Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7VLHBLhi1H1-MAweL5kw_VIfl14.roa
File:                     7VLHBLhi1H1-MAweL5kw_VIfl14.roa (raw, json)
Hash identifier:          A4G+dUtnyLd8Ae0NidazYUC7YvAegdm34Cj4d0cX2/s=
Subject key identifier:   ED:52:C7:04:B8:62:D4:7D:7E:30:0C:1E:2F:99:30:FD:52:1F:97:5E
Certificate issuer:       /CN=ee1c3472c25acd347364b7d6312618aa3530cb63
Certificate serial:       019422201985C38771D03C5F43DC7486A583
Authority key identifier: EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7VLHBLhi1H1-MAweL5kw_VIfl14.roa
Signing time:             Wed 01 Jan 2025 13:48:36 +0000
ROA not before:           Wed 01 Jan 2025 13:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207388
IP address blocks:        94.229.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:19:85:c3:87:71:d0:3c:5f:43:dc:74:86:a5:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ee1c3472c25acd347364b7d6312618aa3530cb63
        Validity
            Not Before: Jan  1 13:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed52c704b862d47d7e300c1e2f9930fd521f975e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:bb:58:c4:ea:fb:c7:c4:ec:40:34:d5:8b:fe:
                    6a:16:21:bb:de:27:2c:ff:a3:91:88:c5:f8:56:93:
                    80:97:35:96:db:20:6f:3c:1e:63:00:97:2f:66:f1:
                    0b:57:d1:fa:9a:65:13:76:ca:d1:0d:30:88:07:2d:
                    df:58:09:86:78:6b:b5:d4:80:20:45:ab:75:6b:3d:
                    45:5b:dc:b6:20:f7:8a:b1:ce:a8:ff:76:4e:d0:76:
                    0b:47:43:5f:73:b4:9f:55:0d:57:34:b2:f3:56:6a:
                    88:d2:bf:5c:34:51:4e:ee:fc:69:65:3f:1c:6e:e9:
                    d0:2d:19:e9:d6:f4:83:65:a9:78:a4:db:07:01:e1:
                    bc:85:40:32:a0:5c:0a:38:bc:83:d7:64:b0:b9:41:
                    47:d7:d3:0d:ae:17:35:70:01:a9:5b:a6:db:62:c1:
                    b4:1d:42:14:d1:b0:2c:d5:c4:8d:5a:05:6d:6f:b1:
                    76:15:90:3a:e4:9f:a2:54:df:27:9a:99:2f:36:9a:
                    75:61:ef:eb:23:e5:9d:13:0b:f1:e9:a5:c8:74:66:
                    b8:17:1c:f8:ea:c9:a1:87:21:94:90:bd:7e:3b:ce:
                    81:0b:99:d8:ad:e1:ac:38:73:7c:9c:2a:72:a8:d1:
                    fa:3c:34:bb:9f:be:f1:88:7a:cf:20:a1:55:91:59:
                    85:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:52:C7:04:B8:62:D4:7D:7E:30:0C:1E:2F:99:30:FD:52:1F:97:5E
            X509v3 Authority Key Identifier:
                keyid:EE:1C:34:72:C2:5A:CD:34:73:64:B7:D6:31:26:18:AA:35:30:CB:63

