Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/fff514-1e0e-493e-9ee5-6e99b79da520/1/7cL3elWEFj-zEjkndRVYAEQ9BU4.roa
File:                     7cL3elWEFj-zEjkndRVYAEQ9BU4.roa (raw, json)
Hash identifier:          BiE9iKHIrEyTAK4OlfqCnHobFVMclVFQTAE1yqSmgDQ=
Subject key identifier:   ED:C2:F7:7A:55:84:16:3F:B3:12:39:27:75:15:58:00:44:3D:05:4E
Certificate issuer:       /CN=3bce5ec73608e24885283e910eb87bf1ef823a02
Certificate serial:       0194228E2AB01E1C08CABF7128077FE2DE75
Authority key identifier: 3B:CE:5E:C7:36:08:E2:48:85:28:3E:91:0E:B8:7B:F1:EF:82:3A:02
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O85exzYI4kiFKD6RDrh78e-COgI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/fff514-1e0e-493e-9ee5-6e99b79da520/1/7cL3elWEFj-zEjkndRVYAEQ9BU4.roa
Signing time:             Wed 01 Jan 2025 15:48:49 +0000
ROA not before:           Wed 01 Jan 2025 15:48:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        185.117.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/fff514-1e0e-493e-9ee5-6e99b79da520/1/O85exzYI4kiFKD6RDrh78e-COgI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/fff514-1e0e-493e-9ee5-6e99b79da520/1/O85exzYI4kiFKD6RDrh78e-COgI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O85exzYI4kiFKD6RDrh78e-COgI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 14:01:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:2a:b0:1e:1c:08:ca:bf:71:28:07:7f:e2:de:75
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3bce5ec73608e24885283e910eb87bf1ef823a02
        Validity
            Not Before: Jan  1 15:48:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=edc2f77a5584163fb312392775155800443d054e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:cb:52:29:1d:3a:86:f2:27:4a:73:3f:0c:37:
                    7c:51:65:11:22:76:d1:47:41:b8:87:55:dd:f9:6c:
                    7f:fc:e1:a7:c2:c4:6b:8b:fd:77:a9:9d:0c:58:1d:
                    74:af:31:90:4e:ab:ef:7a:1b:4a:8c:1e:a2:71:95:
                    81:2f:dd:ed:a6:bf:a3:cd:55:86:be:8c:1e:8c:c1:
                    ab:82:8f:04:e8:dc:e1:9f:b6:7e:c3:db:a1:ec:38:
                    69:a6:ec:f1:c2:a2:5c:1a:14:c9:eb:b5:27:f8:2d:
                    cd:e7:04:24:63:96:bb:b9:ec:c6:4f:c0:f9:56:2b:
                    e3:35:49:65:75:5d:a5:21:cd:17:64:db:e5:f0:47:
                    83:67:9d:59:d2:2c:8d:2d:ce:75:b7:f2:02:25:33:
                    6c:9e:97:37:c2:86:1b:4e:f6:34:89:5a:dc:27:c0:
                    25:f4:72:7f:d2:23:4d:19:c5:92:36:ca:53:36:43:
                    9e:9d:91:40:36:d3:87:e8:4e:ee:6f:01:b9:ff:af:
                    f6:28:d3:f0:fd:14:56:3a:a5:36:b9:c2:d6:18:11:
                    52:1c:16:a3:f8:87:86:87:d9:69:65:9d:81:d6:b3:
                    f8:b2:77:83:b3:fc:5a:5e:d2:31:f5:9a:35:3a:b4:
                    e0:18:06:35:0b:bb:72:62:46:b7:45:cb:11:22:12:
                    f9:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:C2:F7:7A:55:84:16:3F:B3:12:39:27:75:15:58:00:44:3D:05:4E
            X509v3 Authority Key Identifier:
                keyid:3B:CE:5E:C7:36:08:E2:48:85:28:3E:91:0E:B8:7B:F1:EF:82:3A:02

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O85exzYI4kiFKD6RDrh78e-COgI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/fff514-1e0e-493e-9ee5-6e99b79da520/1/7cL3elWEFj-zEjkndRVYAEQ9BU4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/fff514-1e0e-493e-9ee5-6e99b79da520/1/O85exzYI4kiFKD6RDrh78e-COgI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         20:cf:de:be:f9:59:a2:3e:c6:8f:36:43:6e:39:91:88:b4:ce:
         d0:0a:6d:40:03:9e:69:bf:db:5d:28:f8:7c:f7:09:92:3f:7b:
         fd:8e:42:83:1c:33:1f:94:c6:29:e7:c4:44:55:b8:97:23:9e:
         22:68:96:cd:e8:c6:53:fe:55:d2:9a:4a:f2:0f:26:8a:e1:ce:
         d9:0f:a0:e9:c5:47:74:3c:35:53:83:c1:7a:e3:4c:3a:10:7f:
         fa:6f:aa:92:a0:fc:03:b1:c7:64:4a:b2:03:36:ee:0c:3a:2e:
         b7:b3:e1:68:98:60:7c:00:6d:5c:a7:96:10:8d:a5:f9:3c:33:
         65:e4:75:f2:41:e6:c0:ef:16:f4:df:35:b3:b0:e8:b7:77:b4:
         d2:78:91:74:1b:c7:30:f9:cf:9e:c0:72:fe:5f:6c:39:3f:c2:
         de:da:bc:c8:f9:83:f9:b8:c9:37:99:a1:21:a9:6c:f1:06:d0:
         d0:27:65:31:97:0e:64:65:a0:e6:13:3d:0d:d1:ed:05:32:85:
         ce:3a:87:eb:70:2f:2a:99:11:9d:2b:27:1b:bd:d5:05:fb:5b:
         6e:1f:dc:8e:cf:9c:3f:61:c5:04:47:4a:11:c6:f9:38:4d:52:
         42:f7:06:f5:0d:38:65:14:30:e7:99:b2:13:0d:3e:4b:cf:78:
         19:8d:0a:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijiqwHhwIyr9xKAd/4t51MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiY2U1ZWM3MzYwOGUyNDg4NTI4M2U5MTBlYjg3YmYxZWY4
MjNhMDIwHhcNMjUwMTAxMTU0ODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGMyZjc3YTU1ODQxNjNmYjMxMjM5Mjc3NTE1NTgwMDQ0M2QwNTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxstSKR06hvInSnM/DDd8UWURInbR
R0G4h1Xd+Wx//OGnwsRri/13qZ0MWB10rzGQTqvvehtKjB6icZWBL93tpr+jzVWG
vowejMGrgo8E6Nzhn7Z+w9uh7DhppuzxwqJcGhTJ67Un+C3N5wQkY5a7uezGT8D5
VivjNUlldV2lIc0XZNvl8EeDZ51Z0iyNLc51t/ICJTNsnpc3woYbTvY0iVrcJ8Al
9HJ/0iNNGcWSNspTNkOenZFANtOH6E7ubwG5/6/2KNPw/RRWOqU2ucLWGBFSHBaj
+IeGh9lpZZ2B1rP4sneDs/xaXtIx9Zo1OrTgGAY1C7tyYka3RcsRIhL5zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO3C93pVhBY/sxI5J3UVWABEPQVOMB8GA1UdIwQY
MBaAFDvOXsc2COJIhSg+kQ64e/HvgjoCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzg1ZXh6WUk0a2lGS0Q2UkRyaDc4ZS1DT2dJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi9mZmY1MTQtMWUwZS00OTNlLTllZTUt
NmU5OWI3OWRhNTIwLzEvN2NMM2VsV0VGai16RWprbmRSVllBRVE5QlU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi9mZmY1MTQtMWUwZS00OTNlLTllZTUtNmU5OWI3OWRhNTIw
LzEvTzg1ZXh6WUk0a2lGS0Q2UkRyaDc4ZS1DT2dJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXVfMA0G
CSqGSIb3DQEBCwUAA4IBAQAgz96++VmiPsaPNkNuOZGItM7QCm1AA55pv9tdKPh8
9wmSP3v9jkKDHDMflMYp58REVbiXI54iaJbN6MZT/lXSmkryDyaK4c7ZD6DpxUd0
PDVTg8F640w6EH/6b6qSoPwDscdkSrIDNu4MOi63s+FomGB8AG1cp5YQjaX5PDNl
5HXyQebA7xb03zWzsOi3d7TSeJF0G8cw+c+ewHL+X2w5P8Le2rzI+YP5uMk3maEh
qWzxBtDQJ2Uxlw5kZaDmEz0N0e0FMoXOOofrcC8qmRGdKycbvdUF+1tuH9yOz5w/
YcUER0oRxvk4TVJC9wb1DThlFDDnmbITDT5Lz3gZjQoC
-----END CERTIFICATE-----