Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/7HgZFirs9to5YNlgGjCrLE4fFdw.roa
File:                     7HgZFirs9to5YNlgGjCrLE4fFdw.roa (raw, json)
Hash identifier:          gvtNC6tdiAxQLr0n4eBnmWFLLNsQSfj98rKVj8SvSuA=
Subject key identifier:   EC:78:19:16:2A:EC:F6:DA:39:60:D9:60:1A:30:AB:2C:4E:1F:15:DC
Certificate issuer:       /CN=b7e34f57d007166def4dd881d8f7d5b6ed95e656
Certificate serial:       01941FFA81A14FB8ED5E1552524D8D3A25A8
Authority key identifier: B7:E3:4F:57:D0:07:16:6D:EF:4D:D8:81:D8:F7:D5:B6:ED:95:E6:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t-NPV9AHFm3vTdiB2PfVtu2V5lY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/7HgZFirs9to5YNlgGjCrLE4fFdw.roa
Signing time:             Wed 01 Jan 2025 03:48:18 +0000
ROA not before:           Wed 01 Jan 2025 03:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24961
IP address blocks:        185.171.218.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/t-NPV9AHFm3vTdiB2PfVtu2V5lY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/t-NPV9AHFm3vTdiB2PfVtu2V5lY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t-NPV9AHFm3vTdiB2PfVtu2V5lY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:81:a1:4f:b8:ed:5e:15:52:52:4d:8d:3a:25:a8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7e34f57d007166def4dd881d8f7d5b6ed95e656
        Validity
            Not Before: Jan  1 03:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec7819162aecf6da3960d9601a30ab2c4e1f15dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:62:cd:36:3c:13:b3:88:40:4b:85:79:1c:1c:
                    64:6c:9c:88:1c:fd:44:0e:53:7f:21:19:42:fc:ea:
                    00:c8:ba:f8:14:82:d3:24:8c:8f:a7:48:42:c0:ca:
                    72:3a:c1:18:29:17:88:32:f8:30:0c:3e:5c:0e:07:
                    bd:ea:1d:bf:7b:aa:14:b0:fb:53:6d:0a:d9:09:60:
                    0e:28:24:83:23:57:90:5c:15:0d:87:9d:39:31:70:
                    08:76:d6:c5:d1:63:c5:18:83:d2:94:58:4e:a9:ac:
                    ec:50:59:de:87:5d:64:66:d5:2f:26:37:d3:ba:04:
                    e3:e4:d3:0b:c2:f3:9a:11:f1:d1:38:51:02:5c:a3:
                    00:d9:13:17:a3:c6:32:07:da:1a:ee:7a:44:45:68:
                    d3:79:94:82:7e:3b:97:e8:ee:c2:86:13:3b:d9:9f:
                    81:f8:e4:ff:b2:db:55:f9:3a:bb:43:5b:d3:d9:c9:
                    47:a4:f4:f0:04:f2:6a:33:99:6e:82:77:86:df:eb:
                    a9:a8:03:db:9a:0b:da:c4:0f:1a:b4:13:7d:c4:69:
                    e9:a5:f7:55:e2:23:7c:de:8c:a1:37:17:27:61:a7:
                    d2:7d:71:29:d0:37:1f:1a:a6:5a:e6:1f:c5:54:e1:
                    24:3a:96:e8:48:82:ce:2f:b2:7e:bd:e4:2a:5d:e9:
                    ee:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:78:19:16:2A:EC:F6:DA:39:60:D9:60:1A:30:AB:2C:4E:1F:15:DC
            X509v3 Authority Key Identifier:
                keyid:B7:E3:4F:57:D0:07:16:6D:EF:4D:D8:81:D8:F7:D5:B6:ED:95:E6:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t-NPV9AHFm3vTdiB2PfVtu2V5lY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/7HgZFirs9to5YNlgGjCrLE4fFdw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/db/e5d580-eee8-463e-84a8-eaccb8b42dc9/1/t-NPV9AHFm3vTdiB2PfVtu2V5lY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.171.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:a9:83:1d:b7:5f:47:11:9e:69:84:ba:f1:ac:70:d8:c9:9d:
         67:2b:fb:d2:e0:78:90:c3:55:34:e9:62:97:60:91:35:68:20:
         f1:b7:a7:5c:50:c7:e1:21:bb:ea:7f:6e:e2:1b:89:60:ff:cc:
         3c:40:1f:cd:0c:c5:3d:58:58:c5:e0:59:54:03:a5:a6:48:fc:
         32:0e:c3:7f:3c:3d:4d:e0:21:71:01:a8:64:7f:6f:4b:87:49:
         fb:36:77:58:55:8d:ad:bc:50:3e:25:8a:19:79:d5:a8:05:de:
         4a:aa:dd:57:4d:3d:52:78:09:57:c5:fc:57:42:d4:e6:ce:92:
         55:6a:8e:b2:a7:90:2c:8f:ad:71:f8:f5:18:c9:d0:f9:c8:17:
         0a:ac:52:f1:25:c2:09:31:da:0a:b8:a0:15:d4:c9:cc:90:f5:
         4e:f0:34:fa:34:77:33:60:82:03:98:17:ea:b5:ba:91:a5:c7:
         75:18:bd:aa:40:59:08:cb:bf:7c:78:22:bf:fd:14:0e:50:76:
         72:3a:01:72:3d:56:3b:9c:cf:59:4f:bb:be:9c:d4:0e:05:00:
         50:60:6f:1e:a5:f5:bd:a6:ea:2a:9d:5a:88:9c:85:56:85:c8:
         d6:33:52:0d:60:1d:30:11:37:82:42:65:62:54:37:b8:68:b4:
         cd:39:0c:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+oGhT7jtXhVSUk2NOiWoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3ZTM0ZjU3ZDAwNzE2NmRlZjRkZDg4MWQ4ZjdkNWI2ZWQ5
NWU2NTYwHhcNMjUwMTAxMDM0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzc4MTkxNjJhZWNmNmRhMzk2MGQ5NjAxYTMwYWIyYzRlMWYxNWRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGLNNjwTs4hAS4V5HBxkbJyIHP1E
DlN/IRlC/OoAyLr4FILTJIyPp0hCwMpyOsEYKReIMvgwDD5cDge96h2/e6oUsPtT
bQrZCWAOKCSDI1eQXBUNh505MXAIdtbF0WPFGIPSlFhOqazsUFneh11kZtUvJjfT
ugTj5NMLwvOaEfHROFECXKMA2RMXo8YyB9oa7npERWjTeZSCfjuX6O7ChhM72Z+B
+OT/sttV+Tq7Q1vT2clHpPTwBPJqM5lugneG3+upqAPbmgvaxA8atBN9xGnppfdV
4iN83oyhNxcnYafSfXEp0DcfGqZa5h/FVOEkOpboSILOL7J+veQqXenu2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOx4GRYq7PbaOWDZYBowqyxOHxXcMB8GA1UdIwQY
MBaAFLfjT1fQBxZt703Ygdj31bbtleZWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdC1OUFY5QUhGbTN2VGRpQjJQZlZ0dTJWNWxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYi9lNWQ1ODAtZWVlOC00NjNlLTg0YTgt
ZWFjY2I4YjQyZGM5LzEvN0hnWkZpcnM5dG81WU5sZ0dqQ3JMRTRmRmR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYi9lNWQ1ODAtZWVlOC00NjNlLTg0YTgtZWFjY2I4YjQyZGM5
LzEvdC1OUFY5QUhGbTN2VGRpQjJQZlZ0dTJWNWxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuavaMA0G
CSqGSIb3DQEBCwUAA4IBAQA6qYMdt19HEZ5phLrxrHDYyZ1nK/vS4HiQw1U06WKX
YJE1aCDxt6dcUMfhIbvqf27iG4lg/8w8QB/NDMU9WFjF4FlUA6WmSPwyDsN/PD1N
4CFxAahkf29Lh0n7NndYVY2tvFA+JYoZedWoBd5Kqt1XTT1SeAlXxfxXQtTmzpJV
ao6yp5Asj61x+PUYydD5yBcKrFLxJcIJMdoKuKAV1MnMkPVO8DT6NHczYIIDmBfq
tbqRpcd1GL2qQFkIy798eCK//RQOUHZyOgFyPVY7nM9ZT7u+nNQOBQBQYG8epfW9
puoqnVqInIVWhcjWM1INYB0wETeCQmViVDe4aLTNOQwS
-----END CERTIFICATE-----