Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/3bc553-0ee0-4b72-b93e-938ab96454e9/1/foSChvs7xZT_ef4fRZkz6kbja-A.roa
File:                     foSChvs7xZT_ef4fRZkz6kbja-A.roa (raw, json)
Hash identifier:          qhfs8w9z0W9ldi8xd+XO5IRrkBZgJCAhgjlxgOvdESc=
Subject key identifier:   7E:84:82:86:FB:3B:C5:94:FF:79:FE:1F:45:99:33:EA:46:E3:6B:E0
Certificate issuer:       /CN=b804c197444594b11ec599d205656f64e4d1fc61
Certificate serial:       019422FAFEC5D67D09F604D55A8ADFEF38E2
Authority key identifier: B8:04:C1:97:44:45:94:B1:1E:C5:99:D2:05:65:6F:64:E4:D1:FC:61
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uATBl0RFlLEexZnSBWVvZOTR_GE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/3bc553-0ee0-4b72-b93e-938ab96454e9/1/foSChvs7xZT_ef4fRZkz6kbja-A.roa
Signing time:             Wed 01 Jan 2025 17:47:42 +0000
ROA not before:           Wed 01 Jan 2025 17:47:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199978
IP address blocks:        91.231.74.0/23 maxlen: 23
                          185.155.40.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/3bc553-0ee0-4b72-b93e-938ab96454e9/1/uATBl0RFlLEexZnSBWVvZOTR_GE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/3bc553-0ee0-4b72-b93e-938ab96454e9/1/uATBl0RFlLEexZnSBWVvZOTR_GE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uATBl0RFlLEexZnSBWVvZOTR_GE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 04:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fa:fe:c5:d6:7d:09:f6:04:d5:5a:8a:df:ef:38:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b804c197444594b11ec599d205656f64e4d1fc61
        Validity
            Not Before: Jan  1 17:47:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7e848286fb3bc594ff79fe1f459933ea46e36be0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:0b:44:8c:02:39:df:6d:e2:93:64:de:b0:c0:
                    83:0a:1f:ae:68:e4:88:3a:7a:f0:2b:01:5f:5d:34:
                    67:08:d4:6c:8a:35:54:fd:7d:db:8a:5b:92:85:f5:
                    4f:32:d1:62:94:c1:e9:a4:9d:63:c1:8f:a7:c8:0a:
                    fb:25:09:93:da:de:6b:70:20:c5:10:aa:28:1d:3b:
                    e3:12:9a:21:ed:a6:dd:7d:59:4c:75:f0:bc:2a:f0:
                    19:ea:f5:0b:74:fd:b3:d1:11:d4:de:9d:24:3e:ea:
                    52:cd:b9:e7:c0:46:30:b8:35:e0:30:2b:70:39:0c:
                    dd:73:9f:4c:84:4b:72:41:27:7d:0b:9b:7d:69:0a:
                    28:de:a9:fc:bb:ee:f4:7e:24:58:9d:7d:d5:cb:74:
                    a2:2d:7e:3f:6d:c5:e9:e0:92:a4:41:00:4e:85:5b:
                    cb:9a:8d:9e:8f:8d:90:e6:00:43:af:3f:c2:54:ee:
                    2f:98:f5:c7:08:4a:b1:2e:81:5f:e4:3b:e0:3e:79:
                    0e:26:8b:e0:07:62:a3:7a:6e:c8:c7:4b:e3:2c:d2:
                    6a:de:6c:a4:4e:d2:91:00:17:5a:f1:d5:9b:00:a4:
                    b2:e9:88:fa:bf:11:ae:66:07:ac:84:7a:0d:f5:33:
                    96:56:8f:b9:dd:48:ff:1c:60:54:f3:15:5b:52:51:
                    0d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:84:82:86:FB:3B:C5:94:FF:79:FE:1F:45:99:33:EA:46:E3:6B:E0
            X509v3 Authority Key Identifier:
