Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/fItZsJRAXOJivaqzdKU2_41qtJo.roa
File:                     fItZsJRAXOJivaqzdKU2_41qtJo.roa (raw, json)
Hash identifier:          9Xb3Z3090CXjdRapS2m9//91lh92fkhZRSO2R9if3LA=
Subject key identifier:   7C:8B:59:B0:94:40:5C:E2:62:BD:AA:B3:74:A5:36:FF:8D:6A:B4:9A
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01966BB426A3755F01FA7B9D24FA82CB633E
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/fItZsJRAXOJivaqzdKU2_41qtJo.roa
Signing time:             Fri 25 Apr 2025 06:48:10 +0000
ROA not before:           Fri 25 Apr 2025 06:48:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213282
IP address blocks:        185.34.101.0/24 maxlen: 24
                          185.72.9.0/24 maxlen: 24
                          188.240.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:6b:b4:26:a3:75:5f:01:fa:7b:9d:24:fa:82:cb:63:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Apr 25 06:48:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7c8b59b094405ce262bdaab374a536ff8d6ab49a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:24:58:ac:36:af:c6:e9:56:d6:15:3f:ae:66:
                    cd:4f:fb:08:b4:20:94:79:77:94:d3:00:53:aa:82:
                    41:3c:a8:95:83:a0:b8:49:10:fe:77:17:ff:65:2b:
                    77:95:ea:2c:40:10:c2:99:98:5e:08:84:28:ad:12:
                    cd:01:9b:51:91:57:18:7a:c0:9c:77:f0:4f:2d:59:
                    07:7b:23:3c:f9:f6:ed:d9:0d:5c:a0:e4:52:6d:77:
                    c8:40:d0:c2:64:01:c8:c3:93:4d:75:aa:78:b0:69:
                    7b:ac:8d:28:86:68:ec:86:77:e1:6e:d3:b3:6f:9d:
                    f0:c9:45:00:29:ee:f5:2d:9f:1b:68:ae:e3:4f:78:
                    d8:4c:03:22:99:6e:07:19:60:30:4e:d6:66:84:78:
                    51:47:a8:25:5e:b9:21:57:34:97:b6:d0:64:bb:95:
                    6f:41:96:71:79:c4:81:31:11:d4:36:06:62:bc:12:
                    d6:7b:7f:8f:8a:d0:27:c6:d7:56:5f:66:a0:67:d4:
                    d5:24:c2:86:2b:ca:9c:ca:8a:88:5a:f5:da:7a:c7:
                    a4:ee:03:9c:9b:4b:26:73:43:df:b9:8d:02:f8:4f:
                    ca:fe:5c:2a:ce:ec:14:64:59:31:72:96:c1:65:fd:
                    58:3d:b5:34:e2:41:16:09:ff:6c:16:21:2f:3b:0a:
                    a2:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:8B:59:B0:94:40:5C:E2:62:BD:AA:B3:74:A5:36:FF:8D:6A:B4:9A
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/fItZsJRAXOJivaqzdKU2_41qtJo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.34.101.0/24
                  185.72.9.0/24
                  188.240.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2b:a3:d5:6b:97:98:99:e4:79:49:94:38:db:30:0c:17:ed:75:
         59:4f:f3:1f:47:77:21:f8:01:92:71:75:7d:25:7f:22:ce:ec:
         b2:0a:9a:19:59:53:b6:41:e7:c9:92:0a:9b:45:ad:91:30:64:
         1a:70:60:f3:48:b6:2a:e7:6f:71:9a:f3:6b:05:0e:53:ed:82:
         1f:c3:1b:82:25:fb:f9:31:42:41:01:a3:31:5a:de:e4:41:44:
         36:d4:cf:28:f2:58:50:d0:81:f4:9a:c5:a5:91:91:65:07:6f:
         00:55:1e:4b:cc:19:4a:2e:b2:c9:ce:24:c1:3f:28:db:00:38:
         fb:3b:3e:3f:d9:25:d6:eb:e1:64:9b:63:18:b7:67:fa:05:9b:
         3b:0a:f2:84:10:2b:d9:16:1f:18:fc:6f:02:b7:a1:61:f0:c2:
         13:5c:f8:0c:53:02:4d:df:72:24:fd:b5:ea:79:7c:5f:0a:6d:
         30:65:16:1b:d3:e9:fb:66:f0:72:47:31:61:cc:3a:0c:51:ef:
         5a:50:0a:9d:8b:e0:66:46:3d:f9:1d:69:6a:df:1f:1b:ab:ca:
         90:d9:37:59:3d:60:99:50:ac:f2:ca:e2:47:d0:7e:17:b1:1e:
         12:2b:d2:e6:96:24:90:18:ee:8a:b1:8a:fb:3a:50:ec:47:c0:
         4e:a1:01:d8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZZrtCajdV8B+nudJPqCy2M+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwNDI1MDY0ODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YzhiNTliMDk0NDA1Y2UyNjJiZGFhYjM3NGE1MzZmZjhkNmFiNDlhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSRYrDavxulW1hU/rmbNT/sItCCU
eXeU0wBTqoJBPKiVg6C4SRD+dxf/ZSt3leosQBDCmZheCIQorRLNAZtRkVcYesCc
d/BPLVkHeyM8+fbt2Q1coORSbXfIQNDCZAHIw5NNdap4sGl7rI0ohmjshnfhbtOz
b53wyUUAKe71LZ8baK7jT3jYTAMimW4HGWAwTtZmhHhRR6glXrkhVzSXttBku5Vv
QZZxecSBMRHUNgZivBLWe3+PitAnxtdWX2agZ9TVJMKGK8qcyoqIWvXaesek7gOc
m0smc0PfuY0C+E/K/lwqzuwUZFkxcpbBZf1YPbU04kEWCf9sFiEvOwqiqwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHyLWbCUQFziYr2qs3SlNv+NarSaMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvZkl0WnNKUkFYT0ppdmFxemRLVTJfNDFxdEpvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuSJlAwQA
uUgJAwQAvPBRMA0GCSqGSIb3DQEBCwUAA4IBAQAro9Vrl5iZ5HlJlDjbMAwX7XVZ
T/MfR3ch+AGScXV9JX8izuyyCpoZWVO2QefJkgqbRa2RMGQacGDzSLYq529xmvNr
BQ5T7YIfwxuCJfv5MUJBAaMxWt7kQUQ21M8o8lhQ0IH0msWlkZFlB28AVR5LzBlK
LrLJziTBPyjbADj7Oz4/2SXW6+Fkm2MYt2f6BZs7CvKEECvZFh8Y/G8Ct6Fh8MIT
XPgMUwJN33Ik/bXqeXxfCm0wZRYb0+n7ZvByRzFhzDoMUe9aUAqdi+BmRj35HWlq
3x8bq8qQ2TdZPWCZUKzyyuJH0H4XsR4SK9LmliSQGO6KsYr7OlDsR8BOoQHY
-----END CERTIFICATE-----