ed:18:51:83:00:5d:b3:1f:56:
         d1:6c:44:09:4f:f5:9b:fd:77:b9:7b:3b:69:b3:8f:d7:27:ca:
         be:ac:a4:10:66:1a:d2:0b:f4:9d:c2:0b:3c:68:2f:c7:14:8d:
         40:8b:4e:92:71:0c:a4:4f:ed:2f:f7:eb:6d:49:27:08:ac:a6:
         03:9c:5c:ea:a6:ef:8b:ed:03:cf:15:cb:76:61:51:fd:fe:8e:
         2b:56:7e:aa:7d:23:47:be:b3:e3:b8:c8:98:07:e7:11:21:d8:
         8f:a2:76:83
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZXm9F+bBIqPwl+vsMlviM+EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MDM4ZDRjYWNiZDQxOTE5OTUyZWIzNzA5YzE2NTMzODM4
OTAwZTMwHhcNMjUwMzMwMTIwODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmI0Mzg4OTI1MzliNDY5NTA2ODUyYzM2ZDllZjg4MWFlNmVlZDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybXbkfl5wzBfXDVfeQmKmFC0QHHI
oHGRajQbtG9DyjW13QY0k7qwmRZs8/H87/zXp4s8JoZsd0mbaJSZtiq5F3hKKHfJ
KMBVwvZClwtHKI2sUao+aSj/7xTqiHHKKHb/uP6E77hx/7ZlVCMxKA78t6KIVhuJ
QbnbXdXvzdbax2owP5ayrkrqKVPEVOj+RifbQ7G0UnlEChqTD20xPz3gTYttKG9M
39bF5w131vu9m0/N7lzZxqV9WaKmW8GxMUp9uUfOQIJL7hcp01ILUeahbYAUfhSo
ud/kvnFH7jglWsAgl3p/gpBGOrjs+0uaet2JRG3dcE8Owbl0kWoXTaN5pQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCu0OIklObRpUGhSw22e+IGubu0CMB8GA1UdIwQY
MBaAFGgDjUysvUGRmVLrNwnBZTODiQDjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUFPTlRLeTlRWkdaVXVzM0NjRmxNNE9KQU9NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS8yMDcxNjctZDU1MS00MWJhLTg2YTgt
MmY1MGVhMjcyMTNjLzEvSzdRNGlTVTV0R2xRYUZMRGJaNzRnYTV1N1FJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS8yMDcxNjctZDU1MS00MWJhLTg2YTgtMmY1MGVhMjcyMTNj
LzEvYUFPTlRLeTlRWkdaVXVzM0NjRmxNNE9KQU9NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBubZGMA0E
AgACMAcDBQAqDzaAMA0GCSqGSIb3DQEBCwUAA4IBAQA38AkE1NsjRWqqpoKSFP7d
2PEj/g4uCJjdB4Al4laXDAF3ymHv2WvWIoq5KI3+DdGkphRl2AtOu55cJo2rh8LI
UjWWjJ+b9I5h4mnJaBsLguwGaMOP97QwTY+SkbM+atlPU7wAIbZw35gFY2bwcy5P
rl8GWDf7fYwAS2a/2X3X4Vn3nWC3V6mgvZ349YEeg8+XGgsCBJYnqCLtGFGDAF2z
H1bRbEQJT/Wb/Xe5eztps4/XJ8q+rKQQZhrSC/Sdwgs8aC/HFI1Ai06ScQykT+0v
9+ttSScIrKYDnFzqpu+L7QPPFct2YVH9/o4rVn6qfSNHvrPjuMiYB+cRIdiPonaD
-----END CERTIFICATE-----