Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/7v-L1KuWY_QeDJxKFVyRkWnFePQ.roa
File:                     7v-L1KuWY_QeDJxKFVyRkWnFePQ.roa (raw, json)
Hash identifier:          bVQczQ08ozX20fYuXzWGYS1jimxc5e2Qx5nVzF/4kuk=
Subject key identifier:   EE:FF:8B:D4:AB:96:63:F4:1E:0C:9C:4A:15:5C:91:91:69:C5:78:F4
Certificate issuer:       /CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
Certificate serial:       01975F4440BA102CBE665E36BEFCA1806044
Authority key identifier: 73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/7v-L1KuWY_QeDJxKFVyRkWnFePQ.roa
Signing time:             Wed 11 Jun 2025 13:53:17 +0000
ROA not before:           Wed 11 Jun 2025 13:53:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        5.22.204.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:5f:44:40:ba:10:2c:be:66:5e:36:be:fc:a1:80:60:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=73f210f1299a1e0aee71dc1d79e5fb12092d30a9
        Validity
            Not Before: Jun 11 13:53:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eeff8bd4ab9663f41e0c9c4a155c919169c578f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:56:7f:9f:34:af:86:09:ef:5a:11:e4:87:1e:
                    fb:b1:21:a5:ff:d8:d6:6f:78:77:15:f0:7e:9e:cc:
                    12:59:c4:db:17:f8:e1:37:14:87:e3:5c:e8:67:c4:
                    36:c6:a2:58:2e:75:43:a7:47:2f:ec:85:da:be:11:
                    38:7f:b4:18:ec:dd:64:cf:83:ce:39:10:20:db:d4:
                    f1:c8:22:27:f5:fe:71:84:0d:b0:3f:11:71:f5:9d:
                    0a:49:8f:e8:aa:cc:13:e5:13:44:69:0e:b9:46:dc:
                    b6:58:c3:8c:e0:76:b3:50:17:98:79:ef:f0:ac:08:
                    07:83:e5:02:b2:bb:08:e3:65:9a:3a:fa:f3:de:9d:
                    45:9a:86:a3:30:2c:da:c2:7a:5a:7b:72:ba:56:3b:
                    8e:ff:97:7d:40:ae:6b:90:df:33:2a:64:d7:e7:3b:
                    55:a2:75:1c:2a:27:2f:79:2b:05:e3:04:23:72:8d:
                    20:3a:37:45:ef:e6:9c:9b:8b:b4:2c:b7:12:f9:e1:
                    7c:49:0b:9d:0e:74:27:2f:df:89:72:86:c9:06:b4:
                    63:0b:e0:b9:3b:99:4c:ba:00:49:f6:88:11:73:44:
                    99:4b:3f:cd:29:5c:5d:e6:2d:48:8d:5a:05:28:55:
                    2f:9d:5c:98:d3:7d:9e:4e:e4:13:d4:04:64:b3:21:
                    66:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:FF:8B:D4:AB:96:63:F4:1E:0C:9C:4A:15:5C:91:91:69:C5:78:F4
            X509v3 Authority Key Identifier:
