Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/7YzRWXLDcfjfZ1pfSykSzsi_Bqo.roa
File:                     7YzRWXLDcfjfZ1pfSykSzsi_Bqo.roa (raw, json)
Hash identifier:          upRBCre7SZMIKE1wJY8xBkRe6ItlC6jUoHp+iPPL2jY=
Subject key identifier:   ED:8C:D1:59:72:C3:71:F8:DF:67:5A:5F:4B:29:12:CE:C8:BF:06:AA
Certificate issuer:       /CN=e760126dce78bc16e66c2e6e7635848ac46846af
Certificate serial:       0196AB570A798BF8B97EBB98DA55DFCC79D6
Authority key identifier: E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/7YzRWXLDcfjfZ1pfSykSzsi_Bqo.roa
Signing time:             Wed 07 May 2025 15:22:10 +0000
ROA not before:           Wed 07 May 2025 15:22:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214143
IP address blocks:        146.247.109.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ab:57:0a:79:8b:f8:b9:7e:bb:98:da:55:df:cc:79:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e760126dce78bc16e66c2e6e7635848ac46846af
        Validity
            Not Before: May  7 15:22:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ed8cd15972c371f8df675a5f4b2912cec8bf06aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:97:87:35:70:2c:41:8d:f3:61:70:33:f5:94:
                    76:aa:43:09:f8:f3:65:c6:d4:d2:a1:ab:92:98:a1:
                    04:ae:ff:dc:1e:86:ba:04:1b:54:12:c8:b4:74:28:
                    24:46:c4:49:1c:ed:62:fb:42:ed:d3:02:53:33:26:
                    68:3a:e1:1d:29:48:0c:08:b7:69:e5:84:9f:72:cb:
                    10:a1:bf:96:f7:a8:6f:11:d3:9f:01:62:79:d4:73:
                    96:2f:6c:87:b8:67:15:4e:fe:b7:52:ca:76:c4:31:
                    dc:bc:20:19:1b:a2:de:3a:ca:a4:f0:df:e6:61:7b:
                    7d:48:7b:b8:df:ae:d1:32:dc:c6:26:be:33:fc:7c:
                    5c:98:4a:48:68:a6:a1:58:04:ef:96:43:61:a3:75:
                    98:be:8a:76:07:29:b4:cc:e5:bc:d5:24:94:92:e7:
                    1e:dc:54:8f:c9:36:8e:3a:88:a7:3c:2a:6b:da:d1:
                    1d:f6:3f:fa:0a:39:db:0f:36:27:82:9e:bf:7b:7b:
                    47:fd:f0:0b:f2:b9:07:a7:3f:05:e2:e1:91:c4:ff:
                    2b:83:b9:7e:17:8b:ed:1e:dd:2a:a2:2d:77:e0:74:
                    7a:25:31:42:36:11:ae:5f:23:25:bb:96:f0:f0:85:
                    5c:d4:c3:6e:fb:f4:61:e6:52:e5:69:51:22:94:0b:
                    b3:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:8C:D1:59:72:C3:71:F8:DF:67:5A:5F:4B:29:12:CE:C8:BF:06:AA
            X509v3 Authority Key Identifier:
