Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/5892d1-6f51-4cb3-93e2-0f0494ca6d2c/1/7Cbq0-9TtgLYQeu52VZUWksHnwE.roa
File:                     7Cbq0-9TtgLYQeu52VZUWksHnwE.roa (raw, json)
Hash identifier:          JkpuN02DfnBu6RSAax0V6uNhARwqnNXw/JbyXJtDiJ8=
Subject key identifier:   EC:26:EA:D3:EF:53:B6:02:D8:41:EB:B9:D9:56:54:5A:4B:07:9F:01
Certificate issuer:       /CN=94ca595385505455b8cb1d90e946ef7b0b6f5d3f
Certificate serial:       0196AEF1E47AF39BD0944D2F5FCF0E86AF24
Authority key identifier: 94:CA:59:53:85:50:54:55:B8:CB:1D:90:E9:46:EF:7B:0B:6F:5D:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lMpZU4VQVFW4yx2Q6UbvewtvXT8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/5892d1-6f51-4cb3-93e2-0f0494ca6d2c/1/7Cbq0-9TtgLYQeu52VZUWksHnwE.roa
Signing time:             Thu 08 May 2025 08:10:10 +0000
ROA not before:           Thu 08 May 2025 08:10:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212637
IP address blocks:        185.190.90.0/24 maxlen: 24
                          2a13:500::/32 maxlen: 33
                          2a13:500::/33 maxlen: 33
                          2a13:500:8000::/33 maxlen: 33
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/5892d1-6f51-4cb3-93e2-0f0494ca6d2c/1/lMpZU4VQVFW4yx2Q6UbvewtvXT8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/5892d1-6f51-4cb3-93e2-0f0494ca6d2c/1/lMpZU4VQVFW4yx2Q6UbvewtvXT8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lMpZU4VQVFW4yx2Q6UbvewtvXT8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 16 May 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:ae:f1:e4:7a:f3:9b:d0:94:4d:2f:5f:cf:0e:86:af:24
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=94ca595385505455b8cb1d90e946ef7b0b6f5d3f
        Validity
            Not Before: May  8 08:10:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ec26ead3ef53b602d841ebb9d956545a4b079f01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:16:74:7a:56:bc:54:23:6b:52:cc:d7:1b:45:
                    34:0d:7d:da:e9:d7:0d:4d:d2:7c:ef:be:82:0c:d7:
                    c4:19:3e:f3:3a:71:ad:56:58:e3:01:81:32:0b:c8:
                    d1:ec:77:ae:30:b1:dd:c0:3f:33:60:e4:12:7e:01:
                    d3:58:10:20:55:3b:ec:71:d8:fe:e2:bf:35:7e:b8:
                    d2:b3:2a:e0:64:5e:8f:d7:ab:9a:22:c5:d0:3d:b6:
                    bb:32:9f:1f:c7:a0:9c:e0:e5:66:5c:de:b1:be:65:
                    eb:e4:37:9b:81:3d:23:a3:10:66:f7:dd:f6:27:75:
                    9d:c0:98:b2:2c:59:54:27:1d:5c:1a:78:1f:ce:4f:
                    d0:5c:6f:0e:c8:47:11:85:e6:1b:df:89:f4:44:5b:
                    01:c8:e6:3e:1e:c3:57:42:77:59:3b:7c:24:a4:a6:
                    a6:d4:20:18:93:d8:af:58:60:f0:c6:5b:be:0c:51:
                    56:4f:56:1a:c6:d2:9a:35:59:89:68:25:c1:33:7b:
                    17:6d:35:76:1a:47:ef:f4:08:e6:74:c7:d3:63:e0:
                    04:db:23:84:f1:8f:02:8a:68:82:8a:96:96:d7:0e:
                    23:37:c2:cb:0f:b3:77:02:33:38:64:92:10:19:18:
                    97:32:f4:06:9f:19:47:5f:5f:31:d0:61:b6:85:d4:
                    5b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:26:EA:D3:EF:53:B6:02:D8:41:EB:B9:D9:56:54:5A:4B:07:9F:01
            X509v3 Authority Key Identifier:
                keyid:94:CA:59:53:85:50:54:55:B8:CB:1D:90:E9:46:EF:7B:0B:6F:5D:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lMpZU4VQVFW4yx2Q6UbvewtvXT8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/5892d1-6f51-4cb3-93e2-0f0494ca6d2c/1/7Cbq0-9TtgLYQeu52VZUWksHnwE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/5892d1-6f51-4cb3-93e2-0f0494ca6d2c/1/lMpZU4VQVFW4yx2Q6UbvewtvXT8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.190.90.0/24
                IPv6:
                  2a13:500::/32

    Signature Algorithm: sha256WithRSAEncryption
         24:df:18:8b:79:1d:e4:d8:3a:4a:8b:b0:b1:0b:ff:6f:d9:27:
         4b:a8:eb:7b:47:15:5b:c5:a7:ec:e5:6d:b6:51:4b:df:99:69:
         5b:c1:ed:bd:53:23:e6:46:64:4c:22:d8:65:46:cd:fd:64:9f:
         5a:c0:b4:c9:2a:ee:d5:31:e2:d2:15:e2:b9:cb:e1:77:88:63:
         a9:24:20:53:fc:7a:86:48:d4:df:f6:7e:b2:0a:f6:94:ff:8e:
         e8:46:29:d9:c2:ee:a0:3c:67:18:11:78:de:c7:ec:72:5a:99:
         b6:00:66:76:a1:2f:e0:79:56:82:d3:a7:ef:89:bd:25:de:37:
         e3:e5:d4:7f:3f:14:9b:92:b1:c2:42:9a:5c:65:07:dd:62:31:
         0d:08:a8:93:06:01:67:87:c6:b3:c7:4a:5b:1e:47:49:72:b0:
         ee:3a:f0:fa:4f:ff:1f:ce:9b:fc:15:02:db:35:23:a5:67:cd:
         d8:8a:b5:51:ed:4b:f4:86:af:52:6f:77:0e:54:31:88:a4:72:
         1e:3f:55:ea:7a:43:cc:90:28:56:94:01:bf:c0:db:e3:d5:7c:
         cf:2e:02:74:4b:0c:8a:cd:83:b9:af:38:e0:1f:13:fc:48:14:
         46:71:da:59:8f:84:df:4c:b2:d3:e9:92:f2:ed:21:11:e6:ca:
         47:db:a9:43
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZau8eR685vQlE0vX88Ohq8kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0Y2E1OTUzODU1MDU0NTViOGNiMWQ5MGU5NDZlZjdiMGI2
ZjVkM2YwHhcNMjUwNTA4MDgxMDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzI2ZWFkM2VmNTNiNjAyZDg0MWViYjlkOTU2NTQ1YTRiMDc5ZjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0RZ0ela8VCNrUszXG0U0DX3a6dcN
TdJ8776CDNfEGT7zOnGtVljjAYEyC8jR7HeuMLHdwD8zYOQSfgHTWBAgVTvscdj+
4r81frjSsyrgZF6P16uaIsXQPba7Mp8fx6Cc4OVmXN6xvmXr5DebgT0joxBm9932
J3WdwJiyLFlUJx1cGngfzk/QXG8OyEcRheYb34n0RFsByOY+HsNXQndZO3wkpKam
1CAYk9ivWGDwxlu+DFFWT1YaxtKaNVmJaCXBM3sXbTV2Gkfv9AjmdMfTY+AE2yOE
8Y8CimiCipaW1w4jN8LLD7N3AjM4ZJIQGRiXMvQGnxlHX18x0GG2hdRbmQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOwm6tPvU7YC2EHrudlWVFpLB58BMB8GA1UdIwQY
MBaAFJTKWVOFUFRVuMsdkOlG73sLb10/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbE1wWlU0VlFWRlc0eXgyUTZVYnZld3R2WFQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS81ODkyZDEtNmY1MS00Y2IzLTkzZTIt
MGYwNDk0Y2E2ZDJjLzEvN0NicTAtOVR0Z0xZUWV1NTJWWlVXa3NIbndFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS81ODkyZDEtNmY1MS00Y2IzLTkzZTItMGYwNDk0Y2E2ZDJj
LzEvbE1wWlU0VlFWRlc0eXgyUTZVYnZld3R2WFQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAub5aMA0E
AgACMAcDBQAqEwUAMA0GCSqGSIb3DQEBCwUAA4IBAQAk3xiLeR3k2DpKi7CxC/9v
2SdLqOt7RxVbxafs5W22UUvfmWlbwe29UyPmRmRMIthlRs39ZJ9awLTJKu7VMeLS
FeK5y+F3iGOpJCBT/HqGSNTf9n6yCvaU/47oRinZwu6gPGcYEXjex+xyWpm2AGZ2
oS/geVaC06fvib0l3jfj5dR/PxSbkrHCQppcZQfdYjENCKiTBgFnh8azx0pbHkdJ
crDuOvD6T/8fzpv8FQLbNSOlZ83YirVR7Uv0hq9Sb3cOVDGIpHIeP1XqekPMkChW
lAG/wNvj1XzPLgJ0SwyKzYO5rzjgHxP8SBRGcdpZj4TfTLLT6ZLy7SER5spH26lD
-----END CERTIFICATE-----