Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/b12604-b481-416d-b088-210767bd0ba2/1/7BY_kFwL8OEGCGg4fffLBCGfbIk.roa
File:                     7BY_kFwL8OEGCGg4fffLBCGfbIk.roa (raw, json)
Hash identifier:          wPQVbJEzFYU2FTuvcz3iiUbD5hpnYkEGB5yumpXFpQo=
Subject key identifier:   EC:16:3F:90:5C:0B:F0:E1:06:08:68:38:7D:F7:CB:04:21:9F:6C:89
Certificate issuer:       /CN=2c37b4bec97d608abe23bc57ba398246ccc57760
Certificate serial:       019422FB947259A6B50D854553AB0D131E55
Authority key identifier: 2C:37:B4:BE:C9:7D:60:8A:BE:23:BC:57:BA:39:82:46:CC:C5:77:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LDe0vsl9YIq-I7xXujmCRszFd2A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/b12604-b481-416d-b088-210767bd0ba2/1/7BY_kFwL8OEGCGg4fffLBCGfbIk.roa
Signing time:             Wed 01 Jan 2025 17:48:20 +0000
ROA not before:           Wed 01 Jan 2025 17:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205671
IP address blocks:        185.210.124.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/b12604-b481-416d-b088-210767bd0ba2/1/LDe0vsl9YIq-I7xXujmCRszFd2A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/b12604-b481-416d-b088-210767bd0ba2/1/LDe0vsl9YIq-I7xXujmCRszFd2A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LDe0vsl9YIq-I7xXujmCRszFd2A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:94:72:59:a6:b5:0d:85:45:53:ab:0d:13:1e:55
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c37b4bec97d608abe23bc57ba398246ccc57760
        Validity
            Not Before: Jan  1 17:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec163f905c0bf0e1060868387df7cb04219f6c89
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:5f:3a:8c:d9:3e:ce:9b:d6:de:5d:79:f2:86:
                    44:c2:7a:68:d1:17:34:bc:d9:6d:b9:d4:48:45:0c:
                    25:0a:50:cf:31:8e:38:c5:3b:56:84:a2:d8:49:26:
                    67:c1:0c:f7:c3:fd:bb:b9:58:64:0a:8c:50:f3:15:
                    e8:20:b7:cc:d3:bc:2d:49:f9:e2:49:54:3f:5c:0c:
                    4e:5d:83:6a:0a:4e:9e:8e:8c:1c:de:6c:4e:66:ef:
                    c6:d3:64:b2:72:af:f0:c9:d3:d3:d7:87:29:b4:ee:
                    73:9d:9a:e1:9a:5c:4c:c6:8f:45:58:e5:b9:50:11:
                    d2:9f:03:21:a4:46:6e:2e:51:74:ba:8f:cb:32:74:
                    1c:2c:7f:c7:92:c0:1b:29:19:b0:47:88:ae:e4:a1:
                    29:ab:bf:b1:f2:b3:7f:36:3a:b8:a1:5d:a9:89:c4:
                    9b:2d:c6:40:18:17:cc:61:51:bd:e0:cc:55:c0:26:
                    c3:8b:f7:24:99:46:1d:f6:fe:87:c4:54:98:59:0d:
                    1b:de:ba:2c:61:92:00:7d:18:04:1c:8c:fb:fa:ab:
                    59:80:58:69:a4:aa:5a:0a:65:30:47:38:78:ce:e6:
                    b2:cd:ff:c1:cc:4c:5b:16:d9:04:79:cd:c0:ad:04:
                    54:67:57:79:a2:23:21:30:12:40:52:7b:25:01:fc:
                    21:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:16:3F:90:5C:0B:F0:E1:06:08:68:38:7D:F7:CB:04:21:9F:6C:89
            X509v3 Authority Key Identifier:
