Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/7JHYrzTxN9asgLqVnNRUfP1LZ10.roa
File:                     7JHYrzTxN9asgLqVnNRUfP1LZ10.roa (raw, json)
Hash identifier:          ChCGPqEl2ro34qpoNR4Xt2LPCuZTPhOJ4X9rWHYGEBA=
Subject key identifier:   EC:91:D8:AF:34:F1:37:D6:AC:80:BA:95:9C:D4:54:7C:FD:4B:67:5D
Certificate issuer:       /CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
Certificate serial:       0195A2EF0C01176D441C17D291B512377A49
Authority key identifier: 7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/7JHYrzTxN9asgLqVnNRUfP1LZ10.roa
Signing time:             Mon 17 Mar 2025 07:08:49 +0000
ROA not before:           Mon 17 Mar 2025 07:08:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206388
IP address blocks:        185.129.196.0/23 maxlen: 23
                          185.129.202.0/23 maxlen: 23
                          185.129.218.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a2:ef:0c:01:17:6d:44:1c:17:d2:91:b5:12:37:7a:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
        Validity
            Not Before: Mar 17 07:08:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec91d8af34f137d6ac80ba959cd4547cfd4b675d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:72:f9:7e:0b:6b:72:da:68:04:44:82:8f:cb:
                    ba:52:8c:fc:9c:64:bf:98:e6:c5:ab:90:b3:51:98:
                    9c:56:d8:85:12:a7:24:a2:22:e6:f0:b0:93:78:70:
                    80:f4:12:1d:38:ac:57:a2:a5:92:44:35:c4:99:c6:
                    73:b9:0f:63:9c:d5:4b:1d:fd:02:6e:61:0a:98:10:
                    92:82:7a:87:d7:da:72:a2:4d:2c:52:2b:e6:63:20:
                    4b:df:91:c9:03:b7:80:51:c1:ba:24:f3:75:fb:b5:
                    9d:0a:f2:2e:ae:c2:d3:0a:51:c4:c7:cb:4d:d4:23:
                    7f:0d:73:98:83:ad:ea:9d:8e:9b:ae:b0:38:a8:47:
                    ce:8b:f8:35:0e:af:25:02:43:5d:4a:09:ce:7b:18:
                    e0:c9:a8:21:7a:d4:82:68:52:51:e9:f6:28:f6:d1:
                    0f:0b:1a:e9:7d:56:9e:17:3d:93:ef:d5:27:48:38:
                    19:65:90:d7:4a:cc:d4:6d:3a:67:8b:60:0c:01:32:
                    7b:76:c9:d0:22:74:a1:da:1b:5e:75:22:b3:b9:9b:
                    c9:db:f5:29:c5:4e:39:49:a2:cf:7c:ce:6f:63:81:
                    1d:dc:71:31:a0:2e:c1:97:8a:8c:26:07:46:8f:48:
                    4b:bb:19:1f:76:e3:b4:28:95:6c:b8:01:d8:7e:25:
                    4f:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:91:D8:AF:34:F1:37:D6:AC:80:BA:95:9C:D4:54:7C:FD:4B:67:5D
            X509v3 Authority Key Identifier:
                keyid:7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/7JHYrzTxN9asgLqVnNRUfP1LZ10.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.196.0/23
                  185.129.202.0/23
                  185.129.218.0/23

    Signature Algorithm: sha256WithRSAEncryption
         94:7a:cc:4a:37:0e:ef:8e:35:c6:3e:71:c2:8e:37:8d:ad:18:
         b0:51:86:74:74:73:4d:1f:6b:d1:1b:18:5e:fb:98:81:23:f6:
         a3:61:16:40:e2:ce:7e:68:5b:f1:f6:b4:58:43:d7:aa:63:78:
         42:ad:2a:ac:4f:b9:25:9a:2b:5d:ba:f4:8a:93:6c:35:78:f3:
         18:86:fd:ca:74:07:21:6c:c7:c9:48:60:00:f2:a2:c2:53:fe:
         f3:99:d8:05:8f:8a:82:f5:75:1f:10:41:22:f2:5d:8a:65:14:
         8d:b6:ae:2f:9c:c6:f2:ac:8f:3b:71:3e:9d:ce:54:5e:67:ed:
         19:57:b4:39:d5:38:eb:8e:2b:9f:a7:40:45:cf:ae:8b:5a:c6:
         d3:be:31:8f:05:25:e2:86:2d:ff:db:69:98:a4:98:61:99:e8:
         44:41:56:8b:de:c5:3c:bd:d8:a0:e8:2a:96:1e:48:73:7d:9a:
         53:2f:b3:5a:77:1f:38:00:46:50:23:2d:75:d3:63:d2:92:c2:
         9c:fa:8d:43:a4:bb:8a:53:7f:39:92:1b:89:f2:61:4a:6c:ae:
         ad:37:2c:3e:7c:40:85:5a:7d:b9:d8:d2:a3:37:fd:3c:85:ab:
         09:b0:24:c5:ae:63:3b:c0:6f:fa:f5:21:0f:e9:e7:d7:61:52:
         86:49:48:78
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZWi7wwBF21EHBfSkbUSN3pJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYmQ1MTI3MjA2NGI2M2IyYzY2M2MwMjk2YmExMWRiNWVh
MjM4YzAwHhcNMjUwMzE3MDcwODQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzkxZDhhZjM0ZjEzN2Q2YWM4MGJhOTU5Y2Q0NTQ3Y2ZkNGI2NzVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHL5fgtrctpoBESCj8u6Uoz8nGS/
mObFq5CzUZicVtiFEqckoiLm8LCTeHCA9BIdOKxXoqWSRDXEmcZzuQ9jnNVLHf0C
bmEKmBCSgnqH19pyok0sUivmYyBL35HJA7eAUcG6JPN1+7WdCvIursLTClHEx8tN
1CN/DXOYg63qnY6brrA4qEfOi/g1Dq8lAkNdSgnOexjgyaghetSCaFJR6fYo9tEP
CxrpfVaeFz2T79UnSDgZZZDXSszUbTpni2AMATJ7dsnQInSh2htedSKzuZvJ2/Up
xU45SaLPfM5vY4Ed3HExoC7Bl4qMJgdGj0hLuxkfduO0KJVsuAHYfiVPMQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOyR2K808TfWrIC6lZzUVHz9S2ddMB8GA1UdIwQY
MBaAFHu9UScgZLY7LGY8Apa6EdteojjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUt
OTdjOWFhYjgyOGYyLzEvN0pIWXJ6VHhOOWFzZ0xxVm5OUlVmUDFMWjEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUtOTdjOWFhYjgyOGYy
LzEvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQBuYHEAwQB
uYHKAwQBuYHaMA0GCSqGSIb3DQEBCwUAA4IBAQCUesxKNw7vjjXGPnHCjjeNrRiw
UYZ0dHNNH2vRGxhe+5iBI/ajYRZA4s5+aFvx9rRYQ9eqY3hCrSqsT7klmitduvSK
k2w1ePMYhv3KdAchbMfJSGAA8qLCU/7zmdgFj4qC9XUfEEEi8l2KZRSNtq4vnMby
rI87cT6dzlReZ+0ZV7Q51Tjrjiufp0BFz66LWsbTvjGPBSXihi3/22mYpJhhmehE
QVaL3sU8vdig6CqWHkhzfZpTL7Nadx84AEZQIy1102PSksKc+o1DpLuKU385khuJ
8mFKbK6tNyw+fECFWn252NKjN/08hasJsCTFrmM7wG/69SEP6efXYVKGSUh4
-----END CERTIFICATE-----