Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/31fd16-6d00-4d09-a8d4-c1d6c8f319c1/1/7spEQVqcL4vrSpVaVj2ZHbdCXAk.roa
File:                     7spEQVqcL4vrSpVaVj2ZHbdCXAk.roa (raw, json)
Hash identifier:          fpYq7eNAV/2Q3SZsPHHqVIOf+rVV6huCrpQyiQCeASw=
Subject key identifier:   EE:CA:44:41:5A:9C:2F:8B:EB:4A:95:5A:56:3D:99:1D:B7:42:5C:09
Certificate issuer:       /CN=510ce781db0dc7e4f9f494145a295e4ccb121cae
Certificate serial:       0196399074360C7C3F3324E57DDF767DC1C0
Authority key identifier: 51:0C:E7:81:DB:0D:C7:E4:F9:F4:94:14:5A:29:5E:4C:CB:12:1C:AE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/UQzngdsNx-T59JQUWileTMsSHK4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/31fd16-6d00-4d09-a8d4-c1d6c8f319c1/1/7spEQVqcL4vrSpVaVj2ZHbdCXAk.roa
Signing time:             Tue 15 Apr 2025 13:08:10 +0000
ROA not before:           Tue 15 Apr 2025 13:08:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     21469
IP address blocks:        80.252.192.0/20 maxlen: 20
                          80.252.192.0/22 maxlen: 22
                          80.252.192.0/23 maxlen: 23
                          80.252.194.0/23 maxlen: 23
                          80.252.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/31fd16-6d00-4d09-a8d4-c1d6c8f319c1/1/UQzngdsNx-T59JQUWileTMsSHK4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/31fd16-6d00-4d09-a8d4-c1d6c8f319c1/1/UQzngdsNx-T59JQUWileTMsSHK4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/UQzngdsNx-T59JQUWileTMsSHK4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 28 Apr 2025 13:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:39:90:74:36:0c:7c:3f:33:24:e5:7d:df:76:7d:c1:c0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=510ce781db0dc7e4f9f494145a295e4ccb121cae
        Validity
            Not Before: Apr 15 13:08:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eeca44415a9c2f8beb4a955a563d991db7425c09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:72:58:2b:59:c5:35:48:2c:18:77:8b:20:df:
                    ca:2b:43:35:00:2b:93:76:15:14:30:f7:da:b8:e5:
                    4b:5b:04:94:37:1f:3f:0f:99:f0:a1:f9:b3:3c:27:
                    9d:40:f9:91:25:c9:a6:a2:da:de:e9:cd:13:5b:a2:
                    64:7f:70:ff:28:96:a3:04:d2:ff:52:86:f3:7f:76:
                    e8:43:35:60:78:3e:4b:0b:05:75:1f:bb:04:95:9a:
                    18:49:8e:66:69:fa:10:cf:ee:78:f8:1f:e4:1d:74:
                    b3:fc:1f:49:f9:55:20:5e:a9:39:aa:9a:9a:ed:26:
                    09:0d:ad:44:d1:4f:ec:bb:38:cf:9d:9a:1d:15:4a:
                    35:b1:1f:54:03:74:b8:68:cd:a7:d5:be:11:68:60:
                    6b:e3:84:dd:64:b4:4b:47:79:06:8d:d7:a8:36:25:
                    3a:0d:55:d3:57:f3:85:7f:58:09:e4:87:27:ab:2a:
                    1d:8d:e8:5f:4f:3b:95:18:02:4a:89:3c:da:5e:4a:
                    44:62:49:9b:15:72:65:d8:12:24:a7:12:be:06:3b:
                    3c:8f:6d:4f:60:9d:25:db:29:64:99:47:50:ec:c7:
                    e9:a7:81:a3:51:80:93:ce:ee:d0:a7:a0:d4:a7:15:
                    d2:7f:98:2a:a1:d3:97:36:d0:64:f9:66:35:85:91:
                    3e:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:CA:44:41:5A:9C:2F:8B:EB:4A:95:5A:56:3D:99:1D:B7:42:5C:09
