Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/7hJlVvAGbCOpuMIAbRPmhI1LyJk.roa
File:                     7hJlVvAGbCOpuMIAbRPmhI1LyJk.roa (raw, json)
Hash identifier:          kwYrJ2B8iMONESsXhh99M7N/9TNCRx/vPINN+t9MxVk=
Subject key identifier:   EE:12:65:56:F0:06:6C:23:A9:B8:C2:00:6D:13:E6:84:8D:4B:C8:99
Certificate issuer:       /CN=7415fec4ae76b24e4f02991649917b99b740044a
Certificate serial:       0194EFDDD6BDDD9A42BBDC57EA37B1DA8745
Authority key identifier: 74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/7hJlVvAGbCOpuMIAbRPmhI1LyJk.roa
Signing time:             Mon 10 Feb 2025 12:38:00 +0000
ROA not before:           Mon 10 Feb 2025 12:38:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216334
IP address blocks:        77.105.131.0/24 maxlen: 24
                          77.105.133.0/24 maxlen: 24
                          2a00:f9a0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ef:dd:d6:bd:dd:9a:42:bb:dc:57:ea:37:b1:da:87:45
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7415fec4ae76b24e4f02991649917b99b740044a
        Validity
            Not Before: Feb 10 12:38:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee126556f0066c23a9b8c2006d13e6848d4bc899
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:da:a0:30:e2:2c:9c:cf:3b:1a:6d:50:44:46:
                    d3:7b:12:57:cf:ff:b9:7d:8c:ab:f3:0b:e2:f6:9f:
                    a6:96:b0:f7:19:25:f6:d2:83:27:f9:92:e8:b9:39:
                    2f:a9:60:d9:30:1c:f8:de:ab:83:41:3f:fd:a0:b2:
                    43:93:16:39:70:2a:76:dc:f2:25:3c:b8:f8:25:bb:
                    00:c7:44:50:27:48:ea:dc:2a:26:ec:4e:0d:24:8a:
                    0e:5c:2a:a3:50:d6:b9:3e:26:e3:69:0d:37:cf:cb:
                    dc:e6:2d:b5:f5:6f:49:81:16:08:35:7a:15:84:ef:
                    73:eb:e7:73:a7:ff:14:51:b2:e0:24:31:7b:f0:cb:
                    de:6c:ec:64:66:9d:04:d0:f2:2b:96:55:e6:30:b5:
                    9b:a4:87:be:fd:c9:1d:18:60:e5:c7:f4:ae:e3:41:
                    88:47:e0:a6:67:00:b5:10:06:36:26:6e:50:40:a2:
                    d4:be:0b:33:fa:d6:b2:fb:cb:4a:20:dd:ee:68:3c:
                    39:74:f0:73:a0:1b:69:d5:0c:33:33:0b:d4:6e:3f:
                    60:0f:96:64:89:46:50:d2:6b:ef:93:18:7c:3d:79:
                    26:28:70:19:c7:36:e0:0d:a8:60:4f:69:14:24:cc:
                    6a:55:56:cf:62:90:ed:73:d3:72:4a:f2:a5:e6:d4:
                    04:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:12:65:56:F0:06:6C:23:A9:B8:C2:00:6D:13:E6:84:8D:4B:C8:99
            X509v3 Authority Key Identifier:
                keyid:74:15:FE:C4:AE:76:B2:4E:4F:02:99:16:49:91:7B:99:B7:40:04:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dBX-xK52sk5PApkWSZF7mbdABEo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/7hJlVvAGbCOpuMIAbRPmhI1LyJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/987979-9693-45e3-85ba-ed5358b6da31/1/dBX-xK52sk5PApkWSZF7mbdABEo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  77.105.131.0/24
