Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/7qgaiTo5W1muFdP6MpWa1opzbS0.roa
File:                     7qgaiTo5W1muFdP6MpWa1opzbS0.roa (raw, json)
Hash identifier:          oB/3LoyawIAIuZTlw98KM6WEQJoxwvB9mX5CJlG5Qkc=
Subject key identifier:   EE:A8:1A:89:3A:39:5B:59:AE:15:D3:FA:32:95:9A:D6:8A:73:6D:2D
Certificate issuer:       /CN=dc1fd007dffa508f30063fbe4d53a2b2e1e8c4de
Certificate serial:       019423D7F9886535D848622E1424310FD5EE
Authority key identifier: DC:1F:D0:07:DF:FA:50:8F:30:06:3F:BE:4D:53:A2:B2:E1:E8:C4:DE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3B_QB9_6UI8wBj--TVOisuHoxN4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/7qgaiTo5W1muFdP6MpWa1opzbS0.roa
Signing time:             Wed 01 Jan 2025 21:49:04 +0000
ROA not before:           Wed 01 Jan 2025 21:49:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30766
IP address blocks:        86.62.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/3B_QB9_6UI8wBj--TVOisuHoxN4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/3B_QB9_6UI8wBj--TVOisuHoxN4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3B_QB9_6UI8wBj--TVOisuHoxN4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:f9:88:65:35:d8:48:62:2e:14:24:31:0f:d5:ee
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc1fd007dffa508f30063fbe4d53a2b2e1e8c4de
        Validity
            Not Before: Jan  1 21:49:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eea81a893a395b59ae15d3fa32959ad68a736d2d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d2:90:58:1e:f1:b7:05:32:35:db:83:d1:26:
                    4a:2b:a9:49:f0:fc:71:e0:70:e6:47:26:c0:dc:1d:
                    ae:6d:52:9c:e0:4a:e2:ed:76:03:4f:e6:3d:fa:5d:
                    a0:dd:37:a2:1b:39:be:39:b3:b3:37:bb:a9:ed:b2:
                    01:d1:34:2d:5e:37:ee:a7:6c:be:0c:83:00:d9:cf:
                    b5:7e:1d:00:c6:81:16:8b:d9:a0:7a:b8:cd:5e:65:
                    b8:4a:e3:99:46:75:b0:95:62:55:41:ad:a7:35:88:
                    79:c6:58:7f:fa:d5:7b:61:14:62:9a:4d:a3:4e:41:
                    5e:1c:e6:e7:05:5b:79:bd:b0:5d:5e:41:ba:dd:5b:
                    af:3c:ac:32:a8:65:8f:62:65:ae:98:7e:c4:2c:de:
                    58:5e:46:b8:0a:3c:31:e5:bf:96:cf:76:39:53:25:
                    fa:52:44:65:28:cf:47:7c:5c:3b:d1:2c:48:8f:c1:
                    1a:f1:5e:69:af:0d:62:65:d5:68:04:3b:44:b3:60:
                    4c:b1:28:bf:37:74:f7:92:58:90:ae:b3:a0:86:44:
                    97:ba:5e:96:6f:d7:ed:ec:e2:65:99:23:4d:b5:46:
                    65:67:ac:dc:a9:51:79:ff:68:ac:5a:b4:80:b9:03:
                    f0:25:a7:46:f7:c7:b2:38:13:51:20:d7:67:2c:dd:
                    2d:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:A8:1A:89:3A:39:5B:59:AE:15:D3:FA:32:95:9A:D6:8A:73:6D:2D
            X509v3 Authority Key Identifier:
                keyid:DC:1F:D0:07:DF:FA:50:8F:30:06:3F:BE:4D:53:A2:B2:E1:E8:C4:DE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3B_QB9_6UI8wBj--TVOisuHoxN4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/7qgaiTo5W1muFdP6MpWa1opzbS0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/075377-e426-492f-a59c-ae4c95c94005/1/3B_QB9_6UI8wBj--TVOisuHoxN4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.62.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:e3:9e:e2:28:6c:e1:63:21:64:29:c6:3f:47:9f:cf:6e:9f:
         93:db:bd:98:88:39:5d:3f:9e:5b:8d:38:e6:0f:a5:64:11:7b:
         1f:38:f4:7e:2e:84:bd:ee:9f:07:c8:37:98:f0:d1:aa:50:1b:
         08:75:e5:ba:63:bc:76:93:b4:07:68:ca:25:52:22:1c:d3:3d:
         96:bf:d3:38:fa:fd:96:c6:04:08:ac:27:51:c8:e6:a5:3d:6e:
         04:93:06:c6:4c:5f:71:7d:68:f1:f5:6a:97:a1:f3:d9:bf:7d:
         8f:c4:e2:f7:bc:8d:f4:25:52:c3:ac:cb:10:4d:dc:4e:c7:a6:
         37:6c:d1:26:37:75:c6:10:26:68:11:42:1e:b7:a5:67:89:ad:
         3a:83:42:2b:16:ed:87:4e:4e:f7:4a:8f:a5:95:19:70:cc:fc:
         90:74:51:33:e6:92:dd:5c:cb:0a:0b:3c:03:f8:20:de:23:9a:
         2d:f3:98:6d:e7:63:03:e5:c4:3b:1d:b0:30:1f:bd:0b:69:55:
         36:6e:d9:d3:44:6c:e0:20:db:70:60:ca:95:0b:dc:af:be:37:
         a8:fa:a0:2b:af:11:8b:2e:3a:6d:3e:c6:a5:3e:a1:6a:33:ba:
         6e:85:28:66:11:78:46:47:ee:cb:e0:a5:e8:a0:b7:fb:71:b9:
         a4:d1:24:fa
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1/mIZTXYSGIuFCQxD9XuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjMWZkMDA3ZGZmYTUwOGYzMDA2M2ZiZTRkNTNhMmIyZTFl
OGM0ZGUwHhcNMjUwMTAxMjE0OTA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWE4MWE4OTNhMzk1YjU5YWUxNWQzZmEzMjk1OWFkNjhhNzM2ZDJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29KQWB7xtwUyNduD0SZKK6lJ8Pxx
4HDmRybA3B2ubVKc4Eri7XYDT+Y9+l2g3TeiGzm+ObOzN7up7bIB0TQtXjfup2y+
DIMA2c+1fh0AxoEWi9mgerjNXmW4SuOZRnWwlWJVQa2nNYh5xlh/+tV7YRRimk2j
TkFeHObnBVt5vbBdXkG63VuvPKwyqGWPYmWumH7ELN5YXka4Cjwx5b+Wz3Y5UyX6
UkRlKM9HfFw70SxIj8Ea8V5prw1iZdVoBDtEs2BMsSi/N3T3kliQrrOghkSXul6W
b9ft7OJlmSNNtUZlZ6zcqVF5/2isWrSAuQPwJadG98eyOBNRINdnLN0tIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO6oGok6OVtZrhXT+jKVmtaKc20tMB8GA1UdIwQY
MBaAFNwf0Aff+lCPMAY/vk1TorLh6MTeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0JfUUI5XzZVSTh3QmotLVRWT2lzdUhveE40LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy8wNzUzNzctZTQyNi00OTJmLWE1OWMt
YWU0Yzk1Yzk0MDA1LzEvN3FnYWlUbzVXMW11RmRQNk1wV2Exb3B6YlMwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy8wNzUzNzctZTQyNi00OTJmLWE1OWMtYWU0Yzk1Yzk0MDA1
LzEvM0JfUUI5XzZVSTh3QmotLVRWT2lzdUhveE40LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVj4IMA0G
CSqGSIb3DQEBCwUAA4IBAQCa457iKGzhYyFkKcY/R5/Pbp+T272YiDldP55bjTjm
D6VkEXsfOPR+LoS97p8HyDeY8NGqUBsIdeW6Y7x2k7QHaMolUiIc0z2Wv9M4+v2W
xgQIrCdRyOalPW4EkwbGTF9xfWjx9WqXofPZv32PxOL3vI30JVLDrMsQTdxOx6Y3
bNEmN3XGECZoEUIet6Vnia06g0IrFu2HTk73So+llRlwzPyQdFEz5pLdXMsKCzwD
+CDeI5ot85ht52MD5cQ7HbAwH70LaVU2btnTRGzgINtwYMqVC9yvvjeo+qArrxGL
LjptPsalPqFqM7puhShmEXhGR+7L4KXooLf7cbmk0ST6
-----END CERTIFICATE-----