Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/R7KosinOXjF2rG3vtu7p8AIu4xQ.roa
File:                     R7KosinOXjF2rG3vtu7p8AIu4xQ.roa (raw, json)
Hash identifier:          O2+0nwWvmmZlJHCPQl2XQCYQ7eCOvA/497czNNwGoCI=
Subject key identifier:   47:B2:A8:B2:29:CE:5E:31:76:AC:6D:EF:B6:EE:E9:F0:02:2E:E3:14
Certificate issuer:       /CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
Certificate serial:       0194228D2CD31E1938595B3DCAEB7B5C8623
Authority key identifier: 7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/R7KosinOXjF2rG3vtu7p8AIu4xQ.roa
Signing time:             Wed 01 Jan 2025 15:47:44 +0000
ROA not before:           Wed 01 Jan 2025 15:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57316
IP address blocks:        85.204.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 29 Apr 2025 15:00:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:2c:d3:1e:19:38:59:5b:3d:ca:eb:7b:5c:86:23
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7aef069e7e3ed5bf70f682ce40c5810ff3e5e378
        Validity
            Not Before: Jan  1 15:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=47b2a8b229ce5e3176ac6defb6eee9f0022ee314
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:1b:bc:6a:7f:09:8b:ac:06:46:c1:d8:f6:71:
                    f3:a2:f9:09:2d:de:b0:3f:8a:d7:ad:bb:96:97:2c:
                    ef:90:d3:fe:3a:d4:d3:03:e6:80:da:69:74:97:af:
                    91:ed:2d:c6:de:66:d6:2e:dc:12:11:d2:91:ed:48:
                    c1:1f:b2:b0:68:13:7d:8c:60:eb:9e:54:68:c2:49:
                    8e:f0:26:a8:a0:a9:f8:b5:2d:05:b7:24:0c:83:ee:
                    d5:66:28:6d:77:f4:af:80:3b:c3:66:6a:62:35:18:
                    04:4d:09:4d:7c:84:16:5b:c3:9e:31:79:9d:79:13:
                    15:df:e6:a6:3b:54:3c:87:1c:c6:56:3b:85:d1:da:
                    81:ae:ce:10:c0:4f:dd:e8:99:21:f4:2b:6f:63:8b:
                    ea:b2:e2:cb:d6:c2:49:f4:1d:c0:ab:1f:af:52:03:
                    30:c5:87:f9:2b:64:ff:23:e8:59:e6:73:08:19:88:
                    1d:b4:09:7b:0b:0f:1a:7e:b4:5c:16:11:6d:03:1f:
                    25:1b:89:f3:22:fc:12:62:e0:47:7c:94:5d:11:c6:
                    1f:27:81:57:c2:d5:15:69:c4:31:16:ac:33:a1:41:
                    d3:17:81:30:f8:4a:b6:c9:88:ff:91:e7:8b:44:54:
                    fe:71:5d:68:19:3e:f6:5f:df:1e:7a:c7:5b:51:5c:
                    1c:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:B2:A8:B2:29:CE:5E:31:76:AC:6D:EF:B6:EE:E9:F0:02:2E:E3:14
            X509v3 Authority Key Identifier:
                keyid:7A:EF:06:9E:7E:3E:D5:BF:70:F6:82:CE:40:C5:81:0F:F3:E5:E3:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/R7KosinOXjF2rG3vtu7p8AIu4xQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/c0bb52-70de-4af0-a9fb-900034f00d9e/1/eu8Gnn4-1b9w9oLOQMWBD_Pl43g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.204.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:0b:8b:75:10:68:ce:05:7d:1d:87:ee:32:9e:94:03:56:38:
         f5:c8:8a:0e:f9:ce:8f:ee:51:d9:26:ee:a0:d1:ff:1a:74:85:
         b7:49:c8:88:91:a9:d6:f1:df:d1:62:3e:2c:40:c2:68:2a:a8:
         c5:50:35:5e:eb:2f:74:be:95:b0:e4:e1:a7:00:98:5e:5c:90:
         e5:0c:7f:31:44:9e:bf:00:60:9b:ad:45:2f:ba:a4:18:b7:26:
         44:52:f5:26:42:28:89:54:5f:5b:bf:87:a0:1b:ce:5d:88:52:
         6a:70:a7:a5:da:71:7d:34:3a:fb:83:54:9a:23:e8:7e:c8:60:
         1a:62:23:f7:d8:b8:3c:13:55:85:43:c6:96:78:5e:be:eb:26:
         72:13:28:42:09:ad:d8:e2:55:65:54:39:09:24:86:1b:9b:63:
         b0:2b:6e:db:81:20:75:5c:61:f0:8b:55:9c:73:ff:86:19:1a:
         08:9a:92:53:3f:67:f5:ac:cd:f8:85:09:b0:c8:a3:98:9f:0d:
         b8:23:9e:48:ed:67:83:7e:7e:69:53:b2:58:d2:79:f5:54:bd:
         0a:63:9a:30:e9:d2:fd:fb:9f:98:33:63:f1:d2:3e:3f:47:2d:
         dd:9d:84:34:4a:f2:54:45:fe:13:35:a9:de:fe:bf:0f:b8:b8:
         31:d2:60:4c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijSzTHhk4WVs9yut7XIYjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdhZWYwNjllN2UzZWQ1YmY3MGY2ODJjZTQwYzU4MTBmZjNl
NWUzNzgwHhcNMjUwMTAxMTU0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2IyYThiMjI5Y2U1ZTMxNzZhYzZkZWZiNmVlZTlmMDAyMmVlMzE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhu8an8Ji6wGRsHY9nHzovkJLd6w
P4rXrbuWlyzvkNP+OtTTA+aA2ml0l6+R7S3G3mbWLtwSEdKR7UjBH7KwaBN9jGDr
nlRowkmO8CaooKn4tS0FtyQMg+7VZihtd/SvgDvDZmpiNRgETQlNfIQWW8OeMXmd
eRMV3+amO1Q8hxzGVjuF0dqBrs4QwE/d6Jkh9CtvY4vqsuLL1sJJ9B3Aqx+vUgMw
xYf5K2T/I+hZ5nMIGYgdtAl7Cw8afrRcFhFtAx8lG4nzIvwSYuBHfJRdEcYfJ4FX
wtUVacQxFqwzoUHTF4Ew+Eq2yYj/keeLRFT+cV1oGT72X98eesdbUVwc7wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFEeyqLIpzl4xdqxt77bu6fACLuMUMB8GA1UdIwQY
MBaAFHrvBp5+PtW/cPaCzkDFgQ/z5eN4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmIt
OTAwMDM0ZjAwZDllLzEvUjdLb3Npbk9YakYyckczdnR1N3A4QUl1NHhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9jMGJiNTItNzBkZS00YWYwLWE5ZmItOTAwMDM0ZjAwZDll
LzEvZXU4R25uNC0xYjl3OW9MT1FNV0JEX1BsNDNnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVcwvMA0G
CSqGSIb3DQEBCwUAA4IBAQA/C4t1EGjOBX0dh+4ynpQDVjj1yIoO+c6P7lHZJu6g
0f8adIW3SciIkanW8d/RYj4sQMJoKqjFUDVe6y90vpWw5OGnAJheXJDlDH8xRJ6/
AGCbrUUvuqQYtyZEUvUmQiiJVF9bv4egG85diFJqcKel2nF9NDr7g1SaI+h+yGAa
YiP32Lg8E1WFQ8aWeF6+6yZyEyhCCa3Y4lVlVDkJJIYbm2OwK27bgSB1XGHwi1Wc
c/+GGRoImpJTP2f1rM34hQmwyKOYnw24I55I7WeDfn5pU7JY0nn1VL0KY5ow6dL9
+5+YM2Px0j4/Ry3dnYQ0SvJURf4TNane/r8PuLgx0mBM
-----END CERTIFICATE-----