                keyid:E7:60:12:6D:CE:78:BC:16:E6:6C:2E:6E:76:35:84:8A:C4:68:46:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/52ASbc54vBbmbC5udjWEisRoRq8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/7YzRWXLDcfjfZ1pfSykSzsi_Bqo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/488f61-2f00-4639-97b8-d24f562dedd2/1/52ASbc54vBbmbC5udjWEisRoRq8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  146.247.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:98:34:ec:b9:f3:b3:dd:fc:28:d7:82:b3:67:47:87:4a:d7:
         c6:5b:81:dd:6a:63:4b:0d:d4:25:d7:df:83:e5:a2:b5:22:79:
         cc:c1:7c:76:0a:68:2f:bf:43:32:7b:83:4d:9b:ea:bc:15:4f:
         97:1a:c5:81:30:c3:28:e6:32:57:97:cd:c3:45:82:7e:a3:99:
         60:78:c8:c7:9e:6b:5c:0c:19:3f:59:79:ce:f3:f4:dc:2e:54:
         a3:70:59:69:b1:21:2a:39:ab:df:d3:b4:9c:72:40:b4:57:ff:
         9d:3d:59:40:30:43:1f:d3:7f:36:b0:db:9a:1e:b6:2b:6b:c1:
         cc:90:84:84:66:ec:c6:d7:8d:7f:66:f5:bd:34:36:5a:43:40:
         38:6f:b6:b1:53:cc:89:ac:0f:54:f3:37:fe:7d:18:f3:4c:2c:
         32:6d:64:97:c1:e5:b6:42:31:7d:df:e3:6d:27:95:f9:9f:c0:
         26:d5:8f:a3:da:ad:43:46:a3:27:ef:fb:b2:39:80:73:08:4c:
         1e:07:9e:14:b4:72:48:fe:3a:4f:1a:31:20:69:63:2d:7b:1f:
         70:6c:70:9b:82:b1:9a:7c:6c:11:cd:fe:76:81:f3:ec:d1:88:
         91:d9:27:66:f7:bc:d4:85:a2:9f:16:42:0f:03:5e:fd:25:03:
         9b:08:50:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZarVwp5i/i5fruY2lXfzHnWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NjAxMjZkY2U3OGJjMTZlNjZjMmU2ZTc2MzU4NDhhYzQ2
ODQ2YWYwHhcNMjUwNTA3MTUyMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDhjZDE1OTcyYzM3MWY4ZGY2NzVhNWY0YjI5MTJjZWM4YmYwNmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJeHNXAsQY3zYXAz9ZR2qkMJ+PNl
xtTSoauSmKEErv/cHoa6BBtUEsi0dCgkRsRJHO1i+0Lt0wJTMyZoOuEdKUgMCLdp
5YSfcssQob+W96hvEdOfAWJ51HOWL2yHuGcVTv63Usp2xDHcvCAZG6LeOsqk8N/m
YXt9SHu4367RMtzGJr4z/HxcmEpIaKahWATvlkNho3WYvop2Bym0zOW81SSUkuce
3FSPyTaOOoinPCpr2tEd9j/6CjnbDzYngp6/e3tH/fAL8rkHpz8F4uGRxP8rg7l+
F4vtHt0qoi134HR6JTFCNhGuXyMlu5bw8IVc1MNu+/Rh5lLlaVEilAuzbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO2M0Vlyw3H432daX0spEs7IvwaqMB8GA1UdIwQY
MBaAFOdgEm3OeLwW5mwubnY1hIrEaEavMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3Yjgt
ZDI0ZjU2MmRlZGQyLzEvN1l6UldYTERjZmpmWjFwZlN5a1N6c2lfQnFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS80ODhmNjEtMmYwMC00NjM5LTk3YjgtZDI0ZjU2MmRlZGQy
LzEvNTJBU2JjNTR2QmJtYkM1dWRqV0Vpc1JvUnE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAkvdtMA0G
CSqGSIb3DQEBCwUAA4IBAQBKmDTsufOz3fwo14KzZ0eHStfGW4HdamNLDdQl19+D
5aK1InnMwXx2Cmgvv0Mye4NNm+q8FU+XGsWBMMMo5jJXl83DRYJ+o5lgeMjHnmtc
DBk/WXnO8/TcLlSjcFlpsSEqOavf07ScckC0V/+dPVlAMEMf0382sNuaHrYra8HM
kISEZuzG141/ZvW9NDZaQ0A4b7axU8yJrA9U8zf+fRjzTCwybWSXweW2QjF93+Nt
J5X5n8Am1Y+j2q1DRqMn7/uyOYBzCEweB54UtHJI/jpPGjEgaWMtex9wbHCbgrGa
fGwRzf52gfPs0YiR2Sdm97zUhaKfFkIPA179JQObCFCr
-----END CERTIFICATE-----