            X509v3 Authority Key Identifier:
                keyid:51:0C:E7:81:DB:0D:C7:E4:F9:F4:94:14:5A:29:5E:4C:CB:12:1C:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UQzngdsNx-T59JQUWileTMsSHK4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/31fd16-6d00-4d09-a8d4-c1d6c8f319c1/1/7spEQVqcL4vrSpVaVj2ZHbdCXAk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/31fd16-6d00-4d09-a8d4-c1d6c8f319c1/1/UQzngdsNx-T59JQUWileTMsSHK4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.252.192.0/20

    Signature Algorithm: sha256WithRSAEncryption
         9f:d8:2d:01:04:6e:50:6f:18:a1:ea:b3:03:68:54:6d:b2:bd:
         33:11:44:5c:30:cf:3b:de:68:fb:d0:b9:b0:4d:08:4c:f2:55:
         ad:7a:0b:7f:e9:60:22:6b:27:38:dd:39:39:7b:77:25:07:7f:
         38:51:99:86:d2:90:bc:e7:d0:17:bb:91:89:06:06:e2:88:e6:
         c3:a0:8b:30:85:db:9a:a6:41:c4:6d:a1:49:f8:9e:a3:b7:b6:
         10:8e:01:60:73:8b:19:48:67:eb:69:57:af:59:01:44:92:83:
         0e:18:9f:6d:c9:8b:3e:85:92:f4:9b:f1:cf:89:ec:93:3b:1f:
         16:c0:2c:51:d9:48:aa:9e:f4:77:93:81:1e:0f:4d:45:97:43:
         f1:13:03:1f:66:cf:6b:95:ca:98:c9:88:2e:93:24:ce:42:09:
         e1:7d:23:fe:a4:e4:72:28:b4:24:d1:f0:26:8d:4f:c3:7c:0e:
         b5:94:b5:70:ad:bd:7a:e2:2e:39:99:65:73:7e:fe:1b:60:01:
         2c:35:d7:49:93:a0:16:3b:7f:e2:f1:3f:43:39:dd:20:5a:05:
         48:fd:c5:ee:eb:ce:6f:dd:4d:7f:9e:40:77:67:c2:86:b0:be:
         cf:bf:88:ee:ca:95:54:e7:c1:61:d2:59:80:18:15:d7:89:26:
         67:36:5a:27
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZY5kHQ2DHw/MyTlfd92fcHAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUxMGNlNzgxZGIwZGM3ZTRmOWY0OTQxNDVhMjk1ZTRjY2Ix
MjFjYWUwHhcNMjUwNDE1MTMwODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZWNhNDQ0MTVhOWMyZjhiZWI0YTk1NWE1NjNkOTkxZGI3NDI1YzA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqHJYK1nFNUgsGHeLIN/KK0M1ACuT
dhUUMPfauOVLWwSUNx8/D5nwofmzPCedQPmRJcmmotre6c0TW6Jkf3D/KJajBNL/
Uobzf3boQzVgeD5LCwV1H7sElZoYSY5mafoQz+54+B/kHXSz/B9J+VUgXqk5qpqa
7SYJDa1E0U/suzjPnZodFUo1sR9UA3S4aM2n1b4RaGBr44TdZLRLR3kGjdeoNiU6
DVXTV/OFf1gJ5IcnqyodjehfTzuVGAJKiTzaXkpEYkmbFXJl2BIkpxK+Bjs8j21P
YJ0l2ylkmUdQ7Mfpp4GjUYCTzu7Qp6DUpxXSf5gqodOXNtBk+WY1hZE+owIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFO7KREFanC+L60qVWlY9mR23QlwJMB8GA1UdIwQY
MBaAFFEM54HbDcfk+fSUFFopXkzLEhyuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVVF6bmdkc054LVQ1OUpRVVdpbGVUTXNTSEs0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi8zMWZkMTYtNmQwMC00ZDA5LWE4ZDQt
YzFkNmM4ZjMxOWMxLzEvN3NwRVFWcWNMNHZyU3BWYVZqMlpIYmRDWEFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi8zMWZkMTYtNmQwMC00ZDA5LWE4ZDQtYzFkNmM4ZjMxOWMx
LzEvVVF6bmdkc054LVQ1OUpRVVdpbGVUTXNTSEs0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEUPzAMA0G
CSqGSIb3DQEBCwUAA4IBAQCf2C0BBG5Qbxih6rMDaFRtsr0zEURcMM873mj70Lmw
TQhM8lWtegt/6WAiayc43Tk5e3clB384UZmG0pC859AXu5GJBgbiiObDoIswhdua
pkHEbaFJ+J6jt7YQjgFgc4sZSGfraVevWQFEkoMOGJ9tyYs+hZL0m/HPieyTOx8W
wCxR2UiqnvR3k4EeD01Fl0PxEwMfZs9rlcqYyYgukyTOQgnhfSP+pORyKLQk0fAm
jU/DfA61lLVwrb164i45mWVzfv4bYAEsNddJk6AWO3/i8T9DOd0gWgVI/cXu685v
3U1/nkB3Z8KGsL7Pv4juypVU58Fh0lmAGBXXiSZnNlon
-----END CERTIFICATE-----