Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/7NbESzXRMNmvEomT-Mf8me7h-5o.roa
File:                     7NbESzXRMNmvEomT-Mf8me7h-5o.roa (raw, json)
Hash identifier:          sP5JFPjYHopQ7eTPfJ05mH6EJsqFFPFigu0p8AF8Ees=
Subject key identifier:   EC:D6:C4:4B:35:D1:30:D9:AF:12:89:93:F8:C7:FC:99:EE:E1:FB:9A
Certificate issuer:       /CN=4b796f0b3051b5bc814b2e89cb470a3826b2bf00
Certificate serial:       019649A2D5901769E67A5C11DD236354C101
Authority key identifier: 4B:79:6F:0B:30:51:B5:BC:81:4B:2E:89:CB:47:0A:38:26:B2:BF:00
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S3lvCzBRtbyBSy6Jy0cKOCayvwA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/7NbESzXRMNmvEomT-Mf8me7h-5o.roa
Signing time:             Fri 18 Apr 2025 16:02:10 +0000
ROA not before:           Fri 18 Apr 2025 16:02:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.42.71.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/S3lvCzBRtbyBSy6Jy0cKOCayvwA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/S3lvCzBRtbyBSy6Jy0cKOCayvwA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S3lvCzBRtbyBSy6Jy0cKOCayvwA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 04:01:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:49:a2:d5:90:17:69:e6:7a:5c:11:dd:23:63:54:c1:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b796f0b3051b5bc814b2e89cb470a3826b2bf00
        Validity
            Not Before: Apr 18 16:02:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ecd6c44b35d130d9af128993f8c7fc99eee1fb9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:1d:23:77:35:9b:c4:cd:f8:ef:56:f4:96:20:
                    01:ac:1e:cb:1d:6b:20:7c:4e:4e:2d:77:f4:8b:bb:
                    27:d5:f8:a2:b3:63:7d:ff:60:ae:96:89:cd:d7:42:
                    e0:10:79:9b:aa:b8:b9:78:87:10:09:9b:26:7e:49:
                    90:26:7d:f8:ad:5a:6c:4d:d8:59:94:f2:8a:81:81:
                    26:b7:e0:55:99:e4:d4:c7:18:c3:b7:23:b4:eb:cb:
                    f9:3f:4f:2f:7a:9c:53:f3:20:22:9d:29:93:71:6f:
                    07:cc:cf:17:b1:b9:93:df:49:62:a5:61:a5:86:1e:
                    2c:d6:97:2a:20:92:f7:fa:2d:a6:36:22:8a:5b:96:
                    e1:ec:87:b8:d7:4e:48:38:1a:19:78:7e:cb:8a:3b:
                    90:eb:dd:cb:3b:fd:a5:21:2b:41:8c:96:df:58:b1:
                    e3:ac:d2:4b:fa:bb:96:be:50:62:53:55:f9:30:65:
                    6a:0b:05:ef:ea:f5:e6:19:c9:c1:c6:ef:28:c7:65:
                    90:31:70:f4:e8:c6:b3:24:d0:97:11:6b:56:9b:3f:
                    d8:4a:0d:cb:78:f1:6b:b5:3a:44:c7:5a:44:58:6b:
                    a1:f0:d7:fb:5e:77:42:93:03:ac:1c:e7:8d:8a:9c:
                    f2:1d:4f:af:e9:d7:77:4f:f4:20:fd:41:c9:df:ed:
                    b6:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:D6:C4:4B:35:D1:30:D9:AF:12:89:93:F8:C7:FC:99:EE:E1:FB:9A
            X509v3 Authority Key Identifier:
                keyid:4B:79:6F:0B:30:51:B5:BC:81:4B:2E:89:CB:47:0A:38:26:B2:BF:00

