Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/7ZY1Q8mS5q8z2UfLPJc5K6uKZQo.roa
File:                     7ZY1Q8mS5q8z2UfLPJc5K6uKZQo.roa (raw, json)
Hash identifier:          jj4WM2xy5po+h+orIYLAd72AyCd84wAZcTm4AiOOtow=
Subject key identifier:   ED:96:35:43:C9:92:E6:AF:33:D9:47:CB:3C:97:39:2B:AB:8A:65:0A
Certificate issuer:       /CN=74722f16a87cffd78fd79050568a1b4c959b1224
Certificate serial:       019422FAEBD9E4A81A02D3BA8FEFD30D4A6C
Authority key identifier: 74:72:2F:16:A8:7C:FF:D7:8F:D7:90:50:56:8A:1B:4C:95:9B:12:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dHIvFqh8_9eP15BQVoobTJWbEiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/7ZY1Q8mS5q8z2UfLPJc5K6uKZQo.roa
Signing time:             Wed 01 Jan 2025 17:47:37 +0000
ROA not before:           Wed 01 Jan 2025 17:47:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202948
IP address blocks:        185.172.116.0/24 maxlen: 24
                          185.172.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/dHIvFqh8_9eP15BQVoobTJWbEiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/dHIvFqh8_9eP15BQVoobTJWbEiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dHIvFqh8_9eP15BQVoobTJWbEiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fa:eb:d9:e4:a8:1a:02:d3:ba:8f:ef:d3:0d:4a:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74722f16a87cffd78fd79050568a1b4c959b1224
        Validity
            Not Before: Jan  1 17:47:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed963543c992e6af33d947cb3c97392bab8a650a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:65:49:72:f9:45:39:bf:28:64:f3:80:39:cb:
                    44:a0:cf:1f:23:30:d0:6c:8e:68:c0:4f:98:6b:fe:
                    f0:a2:79:83:fa:b1:64:75:0f:cc:01:04:01:dc:fc:
                    7a:ae:f4:c7:63:5d:48:9a:ea:c6:ba:fd:9b:8b:03:
                    e4:72:16:54:02:96:2a:33:9f:c3:38:24:ac:c9:b5:
                    f1:68:57:4a:51:3c:76:71:70:1a:06:ad:3d:5e:2a:
                    85:e6:1e:ef:83:79:8e:9a:15:67:dc:50:68:16:9d:
                    d7:ac:11:9c:46:f3:c0:17:e8:c5:a1:82:57:3a:ff:
                    fb:0c:c2:83:e7:4a:ff:54:1a:2e:7c:7e:02:66:2b:
                    77:9c:88:d7:d7:56:23:dd:a2:3f:a0:04:05:69:b1:
                    2a:c2:1a:c4:be:d7:fa:41:d9:89:60:10:60:16:aa:
                    3e:0e:a4:15:96:c1:9d:cd:4d:d4:49:2f:59:6f:1a:
                    54:67:1a:ae:ae:63:5c:3c:96:84:41:6d:4d:2d:e9:
                    b9:40:d3:a8:c6:ca:2e:d2:33:1b:f1:80:2a:11:da:
                    7d:f0:e1:8a:07:86:73:58:8c:52:f6:59:1f:8d:fe:
                    0f:97:61:33:01:9a:88:e8:b0:bb:4f:33:9a:00:8c:
                    52:02:e2:9a:71:94:26:2e:5c:a8:0a:3f:04:a1:07:
                    65:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:96:35:43:C9:92:E6:AF:33:D9:47:CB:3C:97:39:2B:AB:8A:65:0A
            X509v3 Authority Key Identifier:
                keyid:74:72:2F:16:A8:7C:FF:D7:8F:D7:90:50:56:8A:1B:4C:95:9B:12:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dHIvFqh8_9eP15BQVoobTJWbEiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/7ZY1Q8mS5q8z2UfLPJc5K6uKZQo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/f9e9a1-fe52-451a-a154-33f73d9fddb5/1/dHIvFqh8_9eP15BQVoobTJWbEiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.172.116.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:18:23:91:b9:26:5e:93:a8:b6:fe:dd:a3:e6:4f:92:04:04:
         34:80:3f:31:30:55:9d:fe:9e:12:00:0b:56:8e:46:6e:23:f6:
         81:8f:23:a9:ab:f6:45:a3:19:d4:28:c7:30:9f:e7:ab:95:17:
         5b:2b:12:3a:7a:b5:de:9d:b4:1f:46:01:5c:fb:80:a3:2c:c9:
         3f:e7:93:5a:5a:fb:00:f9:91:24:e9:53:66:1c:fe:aa:2e:66:
         74:fc:1b:23:47:b3:66:22:77:fd:d4:f5:19:4a:68:5d:a2:e9:
         c7:8d:40:25:46:54:90:64:d2:72:6b:76:b1:2a:06:ca:96:1f:
         00:1a:a0:8c:38:ab:d4:85:13:6d:e4:c2:4c:e9:69:40:e1:4a:
         04:7b:3e:9c:7b:33:ed:30:9c:fd:be:cf:b0:28:f6:e4:fa:4a:
         bb:56:fa:c9:0b:60:c7:9b:27:06:a4:7e:6f:b1:7f:69:5f:ef:
         ff:35:2c:69:77:c1:b5:08:10:62:29:7f:70:51:f0:97:54:01:
         59:0c:f9:ae:01:38:84:e8:92:45:8a:a7:2a:63:f9:85:46:25:
         af:3a:b4:a4:09:cc:67:88:2c:1f:86:b0:46:13:99:c0:54:f2:
         7a:2d:6f:9b:9e:9d:3c:12:62:d9:f1:d5:7c:43:fb:c3:4f:dd:
         f2:40:75:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+uvZ5KgaAtO6j+/TDUpsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0NzIyZjE2YTg3Y2ZmZDc4ZmQ3OTA1MDU2OGExYjRjOTU5
YjEyMjQwHhcNMjUwMTAxMTc0NzM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDk2MzU0M2M5OTJlNmFmMzNkOTQ3Y2IzYzk3MzkyYmFiOGE2NTBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApWVJcvlFOb8oZPOAOctEoM8fIzDQ
bI5owE+Ya/7wonmD+rFkdQ/MAQQB3Px6rvTHY11ImurGuv2biwPkchZUApYqM5/D
OCSsybXxaFdKUTx2cXAaBq09XiqF5h7vg3mOmhVn3FBoFp3XrBGcRvPAF+jFoYJX
Ov/7DMKD50r/VBoufH4CZit3nIjX11Yj3aI/oAQFabEqwhrEvtf6QdmJYBBgFqo+
DqQVlsGdzU3USS9ZbxpUZxqurmNcPJaEQW1NLem5QNOoxsou0jMb8YAqEdp98OGK
B4ZzWIxS9lkfjf4Pl2EzAZqI6LC7TzOaAIxSAuKacZQmLlyoCj8EoQdl5QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2WNUPJkuavM9lHyzyXOSurimUKMB8GA1UdIwQY
MBaAFHRyLxaofP/Xj9eQUFaKG0yVmxIkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEhJdkZxaDhfOWVQMTVCUVZvb2JUSldiRWlRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mOWU5YTEtZmU1Mi00NTFhLWExNTQt
MzNmNzNkOWZkZGI1LzEvN1pZMVE4bVM1cTh6MlVmTFBKYzVLNnVLWlFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mOWU5YTEtZmU1Mi00NTFhLWExNTQtMzNmNzNkOWZkZGI1
LzEvZEhJdkZxaDhfOWVQMTVCUVZvb2JUSldiRWlRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuax0MA0G
CSqGSIb3DQEBCwUAA4IBAQBBGCORuSZek6i2/t2j5k+SBAQ0gD8xMFWd/p4SAAtW
jkZuI/aBjyOpq/ZFoxnUKMcwn+erlRdbKxI6erXenbQfRgFc+4CjLMk/55NaWvsA
+ZEk6VNmHP6qLmZ0/BsjR7NmInf91PUZSmhdounHjUAlRlSQZNJya3axKgbKlh8A
GqCMOKvUhRNt5MJM6WlA4UoEez6cezPtMJz9vs+wKPbk+kq7VvrJC2DHmycGpH5v
sX9pX+//NSxpd8G1CBBiKX9wUfCXVAFZDPmuATiE6JJFiqcqY/mFRiWvOrSkCcxn
iCwfhrBGE5nAVPJ6LW+bnp08EmLZ8dV8Q/vDT93yQHV6
-----END CERTIFICATE-----