                keyid:2C:37:B4:BE:C9:7D:60:8A:BE:23:BC:57:BA:39:82:46:CC:C5:77:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LDe0vsl9YIq-I7xXujmCRszFd2A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/b12604-b481-416d-b088-210767bd0ba2/1/7BY_kFwL8OEGCGg4fffLBCGfbIk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/b12604-b481-416d-b088-210767bd0ba2/1/LDe0vsl9YIq-I7xXujmCRszFd2A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.210.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         88:14:9e:83:20:a5:ef:d0:03:b1:0b:99:45:f4:ce:97:a7:8f:
         0b:a3:b8:4f:06:9b:3d:a1:fd:7d:ed:ac:13:d5:e0:87:45:e2:
         69:30:b9:03:a2:d0:86:ea:2b:54:a9:94:ab:da:f0:fd:4e:27:
         02:ff:88:3e:f2:10:13:6d:92:b9:ac:43:bd:3a:ae:a8:db:b4:
         3d:6b:a4:51:7b:7b:fc:d9:f7:de:21:e6:6f:84:33:02:48:a5:
         f9:45:88:7f:e1:dd:67:97:90:bd:b0:93:5d:8d:21:6e:e3:6f:
         dc:4e:10:48:f2:e3:50:b3:62:72:93:73:1c:ab:44:a0:dd:e3:
         84:d8:0f:a5:27:3a:78:46:31:71:37:10:70:9a:11:0d:3c:9f:
         38:df:93:d7:c2:75:ad:6e:34:aa:59:b1:4d:42:a7:72:71:15:
         ec:a4:c1:63:56:50:58:8f:9b:88:ac:0e:b4:30:04:07:c7:d1:
         8f:f9:59:1a:1c:62:3c:f1:35:50:08:fb:35:8f:11:6c:61:7b:
         f8:a1:5c:a3:09:28:d6:af:10:02:c9:d3:82:1c:91:94:04:85:
         ee:13:58:74:3a:47:61:21:2b:0f:2e:27:f5:85:4e:08:41:ad:
         14:53:e4:9e:2d:a8:cb:f1:e0:e5:45:74:61:73:85:ff:cf:3a:
         87:c3:47:1b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+5RyWaa1DYVFU6sNEx5VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjMzdiNGJlYzk3ZDYwOGFiZTIzYmM1N2JhMzk4MjQ2Y2Nj
NTc3NjAwHhcNMjUwMTAxMTc0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzE2M2Y5MDVjMGJmMGUxMDYwODY4Mzg3ZGY3Y2IwNDIxOWY2Yzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwF86jNk+zpvW3l158oZEwnpo0Rc0
vNltudRIRQwlClDPMY44xTtWhKLYSSZnwQz3w/27uVhkCoxQ8xXoILfM07wtSfni
SVQ/XAxOXYNqCk6ejowc3mxOZu/G02Sycq/wydPT14cptO5znZrhmlxMxo9FWOW5
UBHSnwMhpEZuLlF0uo/LMnQcLH/HksAbKRmwR4iu5KEpq7+x8rN/Njq4oV2picSb
LcZAGBfMYVG94MxVwCbDi/ckmUYd9v6HxFSYWQ0b3rosYZIAfRgEHIz7+qtZgFhp
pKpaCmUwRzh4zuayzf/BzExbFtkEec3ArQRUZ1d5oiMhMBJAUnslAfwh8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOwWP5BcC/DhBghoOH33ywQhn2yJMB8GA1UdIwQY
MBaAFCw3tL7JfWCKviO8V7o5gkbMxXdgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTERlMHZzbDlZSXEtSTd4WHVqbUNSc3pGZDJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My9iMTI2MDQtYjQ4MS00MTZkLWIwODgt
MjEwNzY3YmQwYmEyLzEvN0JZX2tGd0w4T0VHQ0dnNGZmZkxCQ0dmYklrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My9iMTI2MDQtYjQ4MS00MTZkLWIwODgtMjEwNzY3YmQwYmEy
LzEvTERlMHZzbDlZSXEtSTd4WHVqbUNSc3pGZDJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudJ8MA0G
CSqGSIb3DQEBCwUAA4IBAQCIFJ6DIKXv0AOxC5lF9M6Xp48Lo7hPBps9of197awT
1eCHReJpMLkDotCG6itUqZSr2vD9TicC/4g+8hATbZK5rEO9Oq6o27Q9a6RRe3v8
2ffeIeZvhDMCSKX5RYh/4d1nl5C9sJNdjSFu42/cThBI8uNQs2Jyk3Mcq0Sg3eOE
2A+lJzp4RjFxNxBwmhENPJ8435PXwnWtbjSqWbFNQqdycRXspMFjVlBYj5uIrA60
MAQHx9GP+VkaHGI88TVQCPs1jxFsYXv4oVyjCSjWrxACydOCHJGUBIXuE1h0Okdh
ISsPLif1hU4IQa0UU+SeLajL8eDlRXRhc4X/zzqHw0cb
-----END CERTIFICATE-----