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S3lvCzBRtbyBSy6Jy0cKOCayvwA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/7NbESzXRMNmvEomT-Mf8me7h-5o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f7/bb46f5-9ff2-4058-9050-fbdcb1a41467/1/S3lvCzBRtbyBSy6Jy0cKOCayvwA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.42.71.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:ba:4c:99:e5:4d:2c:48:6e:60:29:c6:ca:33:0a:60:97:7a:
         b5:46:c4:41:6b:2e:af:f6:ec:c7:7b:3a:ea:6e:98:51:bd:2c:
         76:66:19:6b:74:3a:01:54:f0:60:1a:bf:96:bb:76:29:d4:87:
         da:38:58:b3:7f:67:b5:6f:2e:05:41:ec:df:1b:ed:70:5a:5b:
         ae:0d:38:de:99:e7:99:9c:e5:01:08:ba:35:c8:fe:24:50:31:
         99:d9:ed:60:2f:89:05:a7:d8:64:20:3e:68:b7:7f:a4:9d:c6:
         e5:04:d5:62:ca:7d:fc:0d:42:ea:cf:b4:2d:41:fd:6e:bc:15:
         7f:8f:dd:fe:77:66:35:93:93:5d:7e:59:13:d3:e7:b3:26:af:
         fd:79:b0:31:c0:0e:ee:d1:3d:ed:ce:4b:a6:4c:ee:f4:0e:fe:
         8e:f2:38:b5:db:5d:02:88:ff:ba:1c:52:2b:92:d3:a7:02:db:
         8f:65:5b:b6:08:7a:be:20:db:36:c7:fc:5b:54:c7:53:47:fd:
         f7:8b:92:c0:18:2f:80:d6:f8:35:c6:d6:de:ff:15:a5:df:65:
         5f:ab:76:ee:3b:d1:71:c9:ec:5e:38:4c:8e:5e:23:0e:19:14:
         ef:de:bf:85:a6:80:34:e7:53:4d:e8:87:75:43:bc:d0:67:85:
         05:7b:2f:7a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZJotWQF2nmelwR3SNjVMEBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNzk2ZjBiMzA1MWI1YmM4MTRiMmU4OWNiNDcwYTM4MjZi
MmJmMDAwHhcNMjUwNDE4MTYwMjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlY2Q2YzQ0YjM1ZDEzMGQ5YWYxMjg5OTNmOGM3ZmM5OWVlZTFmYjlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoh0jdzWbxM3471b0liABrB7LHWsg
fE5OLXf0i7sn1fiis2N9/2CulonN10LgEHmbqri5eIcQCZsmfkmQJn34rVpsTdhZ
lPKKgYEmt+BVmeTUxxjDtyO068v5P08vepxT8yAinSmTcW8HzM8XsbmT30lipWGl
hh4s1pcqIJL3+i2mNiKKW5bh7Ie4105IOBoZeH7LijuQ693LO/2lIStBjJbfWLHj
rNJL+ruWvlBiU1X5MGVqCwXv6vXmGcnBxu8ox2WQMXD06MazJNCXEWtWmz/YSg3L
ePFrtTpEx1pEWGuh8Nf7XndCkwOsHOeNipzyHU+v6dd3T/Qg/UHJ3+22bwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOzWxEs10TDZrxKJk/jH/Jnu4fuaMB8GA1UdIwQY
MBaAFEt5bwswUbW8gUsuictHCjgmsr8AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzNsdkN6QlJ0YnlCU3k2SnkwY0tPQ2F5dndBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNy9iYjQ2ZjUtOWZmMi00MDU4LTkwNTAt
ZmJkY2IxYTQxNDY3LzEvN05iRVN6WFJNTm12RW9tVC1NZjhtZTdoLTVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNy9iYjQ2ZjUtOWZmMi00MDU4LTkwNTAtZmJkY2IxYTQxNDY3
LzEvUzNsdkN6QlJ0YnlCU3k2SnkwY0tPQ2F5dndBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSpHMA0G
CSqGSIb3DQEBCwUAA4IBAQB/ukyZ5U0sSG5gKcbKMwpgl3q1RsRBay6v9uzHezrq
bphRvSx2ZhlrdDoBVPBgGr+Wu3Yp1IfaOFizf2e1by4FQezfG+1wWluuDTjemeeZ
nOUBCLo1yP4kUDGZ2e1gL4kFp9hkID5ot3+kncblBNViyn38DULqz7QtQf1uvBV/
j93+d2Y1k5NdflkT0+ezJq/9ebAxwA7u0T3tzkumTO70Dv6O8ji1210CiP+6HFIr
ktOnAtuPZVu2CHq+INs2x/xbVMdTR/33i5LAGC+A1vg1xtbe/xWl32Vfq3buO9Fx
yexeOEyOXiMOGRTv3r+FpoA051NN6Id1Q7zQZ4UFey96
-----END CERTIFICATE-----