Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/7kfcYNNoB5VB3-_80xlsWN3weyk.roa
File:                     7kfcYNNoB5VB3-_80xlsWN3weyk.roa (raw, json)
Hash identifier:          1wJop1mQ6qBQDepGqT5ANO4tx0iRC5GqiIyWQqeZxiY=
Subject key identifier:   EE:47:DC:60:D3:68:07:95:41:DF:EF:FC:D3:19:6C:58:DD:F0:7B:29
Certificate issuer:       /CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
Certificate serial:       019423D6EAF7A20E4BCBE51638BC7F7B97D2
Authority key identifier: D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/7kfcYNNoB5VB3-_80xlsWN3weyk.roa
Signing time:             Wed 01 Jan 2025 21:47:54 +0000
ROA not before:           Wed 01 Jan 2025 21:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62081
IP address blocks:        185.165.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:ea:f7:a2:0e:4b:cb:e5:16:38:bc:7f:7b:97:d2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3d56f07be184cba52f6fdc049e8114d2616c32a
        Validity
            Not Before: Jan  1 21:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ee47dc60d368079541dfeffcd3196c58ddf07b29
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:8c:cb:13:14:56:2f:59:8c:5a:51:ac:84:5e:
                    0c:e5:52:55:6f:11:87:30:0d:19:c5:fd:91:4f:3d:
                    91:ba:6a:ba:d3:5c:16:78:7e:6a:6f:67:f9:bc:1a:
                    0e:3d:80:13:80:c1:02:ee:09:63:29:2b:8c:e7:39:
                    13:04:04:ae:8f:cc:de:d4:96:8d:1a:b1:38:f9:d3:
                    2d:e3:78:50:e5:57:1f:c0:83:a6:26:24:15:1a:ab:
                    c5:bb:e0:ac:86:ac:54:b9:bf:5b:09:75:46:09:2f:
                    2c:d5:ca:0e:bb:87:c2:0f:9e:37:0b:f3:fc:be:c4:
                    97:5c:c0:c9:dc:a9:67:27:f6:16:ce:31:b0:27:9b:
                    e1:bd:b1:7f:96:0a:7f:e2:d9:b3:18:dc:31:87:64:
                    82:d6:f5:d9:92:3b:a0:1e:b9:c8:52:81:79:a8:95:
                    b7:98:68:d4:38:a0:85:c0:98:5c:d2:a4:bc:5a:ad:
                    ef:bc:b7:9b:3f:92:da:e4:d5:bc:f7:8b:52:de:0a:
                    5a:36:68:2e:34:9f:7b:f9:c0:a6:06:dc:97:b9:a6:
                    38:5b:c8:a1:8e:df:5b:a5:a4:91:ce:50:2e:2b:6e:
                    a5:e2:79:c6:c2:b0:34:b9:3a:71:dc:18:2d:03:e8:
                    8c:7b:bc:02:08:c4:3a:b4:34:0b:ba:c6:f6:87:fc:
                    f7:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:47:DC:60:D3:68:07:95:41:DF:EF:FC:D3:19:6C:58:DD:F0:7B:29
            X509v3 Authority Key Identifier:
