Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/F3zlltFpu4Bnj8uBujKBSmcA9bg.roa
File:                     F3zlltFpu4Bnj8uBujKBSmcA9bg.roa (raw, json)
Hash identifier:          rcK+1JhYceC79YdxlUwtYTFKypviIfVkM/kBWNB7QNo=
Subject key identifier:   17:7C:E5:96:D1:69:BB:80:67:8F:CB:81:BA:32:81:4A:67:00:F5:B8
Certificate issuer:       /CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
Certificate serial:       01975BF64EA5DD0B5AF3724F8DDAB12E2696
Authority key identifier: E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/F3zlltFpu4Bnj8uBujKBSmcA9bg.roa
Signing time:             Tue 10 Jun 2025 22:29:18 +0000
ROA not before:           Tue 10 Jun 2025 22:29:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208485
IP address blocks:        94.154.33.0/24 maxlen: 24
                          94.154.37.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 01:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5b:f6:4e:a5:dd:0b:5a:f3:72:4f:8d:da:b1:2e:26:96
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7cf3884b78007a25dbe2e2cef0cc73b69921f88
        Validity
            Not Before: Jun 10 22:29:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=177ce596d169bb80678fcb81ba32814a6700f5b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:9c:7c:b1:b1:25:82:41:05:93:8d:b9:26:a5:
                    c9:0a:e4:cb:41:ff:73:31:01:4f:25:3b:3b:91:64:
                    25:2c:ad:22:f0:bf:43:fd:18:8c:36:26:ab:0f:32:
                    01:41:6a:ef:76:bd:e8:0f:a9:92:85:7c:db:6b:42:
                    26:f3:7c:25:15:6f:19:f2:0e:a2:ed:17:21:78:b4:
                    c9:b7:cb:d1:71:c1:09:15:ac:95:fe:56:5c:1a:52:
                    a8:8b:0f:ca:27:bd:8c:e0:f0:c1:9f:e2:3f:f6:a4:
                    a9:1d:40:da:96:46:d6:20:ac:a4:05:60:ef:61:69:
                    6f:97:5c:c0:c3:05:d9:31:6c:ea:b5:77:1d:69:62:
                    b0:cb:8a:0b:a9:60:18:10:31:ae:5f:7e:6b:d9:3f:
                    fa:15:e3:e2:0f:0a:95:d9:c4:3d:e2:59:a6:ac:73:
                    a8:a5:d6:b0:e4:b8:22:5d:14:3b:b0:c6:98:8a:59:
                    f3:19:99:74:bb:72:48:84:87:ee:44:1f:99:fd:53:
                    c7:a2:11:d3:e6:03:61:4e:08:93:bd:c7:72:fb:34:
                    e4:df:b4:62:e4:d2:f8:1e:92:05:67:bd:39:66:7c:
                    c7:4c:55:69:97:fb:36:9d:b4:ab:32:4a:34:65:e5:
                    9a:8f:a0:5f:f7:cd:3e:e2:a2:19:3d:8c:6c:5e:db:
                    eb:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                17:7C:E5:96:D1:69:BB:80:67:8F:CB:81:BA:32:81:4A:67:00:F5:B8
            X509v3 Authority Key Identifier:
                keyid:E7:CF:38:84:B7:80:07:A2:5D:BE:2E:2C:EF:0C:C7:3B:69:92:1F:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5884hLeAB6Jdvi4s7wzHO2mSH4g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/F3zlltFpu4Bnj8uBujKBSmcA9bg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/4e7bc7-260e-47e6-8388-a184f3556e43/1/5884hLeAB6Jdvi4s7wzHO2mSH4g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  94.154.33.0/24
                  94.154.37.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:51:4b:6b:3f:c5:e8:38:2a:a1:31:b3:7b:ed:c9:36:42:d7:
         21:d3:86:c2:dd:f5:c8:07:ed:7f:e5:01:2c:b5:a8:f1:5f:f4:
         7f:71:6e:41:99:9d:0b:14:7d:18:36:10:24:52:a5:83:22:68:
         92:d1:69:c7:66:02:38:60:ca:c0:21:14:7b:81:9e:1f:c1:dd:
         3b:b5:49:80:4f:7b:a6:cd:64:d3:5a:c9:53:b8:ce:59:82:b0:
         c2:a7:77:7d:52:86:aa:77:fd:b5:f1:61:a5:b0:4c:f9:5c:a1:
         d3:a2:b4:f6:72:af:18:92:a9:8d:03:5c:8e:08:ae:25:7b:bd:
         5d:11:93:4e:43:f3:56:2b:98:21:22:52:53:19:72:17:cc:7b:
         8f:01:23:94:a6:68:a8:d6:d9:6b:cf:15:10:7a:ff:b6:0b:e9:
         0b:38:e6:f6:8d:a5:e2:47:4d:42:65:ee:c8:a6:9c:df:d8:eb:
         a3:7e:3c:51:4d:79:60:45:ee:8a:6f:7b:ef:21:34:a4:dc:09:
         52:92:9d:a9:c0:ab:50:8e:c3:29:22:07:ec:43:ae:47:f5:b4:
         c4:5d:e2:d1:ec:b0:e3:23:26:5f:e1:05:6b:2d:7a:2d:ae:fd:
         37:67:05:0b:92:c5:1a:a3:f1:3f:64:6d:c2:9c:66:0a:2c:69:
         69:64:ed:de
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdb9k6l3Qta83JPjdqxLiaWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3Y2YzODg0Yjc4MDA3YTI1ZGJlMmUyY2VmMGNjNzNiNjk5
MjFmODgwHhcNMjUwNjEwMjIyOTE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzdjZTU5NmQxNjliYjgwNjc4ZmNiODFiYTMyODE0YTY3MDBmNWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvJx8sbElgkEFk425JqXJCuTLQf9z
MQFPJTs7kWQlLK0i8L9D/RiMNiarDzIBQWrvdr3oD6mShXzba0Im83wlFW8Z8g6i
7RcheLTJt8vRccEJFayV/lZcGlKoiw/KJ72M4PDBn+I/9qSpHUDalkbWIKykBWDv
YWlvl1zAwwXZMWzqtXcdaWKwy4oLqWAYEDGuX35r2T/6FePiDwqV2cQ94lmmrHOo
pdaw5LgiXRQ7sMaYilnzGZl0u3JIhIfuRB+Z/VPHohHT5gNhTgiTvcdy+zTk37Ri
5NL4HpIFZ705ZnzHTFVpl/s2nbSrMko0ZeWaj6Bf980+4qIZPYxsXtvraQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBd85ZbRabuAZ4/LgboygUpnAPW4MB8GA1UdIwQY
MBaAFOfPOIS3gAeiXb4uLO8Mxztpkh+IMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgt
YTE4NGYzNTU2ZTQzLzEvRjN6bGx0RnB1NEJuajh1QnVqS0JTbWNBOWJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC80ZTdiYzctMjYwZS00N2U2LTgzODgtYTE4NGYzNTU2ZTQz
LzEvNTg4NGhMZUFCNkpkdmk0czd3ekhPMm1TSDRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAXpohAwQA
XpolMA0GCSqGSIb3DQEBCwUAA4IBAQBCUUtrP8XoOCqhMbN77ck2Qtch04bC3fXI
B+1/5QEstajxX/R/cW5BmZ0LFH0YNhAkUqWDImiS0WnHZgI4YMrAIRR7gZ4fwd07
tUmAT3umzWTTWslTuM5ZgrDCp3d9Uoaqd/218WGlsEz5XKHTorT2cq8YkqmNA1yO
CK4le71dEZNOQ/NWK5ghIlJTGXIXzHuPASOUpmio1tlrzxUQev+2C+kLOOb2jaXi
R01CZe7Ippzf2OujfjxRTXlgRe6Kb3vvITSk3AlSkp2pwKtQjsMpIgfsQ65H9bTE
XeLR7LDjIyZf4QVrLXotrv03ZwULksUao/E/ZG3CnGYKLGlpZO3e
-----END CERTIFICATE-----