                keyid:73:F2:10:F1:29:9A:1E:0A:EE:71:DC:1D:79:E5:FB:12:09:2D:30:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/c_IQ8SmaHgrucdwdeeX7EgktMKk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/7v-L1KuWY_QeDJxKFVyRkWnFePQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/db1b48-1cc5-4833-93d9-b9464718ba37/1/c_IQ8SmaHgrucdwdeeX7EgktMKk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.22.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         86:f6:06:9b:ce:b3:95:85:58:09:78:e3:1a:cc:87:a7:cf:b0:
         58:d2:63:26:cd:ed:53:b9:6f:e8:bb:7a:d9:9b:32:26:60:a6:
         99:02:eb:1d:0b:c9:d7:6d:7b:11:b6:c5:e7:63:af:aa:5f:49:
         c0:11:a3:7e:3c:10:08:8a:4b:ad:50:e5:80:22:18:16:74:c2:
         bc:cf:4f:ec:c0:eb:26:4c:cd:07:a4:47:eb:10:b7:f0:a8:df:
         25:b6:5d:3d:53:c0:04:ff:55:22:0d:0b:d0:96:c1:54:7b:71:
         35:76:78:4e:8f:b4:63:43:d2:25:d4:98:8b:fd:6d:d5:7f:b9:
         84:5b:9a:55:a6:88:8d:40:5b:24:dc:ae:2a:3a:8e:77:75:23:
         fc:97:73:68:76:b1:d0:4b:e8:b0:6e:f1:73:d5:90:f8:ce:c9:
         08:90:2e:9a:cc:02:39:a3:51:03:83:e6:3b:6d:41:25:ce:5a:
         44:36:81:82:52:15:47:5a:1d:14:65:29:b8:d8:a4:78:3d:c3:
         f2:2e:a3:74:00:6b:8f:90:21:17:21:d2:03:a2:eb:81:07:08:
         72:07:ef:da:69:be:9b:59:34:8f:c8:6c:f5:85:f0:99:78:1e:
         20:aa:c4:3d:f1:a7:2b:f4:4e:cf:d1:65:46:0a:48:60:6c:20:
         d7:1b:dc:0e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdfREC6ECy+Zl42vvyhgGBEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDczZjIxMGYxMjk5YTFlMGFlZTcxZGMxZDc5ZTVmYjEyMDky
ZDMwYTkwHhcNMjUwNjExMTM1MzE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWZmOGJkNGFiOTY2M2Y0MWUwYzljNGExNTVjOTE5MTY5YzU3OGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnlZ/nzSvhgnvWhHkhx77sSGl/9jW
b3h3FfB+nswSWcTbF/jhNxSH41zoZ8Q2xqJYLnVDp0cv7IXavhE4f7QY7N1kz4PO
ORAg29TxyCIn9f5xhA2wPxFx9Z0KSY/oqswT5RNEaQ65Rty2WMOM4HazUBeYee/w
rAgHg+UCsrsI42WaOvrz3p1FmoajMCzawnpae3K6VjuO/5d9QK5rkN8zKmTX5ztV
onUcKicveSsF4wQjco0gOjdF7+acm4u0LLcS+eF8SQudDnQnL9+JcobJBrRjC+C5
O5lMugBJ9ogRc0SZSz/NKVxd5i1IjVoFKFUvnVyY032eTuQT1ARksyFmpwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO7/i9SrlmP0HgycShVckZFpxXj0MB8GA1UdIwQY
MBaAFHPyEPEpmh4K7nHcHXnl+xIJLTCpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDkt
Yjk0NjQ3MThiYTM3LzEvN3YtTDFLdVdZX1FlREp4S0ZWeVJrV25GZVBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kYjFiNDgtMWNjNS00ODMzLTkzZDktYjk0NjQ3MThiYTM3
LzEvY19JUThTbWFIZ3J1Y2R3ZGVlWDdFZ2t0TUtrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCBRbMMA0G
CSqGSIb3DQEBCwUAA4IBAQCG9gabzrOVhVgJeOMazIenz7BY0mMmze1TuW/ou3rZ
mzImYKaZAusdC8nXbXsRtsXnY6+qX0nAEaN+PBAIikutUOWAIhgWdMK8z0/swOsm
TM0HpEfrELfwqN8ltl09U8AE/1UiDQvQlsFUe3E1dnhOj7RjQ9Il1JiL/W3Vf7mE
W5pVpoiNQFsk3K4qOo53dSP8l3NodrHQS+iwbvFz1ZD4zskIkC6azAI5o1EDg+Y7
bUElzlpENoGCUhVHWh0UZSm42KR4PcPyLqN0AGuPkCEXIdIDouuBBwhyB+/aab6b
WTSPyGz1hfCZeB4gqsQ98acr9E7P0WVGCkhgbCDXG9wO
-----END CERTIFICATE-----