Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/0R7qlpggNu0m26niM6erbXxYeHM.roa
File:                     0R7qlpggNu0m26niM6erbXxYeHM.roa (raw, json)
Hash identifier:          OxiLF9x0YYjLKJb8tbqbd3VHeJ/ObZslL98x/IEw1IY=
Subject key identifier:   D1:1E:EA:96:98:20:36:ED:26:DB:A9:E2:33:A7:AB:6D:7C:58:78:73
Certificate issuer:       /CN=0b5f8c9447d614b86182763d9333250e2d9412e2
Certificate serial:       01942747A3FCB45CA1CFC48074D1BFA1397B
Authority key identifier: 0B:5F:8C:94:47:D6:14:B8:61:82:76:3D:93:33:25:0E:2D:94:12:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/0R7qlpggNu0m26niM6erbXxYeHM.roa
Signing time:             Thu 02 Jan 2025 13:49:53 +0000
ROA not before:           Thu 02 Jan 2025 13:49:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        185.162.178.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:a3:fc:b4:5c:a1:cf:c4:80:74:d1:bf:a1:39:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0b5f8c9447d614b86182763d9333250e2d9412e2
        Validity
            Not Before: Jan  2 13:49:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d11eea96982036ed26dba9e233a7ab6d7c587873
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:87:03:e6:d6:fd:2c:11:8e:74:c8:c9:f1:e3:
                    a8:70:9e:3e:8d:9b:d0:b3:6e:85:a8:cb:4b:0c:cc:
                    30:5d:a7:b5:44:8c:28:be:f9:91:cc:c9:db:4a:64:
                    9b:d8:79:7e:a6:d2:ec:fc:f8:92:42:3a:d6:04:0f:
                    b4:6d:ce:a1:8f:9e:e9:29:38:3f:45:43:6f:6a:cc:
                    64:39:9b:2e:f7:3a:e1:a4:b7:88:fc:07:e7:fa:f7:
                    b6:fb:6c:2b:2f:e9:6e:aa:1a:87:b8:6c:d5:38:2e:
                    9a:0e:3b:8b:52:bd:6d:64:0b:e1:b9:be:f1:1c:1a:
                    47:ee:a1:a4:7e:4f:dd:3a:dc:b7:ef:5e:8a:39:2b:
                    65:1b:13:03:85:76:37:bb:a1:d8:41:51:7e:06:0e:
                    0b:1d:c8:2e:d7:3b:da:5d:f4:c3:76:11:7c:a2:a8:
                    df:96:80:64:dd:39:3d:ac:a5:b8:78:9b:2b:8b:6c:
                    9d:02:50:b8:c4:41:ce:93:61:de:1e:c2:f4:40:cf:
                    9c:f6:37:dd:50:d9:05:50:c2:fe:77:ad:64:ab:08:
                    bb:2e:27:c8:05:94:49:54:cb:db:9b:75:80:6b:e7:
                    39:53:b2:01:82:4b:36:67:ee:eb:34:ab:9d:4a:0f:
                    2b:0f:3d:bf:04:b2:d9:cf:54:d1:7b:21:0b:d1:1b:
                    54:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:1E:EA:96:98:20:36:ED:26:DB:A9:E2:33:A7:AB:6D:7C:58:78:73
            X509v3 Authority Key Identifier:
                keyid:0B:5F:8C:94:47:D6:14:B8:61:82:76:3D:93:33:25:0E:2D:94:12:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/C1-MlEfWFLhhgnY9kzMlDi2UEuI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/0R7qlpggNu0m26niM6erbXxYeHM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/f7f6c0-09d0-492c-92e6-8a95e6377332/1/C1-MlEfWFLhhgnY9kzMlDi2UEuI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.162.178.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:4c:28:04:a4:d6:d9:e9:f8:09:cc:e1:ee:21:ba:0c:3c:af:
         c2:52:1d:fb:ae:1f:d4:49:94:91:d1:48:10:c2:34:b1:c8:30:
         26:e1:c7:0c:65:6b:63:ec:0e:76:48:61:cf:8a:9a:da:d6:c2:
         a3:d2:a5:b4:c0:61:ff:0b:0e:9c:2d:26:cf:57:ef:43:20:ed:
         2b:1c:18:05:92:b7:33:47:c0:ec:fb:94:81:00:22:12:3c:17:
         28:0e:1a:24:7e:f0:4e:00:80:65:e7:27:20:d0:90:52:85:86:
         2a:23:93:b6:b7:bf:8a:e2:ee:8a:71:75:c7:83:ef:5f:6e:75:
         d6:94:6f:79:e3:27:9f:30:dd:7f:94:52:b1:2e:c7:5a:26:5c:
         b3:c8:ee:44:0f:3c:87:d9:a4:82:aa:c8:f9:f8:43:96:e0:91:
         71:51:3d:b8:50:2e:38:62:4d:39:db:07:2f:9e:70:e9:37:1e:
         e8:a4:af:6f:86:0c:17:34:75:bc:95:b3:4f:c1:1c:ef:99:37:
         b2:b4:9d:2a:b8:c5:aa:78:ee:68:c0:0d:90:57:a2:70:f7:e5:
         0d:85:56:d2:7e:29:6d:6c:ed:da:4a:59:bb:1a:80:b7:6c:ce:
         83:68:6c:e2:ca:c0:fe:2f:2b:70:88:78:38:17:57:cc:6e:0a:
         1f:e8:5e:61
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR6P8tFyhz8SAdNG/oTl7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBiNWY4Yzk0NDdkNjE0Yjg2MTgyNzYzZDkzMzMyNTBlMmQ5
NDEyZTIwHhcNMjUwMTAyMTM0OTUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTFlZWE5Njk4MjAzNmVkMjZkYmE5ZTIzM2E3YWI2ZDdjNTg3ODczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA14cD5tb9LBGOdMjJ8eOocJ4+jZvQ
s26FqMtLDMwwXae1RIwovvmRzMnbSmSb2Hl+ptLs/PiSQjrWBA+0bc6hj57pKTg/
RUNvasxkOZsu9zrhpLeI/Afn+ve2+2wrL+luqhqHuGzVOC6aDjuLUr1tZAvhub7x
HBpH7qGkfk/dOty3716KOStlGxMDhXY3u6HYQVF+Bg4LHcgu1zvaXfTDdhF8oqjf
loBk3Tk9rKW4eJsri2ydAlC4xEHOk2HeHsL0QM+c9jfdUNkFUML+d61kqwi7LifI
BZRJVMvbm3WAa+c5U7IBgks2Z+7rNKudSg8rDz2/BLLZz1TReyEL0RtUKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNEe6paYIDbtJtup4jOnq218WHhzMB8GA1UdIwQY
MBaAFAtfjJRH1hS4YYJ2PZMzJQ4tlBLiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQzEtTWxFZldGTGhoZ25ZOWt6TWxEaTJVRXVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy9mN2Y2YzAtMDlkMC00OTJjLTkyZTYt
OGE5NWU2Mzc3MzMyLzEvMFI3cWxwZ2dOdTBtMjZuaU02ZXJiWHhZZUhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy9mN2Y2YzAtMDlkMC00OTJjLTkyZTYtOGE5NWU2Mzc3MzMy
LzEvQzEtTWxFZldGTGhoZ25ZOWt6TWxEaTJVRXVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaKyMA0G
CSqGSIb3DQEBCwUAA4IBAQAmTCgEpNbZ6fgJzOHuIboMPK/CUh37rh/USZSR0UgQ
wjSxyDAm4ccMZWtj7A52SGHPipra1sKj0qW0wGH/Cw6cLSbPV+9DIO0rHBgFkrcz
R8Ds+5SBACISPBcoDhokfvBOAIBl5ycg0JBShYYqI5O2t7+K4u6KcXXHg+9fbnXW
lG954yefMN1/lFKxLsdaJlyzyO5EDzyH2aSCqsj5+EOW4JFxUT24UC44Yk052wcv
nnDpNx7opK9vhgwXNHW8lbNPwRzvmTeytJ0quMWqeO5owA2QV6Jw9+UNhVbSfilt
bO3aSlm7GoC3bM6DaGziysD+LytwiHg4F1fMbgof6F5h
-----END CERTIFICATE-----