Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/448ba0-a438-4f59-885b-4218b2b6963a/1/7EngYWaeS2TpT1X_mNY6POQq2tQ.roa
File:                     7EngYWaeS2TpT1X_mNY6POQq2tQ.roa (raw, json)
Hash identifier:          zNz9kI654HO/4QgVbj5ixDAz6Dx+uvcUjyawZ8122Wg=
Subject key identifier:   EC:49:E0:61:66:9E:4B:64:E9:4F:55:FF:98:D6:3A:3C:E4:2A:DA:D4
Certificate issuer:       /CN=60dad95ba2b1eb3dd7738002fc68aa95588c3bf1
Certificate serial:       01941FFA34742F5C33118BB453696176FB8E
Authority key identifier: 60:DA:D9:5B:A2:B1:EB:3D:D7:73:80:02:FC:68:AA:95:58:8C:3B:F1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YNrZW6Kx6z3Xc4AC_GiqlViMO_E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/448ba0-a438-4f59-885b-4218b2b6963a/1/7EngYWaeS2TpT1X_mNY6POQq2tQ.roa
Signing time:             Wed 01 Jan 2025 03:47:58 +0000
ROA not before:           Wed 01 Jan 2025 03:47:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25820
IP address blocks:        178.157.48.0/20 maxlen: 24
                          185.239.68.0/22 maxlen: 24
                          212.50.224.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/448ba0-a438-4f59-885b-4218b2b6963a/1/YNrZW6Kx6z3Xc4AC_GiqlViMO_E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/448ba0-a438-4f59-885b-4218b2b6963a/1/YNrZW6Kx6z3Xc4AC_GiqlViMO_E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YNrZW6Kx6z3Xc4AC_GiqlViMO_E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:34:74:2f:5c:33:11:8b:b4:53:69:61:76:fb:8e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60dad95ba2b1eb3dd7738002fc68aa95588c3bf1
        Validity
            Not Before: Jan  1 03:47:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec49e061669e4b64e94f55ff98d63a3ce42adad4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:d5:af:a5:fa:47:23:a8:dc:fb:13:38:2a:44:
                    68:9b:77:ed:7e:e0:f3:a8:df:b4:9e:72:7f:a0:a9:
                    9e:9e:53:c7:32:b6:55:44:84:e4:78:38:b0:32:47:
                    30:23:00:90:90:3a:ee:85:fb:81:76:31:6b:c7:73:
                    6c:86:f3:41:6d:9f:63:eb:a4:e1:9e:47:33:6a:79:
                    1b:5a:67:c1:c2:1a:ed:49:ff:62:dc:07:84:09:cb:
                    ac:6c:ea:ba:42:62:93:b9:b6:99:a2:ab:85:9c:5c:
                    fd:6e:c2:9f:10:cc:69:02:72:ba:43:9e:cd:59:44:
                    2d:bb:24:58:36:3a:f7:19:88:2b:33:9a:ec:60:e3:
                    59:2b:f1:9c:ea:fa:4b:a5:ba:f8:2a:a0:61:49:7c:
                    4f:41:8a:45:40:29:9e:97:ea:12:99:c4:d8:fd:d4:
                    50:59:f3:22:83:cd:b9:60:36:d3:7e:b5:67:29:97:
                    c3:10:77:a8:6b:c6:9f:16:bb:50:13:77:96:06:15:
                    a8:ff:6d:47:99:9b:6d:c0:50:4c:35:09:98:1b:98:
                    38:f0:e9:47:6e:2c:e0:f8:32:ba:58:1f:9e:99:af:
                    13:88:8d:a4:6d:43:d4:63:80:90:ba:98:85:21:8d:
                    93:2b:77:44:11:65:08:bd:1c:b4:fe:a3:08:ce:60:
                    45:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:49:E0:61:66:9E:4B:64:E9:4F:55:FF:98:D6:3A:3C:E4:2A:DA:D4
            X509v3 Authority Key Identifier:
