Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/82/21443f-e68f-49e6-abc9-6083393cf46e/1/7NZ3oQkMOQoPZU36C6qwxb2VoVE.roa
File:                     7NZ3oQkMOQoPZU36C6qwxb2VoVE.roa (raw, json)
Hash identifier:          47N6P40TbSFw4GF5u3qAezQZQpvVncE6hSSscr+AiT4=
Subject key identifier:   EC:D6:77:A1:09:0C:39:0A:0F:65:4D:FA:0B:AA:B0:C5:BD:95:A1:51
Certificate issuer:       /CN=7e5354e1334708f180012bb237a95f9fac7a4e5c
Certificate serial:       019420D5A8EB1D66B0354F1F1E6FB97EB479
Authority key identifier: 7E:53:54:E1:33:47:08:F1:80:01:2B:B2:37:A9:5F:9F:AC:7A:4E:5C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/flNU4TNHCPGAASuyN6lfn6x6Tlw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/82/21443f-e68f-49e6-abc9-6083393cf46e/1/7NZ3oQkMOQoPZU36C6qwxb2VoVE.roa
Signing time:             Wed 01 Jan 2025 07:47:40 +0000
ROA not before:           Wed 01 Jan 2025 07:47:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207003
IP address blocks:        185.188.30.0/24 maxlen: 24
                          2a12:d940::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/82/21443f-e68f-49e6-abc9-6083393cf46e/1/flNU4TNHCPGAASuyN6lfn6x6Tlw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/82/21443f-e68f-49e6-abc9-6083393cf46e/1/flNU4TNHCPGAASuyN6lfn6x6Tlw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/flNU4TNHCPGAASuyN6lfn6x6Tlw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:a8:eb:1d:66:b0:35:4f:1f:1e:6f:b9:7e:b4:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e5354e1334708f180012bb237a95f9fac7a4e5c
        Validity
            Not Before: Jan  1 07:47:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ecd677a1090c390a0f654dfa0baab0c5bd95a151
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e1:0d:3c:fb:62:9b:47:07:f6:cd:14:98:9a:
                    09:52:19:32:d2:7e:7e:e3:bb:54:62:bb:85:67:07:
                    4b:be:80:99:85:cf:5c:09:97:4e:8a:63:4e:65:77:
                    61:e5:cf:42:d7:6f:af:ce:51:7b:68:ee:02:2e:ec:
                    82:af:ac:46:6a:7b:fb:0d:48:95:bb:fa:dc:26:a2:
                    10:6f:f7:16:83:82:11:0d:97:cd:2d:30:e3:65:60:
                    3e:b9:94:8f:a3:a6:48:75:5f:4c:68:2e:7d:e2:6d:
                    fc:c8:29:69:0d:f3:ef:4a:06:8c:a8:1b:22:20:98:
                    b3:fc:82:5d:99:46:bb:65:a8:43:56:21:f9:51:b5:
                    11:0d:21:42:00:30:e3:0b:1e:96:30:d7:55:83:05:
                    a4:ea:c5:83:68:d1:d7:01:79:7d:8b:3f:11:e6:36:
                    50:ce:d3:2d:80:27:80:34:b1:b9:97:ca:00:4b:6e:
                    5f:1c:75:45:b3:be:70:20:84:6d:48:71:ba:ff:87:
                    6a:dc:ca:d6:be:61:b2:c1:38:5f:d8:bd:a9:5c:ec:
                    9d:54:21:6c:08:71:6d:3a:4e:1a:28:18:b5:6a:7b:
                    07:fd:61:32:29:42:70:66:b5:75:a7:ae:76:85:e1:
                    9b:67:a2:26:51:3b:ac:62:e0:5a:91:db:2a:1f:43:
                    20:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:D6:77:A1:09:0C:39:0A:0F:65:4D:FA:0B:AA:B0:C5:BD:95:A1:51
            X509v3 Authority Key Identifier:
                keyid:7E:53:54:E1:33:47:08:F1:80:01:2B:B2:37:A9:5F:9F:AC:7A:4E:5C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/flNU4TNHCPGAASuyN6lfn6x6Tlw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/82/21443f-e68f-49e6-abc9-6083393cf46e/1/7NZ3oQkMOQoPZU36C6qwxb2VoVE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/82/21443f-e68f-49e6-abc9-6083393cf46e/1/flNU4TNHCPGAASuyN6lfn6x6Tlw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.188.30.0/24
                IPv6:
                  2a12:d940::/29

    Signature Algorithm: sha256WithRSAEncryption
         17:72:96:6a:1b:95:cd:9e:3f:4f:5f:cc:b3:b4:ef:e7:05:26:
         72:18:f2:ca:a4:74:03:25:f9:ec:17:ab:d6:1a:49:ef:1c:17:
         d6:96:b9:34:1e:b2:65:7e:81:95:ed:cb:60:e2:10:40:e7:59:
         43:81:55:ad:4f:c4:da:c3:60:4a:03:c0:9a:c4:93:5a:2f:ae:
         ac:89:45:c8:40:7b:9f:4a:31:4c:dd:a0:92:2b:27:b4:58:79:
         25:9a:ae:2b:e7:fa:a8:3a:d1:f9:8c:4c:8b:f5:d9:9c:86:57:
         5d:df:ce:01:03:ac:a1:80:8c:22:86:90:f5:91:01:14:73:a0:
         c1:b8:94:f3:c2:8a:f7:fb:7c:5c:04:56:8f:4e:4a:cd:46:ca:
         be:f4:48:46:79:0d:ad:f8:83:b1:f6:cc:96:7c:85:cd:3e:18:
         26:68:08:01:b5:32:23:c7:48:49:ac:41:13:c4:29:84:ab:07:
         36:94:38:1a:19:e4:ef:0e:17:c2:dc:91:47:59:36:c1:3d:68:
         2a:6e:06:61:09:69:4c:44:de:27:ad:d5:8c:17:5f:85:8b:6c:
         96:34:98:48:74:2d:00:07:34:f0:18:8a:63:e6:90:72:42:80:
         73:fd:be:49:95:d0:a9:41:d3:24:df:ee:a7:df:ee:91:67:76:
         9d:c2:4d:d9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQg1ajrHWawNU8fHm+5frR5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNTM1NGUxMzM0NzA4ZjE4MDAxMmJiMjM3YTk1ZjlmYWM3
YTRlNWMwHhcNMjUwMTAxMDc0NzQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2Q2NzdhMTA5MGMzOTBhMGY2NTRkZmEwYmFhYjBjNWJkOTVhMTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu+ENPPtim0cH9s0UmJoJUhky0n5+
47tUYruFZwdLvoCZhc9cCZdOimNOZXdh5c9C12+vzlF7aO4CLuyCr6xGanv7DUiV
u/rcJqIQb/cWg4IRDZfNLTDjZWA+uZSPo6ZIdV9MaC594m38yClpDfPvSgaMqBsi
IJiz/IJdmUa7ZahDViH5UbURDSFCADDjCx6WMNdVgwWk6sWDaNHXAXl9iz8R5jZQ
ztMtgCeANLG5l8oAS25fHHVFs75wIIRtSHG6/4dq3MrWvmGywThf2L2pXOydVCFs
CHFtOk4aKBi1ansH/WEyKUJwZrV1p652heGbZ6ImUTusYuBakdsqH0MgEQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOzWd6EJDDkKD2VN+guqsMW9laFRMB8GA1UdIwQY
MBaAFH5TVOEzRwjxgAErsjepX5+sek5cMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmxOVTRUTkhDUEdBQVN1eU42bGZuNng2VGx3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Mi8yMTQ0M2YtZTY4Zi00OWU2LWFiYzkt
NjA4MzM5M2NmNDZlLzEvN05aM29Ra01PUW9QWlUzNkM2cXd4YjJWb1ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Mi8yMTQ0M2YtZTY4Zi00OWU2LWFiYzktNjA4MzM5M2NmNDZl
LzEvZmxOVTRUTkhDUEdBQVN1eU42bGZuNng2VGx3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAubweMA0E
AgACMAcDBQMqEtlAMA0GCSqGSIb3DQEBCwUAA4IBAQAXcpZqG5XNnj9PX8yztO/n
BSZyGPLKpHQDJfnsF6vWGknvHBfWlrk0HrJlfoGV7ctg4hBA51lDgVWtT8Taw2BK
A8CaxJNaL66siUXIQHufSjFM3aCSKye0WHklmq4r5/qoOtH5jEyL9dmchldd384B
A6yhgIwihpD1kQEUc6DBuJTzwor3+3xcBFaPTkrNRsq+9EhGeQ2t+IOx9syWfIXN
PhgmaAgBtTIjx0hJrEETxCmEqwc2lDgaGeTvDhfC3JFHWTbBPWgqbgZhCWlMRN4n
rdWMF1+Fi2yWNJhIdC0ABzTwGIpj5pByQoBz/b5JldCpQdMk3+6n3+6RZ3adwk3Z
-----END CERTIFICATE-----