Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/C7MhaPZbslU0VnJ9f8aWGwMPQ1s.roa
File:                     C7MhaPZbslU0VnJ9f8aWGwMPQ1s.roa (raw, json)
Hash identifier:          N2sOMWlDByUi7A5K2JVccMDH9oIH2ZkyI/wL4WYAlVY=
Subject key identifier:   0B:B3:21:68:F6:5B:B2:55:34:56:72:7D:7F:C6:96:1B:03:0F:43:5B
Certificate issuer:       /CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
Certificate serial:       019627DF2ED421E819E4BFED41539DED735B
Authority key identifier: B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/C7MhaPZbslU0VnJ9f8aWGwMPQ1s.roa
Signing time:             Sat 12 Apr 2025 02:40:59 +0000
ROA not before:           Sat 12 Apr 2025 02:40:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     45691
IP address blocks:        185.217.5.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 08:00:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:27:df:2e:d4:21:e8:19:e4:bf:ed:41:53:9d:ed:73:5b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b07ab922565e2b3e2cc63d485a55dd4fc41d357e
        Validity
            Not Before: Apr 12 02:40:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0bb32168f65bb2553456727d7fc6961b030f435b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b5:77:b6:59:7a:eb:2a:ed:63:1c:19:25:81:
                    24:cf:1c:17:b6:59:8c:d4:ec:2b:5a:2d:23:73:c9:
                    a2:2a:35:9e:5b:ab:15:99:38:2d:85:e1:81:a8:e6:
                    78:09:05:fd:21:70:a8:bf:2a:99:a2:b8:e0:5e:ad:
                    11:88:cc:98:a3:c0:44:94:09:2d:2e:96:78:e5:bf:
                    44:45:b0:9f:36:8d:81:43:14:28:5b:62:a0:44:63:
                    7e:bd:41:ae:da:9e:8c:bd:d9:4f:6c:05:5c:5b:8b:
                    06:18:33:80:4e:fc:0e:81:50:34:a5:a8:07:97:5a:
                    f9:2e:67:ac:5b:2c:94:ec:95:61:70:7a:03:6d:02:
                    47:e2:0c:c8:28:18:aa:24:2b:f6:be:5a:e4:b4:ea:
                    32:90:b4:89:5a:4d:8f:fa:b3:3d:55:22:5e:3a:0c:
                    3c:db:97:30:d3:29:f9:dc:4d:08:a2:29:6e:b3:3f:
                    c5:e2:50:f9:25:50:ad:a2:18:8b:54:c7:36:20:9b:
                    a3:cd:53:f0:12:b5:db:c5:c5:74:7c:e8:53:f0:9a:
                    a6:7d:cf:cc:5f:ff:0b:4e:41:cf:d2:cb:38:31:49:
                    24:28:c4:f5:40:d8:20:a7:e1:39:17:86:c4:5c:b2:
                    55:5f:71:c4:54:fd:28:22:ee:dc:82:f9:86:f3:9c:
                    34:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:B3:21:68:F6:5B:B2:55:34:56:72:7D:7F:C6:96:1B:03:0F:43:5B
            X509v3 Authority Key Identifier:
                keyid:B0:7A:B9:22:56:5E:2B:3E:2C:C6:3D:48:5A:55:DD:4F:C4:1D:35:7E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sHq5IlZeKz4sxj1IWlXdT8QdNX4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/C7MhaPZbslU0VnJ9f8aWGwMPQ1s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/6d59d9-9daf-4fcb-8d05-13bcc752119a/1/sHq5IlZeKz4sxj1IWlXdT8QdNX4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.5.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:01:dc:7f:1b:db:62:fd:cc:35:a1:90:a5:37:70:84:b7:ca:
         a9:99:53:a4:ef:65:ae:4c:4a:11:3d:47:2a:25:fa:87:e4:a2:
         1b:2b:4f:d2:61:d5:e4:63:49:82:37:f1:50:5d:08:34:fb:3b:
         fa:e4:18:6a:5d:62:af:77:67:a1:2c:5c:9a:4c:1d:90:91:de:
         a3:60:0b:f9:32:75:25:71:bb:37:12:dc:75:07:fb:0d:6b:58:
         90:3f:61:78:d5:79:cb:c0:f6:7e:21:ac:3e:a7:c9:c0:1f:ef:
         61:dd:44:93:2a:a0:68:64:42:61:82:5f:4a:33:58:7f:ee:02:
         88:71:da:f4:99:9d:0c:46:c4:cd:38:97:6e:4a:7b:2b:aa:fb:
         b3:96:17:52:bc:e3:9a:53:98:83:64:00:05:d9:e7:d1:55:2e:
         c5:35:0f:b2:a9:d3:cd:0d:97:8a:60:8b:45:4b:cf:e5:16:b7:
         0a:d2:70:fc:61:3c:b0:8e:04:56:77:1a:19:7d:e6:3f:ef:e3:
         60:09:34:b0:47:82:dc:d0:ee:02:34:f1:19:54:46:57:d4:7a:
         c5:b7:5f:cb:35:30:11:4e:24:5c:a3:35:02:9a:e8:a5:32:ed:
         f2:6f:7a:8a:f5:8c:2e:62:82:c1:10:4b:41:9f:1e:09:85:5f:
         33:62:6c:ee
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZYn3y7UIegZ5L/tQVOd7XNbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwN2FiOTIyNTY1ZTJiM2UyY2M2M2Q0ODVhNTVkZDRmYzQx
ZDM1N2UwHhcNMjUwNDEyMDI0MDU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYmIzMjE2OGY2NWJiMjU1MzQ1NjcyN2Q3ZmM2OTYxYjAzMGY0MzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAubV3tll66yrtYxwZJYEkzxwXtlmM
1OwrWi0jc8miKjWeW6sVmTgtheGBqOZ4CQX9IXCovyqZorjgXq0RiMyYo8BElAkt
LpZ45b9ERbCfNo2BQxQoW2KgRGN+vUGu2p6MvdlPbAVcW4sGGDOATvwOgVA0pagH
l1r5LmesWyyU7JVhcHoDbQJH4gzIKBiqJCv2vlrktOoykLSJWk2P+rM9VSJeOgw8
25cw0yn53E0Ioilusz/F4lD5JVCtohiLVMc2IJujzVPwErXbxcV0fOhT8Jqmfc/M
X/8LTkHP0ss4MUkkKMT1QNggp+E5F4bEXLJVX3HEVP0oIu7cgvmG85w0gQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAuzIWj2W7JVNFZyfX/GlhsDD0NbMB8GA1UdIwQY
MBaAFLB6uSJWXis+LMY9SFpV3U/EHTV+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUt
MTNiY2M3NTIxMTlhLzEvQzdNaGFQWmJzbFUwVm5KOWY4YVdHd01QUTFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS82ZDU5ZDktOWRhZi00ZmNiLThkMDUtMTNiY2M3NTIxMTlh
LzEvc0hxNUlsWmVLejRzeGoxSVdsWGRUOFFkTlg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudkFMA0G
CSqGSIb3DQEBCwUAA4IBAQCZAdx/G9ti/cw1oZClN3CEt8qpmVOk72WuTEoRPUcq
JfqH5KIbK0/SYdXkY0mCN/FQXQg0+zv65BhqXWKvd2ehLFyaTB2Qkd6jYAv5MnUl
cbs3Etx1B/sNa1iQP2F41XnLwPZ+Iaw+p8nAH+9h3USTKqBoZEJhgl9KM1h/7gKI
cdr0mZ0MRsTNOJduSnsrqvuzlhdSvOOaU5iDZAAF2efRVS7FNQ+yqdPNDZeKYItF
S8/lFrcK0nD8YTywjgRWdxoZfeY/7+NgCTSwR4Lc0O4CNPEZVEZX1HrFt1/LNTAR
TiRcozUCmuilMu3yb3qK9YwuYoLBEEtBnx4JhV8zYmzu
-----END CERTIFICATE-----