Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/77c6fc-8a99-42f4-ac23-56c6a1031dbb/1/O7SXZPMFV3Am85txyKq-wzV0mJk.roa
File:                     O7SXZPMFV3Am85txyKq-wzV0mJk.roa (raw, json)
Hash identifier:          E3gQb/T8VdnvnhmQexSN7n2IkCaiiXjYdA/H9y6oGHw=
Subject key identifier:   3B:B4:97:64:F3:05:57:70:26:F3:9B:71:C8:AA:BE:C3:35:74:98:99
Certificate issuer:       /CN=252cb35c3f56b2798ff61bd4d9a5ced0ee039fb0
Certificate serial:       01941F8C661470A7B86B6CEC726498F753C6
Authority key identifier: 25:2C:B3:5C:3F:56:B2:79:8F:F6:1B:D4:D9:A5:CE:D0:EE:03:9F:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JSyzXD9WsnmP9hvU2aXO0O4Dn7A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fc/77c6fc-8a99-42f4-ac23-56c6a1031dbb/1/O7SXZPMFV3Am85txyKq-wzV0mJk.roa
Signing time:             Wed 01 Jan 2025 01:48:02 +0000
ROA not before:           Wed 01 Jan 2025 01:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41157
IP address blocks:        81.201.176.0/20 maxlen: 20
                          2a02:2218::/29 maxlen: 32
                          2a02:2218::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fc/77c6fc-8a99-42f4-ac23-56c6a1031dbb/1/JSyzXD9WsnmP9hvU2aXO0O4Dn7A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fc/77c6fc-8a99-42f4-ac23-56c6a1031dbb/1/JSyzXD9WsnmP9hvU2aXO0O4Dn7A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JSyzXD9WsnmP9hvU2aXO0O4Dn7A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 10:01:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:66:14:70:a7:b8:6b:6c:ec:72:64:98:f7:53:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=252cb35c3f56b2798ff61bd4d9a5ced0ee039fb0
        Validity
            Not Before: Jan  1 01:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3bb49764f305577026f39b71c8aabec335749899
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a1:18:63:f0:a6:97:96:be:45:fa:c8:01:33:
                    10:5b:4b:b5:82:9a:87:e2:8e:c7:41:74:12:f9:24:
                    06:dc:68:bf:1e:07:68:db:64:1c:fa:cf:f3:b9:90:
                    32:9e:70:2e:0d:39:b0:91:87:6d:a4:c1:28:b4:04:
                    d7:8b:0f:66:02:43:ae:bd:1a:f8:5e:09:4a:fd:fd:
                    12:36:79:e0:8d:38:f0:85:ce:82:3e:eb:76:60:b2:
                    69:ad:5c:95:12:4a:30:c1:0e:5d:e8:a4:3c:1f:b6:
                    7b:9a:01:c2:f9:69:d3:98:66:dc:e8:4d:e5:63:e0:
                    3c:7c:71:f9:38:c9:59:b7:9f:9a:ff:53:6a:38:04:
                    db:d3:d4:1e:42:12:45:f2:f3:3c:5a:72:80:23:d8:
                    0e:b9:b9:f0:0d:ad:dc:e7:b3:01:41:02:05:84:85:
                    19:cc:b7:5b:f9:1d:85:bc:33:ba:e9:69:93:35:a6:
                    1e:d9:e5:c3:9d:aa:1a:6b:45:34:ef:fe:3d:25:0b:
                    6b:88:db:56:db:65:68:26:ba:95:2f:43:bd:53:9a:
                    3a:ed:9b:13:ca:4d:94:fb:36:d2:cf:32:e8:e5:d7:
                    0e:2b:c5:15:55:c9:cc:66:c4:85:48:7c:bb:ee:cb:
                    e9:aa:bb:60:68:95:f3:bb:20:30:24:c5:7c:6a:f0:
                    a1:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:B4:97:64:F3:05:57:70:26:F3:9B:71:C8:AA:BE:C3:35:74:98:99
            X509v3 Authority Key Identifier:
                keyid:25:2C:B3:5C:3F:56:B2:79:8F:F6:1B:D4:D9:A5:CE:D0:EE:03:9F:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JSyzXD9WsnmP9hvU2aXO0O4Dn7A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/77c6fc-8a99-42f4-ac23-56c6a1031dbb/1/O7SXZPMFV3Am85txyKq-wzV0mJk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/77c6fc-8a99-42f4-ac23-56c6a1031dbb/1/JSyzXD9WsnmP9hvU2aXO0O4Dn7A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  81.201.176.0/20
                IPv6:
                  2a02:2218::/29

    Signature Algorithm: sha256WithRSAEncryption
         16:00:f4:55:c3:86:10:33:63:5c:72:67:59:e1:78:9d:ae:9c:
         44:8b:3f:eb:18:6c:6d:ab:b2:00:9e:71:da:89:e3:3b:1b:65:
         6e:37:75:59:80:6e:0e:7a:17:bd:96:7f:6c:6b:e6:cf:c7:86:
         86:e7:93:5a:1d:83:67:0a:8f:91:f5:b5:74:e8:32:bb:7c:3e:
         20:45:bf:ef:b9:32:dc:58:ee:fb:d3:98:92:52:1c:f3:3d:d4:
         83:8c:55:64:96:ec:49:c6:85:25:21:f7:80:ee:a2:67:d4:33:
         d2:13:80:28:98:19:b6:38:9c:e7:63:fa:02:e9:3a:28:fb:ed:
         74:c8:4f:ec:f0:40:b6:28:24:7f:35:ee:3d:ff:c9:2d:b6:2d:
         07:f4:56:9f:3d:7b:99:1e:db:1d:47:94:ef:31:09:49:c0:20:
         e9:21:48:17:9c:cd:8d:60:1e:02:04:f2:1c:cf:62:c0:27:a9:
         25:5b:26:1a:5c:6a:dd:70:8f:64:1e:bc:5d:2e:7b:d0:71:49:
         f2:71:69:0e:6f:72:99:2f:f5:97:b2:ed:3c:84:7c:35:e0:9a:
         12:bd:ae:41:39:19:6d:e2:8e:c5:f4:71:e4:4a:a2:4b:42:a5:
         b9:0d:3f:b3:4c:18:b3:a2:af:e0:be:25:9d:c8:0d:df:2e:a8:
         1e:a2:ea:12
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQfjGYUcKe4a2zscmSY91PGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI1MmNiMzVjM2Y1NmIyNzk4ZmY2MWJkNGQ5YTVjZWQwZWUw
MzlmYjAwHhcNMjUwMTAxMDE0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYmI0OTc2NGYzMDU1NzcwMjZmMzliNzFjOGFhYmVjMzM1NzQ5ODk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKEYY/Cml5a+RfrIATMQW0u1gpqH
4o7HQXQS+SQG3Gi/Hgdo22Qc+s/zuZAynnAuDTmwkYdtpMEotATXiw9mAkOuvRr4
XglK/f0SNnngjTjwhc6CPut2YLJprVyVEkowwQ5d6KQ8H7Z7mgHC+WnTmGbc6E3l
Y+A8fHH5OMlZt5+a/1NqOATb09QeQhJF8vM8WnKAI9gOubnwDa3c57MBQQIFhIUZ
zLdb+R2FvDO66WmTNaYe2eXDnaoaa0U07/49JQtriNtW22VoJrqVL0O9U5o67ZsT
yk2U+zbSzzLo5dcOK8UVVcnMZsSFSHy77svpqrtgaJXzuyAwJMV8avChIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFDu0l2TzBVdwJvObcciqvsM1dJiZMB8GA1UdIwQY
MBaAFCUss1w/VrJ5j/Yb1NmlztDuA5+wMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSlN5elhEOVdzbm1QOWh2VTJhWE8wTzREbjdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYy83N2M2ZmMtOGE5OS00MmY0LWFjMjMt
NTZjNmExMDMxZGJiLzEvTzdTWFpQTUZWM0FtODV0eHlLcS13elYwbUprLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYy83N2M2ZmMtOGE5OS00MmY0LWFjMjMtNTZjNmExMDMxZGJi
LzEvSlN5elhEOVdzbm1QOWh2VTJhWE8wTzREbjdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQEUcmwMA0E
AgACMAcDBQMqAiIYMA0GCSqGSIb3DQEBCwUAA4IBAQAWAPRVw4YQM2NccmdZ4Xid
rpxEiz/rGGxtq7IAnnHaieM7G2VuN3VZgG4Oehe9ln9sa+bPx4aG55NaHYNnCo+R
9bV06DK7fD4gRb/vuTLcWO7705iSUhzzPdSDjFVkluxJxoUlIfeA7qJn1DPSE4Ao
mBm2OJznY/oC6Too++10yE/s8EC2KCR/Ne49/8ktti0H9FafPXuZHtsdR5TvMQlJ
wCDpIUgXnM2NYB4CBPIcz2LAJ6klWyYaXGrdcI9kHrxdLnvQcUnycWkOb3KZL/WX
su08hHw14JoSva5BORlt4o7F9HHkSqJLQqW5DT+zTBizoq/gviWdyA3fLqgeouoS
-----END CERTIFICATE-----