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7hw0csJazTRzZLfWMSYYqjUwy2M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7VLHBLhi1H1-MAweL5kw_VIfl14.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/eb/1ff44f-51d6-4545-ad36-b4b8db20b1fb/1/7hw0csJazTRzZLfWMSYYqjUwy2M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.229.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:59:a4:2a:f0:e4:46:e1:1b:71:2f:90:21:aa:c2:c8:fc:7d:
         41:a6:d1:16:17:2d:72:fa:da:3b:4b:af:53:48:d0:2c:56:7b:
         6b:d6:5c:85:2e:37:8d:7f:25:a7:95:8f:87:35:d6:ec:c7:bf:
         9c:e2:a7:d3:66:80:f2:56:b5:d8:ba:25:de:74:89:0c:ae:dc:
         e4:33:f0:2b:61:89:c5:3c:d0:0f:7b:02:5e:b4:7e:b7:2d:2c:
         76:16:da:56:ab:c1:da:57:5b:3d:fa:94:06:f2:a4:73:3e:88:
         8a:c0:ee:a2:17:3c:de:a0:ff:da:ea:bd:a0:ec:da:a8:ec:c7:
         d3:9a:1b:1a:e1:df:ce:c8:eb:81:7a:33:a6:44:4c:eb:f8:2e:
         f0:8a:a0:4d:fa:ed:64:f4:52:4d:bf:8c:bf:e6:ea:1a:ff:f1:
         e7:48:6b:69:f7:7f:aa:33:0c:3b:95:46:7e:4b:10:69:e3:d5:
         f3:53:32:2c:fc:76:7a:ad:4d:48:e3:56:49:7a:a0:37:ac:24:
         f4:7e:20:2e:aa:f4:75:77:39:4b:dc:83:5c:e2:ee:30:64:58:
         26:cf:d9:45:49:db:2a:34:41:37:45:92:64:92:06:83:58:9f:
         7d:82:4a:bc:f6:76:ee:76:4d:bd:98:39:89:6e:46:32:bd:54:
         74:9a:fe:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIBmFw4dx0DxfQ9x0hqWDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlMWMzNDcyYzI1YWNkMzQ3MzY0YjdkNjMxMjYxOGFhMzUz
MGNiNjMwHhcNMjUwMTAxMTM0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDUyYzcwNGI4NjJkNDdkN2UzMDBjMWUyZjk5MzBmZDUyMWY5NzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz7tYxOr7x8TsQDTVi/5qFiG73ics
/6ORiMX4VpOAlzWW2yBvPB5jAJcvZvELV9H6mmUTdsrRDTCIBy3fWAmGeGu11IAg
Rat1az1FW9y2IPeKsc6o/3ZO0HYLR0Nfc7SfVQ1XNLLzVmqI0r9cNFFO7vxpZT8c
bunQLRnp1vSDZal4pNsHAeG8hUAyoFwKOLyD12SwuUFH19MNrhc1cAGpW6bbYsG0
HUIU0bAs1cSNWgVtb7F2FZA65J+iVN8nmpkvNpp1Ye/rI+WdEwvx6aXIdGa4Fxz4
6smhhyGUkL1+O86BC5nYreGsOHN8nCpyqNH6PDS7n77xiHrPIKFVkVmFYQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO1SxwS4YtR9fjAMHi+ZMP1SH5deMB8GA1UdIwQY
MBaAFO4cNHLCWs00c2S31jEmGKo1MMtjMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYt
YjRiOGRiMjBiMWZiLzEvN1ZMSEJMaGkxSDEtTUF3ZUw1a3dfVklmbDE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYi8xZmY0NGYtNTFkNi00NTQ1LWFkMzYtYjRiOGRiMjBiMWZi
LzEvN2h3MGNzSmF6VFJ6WkxmV01TWVlxalV3eTJNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXuXeMA0G
CSqGSIb3DQEBCwUAA4IBAQAEWaQq8ORG4RtxL5AhqsLI/H1BptEWFy1y+to7S69T
SNAsVntr1lyFLjeNfyWnlY+HNdbsx7+c4qfTZoDyVrXYuiXedIkMrtzkM/ArYYnF
PNAPewJetH63LSx2FtpWq8HaV1s9+pQG8qRzPoiKwO6iFzzeoP/a6r2g7Nqo7MfT
mhsa4d/OyOuBejOmREzr+C7wiqBN+u1k9FJNv4y/5uoa//HnSGtp93+qMww7lUZ+
SxBp49XzUzIs/HZ6rU1I41ZJeqA3rCT0fiAuqvR1dzlL3INc4u4wZFgmz9lFSdsq
NEE3RZJkkgaDWJ99gkq89nbudk29mDmJbkYyvVR0mv7E
-----END CERTIFICATE-----