Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/2ez8zuMs85e8CXlTRW23szM974M.roa
File:                     2ez8zuMs85e8CXlTRW23szM974M.roa (raw, json)
Hash identifier:          nEbfOX8jy17dtiQ2QC4585/p7vP/7oJdRyNgTQoPp+0=
Subject key identifier:   D9:EC:FC:CE:E3:2C:F3:97:BC:09:79:53:45:6D:B7:B3:33:3D:EF:83
Certificate issuer:       /CN=7e1167886da81524431bbf2efb0572914b686ebc
Certificate serial:       019425FDE9B722E521A7C884AFF02DEAE694
Authority key identifier: 7E:11:67:88:6D:A8:15:24:43:1B:BF:2E:FB:05:72:91:4B:68:6E:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fhFniG2oFSRDG78u-wVykUtobrw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/2ez8zuMs85e8CXlTRW23szM974M.roa
Signing time:             Thu 02 Jan 2025 07:49:44 +0000
ROA not before:           Thu 02 Jan 2025 07:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203
IP address blocks:        195.160.148.0/24 maxlen: 24
                          195.160.149.0/24 maxlen: 24
                          212.39.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/fhFniG2oFSRDG78u-wVykUtobrw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/fhFniG2oFSRDG78u-wVykUtobrw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fhFniG2oFSRDG78u-wVykUtobrw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:e9:b7:22:e5:21:a7:c8:84:af:f0:2d:ea:e6:94
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e1167886da81524431bbf2efb0572914b686ebc
        Validity
            Not Before: Jan  2 07:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9ecfccee32cf397bc097953456db7b3333def83
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8b:7f:33:63:4d:bd:e3:46:a7:18:18:72:13:bd:
                    e6:64:91:76:0a:40:88:ed:06:17:73:41:a1:11:61:
                    a7:98:5c:88:f6:34:b9:49:64:a7:c8:33:0a:f1:f0:
                    c4:f9:16:9e:12:8f:d3:f6:49:b4:1e:ca:ac:85:5d:
                    a5:6f:59:2b:1a:fe:28:81:74:3b:16:74:97:23:35:
                    63:cd:83:b6:25:6f:f9:ad:b2:42:af:c0:26:f1:4a:
                    fe:d6:07:e2:c0:45:5c:c0:a2:09:25:f9:4c:0c:d1:
                    ec:d6:31:a7:3e:eb:bf:a0:96:2c:7d:a4:a3:41:f3:
                    37:ad:e7:34:27:69:4a:b7:53:87:09:7a:32:dc:46:
                    81:1c:cb:80:04:48:a9:e0:a3:7d:88:b0:e1:be:1c:
                    25:ed:96:1b:a0:e5:9e:ab:21:5b:e8:30:dc:2b:4b:
                    d2:32:d7:23:fe:6f:9d:20:30:bb:6c:87:0d:6b:59:
                    04:3d:3a:3b:1e:84:9a:2f:e7:27:1b:fe:b1:62:a3:
                    68:38:fe:6c:3e:8b:31:64:35:fc:21:87:dd:61:8d:
                    3e:dc:86:cf:2e:53:04:23:70:12:57:3e:1a:6f:3e:
                    5c:64:1e:a6:d6:32:6a:d0:65:c0:66:d0:17:c7:90:
                    53:9d:38:31:2a:a6:9a:a8:78:37:e7:7f:e5:ec:d0:
                    e1:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:EC:FC:CE:E3:2C:F3:97:BC:09:79:53:45:6D:B7:B3:33:3D:EF:83
            X509v3 Authority Key Identifier:
