Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/F7JXtoqYAnfTjuecjcOTuo1qCkw.roa
File:                     F7JXtoqYAnfTjuecjcOTuo1qCkw.roa (raw, json)
Hash identifier:          OEFPqG5xW1fNzTGExyHBZVtQ+HvaVdHh6rDRxCBiNXc=
Subject key identifier:   17:B2:57:B6:8A:98:02:77:D3:8E:E7:9C:8D:C3:93:BA:8D:6A:0A:4C
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       0196005A72D562118D9B2E6385389886496A
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/F7JXtoqYAnfTjuecjcOTuo1qCkw.roa
Signing time:             Fri 04 Apr 2025 10:30:49 +0000
ROA not before:           Fri 04 Apr 2025 10:30:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213005
IP address blocks:        46.253.138.0/24 maxlen: 24
                          185.119.112.0/22 maxlen: 24
                          188.93.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:00:5a:72:d5:62:11:8d:9b:2e:63:85:38:98:86:49:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Apr  4 10:30:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=17b257b68a980277d38ee79c8dc393ba8d6a0a4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8e:31:ac:0c:1f:9e:7f:da:9d:5d:36:71:12:d2:
                    2f:61:9a:8a:86:73:c1:d3:7f:8b:bd:a2:81:b7:de:
                    93:74:04:57:77:10:28:88:ab:df:c7:48:b4:72:5d:
                    89:68:19:c5:bc:4a:64:ab:39:a1:57:85:c4:a3:00:
                    13:bd:18:d1:ac:b6:30:94:2e:05:27:77:66:2b:94:
                    7a:0a:31:62:61:d2:72:df:16:86:9b:f6:72:23:02:
                    97:5b:ea:82:c0:af:91:26:86:0e:c0:55:df:d0:c0:
                    df:32:87:00:2a:c1:b0:e8:43:f3:0e:2d:d4:27:f6:
                    6b:43:22:d7:80:2b:23:1b:d5:e8:16:b3:22:61:12:
                    4f:f2:58:3f:f7:19:45:1a:ba:1b:5d:9b:90:4d:8a:
                    32:9c:bf:2f:8a:77:e5:4d:68:21:4c:f3:5e:83:af:
                    74:65:5e:2e:25:cb:a8:c7:62:ca:3b:77:1b:7a:e0:
                    9a:7c:a9:06:d3:e9:3b:63:33:f3:ee:45:21:98:9e:
                    52:43:4a:d1:ea:22:90:8b:c8:fc:ba:3b:7d:e1:e6:
                    6d:fa:1a:47:e8:c1:cd:56:6e:73:90:19:1b:9d:0f:
                    b7:c9:23:68:ed:61:71:2a:a2:cc:62:79:86:63:63:
                    c0:d5:60:c5:92:2d:5c:b9:9c:f0:8c:23:e1:eb:bd:
                    d5:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:B2:57:B6:8A:98:02:77:D3:8E:E7:9C:8D:C3:93:BA:8D:6A:0A:4C
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/F7JXtoqYAnfTjuecjcOTuo1qCkw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.253.138.0/24
                  185.119.112.0/22
                  188.93.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:bd:cf:3b:60:96:b4:59:54:b4:88:67:9e:b7:e5:f6:dc:9a:
         e3:98:b3:a8:59:b3:76:70:43:5a:f1:24:8c:7e:b9:c1:c0:30:
         02:fa:b2:d2:02:bf:56:0e:06:3c:a9:9c:b5:42:b5:fc:ce:b4:
         43:38:7f:f2:35:8d:45:cc:7e:9e:6c:12:64:b7:2d:fd:b1:44:
         ae:cb:51:35:af:39:f2:4e:39:01:b9:67:dd:25:cf:71:d0:18:
         e7:89:e5:d6:2d:c2:8e:83:ad:7f:43:71:19:32:4b:61:15:aa:
         b4:3d:90:83:f4:5b:26:7f:54:4c:8b:f0:ad:e6:3e:8f:1f:92:
         11:8d:b5:4b:bf:e1:01:4b:95:08:d5:45:71:bf:e4:d1:f8:14:
         f6:9d:39:52:05:5c:17:38:0a:bc:b4:ca:d5:b5:00:1c:24:14:
         7f:3b:cc:a1:3a:ed:14:cf:c3:fe:96:97:b4:8c:31:e9:ba:6c:
         c8:7a:34:2c:ec:b4:66:3c:62:11:4a:73:7d:5f:8d:8f:56:a4:
         9e:3f:9c:c9:d0:a9:49:0c:9e:89:d0:2e:5c:b4:55:8c:d0:f6:
         3f:5c:6e:e6:ab:d6:2a:23:6e:20:3c:a2:47:50:00:72:67:05:
         60:7c:4b:b3:67:45:7c:a2:5a:6c:27:64:69:5e:47:f1:c7:c9:
         e0:21:bf:d0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZYAWnLVYhGNmy5jhTiYhklqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjUwNDA0MTAzMDQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxN2IyNTdiNjhhOTgwMjc3ZDM4ZWU3OWM4ZGMzOTNiYThkNmEwYTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjjGsDB+ef9qdXTZxEtIvYZqKhnPB
03+LvaKBt96TdARXdxAoiKvfx0i0cl2JaBnFvEpkqzmhV4XEowATvRjRrLYwlC4F
J3dmK5R6CjFiYdJy3xaGm/ZyIwKXW+qCwK+RJoYOwFXf0MDfMocAKsGw6EPzDi3U
J/ZrQyLXgCsjG9XoFrMiYRJP8lg/9xlFGrobXZuQTYoynL8vinflTWghTPNeg690
ZV4uJcuox2LKO3cbeuCafKkG0+k7YzPz7kUhmJ5SQ0rR6iKQi8j8ujt94eZt+hpH
6MHNVm5zkBkbnQ+3ySNo7WFxKqLMYnmGY2PA1WDFki1cuZzwjCPh673VWQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBeyV7aKmAJ3047nnI3Dk7qNagpMMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvRjdKWHRvcVlBbmZUanVlY2pjT1R1bzFxQ2t3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQALv2KAwQC
uXdwAwQAvF11MA0GCSqGSIb3DQEBCwUAA4IBAQBlvc87YJa0WVS0iGeet+X23Jrj
mLOoWbN2cENa8SSMfrnBwDAC+rLSAr9WDgY8qZy1QrX8zrRDOH/yNY1FzH6ebBJk
ty39sUSuy1E1rznyTjkBuWfdJc9x0BjnieXWLcKOg61/Q3EZMkthFaq0PZCD9Fsm
f1RMi/Ct5j6PH5IRjbVLv+EBS5UI1UVxv+TR+BT2nTlSBVwXOAq8tMrVtQAcJBR/
O8yhOu0Uz8P+lpe0jDHpumzIejQs7LRmPGIRSnN9X42PVqSeP5zJ0KlJDJ6J0C5c
tFWM0PY/XG7mq9YqI24gPKJHUAByZwVgfEuzZ0V8olpsJ2RpXkfxx8ngIb/Q
-----END CERTIFICATE-----