                  77.105.133.0/24
                IPv6:
                  2a00:f9a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         c3:bf:a9:d2:d4:8d:40:66:ea:24:de:cc:39:fc:ec:f2:c3:46:
         04:34:7e:45:3b:8b:20:d7:91:c6:89:75:9b:9b:c8:3a:e6:01:
         9a:94:37:35:6c:28:db:d7:48:f8:d5:53:a8:7f:16:26:fb:a2:
         c0:f9:68:cf:a8:97:59:f5:7d:87:2e:f2:fd:e7:80:72:94:d2:
         5e:35:66:3e:d9:2a:b3:e9:af:dc:cd:71:f3:97:0b:1f:de:cb:
         4c:f4:8b:70:ec:14:9b:41:89:dc:4b:cb:19:da:f0:08:0b:84:
         2a:94:5c:c2:5e:1b:17:09:e5:d7:5e:56:02:ec:a1:46:b0:03:
         01:56:62:7d:82:4f:fa:b6:e3:f3:d9:26:6b:0c:d5:d1:e4:c9:
         de:a5:4c:54:2b:c9:ce:e6:84:13:b1:98:60:90:57:ee:81:0a:
         42:b0:7d:2f:ff:dc:08:3f:57:a7:15:24:64:03:95:6a:4f:07:
         c8:f0:2a:08:1e:68:9e:66:64:4b:35:2b:05:8a:b1:6a:c6:f5:
         79:51:e3:8f:5e:dc:12:03:d2:f6:ed:0a:26:e7:f9:b1:5c:41:
         e4:79:5b:cb:f4:7f:c4:1c:e4:62:bf:fa:80:fb:58:76:61:c2:
         2f:84:c2:9e:c3:d1:55:47:39:22:e7:50:c5:22:9c:74:88:91:
         ad:47:88:23
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZTv3da93ZpCu9xX6jex2odFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0MTVmZWM0YWU3NmIyNGU0ZjAyOTkxNjQ5OTE3Yjk5Yjc0
MDA0NGEwHhcNMjUwMjEwMTIzODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTEyNjU1NmYwMDY2YzIzYTliOGMyMDA2ZDEzZTY4NDhkNGJjODk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9qgMOIsnM87Gm1QREbTexJXz/+5
fYyr8wvi9p+mlrD3GSX20oMn+ZLouTkvqWDZMBz43quDQT/9oLJDkxY5cCp23PIl
PLj4JbsAx0RQJ0jq3Com7E4NJIoOXCqjUNa5PibjaQ03z8vc5i219W9JgRYINXoV
hO9z6+dzp/8UUbLgJDF78MvebOxkZp0E0PIrllXmMLWbpIe+/ckdGGDlx/Su40GI
R+CmZwC1EAY2Jm5QQKLUvgsz+tay+8tKIN3uaDw5dPBzoBtp1QwzMwvUbj9gD5Zk
iUZQ0mvvkxh8PXkmKHAZxzbgDahgT2kUJMxqVVbPYpDtc9NySvKl5tQECwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFO4SZVbwBmwjqbjCAG0T5oSNS8iZMB8GA1UdIwQY
MBaAFHQV/sSudrJOTwKZFkmRe5m3QARKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEt
ZWQ1MzU4YjZkYTMxLzEvN2hKbFZ2QUdiQ09wdU1JQWJSUG1oSTFMeUprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy85ODc5NzktOTY5My00NWUzLTg1YmEtZWQ1MzU4YjZkYTMx
LzEvZEJYLXhLNTJzazVQQXBrV1NaRjdtYmRBQkVvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQATWmDAwQA
TWmFMA0EAgACMAcDBQAqAPmgMA0GCSqGSIb3DQEBCwUAA4IBAQDDv6nS1I1AZuok
3sw5/Ozyw0YENH5FO4sg15HGiXWbm8g65gGalDc1bCjb10j41VOofxYm+6LA+WjP
qJdZ9X2HLvL954BylNJeNWY+2Sqz6a/czXHzlwsf3stM9Itw7BSbQYncS8sZ2vAI
C4QqlFzCXhsXCeXXXlYC7KFGsAMBVmJ9gk/6tuPz2SZrDNXR5MnepUxUK8nO5oQT
sZhgkFfugQpCsH0v/9wIP1enFSRkA5VqTwfI8CoIHmieZmRLNSsFirFqxvV5UeOP
XtwSA9L27Qom5/mxXEHkeVvL9H/EHORiv/qA+1h2YcIvhMKew9FVRzki51DFIpx0
iJGtR4gj
-----END CERTIFICATE-----