                keyid:60:DA:D9:5B:A2:B1:EB:3D:D7:73:80:02:FC:68:AA:95:58:8C:3B:F1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YNrZW6Kx6z3Xc4AC_GiqlViMO_E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/448ba0-a438-4f59-885b-4218b2b6963a/1/7EngYWaeS2TpT1X_mNY6POQq2tQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/448ba0-a438-4f59-885b-4218b2b6963a/1/YNrZW6Kx6z3Xc4AC_GiqlViMO_E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.157.48.0/20
                  185.239.68.0/22
                  212.50.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2d:65:0e:f7:61:56:8c:0d:40:59:9d:b2:4e:59:43:a1:2c:51:
         e0:32:ed:95:23:45:c5:32:f1:9c:c7:77:83:b3:18:da:9b:4b:
         46:71:41:82:23:91:ed:d3:e3:f2:da:10:bf:c7:55:44:ad:83:
         20:61:4f:30:3f:4e:3f:54:b9:42:79:26:e9:17:9a:30:db:b7:
         21:51:99:14:9b:05:9e:fa:a3:84:d6:6f:77:24:5b:ae:ea:89:
         59:35:8c:99:32:5c:5f:57:8a:e8:8b:ed:93:b9:72:06:a0:1c:
         02:71:b1:94:76:58:f0:08:2d:e7:e6:19:c0:47:99:71:b6:ac:
         63:74:13:16:ca:54:7d:7a:01:4f:80:85:c9:44:2b:99:fd:01:
         e2:22:51:f5:67:dc:57:4b:5d:34:49:af:15:8c:ec:01:c5:5f:
         51:b8:aa:1e:c2:77:96:97:48:f1:43:aa:ab:1d:45:5d:51:40:
         b6:b5:2b:c2:84:5b:ba:b4:0b:24:d4:5c:aa:f4:6d:c1:be:2a:
         77:53:b3:e2:8a:1d:8a:e0:64:bf:91:3e:e9:a7:00:4d:02:fd:
         b6:64:2f:bb:f0:a5:c4:55:c5:ea:66:88:0a:76:44:c8:c0:73:
         c5:84:1a:95:a1:76:f1:4c:62:a1:d8:0f:db:43:bc:06:73:91:
         0c:5a:a5:13
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQf+jR0L1wzEYu0U2lhdvuOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwZGFkOTViYTJiMWViM2RkNzczODAwMmZjNjhhYTk1NTg4
YzNiZjEwHhcNMjUwMTAxMDM0NzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzQ5ZTA2MTY2OWU0YjY0ZTk0ZjU1ZmY5OGQ2M2EzY2U0MmFkYWQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1NWvpfpHI6jc+xM4KkRom3ftfuDz
qN+0nnJ/oKmenlPHMrZVRITkeDiwMkcwIwCQkDruhfuBdjFrx3NshvNBbZ9j66Th
nkczankbWmfBwhrtSf9i3AeECcusbOq6QmKTubaZoquFnFz9bsKfEMxpAnK6Q57N
WUQtuyRYNjr3GYgrM5rsYONZK/Gc6vpLpbr4KqBhSXxPQYpFQCmel+oSmcTY/dRQ
WfMig825YDbTfrVnKZfDEHeoa8afFrtQE3eWBhWo/21HmZttwFBMNQmYG5g48OlH
bizg+DK6WB+ema8TiI2kbUPUY4CQupiFIY2TK3dEEWUIvRy0/qMIzmBFEwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOxJ4GFmnktk6U9V/5jWOjzkKtrUMB8GA1UdIwQY
MBaAFGDa2Vuises913OAAvxoqpVYjDvxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU5yWlc2S3g2ejNYYzRBQ19HaXFsVmlNT19FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi80NDhiYTAtYTQzOC00ZjU5LTg4NWIt
NDIxOGIyYjY5NjNhLzEvN0VuZ1lXYWVTMlRwVDFYX21OWTZQT1FxMnRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi80NDhiYTAtYTQzOC00ZjU5LTg4NWItNDIxOGIyYjY5NjNh
LzEvWU5yWlc2S3g2ejNYYzRBQ19HaXFsVmlNT19FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEsp0wAwQC
ue9EAwQF1DLgMA0GCSqGSIb3DQEBCwUAA4IBAQAtZQ73YVaMDUBZnbJOWUOhLFHg
Mu2VI0XFMvGcx3eDsxjam0tGcUGCI5Ht0+Py2hC/x1VErYMgYU8wP04/VLlCeSbp
F5ow27chUZkUmwWe+qOE1m93JFuu6olZNYyZMlxfV4roi+2TuXIGoBwCcbGUdljw
CC3n5hnAR5lxtqxjdBMWylR9egFPgIXJRCuZ/QHiIlH1Z9xXS100Sa8VjOwBxV9R
uKoewneWl0jxQ6qrHUVdUUC2tSvChFu6tAsk1Fyq9G3Bvip3U7Piih2K4GS/kT7p
pwBNAv22ZC+78KXEVcXqZogKdkTIwHPFhBqVoXbxTGKh2A/bQ7wGc5EMWqUT
-----END CERTIFICATE-----