                keyid:7E:11:67:88:6D:A8:15:24:43:1B:BF:2E:FB:05:72:91:4B:68:6E:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fhFniG2oFSRDG78u-wVykUtobrw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/2ez8zuMs85e8CXlTRW23szM974M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/fhFniG2oFSRDG78u-wVykUtobrw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.160.148.0/23
                  212.39.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:d9:a7:c6:f4:9b:77:ac:eb:7c:9c:9c:9c:04:d4:bb:65:c6:
         61:68:63:96:4e:a5:d3:96:a9:06:b1:b3:89:72:16:99:62:78:
         6e:89:ad:4a:18:e0:2c:30:7c:e4:a0:38:1d:fe:c3:e6:b5:b1:
         96:52:5d:fc:33:95:ff:b6:a0:e5:f2:2b:29:55:43:1f:f8:39:
         9f:b0:00:fa:d3:ac:3b:cb:44:db:c5:d9:39:63:f2:75:40:d3:
         9b:92:34:b7:9f:92:e7:f8:01:94:3c:68:4e:af:dc:6f:09:33:
         ae:0e:b5:2b:c9:cd:04:08:14:2a:45:df:e9:cd:ae:63:ef:dd:
         5f:4f:6d:15:b1:d1:b8:f6:e8:c8:a5:17:bf:b0:2d:5b:d7:b4:
         8e:3b:f8:40:80:50:84:ee:0a:ea:6c:37:0d:6f:0a:7f:a0:41:
         4c:d4:13:4a:ee:a6:10:3d:b1:47:d2:2f:bf:16:a2:16:6a:70:
         f0:68:f1:74:32:66:fd:bc:21:c9:7b:28:2f:ae:45:4b:af:1f:
         14:77:d4:58:11:b5:31:b2:f1:e9:21:12:c1:21:48:f6:fd:11:
         f0:29:f2:d0:3c:f5:3a:e8:1b:24:6c:b7:20:14:ca:18:05:5d:
         46:b1:5c:fa:33:44:63:b0:e5:23:9c:a9:3a:55:fb:54:55:4f:
         98:42:cc:18
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/em3IuUhp8iEr/At6uaUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMTE2Nzg4NmRhODE1MjQ0MzFiYmYyZWZiMDU3MjkxNGI2
ODZlYmMwHhcNMjUwMTAyMDc0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOWVjZmNjZWUzMmNmMzk3YmMwOTc5NTM0NTZkYjdiMzMzM2RlZjgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi38zY02940anGBhyE73mZJF2CkCI
7QYXc0GhEWGnmFyI9jS5SWSnyDMK8fDE+RaeEo/T9km0HsqshV2lb1krGv4ogXQ7
FnSXIzVjzYO2JW/5rbJCr8Am8Ur+1gfiwEVcwKIJJflMDNHs1jGnPuu/oJYsfaSj
QfM3rec0J2lKt1OHCXoy3EaBHMuABEip4KN9iLDhvhwl7ZYboOWeqyFb6DDcK0vS
Mtcj/m+dIDC7bIcNa1kEPTo7HoSaL+cnG/6xYqNoOP5sPosxZDX8IYfdYY0+3IbP
LlMEI3ASVz4abz5cZB6m1jJq0GXAZtAXx5BTnTgxKqaaqHg353/l7NDhaQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFNns/M7jLPOXvAl5U0Vtt7MzPe+DMB8GA1UdIwQY
MBaAFH4RZ4htqBUkQxu/LvsFcpFLaG68MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmhGbmlHMm9GU1JERzc4dS13VnlrVXRvYnJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9mOTJjZDctNjQ2Yy00NDFiLWFlNDYt
OWIyODJjNjQzMjU2LzEvMmV6OHp1TXM4NWU4Q1hsVFJXMjNzek05NzRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9mOTJjZDctNjQ2Yy00NDFiLWFlNDYtOWIyODJjNjQzMjU2
LzEvZmhGbmlHMm9GU1JERzc4dS13VnlrVXRvYnJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBw6CUAwQA
1CflMA0GCSqGSIb3DQEBCwUAA4IBAQA02afG9Jt3rOt8nJycBNS7ZcZhaGOWTqXT
lqkGsbOJchaZYnhuia1KGOAsMHzkoDgd/sPmtbGWUl38M5X/tqDl8ispVUMf+Dmf
sAD606w7y0Tbxdk5Y/J1QNObkjS3n5Ln+AGUPGhOr9xvCTOuDrUryc0ECBQqRd/p
za5j791fT20VsdG49ujIpRe/sC1b17SOO/hAgFCE7grqbDcNbwp/oEFM1BNK7qYQ
PbFH0i+/FqIWanDwaPF0Mmb9vCHJeygvrkVLrx8Ud9RYEbUxsvHpIRLBIUj2/RHw
KfLQPPU66BskbLcgFMoYBV1GsVz6M0RjsOUjnKk6VftUVU+YQswY
-----END CERTIFICATE-----