Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/e1cwbcDkdgSRu6n5KfpwkuDdmxQ.roa
File:                     e1cwbcDkdgSRu6n5KfpwkuDdmxQ.roa (raw, json)
Hash identifier:          aIDnnp2yTdzDu5j4SrtTH/gBGFH3XCan8aEwWj5RxWQ=
Subject key identifier:   7B:57:30:6D:C0:E4:76:04:91:BB:A9:F9:29:FA:70:92:E0:DD:9B:14
Certificate issuer:       /CN=e875464e89816ef00b0369502018a7e59ce2d36c
Certificate serial:       019421B1D7B0D9C29C77F8058FA7BE6213D6
Authority key identifier: E8:75:46:4E:89:81:6E:F0:0B:03:69:50:20:18:A7:E5:9C:E2:D3:6C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6HVGTomBbvALA2lQIBin5Zzi02w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/e1cwbcDkdgSRu6n5KfpwkuDdmxQ.roa
Signing time:             Wed 01 Jan 2025 11:48:10 +0000
ROA not before:           Wed 01 Jan 2025 11:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198947
IP address blocks:        139.45.248.0/21 maxlen: 21
                          185.22.180.0/22 maxlen: 22
                          2a00:65e0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/6HVGTomBbvALA2lQIBin5Zzi02w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/6HVGTomBbvALA2lQIBin5Zzi02w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6HVGTomBbvALA2lQIBin5Zzi02w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:d7:b0:d9:c2:9c:77:f8:05:8f:a7:be:62:13:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e875464e89816ef00b0369502018a7e59ce2d36c
        Validity
            Not Before: Jan  1 11:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7b57306dc0e4760491bba9f929fa7092e0dd9b14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:d7:80:d1:00:41:7a:f2:ee:3b:5d:2a:c3:6f:
                    2e:20:ee:d8:b0:8e:ab:d2:3a:72:8a:4d:9d:31:10:
                    95:6b:56:f2:e6:6c:0b:4e:bc:d1:69:eb:cd:65:2f:
                    11:96:37:dc:87:9e:96:3b:68:7e:e0:17:aa:77:0d:
                    24:8e:01:72:30:d6:d8:78:72:1b:85:04:6a:73:17:
                    fe:a5:5c:cb:63:bb:03:3e:16:2a:e8:f6:e7:d4:1d:
                    1e:9a:3c:61:cc:bd:93:9b:9d:89:4a:ac:1c:34:f1:
                    ca:ad:77:26:f1:fc:4c:b1:8e:45:e5:d6:75:90:70:
                    d4:1a:71:6e:e6:84:c8:e0:32:0a:5f:fe:ca:b2:39:
                    e9:39:7d:e6:58:f3:6d:85:91:43:26:44:e4:28:7d:
                    70:a4:37:2d:8c:2b:ac:8a:59:ae:3a:ce:34:f0:c3:
                    0d:59:dc:45:33:eb:a0:1f:66:97:3d:68:27:c7:4d:
                    d3:84:93:a5:8d:4b:07:52:59:35:8e:76:af:b9:02:
                    28:6a:5e:04:55:0c:0b:d2:85:f3:03:34:bb:db:66:
                    23:1d:a8:49:be:6c:e8:e2:a1:83:d1:89:65:81:ed:
                    80:5d:c0:d2:19:05:3d:e5:75:04:5f:47:19:f7:ce:
                    85:7b:03:8b:20:3b:e1:8e:98:f4:30:28:6e:a8:4f:
                    00:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:57:30:6D:C0:E4:76:04:91:BB:A9:F9:29:FA:70:92:E0:DD:9B:14
            X509v3 Authority Key Identifier:
                keyid:E8:75:46:4E:89:81:6E:F0:0B:03:69:50:20:18:A7:E5:9C:E2:D3:6C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6HVGTomBbvALA2lQIBin5Zzi02w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/e1cwbcDkdgSRu6n5KfpwkuDdmxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/c3069e-5ffc-4c8c-91dc-31d197f139d8/1/6HVGTomBbvALA2lQIBin5Zzi02w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.45.248.0/21
                  185.22.180.0/22
                IPv6:
                  2a00:65e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         be:0d:b7:e0:30:45:b8:34:6c:5a:c9:10:2a:3f:2c:24:c7:e4:
         b1:44:64:dc:26:ce:2b:36:c4:e4:ed:1b:0b:f2:01:89:f4:0d:
         15:ec:36:e5:32:cf:08:b7:46:64:a5:de:3c:f9:f9:93:bf:e4:
         15:58:b8:5b:24:da:06:1f:9a:20:91:14:80:7e:6f:3c:b9:7e:
         97:97:a9:15:ad:9f:39:31:c3:2d:a6:f2:43:4e:6f:d6:60:f0:
         81:97:bf:d0:28:e8:00:f5:ad:4c:5c:c2:14:4d:08:e6:a9:c8:
         68:4e:9d:78:a4:39:92:89:84:bc:fe:44:ea:ac:16:fe:10:ff:
         b2:f0:1a:d1:61:43:f3:78:d9:14:8e:10:a0:df:44:80:83:0c:
         18:c1:2c:69:d9:b3:73:ef:ed:dd:83:1a:a3:d7:f0:54:f5:e6:
         2d:e9:69:2b:70:aa:13:94:b8:86:d7:17:d5:d3:2a:19:4a:b4:
         f9:58:9f:dc:a6:8f:af:6a:89:2c:ed:4e:5e:85:78:e1:79:e3:
         e2:79:0e:2f:72:fd:24:db:2d:fe:60:18:11:68:b6:b3:b1:b5:
         d3:a8:ec:ac:fa:17:f0:e5:59:91:d8:87:44:de:a9:93:c4:be:
         b0:92:e6:26:be:e7:de:5b:d2:33:27:d3:ee:7d:67:44:8b:ab:
         4d:21:70:ea
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQhsdew2cKcd/gFj6e+YhPWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NzU0NjRlODk4MTZlZjAwYjAzNjk1MDIwMThhN2U1OWNl
MmQzNmMwHhcNMjUwMTAxMTE0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjU3MzA2ZGMwZTQ3NjA0OTFiYmE5ZjkyOWZhNzA5MmUwZGQ5YjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0teA0QBBevLuO10qw28uIO7YsI6r
0jpyik2dMRCVa1by5mwLTrzRaevNZS8Rljfch56WO2h+4Beqdw0kjgFyMNbYeHIb
hQRqcxf+pVzLY7sDPhYq6Pbn1B0emjxhzL2Tm52JSqwcNPHKrXcm8fxMsY5F5dZ1
kHDUGnFu5oTI4DIKX/7KsjnpOX3mWPNthZFDJkTkKH1wpDctjCusilmuOs408MMN
WdxFM+ugH2aXPWgnx03ThJOljUsHUlk1jnavuQIoal4EVQwL0oXzAzS722YjHahJ
vmzo4qGD0Yllge2AXcDSGQU95XUEX0cZ986FewOLIDvhjpj0MChuqE8AjwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFHtXMG3A5HYEkbup+Sn6cJLg3ZsUMB8GA1UdIwQY
MBaAFOh1Rk6JgW7wCwNpUCAYp+Wc4tNsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkhWR1RvbUJidkFMQTJsUUlCaW41WnppMDJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9jMzA2OWUtNWZmYy00YzhjLTkxZGMt
MzFkMTk3ZjEzOWQ4LzEvZTFjd2JjRGtkZ1NSdTZuNUtmcHdrdURkbXhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9jMzA2OWUtNWZmYy00YzhjLTkxZGMtMzFkMTk3ZjEzOWQ4
LzEvNkhWR1RvbUJidkFMQTJsUUlCaW41WnppMDJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDiy34AwQC
uRa0MA0EAgACMAcDBQAqAGXgMA0GCSqGSIb3DQEBCwUAA4IBAQC+DbfgMEW4NGxa
yRAqPywkx+SxRGTcJs4rNsTk7RsL8gGJ9A0V7DblMs8It0Zkpd48+fmTv+QVWLhb
JNoGH5ogkRSAfm88uX6Xl6kVrZ85McMtpvJDTm/WYPCBl7/QKOgA9a1MXMIUTQjm
qchoTp14pDmSiYS8/kTqrBb+EP+y8BrRYUPzeNkUjhCg30SAgwwYwSxp2bNz7+3d
gxqj1/BU9eYt6WkrcKoTlLiG1xfV0yoZSrT5WJ/cpo+vaoks7U5ehXjheePieQ4v
cv0k2y3+YBgRaLazsbXTqOys+hfw5VmR2IdE3qmTxL6wkuYmvufeW9IzJ9PufWdE
i6tNIXDq
-----END CERTIFICATE-----