Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/ae0d8b-4857-4ba7-b342-5ec336bf743b/1/7bzu_LepARRevToiBMnO6X5yiVY.roa
File:                     7bzu_LepARRevToiBMnO6X5yiVY.roa (raw, json)
Hash identifier:          W9mX7XIEfvmcJR2UeQu48FRHpuApL2HCMC6pqhJI5pw=
Subject key identifier:   ED:BC:EE:FC:B7:A9:01:14:5E:BD:3A:22:04:C9:CE:E9:7E:72:89:56
Certificate issuer:       /CN=e27e1dd07466278036ba5cd943d7b0e021cf8628
Certificate serial:       0197EFAEF059C3578973211BCAEFC2102037
Authority key identifier: E2:7E:1D:D0:74:66:27:80:36:BA:5C:D9:43:D7:B0:E0:21:CF:86:28
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4n4d0HRmJ4A2ulzZQ9ew4CHPhig.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/ae0d8b-4857-4ba7-b342-5ec336bf743b/1/7bzu_LepARRevToiBMnO6X5yiVY.roa
Signing time:             Wed 09 Jul 2025 14:55:08 +0000
ROA not before:           Wed 09 Jul 2025 14:55:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213522
IP address blocks:        89.150.62.0/24 maxlen: 25
                          2a14:ec0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/ae0d8b-4857-4ba7-b342-5ec336bf743b/1/4n4d0HRmJ4A2ulzZQ9ew4CHPhig.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/ae0d8b-4857-4ba7-b342-5ec336bf743b/1/4n4d0HRmJ4A2ulzZQ9ew4CHPhig.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4n4d0HRmJ4A2ulzZQ9ew4CHPhig.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 06 Aug 2025 23:00:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ef:ae:f0:59:c3:57:89:73:21:1b:ca:ef:c2:10:20:37
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e27e1dd07466278036ba5cd943d7b0e021cf8628
        Validity
            Not Before: Jul  9 14:55:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=edbceefcb7a901145ebd3a2204c9cee97e728956
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:ed:f5:ae:fc:14:29:5d:b7:bb:74:7b:de:64:
                    a9:ef:89:86:85:36:56:32:88:d9:13:03:5f:92:2f:
                    6a:50:c6:e7:f8:50:38:01:37:18:10:27:a0:b6:2e:
                    3e:80:f2:c8:4f:e8:30:c7:54:83:b3:95:90:eb:09:
                    70:90:05:fe:8d:e5:8b:03:24:ab:fe:44:07:95:0b:
                    d7:2a:fd:0c:e9:1e:d5:b5:10:4e:7a:fa:20:74:2e:
                    ca:ad:06:47:1c:fa:18:b8:f9:8c:fd:46:7a:dd:74:
                    b9:21:e4:03:f7:9a:7e:fe:3c:08:4f:20:4f:7c:ad:
                    72:20:e1:72:da:72:b3:a5:32:70:79:ff:c6:3f:19:
                    04:2a:96:56:b5:37:47:31:d2:27:ee:d2:bb:58:0d:
                    13:fb:8c:44:d4:0b:4f:1c:36:a7:c4:06:ea:49:89:
                    f4:c7:8b:b7:d3:3c:23:66:93:e9:a0:05:33:4c:9f:
                    82:a8:7f:bb:64:5b:c6:64:7d:f8:3d:71:ab:ef:dd:
                    11:21:32:f2:b5:60:f4:b6:ff:e4:c4:ad:db:d9:1e:
                    aa:5c:54:c7:71:d9:f5:0d:b7:fc:bb:cf:bd:3a:eb:
                    bd:bf:95:f3:28:6d:10:85:aa:66:4a:30:2a:b4:90:
                    20:02:91:f3:27:e3:fe:58:cb:29:58:fc:95:1f:cd:
                    ad:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:BC:EE:FC:B7:A9:01:14:5E:BD:3A:22:04:C9:CE:E9:7E:72:89:56
            X509v3 Authority Key Identifier:
                keyid:E2:7E:1D:D0:74:66:27:80:36:BA:5C:D9:43:D7:B0:E0:21:CF:86:28

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4n4d0HRmJ4A2ulzZQ9ew4CHPhig.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ae0d8b-4857-4ba7-b342-5ec336bf743b/1/7bzu_LepARRevToiBMnO6X5yiVY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/ae0d8b-4857-4ba7-b342-5ec336bf743b/1/4n4d0HRmJ4A2ulzZQ9ew4CHPhig.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.150.62.0/24
                IPv6:
                  2a14:ec0::/29

    Signature Algorithm: sha256WithRSAEncryption
         aa:f3:c6:c4:e8:4d:ad:7f:91:4b:6b:26:70:ec:b0:32:ed:6a:
         8e:6b:07:8a:5d:1f:c9:0a:ca:c9:d1:c3:7d:22:18:b6:db:57:
         4e:04:a2:3b:fd:39:05:b1:30:2f:c1:13:8c:4c:8d:ed:d1:04:
         df:30:1c:1c:74:5e:84:12:d5:31:34:bd:aa:30:a7:c4:60:c8:
         e6:18:d3:b0:c1:e1:6a:54:61:fe:c0:1f:c2:4f:e7:2f:8b:5f:
         34:3e:a6:fc:e9:ca:3b:4d:4d:65:a8:a1:74:df:03:3a:66:c6:
         b2:79:71:3b:0a:3d:9c:66:a2:46:50:dd:ce:e8:df:d9:5b:e7:
         fb:e3:16:39:a5:d7:38:59:6b:6c:5a:7b:1d:97:ea:5d:a3:39:
         ec:63:e5:60:51:f9:d9:8d:83:43:6c:2e:00:51:68:ff:e0:d8:
         1c:2e:fe:59:be:2a:72:d9:30:84:56:ca:14:ac:e8:f6:cc:41:
         a0:f7:3d:1f:f4:bf:ed:85:53:1b:9f:ce:bb:df:2c:c4:0a:ad:
         af:58:e0:f1:87:a8:66:88:82:19:99:93:79:cd:75:ca:86:d4:
         a8:74:2c:58:28:10:94:bc:3c:24:d3:54:32:6c:4e:f8:24:bd:
         42:a6:de:98:c8:fb:f8:83:35:68:59:80:65:5e:cb:b0:d1:4e:
         f7:40:14:2a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZfvrvBZw1eJcyEbyu/CECA3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyN2UxZGQwNzQ2NjI3ODAzNmJhNWNkOTQzZDdiMGUwMjFj
Zjg2MjgwHhcNMjUwNzA5MTQ1NTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZGJjZWVmY2I3YTkwMTE0NWViZDNhMjIwNGM5Y2VlOTdlNzI4OTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4+31rvwUKV23u3R73mSp74mGhTZW
MojZEwNfki9qUMbn+FA4ATcYECegti4+gPLIT+gwx1SDs5WQ6wlwkAX+jeWLAySr
/kQHlQvXKv0M6R7VtRBOevogdC7KrQZHHPoYuPmM/UZ63XS5IeQD95p+/jwITyBP
fK1yIOFy2nKzpTJwef/GPxkEKpZWtTdHMdIn7tK7WA0T+4xE1AtPHDanxAbqSYn0
x4u30zwjZpPpoAUzTJ+CqH+7ZFvGZH34PXGr790RITLytWD0tv/kxK3b2R6qXFTH
cdn1Dbf8u8+9Ouu9v5XzKG0QhapmSjAqtJAgApHzJ+P+WMspWPyVH82tIQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFO287vy3qQEUXr06IgTJzul+colWMB8GA1UdIwQY
MBaAFOJ+HdB0ZieANrpc2UPXsOAhz4YoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNG40ZDBIUm1KNEEydWx6WlE5ZXc0Q0hQaGlnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy9hZTBkOGItNDg1Ny00YmE3LWIzNDIt
NWVjMzM2YmY3NDNiLzEvN2J6dV9MZXBBUlJldlRvaUJNbk82WDV5aVZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy9hZTBkOGItNDg1Ny00YmE3LWIzNDItNWVjMzM2YmY3NDNi
LzEvNG40ZDBIUm1KNEEydWx6WlE5ZXc0Q0hQaGlnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAWZY+MA0E
AgACMAcDBQMqFA7AMA0GCSqGSIb3DQEBCwUAA4IBAQCq88bE6E2tf5FLayZw7LAy
7WqOaweKXR/JCsrJ0cN9Ihi221dOBKI7/TkFsTAvwROMTI3t0QTfMBwcdF6EEtUx
NL2qMKfEYMjmGNOwweFqVGH+wB/CT+cvi180Pqb86co7TU1lqKF03wM6ZsayeXE7
Cj2cZqJGUN3O6N/ZW+f74xY5pdc4WWtsWnsdl+pdoznsY+VgUfnZjYNDbC4AUWj/
4NgcLv5Zvipy2TCEVsoUrOj2zEGg9z0f9L/thVMbn8673yzECq2vWODxh6hmiIIZ
mZN5zXXKhtSodCxYKBCUvDwk01QybE74JL1Cpt6YyPv4gzVoWYBlXsuw0U73QBQq
-----END CERTIFICATE-----