                keyid:B8:04:C1:97:44:45:94:B1:1E:C5:99:D2:05:65:6F:64:E4:D1:FC:61

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uATBl0RFlLEexZnSBWVvZOTR_GE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/3bc553-0ee0-4b72-b93e-938ab96454e9/1/foSChvs7xZT_ef4fRZkz6kbja-A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/3bc553-0ee0-4b72-b93e-938ab96454e9/1/uATBl0RFlLEexZnSBWVvZOTR_GE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.231.74.0/23
                  185.155.40.0/22

    Signature Algorithm: sha256WithRSAEncryption
         19:e6:81:6a:bd:b7:ec:44:f1:9b:f9:4e:7e:69:b8:db:2a:c0:
         9f:1f:ef:4f:54:76:eb:51:03:e3:fe:7f:97:30:a2:25:2a:fb:
         8d:6f:b8:40:33:14:91:2b:b9:c1:53:3e:07:01:6e:a1:4a:81:
         53:c9:8f:82:d7:88:bb:c9:fe:62:ce:7a:95:44:69:85:ff:b0:
         09:34:a6:d7:a9:cc:b5:26:e7:61:51:68:e9:41:54:6c:8d:e4:
         9e:95:96:1a:3f:54:13:c0:4a:11:52:2d:25:30:6c:97:99:f4:
         c5:0d:4f:ac:f8:6c:1e:28:27:e5:eb:e5:a6:33:8a:f9:a3:54:
         4c:8a:62:eb:33:41:42:59:99:e7:e5:a9:7d:4d:6d:42:72:ae:
         38:ae:46:5c:82:95:2b:64:c7:43:e5:80:08:7c:d4:41:d0:81:
         09:e5:4d:ac:00:a9:4e:87:44:c9:ac:12:28:0f:08:b2:52:2e:
         fa:55:67:56:30:5f:56:e3:0a:21:8b:0d:82:52:26:9c:bd:11:
         4e:61:e6:44:44:86:ca:2e:9f:5a:b0:5c:ed:80:af:35:8a:32:
         dd:b9:db:be:65:6d:3e:1c:23:4b:eb:5c:dc:91:ba:e2:94:b0:
         81:9f:98:75:a6:c1:25:4b:f8:41:e6:c3:76:43:a7:4a:69:c4:
         3d:18:04:81
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+v7F1n0J9gTVWorf7zjiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI4MDRjMTk3NDQ0NTk0YjExZWM1OTlkMjA1NjU2ZjY0ZTRk
MWZjNjEwHhcNMjUwMTAxMTc0NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTg0ODI4NmZiM2JjNTk0ZmY3OWZlMWY0NTk5MzNlYTQ2ZTM2YmUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5wtEjAI5323ik2TesMCDCh+uaOSI
OnrwKwFfXTRnCNRsijVU/X3biluShfVPMtFilMHppJ1jwY+nyAr7JQmT2t5rcCDF
EKooHTvjEpoh7abdfVlMdfC8KvAZ6vULdP2z0RHU3p0kPupSzbnnwEYwuDXgMCtw
OQzdc59MhEtyQSd9C5t9aQoo3qn8u+70fiRYnX3Vy3SiLX4/bcXp4JKkQQBOhVvL
mo2ej42Q5gBDrz/CVO4vmPXHCEqxLoFf5DvgPnkOJovgB2Kjem7Ix0vjLNJq3myk
TtKRABda8dWbAKSy6Yj6vxGuZgeshHoN9TOWVo+53Uj/HGBU8xVbUlENYQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFH6Egob7O8WU/3n+H0WZM+pG42vgMB8GA1UdIwQY
MBaAFLgEwZdERZSxHsWZ0gVlb2Tk0fxhMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdUFUQmwwUkZsTEVleFpuU0JXVnZaT1RSX0dFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy8zYmM1NTMtMGVlMC00YjcyLWI5M2Ut
OTM4YWI5NjQ1NGU5LzEvZm9TQ2h2czd4WlRfZWY0ZlJaa3o2a2JqYS1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy8zYmM1NTMtMGVlMC00YjcyLWI5M2UtOTM4YWI5NjQ1NGU5
LzEvdUFUQmwwUkZsTEVleFpuU0JXVnZaT1RSX0dFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBW+dKAwQC
uZsoMA0GCSqGSIb3DQEBCwUAA4IBAQAZ5oFqvbfsRPGb+U5+abjbKsCfH+9PVHbr
UQPj/n+XMKIlKvuNb7hAMxSRK7nBUz4HAW6hSoFTyY+C14i7yf5iznqVRGmF/7AJ
NKbXqcy1JudhUWjpQVRsjeSelZYaP1QTwEoRUi0lMGyXmfTFDU+s+GweKCfl6+Wm
M4r5o1RMimLrM0FCWZnn5al9TW1Ccq44rkZcgpUrZMdD5YAIfNRB0IEJ5U2sAKlO
h0TJrBIoDwiyUi76VWdWMF9W4wohiw2CUiacvRFOYeZERIbKLp9asFztgK81ijLd
udu+ZW0+HCNL61zckbrilLCBn5h1psElS/hB5sN2Q6dKacQ9GASB
-----END CERTIFICATE-----