                keyid:D3:D5:6F:07:BE:18:4C:BA:52:F6:FD:C0:49:E8:11:4D:26:16:C3:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/09VvB74YTLpS9v3ASegRTSYWwyo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/7kfcYNNoB5VB3-_80xlsWN3weyk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/5786ab-067e-440c-b276-1b06d1c704c1/1/09VvB74YTLpS9v3ASegRTSYWwyo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.165.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:21:dc:6c:81:61:a5:55:eb:6d:a4:04:d6:35:dd:4a:13:ea:
         41:64:bd:ab:43:3a:0b:8b:37:20:72:c4:39:3e:da:3d:70:94:
         82:7f:08:09:7f:4b:74:39:75:5b:43:f9:6c:9b:58:ae:27:de:
         6d:d8:13:06:c7:ad:bc:3b:9b:00:60:84:c5:2a:0f:12:d4:14:
         22:22:c0:6f:fc:23:cd:c5:32:ca:05:7c:06:20:76:27:e0:1e:
         8e:77:52:5c:14:31:89:23:2e:eb:e8:36:f2:83:b5:2a:33:d4:
         1e:48:74:66:d8:d4:c4:26:79:78:20:79:74:66:27:50:8b:c1:
         a7:61:90:1b:01:6d:69:be:bc:ce:69:06:69:84:d1:bf:54:0f:
         65:7a:d2:f1:29:5e:f3:b0:0b:54:3a:5b:7e:a0:52:c4:b4:46:
         c1:47:d3:b6:58:16:1c:a0:ca:c5:74:6a:f9:c3:7e:c8:3f:65:
         07:d8:2d:99:d2:49:d9:8c:1f:cd:ef:33:7d:f5:6f:92:36:01:
         20:3f:e7:43:84:dc:c1:d1:fc:2b:b2:b2:c1:d6:2d:09:d9:e2:
         f5:a3:ed:67:40:84:35:a2:d9:5f:fa:0c:c1:2a:42:42:49:40:
         65:8e:f2:9a:65:b0:00:97:9b:b0:7f:56:fc:1d:5e:1f:a9:40:
         d4:2e:99:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj1ur3og5Ly+UWOLx/e5fSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzZDU2ZjA3YmUxODRjYmE1MmY2ZmRjMDQ5ZTgxMTRkMjYx
NmMzMmEwHhcNMjUwMTAxMjE0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTQ3ZGM2MGQzNjgwNzk1NDFkZmVmZmNkMzE5NmM1OGRkZjA3YjI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4zLExRWL1mMWlGshF4M5VJVbxGH
MA0Zxf2RTz2Rumq601wWeH5qb2f5vBoOPYATgMEC7gljKSuM5zkTBASuj8ze1JaN
GrE4+dMt43hQ5VcfwIOmJiQVGqvFu+CshqxUub9bCXVGCS8s1coOu4fCD543C/P8
vsSXXMDJ3KlnJ/YWzjGwJ5vhvbF/lgp/4tmzGNwxh2SC1vXZkjugHrnIUoF5qJW3
mGjUOKCFwJhc0qS8Wq3vvLebP5La5NW894tS3gpaNmguNJ97+cCmBtyXuaY4W8ih
jt9bpaSRzlAuK26l4nnGwrA0uTpx3BgtA+iMe7wCCMQ6tDQLusb2h/z38QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO5H3GDTaAeVQd/v/NMZbFjd8HspMB8GA1UdIwQY
MBaAFNPVbwe+GEy6Uvb9wEnoEU0mFsMqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYt
MWIwNmQxYzcwNGMxLzEvN2tmY1lOTm9CNVZCMy1fODB4bHNXTjN3ZXlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC81Nzg2YWItMDY3ZS00NDBjLWIyNzYtMWIwNmQxYzcwNGMx
LzEvMDlWdkI3NFlUTHBTOXYzQVNlZ1JUU1lXd3lvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuaWVMA0G
CSqGSIb3DQEBCwUAA4IBAQCeIdxsgWGlVettpATWNd1KE+pBZL2rQzoLizcgcsQ5
Pto9cJSCfwgJf0t0OXVbQ/lsm1iuJ95t2BMGx628O5sAYITFKg8S1BQiIsBv/CPN
xTLKBXwGIHYn4B6Od1JcFDGJIy7r6Dbyg7UqM9QeSHRm2NTEJnl4IHl0ZidQi8Gn
YZAbAW1pvrzOaQZphNG/VA9letLxKV7zsAtUOlt+oFLEtEbBR9O2WBYcoMrFdGr5
w37IP2UH2C2Z0knZjB/N7zN99W+SNgEgP+dDhNzB0fwrsrLB1i0J2eL1o+1nQIQ1
otlf+gzBKkJCSUBljvKaZbAAl5uwf1b8HV4fqUDULpm1
-----END CERTIFICATE-----