Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7Z0xpN11MlsjpjKKa1WCMMqZhM0.roa
File:                     7Z0xpN11MlsjpjKKa1WCMMqZhM0.roa (raw, json)
Hash identifier:          woxOIb71wqCaXima8s+BAJ2MonHdxo7VJHFbw223x5c=
Subject key identifier:   ED:9D:31:A4:DD:75:32:5B:23:A6:32:8A:6B:55:82:30:CA:99:84:CD
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       0196DCECD71F367E1EF8082D31318FA20456
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7Z0xpN11MlsjpjKKa1WCMMqZhM0.roa
Signing time:             Sat 17 May 2025 06:27:11 +0000
ROA not before:           Sat 17 May 2025 06:27:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     33487
IP address blocks:        37.202.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 20:42:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:dc:ec:d7:1f:36:7e:1e:f8:08:2d:31:31:8f:a2:04:56
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: May 17 06:27:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed9d31a4dd75325b23a6328a6b558230ca9984cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:18:f3:6e:3a:cc:78:6c:27:a7:ba:e7:59:55:
                    d9:f9:a0:3a:93:d3:d5:45:0a:84:8a:ec:8c:67:79:
                    9e:fa:ab:e7:2e:ef:3e:14:e9:7d:cb:22:48:ab:a5:
                    29:28:31:fe:fa:57:06:f9:0f:3a:7e:c4:90:c1:12:
                    ba:bf:c2:4a:24:a4:ac:3c:1d:4f:2d:ec:10:5a:da:
                    22:da:69:a0:e6:aa:7a:9c:42:73:94:48:50:ae:eb:
                    5e:cd:b7:b9:84:1e:3f:a4:75:3d:67:74:50:d0:d3:
                    b8:ef:00:8c:87:21:eb:72:c4:7a:22:8d:40:10:7f:
                    af:1e:8c:04:21:2a:92:ad:9d:af:57:54:c6:84:36:
                    57:f7:68:53:49:b9:87:7e:66:6a:bf:db:a1:7e:f9:
                    ae:e3:2e:1a:0b:ec:2d:8f:54:ff:44:1e:a8:d3:f5:
                    f0:fb:10:38:ef:1d:8c:65:9e:a4:7a:01:67:83:55:
                    cd:4c:43:48:93:02:61:32:52:56:2f:bd:c2:6d:8c:
                    49:bc:eb:e7:ad:aa:d7:1d:96:35:ab:47:f8:bc:ce:
                    cb:dc:4c:42:5d:17:07:5a:1d:3d:c9:43:06:46:19:
                    b0:d8:af:74:17:82:4b:dd:55:3a:a0:fc:c5:66:c3:
                    78:81:34:56:aa:14:52:8f:5e:1a:75:4e:6e:60:4f:
                    1a:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:9D:31:A4:DD:75:32:5B:23:A6:32:8A:6B:55:82:30:CA:99:84:CD
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/7Z0xpN11MlsjpjKKa1WCMMqZhM0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:ac:73:c9:95:9d:9b:a8:ee:1e:e4:01:83:a9:56:65:22:5c:
         0c:a5:e6:ad:f1:68:eb:fa:e4:62:28:47:7e:cf:3a:a2:ed:6d:
         d3:92:71:29:44:e2:f2:38:01:1c:db:32:a4:e4:30:fb:10:5c:
         e6:e7:c7:61:24:18:b1:07:77:81:38:af:8f:0d:d2:c2:cd:fb:
         bc:1e:7a:ef:21:f4:55:ac:76:72:d1:57:34:e6:68:b1:13:53:
         57:ea:76:6b:68:de:ea:80:98:53:5e:7f:10:69:88:ed:bd:e7:
         43:22:e4:5f:93:87:70:8d:ba:58:e8:93:1f:ae:3f:f9:01:ca:
         d8:38:77:79:56:04:5c:94:d0:ae:d5:5f:7d:b2:7e:c0:f8:85:
         d2:c9:e6:4c:bf:15:93:55:4b:f6:dc:ef:0e:e5:1e:e2:d4:1f:
         1a:09:19:92:01:d7:07:30:30:2c:16:03:a6:a7:c1:b0:19:af:
         c5:c1:24:fb:27:b1:2e:df:80:f6:d7:78:be:25:fa:56:d2:44:
         a9:1e:9e:b8:b3:6a:3e:a9:bf:f1:70:86:6b:71:c6:b8:65:2a:
         ed:a5:15:49:36:c3:2b:a3:68:01:12:66:f2:64:8f:1e:09:46:
         26:23:d0:b2:b9:89:65:ef:e4:a0:78:7a:b1:10:ec:3f:09:e6:
         f3:1f:48:87
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbc7NcfNn4e+AgtMTGPogRWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNTE3MDYyNzExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDlkMzFhNGRkNzUzMjViMjNhNjMyOGE2YjU1ODIzMGNhOTk4NGNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAthjzbjrMeGwnp7rnWVXZ+aA6k9PV
RQqEiuyMZ3me+qvnLu8+FOl9yyJIq6UpKDH++lcG+Q86fsSQwRK6v8JKJKSsPB1P
LewQWtoi2mmg5qp6nEJzlEhQrutezbe5hB4/pHU9Z3RQ0NO47wCMhyHrcsR6Io1A
EH+vHowEISqSrZ2vV1TGhDZX92hTSbmHfmZqv9uhfvmu4y4aC+wtj1T/RB6o0/Xw
+xA47x2MZZ6kegFng1XNTENIkwJhMlJWL73CbYxJvOvnrarXHZY1q0f4vM7L3ExC
XRcHWh09yUMGRhmw2K90F4JL3VU6oPzFZsN4gTRWqhRSj14adU5uYE8alwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2dMaTddTJbI6YyimtVgjDKmYTNMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvN1oweHBOMTFNbHNqcGpLS2ExV0NNTXFaaE0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAJcrGMA0G
CSqGSIb3DQEBCwUAA4IBAQB+rHPJlZ2bqO4e5AGDqVZlIlwMpeat8Wjr+uRiKEd+
zzqi7W3TknEpROLyOAEc2zKk5DD7EFzm58dhJBixB3eBOK+PDdLCzfu8HnrvIfRV
rHZy0Vc05mixE1NX6nZraN7qgJhTXn8QaYjtvedDIuRfk4dwjbpY6JMfrj/5AcrY
OHd5VgRclNCu1V99sn7A+IXSyeZMvxWTVUv23O8O5R7i1B8aCRmSAdcHMDAsFgOm
p8GwGa/FwST7J7Eu34D213i+JfpW0kSpHp64s2o+qb/xcIZrcca4ZSrtpRVJNsMr
o2gBEmbyZI8eCUYmI9CyuYll7+SgeHqxEOw/CebzH0iH
-----END CERTIFICATE-----