Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/s7qZwF1zjjkn93vRYJKMTeg7njg.roa
File:                     s7qZwF1zjjkn93vRYJKMTeg7njg.roa (raw, json)
Hash identifier:          pDr3B3csiw+fcAUQmbSFOppqABEiwfJIZfstULKUEoQ=
Subject key identifier:   B3:BA:99:C0:5D:73:8E:39:27:F7:7B:D1:60:92:8C:4D:E8:3B:9E:38
Certificate issuer:       /CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
Certificate serial:       0194266C2F18C548E5F1CCE7B896DE853B1F
Authority key identifier: 7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/s7qZwF1zjjkn93vRYJKMTeg7njg.roa
Signing time:             Thu 02 Jan 2025 09:50:11 +0000
ROA not before:           Thu 02 Jan 2025 09:50:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3177
IP address blocks:        185.129.184.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 16:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:2f:18:c5:48:e5:f1:cc:e7:b8:96:de:85:3b:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7bbd51272064b63b2c663c0296ba11db5ea238c0
        Validity
            Not Before: Jan  2 09:50:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3ba99c05d738e3927f77bd160928c4de83b9e38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:a3:b3:c1:03:e4:51:64:b4:14:1d:50:d8:10:
                    25:76:de:aa:21:6a:aa:fe:65:1d:7c:2a:ec:eb:4b:
                    09:68:c1:b9:04:92:95:ea:29:44:01:3f:3c:c8:2c:
                    13:66:2a:4c:6d:2d:33:c6:2d:c0:0c:ea:8f:d5:c5:
                    e1:9a:82:dd:47:5c:a9:f5:bd:6a:ae:3c:95:d2:8d:
                    e2:e1:a8:ca:8f:2b:0d:17:db:06:f7:79:e6:1d:7c:
                    a7:23:0a:36:1d:db:b4:dc:1c:50:82:ba:d0:e4:e6:
                    c2:83:24:85:0a:24:f7:60:29:4d:b9:cb:af:2f:8a:
                    20:18:96:89:cd:80:88:d9:c6:ac:1d:ce:f3:bb:45:
                    7b:56:07:7d:35:1c:fc:27:ed:3c:8f:e6:ea:e9:4c:
                    a3:6b:9c:c6:e4:39:bd:e6:43:e0:79:f6:96:7d:a6:
                    b9:63:20:5e:16:b8:7d:20:ff:41:65:c1:5a:92:c7:
                    ee:63:4e:d2:3b:ca:17:3a:1f:4d:75:3d:ad:6b:6c:
                    27:d8:b9:c2:b9:4e:0d:b5:2e:b5:77:10:73:da:fc:
                    f2:2f:40:81:27:7e:8e:a9:d6:a0:f6:50:f7:14:34:
                    d9:09:25:e3:45:23:63:fc:fb:37:b2:ba:4f:f2:3a:
                    60:6b:56:f0:e5:17:df:ff:58:8b:ae:ac:d3:6a:46:
                    7c:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:BA:99:C0:5D:73:8E:39:27:F7:7B:D1:60:92:8C:4D:E8:3B:9E:38
            X509v3 Authority Key Identifier:
                keyid:7B:BD:51:27:20:64:B6:3B:2C:66:3C:02:96:BA:11:DB:5E:A2:38:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e71RJyBktjssZjwClroR216iOMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/s7qZwF1zjjkn93vRYJKMTeg7njg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/b82a06-ab0d-4adf-8a85-97c9aab828f2/1/e71RJyBktjssZjwClroR216iOMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.129.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:06:42:e3:85:d1:55:af:b2:9a:7b:90:3d:3f:9c:1c:4e:50:
         ce:69:fd:4d:d8:be:d0:c4:10:47:ff:4c:3b:34:ff:6e:57:29:
         4c:e9:f6:be:e0:ee:b7:bb:34:47:46:9d:96:a6:f9:e6:e3:89:
         66:98:64:d3:18:c8:7a:ca:e3:6b:9e:2c:24:5f:9c:df:05:c2:
         ae:0e:a1:11:39:b3:44:fa:db:24:02:d6:dd:22:c9:ec:c3:ba:
         54:43:e2:65:b2:4a:47:43:ac:d0:fd:17:b7:9c:2d:3f:a2:f8:
         67:16:8b:7c:54:61:63:6c:4c:b0:72:ef:9d:85:a3:95:24:9d:
         54:b1:68:cb:97:9f:58:1e:83:36:b1:09:d5:9a:2c:c8:7a:0b:
         02:7a:dc:08:f4:fd:7e:b4:45:7e:bb:7e:3e:cb:d3:d4:ec:38:
         04:73:f9:ee:f4:41:11:14:cb:3c:f7:68:4b:35:df:6e:43:04:
         70:97:fd:0d:ee:57:ef:e0:47:0e:c4:a7:a2:3c:c4:06:28:7e:
         b7:91:11:09:38:0b:52:a0:d6:23:45:d3:41:2b:74:6c:3d:86:
         e2:0e:3d:a2:6d:c1:4f:1a:38:ac:71:44:c3:ae:b2:3a:61:63:
         f6:50:6d:b9:c7:95:25:fd:89:5b:28:0c:fd:57:bb:a6:df:8b:
         79:e1:e3:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbC8YxUjl8cznuJbehTsfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiYmQ1MTI3MjA2NGI2M2IyYzY2M2MwMjk2YmExMWRiNWVh
MjM4YzAwHhcNMjUwMTAyMDk1MDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiM2JhOTljMDVkNzM4ZTM5MjdmNzdiZDE2MDkyOGM0ZGU4M2I5ZTM4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6OzwQPkUWS0FB1Q2BAldt6qIWqq
/mUdfCrs60sJaMG5BJKV6ilEAT88yCwTZipMbS0zxi3ADOqP1cXhmoLdR1yp9b1q
rjyV0o3i4ajKjysNF9sG93nmHXynIwo2Hdu03BxQgrrQ5ObCgySFCiT3YClNucuv
L4ogGJaJzYCI2casHc7zu0V7Vgd9NRz8J+08j+bq6Uyja5zG5Dm95kPgefaWfaa5
YyBeFrh9IP9BZcFaksfuY07SO8oXOh9NdT2ta2wn2LnCuU4NtS61dxBz2vzyL0CB
J36Oqdag9lD3FDTZCSXjRSNj/Ps3srpP8jpga1bw5Rff/1iLrqzTakZ85wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLO6mcBdc445J/d70WCSjE3oO544MB8GA1UdIwQY
MBaAFHu9UScgZLY7LGY8Apa6EdteojjAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUt
OTdjOWFhYjgyOGYyLzEvczdxWndGMXpqamtuOTN2UllKS01UZWc3bmpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9iODJhMDYtYWIwZC00YWRmLThhODUtOTdjOWFhYjgyOGYy
LzEvZTcxUkp5Qmt0anNzWmp3Q2xyb1IyMTZpT01BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYG4MA0G
CSqGSIb3DQEBCwUAA4IBAQC3BkLjhdFVr7Kae5A9P5wcTlDOaf1N2L7QxBBH/0w7
NP9uVylM6fa+4O63uzRHRp2Wpvnm44lmmGTTGMh6yuNrniwkX5zfBcKuDqERObNE
+tskAtbdIsnsw7pUQ+JlskpHQ6zQ/Re3nC0/ovhnFot8VGFjbEywcu+dhaOVJJ1U
sWjLl59YHoM2sQnVmizIegsCetwI9P1+tEV+u34+y9PU7DgEc/nu9EERFMs892hL
Nd9uQwRwl/0N7lfv4EcOxKeiPMQGKH63kREJOAtSoNYjRdNBK3RsPYbiDj2ibcFP
GjiscUTDrrI6YWP2UG25x5Ul/YlbKAz9V7um34t54ePz
-----END CERTIFICATE-----