Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/55jh7ZUXwY_9NSAWp4_RLJkLobk.roa
File:                     55jh7ZUXwY_9NSAWp4_RLJkLobk.roa (raw, json)
Hash identifier:          q93ZDaiBje1HE/Gb640AQrHdK3FIANVFUxJnhDp/M4A=
Subject key identifier:   E7:98:E1:ED:95:17:C1:8F:FD:35:20:16:A7:8F:D1:2C:99:0B:A1:B9
Certificate issuer:       /CN=7e1167886da81524431bbf2efb0572914b686ebc
Certificate serial:       019425FDE950C2B7AF2D7B060BDC3AEDE9B0
Authority key identifier: 7E:11:67:88:6D:A8:15:24:43:1B:BF:2E:FB:05:72:91:4B:68:6E:BC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fhFniG2oFSRDG78u-wVykUtobrw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/55jh7ZUXwY_9NSAWp4_RLJkLobk.roa
Signing time:             Thu 02 Jan 2025 07:49:44 +0000
ROA not before:           Thu 02 Jan 2025 07:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202
IP address blocks:        195.160.148.0/24 maxlen: 24
                          195.160.149.0/24 maxlen: 24
                          212.39.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/fhFniG2oFSRDG78u-wVykUtobrw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/fhFniG2oFSRDG78u-wVykUtobrw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fhFniG2oFSRDG78u-wVykUtobrw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:e9:50:c2:b7:af:2d:7b:06:0b:dc:3a:ed:e9:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e1167886da81524431bbf2efb0572914b686ebc
        Validity
            Not Before: Jan  2 07:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e798e1ed9517c18ffd352016a78fd12c990ba1b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:49:29:89:07:3a:14:75:6d:93:ce:64:40:aa:
                    1e:58:07:d9:73:d2:80:f8:24:61:c1:51:20:7f:99:
                    b1:7e:36:76:bb:ab:dc:4f:d3:71:16:a3:0e:df:a2:
                    e7:21:b7:b6:9c:fe:35:e0:a2:3f:19:4b:87:91:2a:
                    55:ff:0d:66:81:04:7f:c3:b1:75:46:2f:7f:fa:12:
                    1c:c1:76:91:db:bf:50:8e:ff:a7:64:93:bd:a5:b4:
                    11:93:12:85:f2:81:7f:fa:e4:ff:1e:96:67:74:db:
                    25:fd:2a:a1:a8:7f:17:66:3e:35:ff:95:66:b9:c0:
                    54:58:73:82:3e:90:8c:21:37:79:00:eb:ca:57:dd:
                    6d:7c:36:1e:3d:e7:2d:d8:34:d8:df:d5:58:77:38:
                    26:31:d3:47:91:d0:b6:0c:cc:53:5c:e3:0a:dc:f2:
                    c5:33:5d:b5:4e:44:27:85:d2:3e:2c:9f:f9:e8:7e:
                    a2:fc:c0:8f:13:4d:09:99:d0:f8:0f:54:62:a1:a1:
                    6f:2a:0f:3d:9e:37:ce:9e:45:f3:b6:ef:71:e6:3a:
                    5d:e0:e8:54:81:a8:c7:52:99:70:6e:07:b8:85:10:
                    f4:c9:c3:95:e5:b6:6f:f5:dd:28:4e:8a:ed:a1:ee:
                    aa:20:fe:d1:67:6a:e3:a6:aa:11:7b:b2:39:aa:e8:
                    cd:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E7:98:E1:ED:95:17:C1:8F:FD:35:20:16:A7:8F:D1:2C:99:0B:A1:B9
            X509v3 Authority Key Identifier:
                keyid:7E:11:67:88:6D:A8:15:24:43:1B:BF:2E:FB:05:72:91:4B:68:6E:BC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fhFniG2oFSRDG78u-wVykUtobrw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/55jh7ZUXwY_9NSAWp4_RLJkLobk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/f92cd7-646c-441b-ae46-9b282c643256/1/fhFniG2oFSRDG78u-wVykUtobrw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.160.148.0/23
                  212.39.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:2e:55:90:6c:77:78:7b:f6:80:6d:be:06:65:cc:b7:1e:18:
         ee:bf:4e:8a:22:cb:4f:a4:90:09:f1:4e:1f:e1:58:77:3d:dc:
         ee:92:9d:6b:78:4e:61:01:ce:8b:5c:7d:3f:6c:0c:51:1e:14:
         f1:a0:2c:62:10:4e:6a:7c:b3:34:91:99:9f:c2:c6:3f:a7:2c:
         a0:4a:2c:0e:30:d7:42:1d:aa:ca:4b:1a:c1:d1:9f:00:02:c0:
         1c:2d:19:b0:7f:3f:31:19:2b:50:7d:d9:c8:73:d0:f3:b4:89:
         97:d1:1f:d9:12:0f:91:a7:c5:74:71:95:85:af:0e:97:7b:bd:
         29:1b:5e:b9:18:cb:8e:65:ff:93:ba:a8:1e:fa:27:1d:4e:7b:
         40:e7:44:12:11:cc:52:63:6e:47:eb:91:5f:51:b9:39:3d:b8:
         d3:40:56:e3:83:3b:74:a3:4b:05:2b:3b:80:eb:f8:85:1d:e9:
         00:25:d7:be:67:c6:9b:a5:83:42:f3:d2:36:11:10:97:47:c7:
         d4:59:68:9e:c4:18:d9:68:3b:3e:98:d3:fc:7a:2f:ea:c8:55:
         fa:a2:1f:aa:eb:6f:6e:81:a2:ab:40:4c:16:ef:02:13:69:79:
         8e:e8:54:05:18:7b:d4:63:1c:cb:18:ba:de:62:95:b4:60:94:
         4a:c4:23:8f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQl/elQwrevLXsGC9w67emwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlMTE2Nzg4NmRhODE1MjQ0MzFiYmYyZWZiMDU3MjkxNGI2
ODZlYmMwHhcNMjUwMTAyMDc0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNzk4ZTFlZDk1MTdjMThmZmQzNTIwMTZhNzhmZDEyYzk5MGJhMWI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApkkpiQc6FHVtk85kQKoeWAfZc9KA
+CRhwVEgf5mxfjZ2u6vcT9NxFqMO36LnIbe2nP414KI/GUuHkSpV/w1mgQR/w7F1
Ri9/+hIcwXaR279Qjv+nZJO9pbQRkxKF8oF/+uT/HpZndNsl/SqhqH8XZj41/5Vm
ucBUWHOCPpCMITd5AOvKV91tfDYePect2DTY39VYdzgmMdNHkdC2DMxTXOMK3PLF
M121TkQnhdI+LJ/56H6i/MCPE00JmdD4D1RioaFvKg89njfOnkXztu9x5jpd4OhU
gajHUplwbge4hRD0ycOV5bZv9d0oTortoe6qIP7RZ2rjpqoRe7I5qujNCwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOeY4e2VF8GP/TUgFqeP0SyZC6G5MB8GA1UdIwQY
MBaAFH4RZ4htqBUkQxu/LvsFcpFLaG68MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmhGbmlHMm9GU1JERzc4dS13VnlrVXRvYnJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi9mOTJjZDctNjQ2Yy00NDFiLWFlNDYt
OWIyODJjNjQzMjU2LzEvNTVqaDdaVVh3WV85TlNBV3A0X1JMSmtMb2JrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi9mOTJjZDctNjQ2Yy00NDFiLWFlNDYtOWIyODJjNjQzMjU2
LzEvZmhGbmlHMm9GU1JERzc4dS13VnlrVXRvYnJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBw6CUAwQA
1CflMA0GCSqGSIb3DQEBCwUAA4IBAQAnLlWQbHd4e/aAbb4GZcy3Hhjuv06KIstP
pJAJ8U4f4Vh3Pdzukp1reE5hAc6LXH0/bAxRHhTxoCxiEE5qfLM0kZmfwsY/pyyg
SiwOMNdCHarKSxrB0Z8AAsAcLRmwfz8xGStQfdnIc9DztImX0R/ZEg+Rp8V0cZWF
rw6Xe70pG165GMuOZf+Tuqge+icdTntA50QSEcxSY25H65FfUbk5PbjTQFbjgzt0
o0sFKzuA6/iFHekAJde+Z8abpYNC89I2ERCXR8fUWWiexBjZaDs+mNP8ei/qyFX6
oh+q629ugaKrQEwW7wITaXmO6FQFGHvUYxzLGLreYpW0YJRKxCOP
-----END CERTIFICATE-----