Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/9aa63b-7647-4073-9e66-0d7c52154183/1/0D2wLjVbDWwACcQ-Kz3sd6AfexU.roa
File:                     0D2wLjVbDWwACcQ-Kz3sd6AfexU.roa (raw, json)
Hash identifier:          7Sb+sy2XY1zDYvtO32J9cA443b1TwPmknXgPIPE3iJ4=
Subject key identifier:   D0:3D:B0:2E:35:5B:0D:6C:00:09:C4:3E:2B:3D:EC:77:A0:1F:7B:15
Certificate issuer:       /CN=7b24358c4f16c19ffad37f3cafe0c8f6acbf65b1
Certificate serial:       0196FD0747BBC4B4204A9E2643F9E9CB52F3
Authority key identifier: 7B:24:35:8C:4F:16:C1:9F:FA:D3:7F:3C:AF:E0:C8:F6:AC:BF:65:B1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/eyQ1jE8WwZ_60388r-DI9qy_ZbE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/21/9aa63b-7647-4073-9e66-0d7c52154183/1/0D2wLjVbDWwACcQ-Kz3sd6AfexU.roa
Signing time:             Fri 23 May 2025 12:03:54 +0000
ROA not before:           Fri 23 May 2025 12:03:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210339
IP address blocks:        213.178.148.0/22 maxlen: 24
                          2a07:3940::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/21/9aa63b-7647-4073-9e66-0d7c52154183/1/eyQ1jE8WwZ_60388r-DI9qy_ZbE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/21/9aa63b-7647-4073-9e66-0d7c52154183/1/eyQ1jE8WwZ_60388r-DI9qy_ZbE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/eyQ1jE8WwZ_60388r-DI9qy_ZbE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 20 Jun 2025 10:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:fd:07:47:bb:c4:b4:20:4a:9e:26:43:f9:e9:cb:52:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7b24358c4f16c19ffad37f3cafe0c8f6acbf65b1
        Validity
            Not Before: May 23 12:03:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d03db02e355b0d6c0009c43e2b3dec77a01f7b15
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:c4:7f:b2:f3:7c:fb:10:54:69:35:33:f8:91:
                    16:94:f9:ef:2d:e6:df:e2:61:29:5a:03:08:f2:4c:
                    61:6e:4d:f7:b9:27:fe:86:1e:7c:09:b4:ee:c0:7c:
                    ce:7f:a0:80:5f:32:e5:9d:fb:05:04:90:a3:e8:ff:
                    7c:e4:a6:a0:08:24:3b:4e:de:e3:60:1b:b4:8e:25:
                    db:2e:64:dd:21:68:7e:ab:e5:12:46:b6:24:4a:e7:
                    7b:79:2b:f2:01:3a:53:cb:3f:17:a0:4d:83:c7:94:
                    aa:4c:1b:4b:46:60:cc:1c:ca:d8:da:f4:31:e6:53:
                    a3:e7:51:cf:9c:79:11:e1:e5:32:46:cb:0c:ea:8f:
                    3e:e7:a2:3d:df:08:35:db:f5:63:a9:14:cf:83:b4:
                    3e:65:8c:3c:49:ed:c6:43:2c:79:a6:95:62:86:2a:
                    01:73:04:59:54:65:fe:49:8e:1b:3c:64:70:ed:07:
                    6b:71:6d:c8:17:96:af:88:4a:5f:79:b5:4d:91:20:
                    c6:da:60:af:96:f8:8e:09:3c:49:f1:07:c7:b0:db:
                    4c:f7:ce:c3:42:4f:d8:2a:52:c9:d0:d6:2e:18:7d:
                    89:dc:aa:24:6d:87:fa:cb:44:4a:d2:a2:da:6c:c2:
                    ce:d1:16:af:e1:6e:fb:92:d0:f2:23:93:e1:67:d0:
                    3b:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:3D:B0:2E:35:5B:0D:6C:00:09:C4:3E:2B:3D:EC:77:A0:1F:7B:15
            X509v3 Authority Key Identifier:
                keyid:7B:24:35:8C:4F:16:C1:9F:FA:D3:7F:3C:AF:E0:C8:F6:AC:BF:65:B1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/eyQ1jE8WwZ_60388r-DI9qy_ZbE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/9aa63b-7647-4073-9e66-0d7c52154183/1/0D2wLjVbDWwACcQ-Kz3sd6AfexU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/21/9aa63b-7647-4073-9e66-0d7c52154183/1/eyQ1jE8WwZ_60388r-DI9qy_ZbE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.178.148.0/22
                IPv6:
                  2a07:3940::/29

    Signature Algorithm: sha256WithRSAEncryption
         9c:d9:46:7e:95:e9:4a:0d:b7:8c:03:64:65:28:e3:bc:2e:0c:
         fe:85:fd:b1:06:84:41:3b:0b:d7:ca:69:9f:af:1e:18:f4:d5:
         dc:48:e4:1f:20:ad:75:ad:e7:de:c2:57:4f:2d:b5:c9:81:c0:
         51:a9:87:f8:bb:04:93:2a:8a:34:56:ad:ca:d0:9d:ff:c6:4f:
         56:f8:0e:54:31:3b:49:63:4d:6a:58:36:3a:ce:0e:13:2a:56:
         a7:5a:91:7f:6a:a9:97:81:02:fd:ce:cd:31:51:51:ec:93:c1:
         70:cd:33:b9:d3:51:f8:72:5e:59:19:d9:71:5b:a0:1f:a9:85:
         0d:d8:82:ac:a0:09:57:a4:dd:8d:e0:cd:dc:59:02:2e:9c:df:
         14:05:7e:38:bc:08:91:f6:75:08:54:62:19:72:a1:35:a1:da:
         fe:0f:f0:85:b0:f7:5a:11:cc:34:17:3d:9e:f5:9c:25:d0:f6:
         74:5d:59:73:e1:7d:1b:09:cb:e8:c8:4d:07:32:ed:dc:44:1a:
         d0:73:ae:a3:b5:59:53:77:e4:ca:cc:03:a1:6e:73:2d:5c:ac:
         5b:a3:5b:da:c9:b4:6f:c8:55:15:b5:83:fa:cd:94:9e:07:91:
         9b:1e:be:8b:5a:ad:3b:a5:a2:fe:83:6c:55:bc:9e:13:e9:91:
         0d:10:31:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZb9B0e7xLQgSp4mQ/npy1LzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiMjQzNThjNGYxNmMxOWZmYWQzN2YzY2FmZTBjOGY2YWNi
ZjY1YjEwHhcNMjUwNTIzMTIwMzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDNkYjAyZTM1NWIwZDZjMDAwOWM0M2UyYjNkZWM3N2EwMWY3YjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4MR/svN8+xBUaTUz+JEWlPnvLebf
4mEpWgMI8kxhbk33uSf+hh58CbTuwHzOf6CAXzLlnfsFBJCj6P985KagCCQ7Tt7j
YBu0jiXbLmTdIWh+q+USRrYkSud7eSvyATpTyz8XoE2Dx5SqTBtLRmDMHMrY2vQx
5lOj51HPnHkR4eUyRssM6o8+56I93wg12/VjqRTPg7Q+ZYw8Se3GQyx5ppVihioB
cwRZVGX+SY4bPGRw7QdrcW3IF5aviEpfebVNkSDG2mCvlviOCTxJ8QfHsNtM987D
Qk/YKlLJ0NYuGH2J3KokbYf6y0RK0qLabMLO0Rav4W77ktDyI5PhZ9A7qQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNA9sC41Ww1sAAnEPis97HegH3sVMB8GA1UdIwQY
MBaAFHskNYxPFsGf+tN/PK/gyPasv2WxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZXlRMWpFOFd3Wl82MDM4OHItREk5cXlfWmJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS85YWE2M2ItNzY0Ny00MDczLTllNjYt
MGQ3YzUyMTU0MTgzLzEvMEQyd0xqVmJEV3dBQ2NRLUt6M3NkNkFmZXhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS85YWE2M2ItNzY0Ny00MDczLTllNjYtMGQ3YzUyMTU0MTgz
LzEvZXlRMWpFOFd3Wl82MDM4OHItREk5cXlfWmJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQC1bKUMA0E
AgACMAcDBQMqBzlAMA0GCSqGSIb3DQEBCwUAA4IBAQCc2UZ+lelKDbeMA2RlKOO8
Lgz+hf2xBoRBOwvXymmfrx4Y9NXcSOQfIK11refewldPLbXJgcBRqYf4uwSTKoo0
Vq3K0J3/xk9W+A5UMTtJY01qWDY6zg4TKlanWpF/aqmXgQL9zs0xUVHsk8FwzTO5
01H4cl5ZGdlxW6AfqYUN2IKsoAlXpN2N4M3cWQIunN8UBX44vAiR9nUIVGIZcqE1
odr+D/CFsPdaEcw0Fz2e9Zwl0PZ0XVlz4X0bCcvoyE0HMu3cRBrQc66jtVlTd+TK
zAOhbnMtXKxbo1vaybRvyFUVtYP6zZSeB5GbHr6LWq07paL+g2xVvJ4T6ZENEDHA
-----END CERTIFICATE-----