Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/f96900-cf17-41f5-ae28-2b00ea32937b/1/dKsuZKXaanXrDp2my4AYexk9Tzc.roa
File:                     dKsuZKXaanXrDp2my4AYexk9Tzc.roa (raw, json)
Hash identifier:          GbpECMMk1COm9Jd/gQRnAzNikJJCMjIxgnDlDhbpPCo=
Subject key identifier:   74:AB:2E:64:A5:DA:6A:75:EB:0E:9D:A6:CB:80:18:7B:19:3D:4F:37
Certificate issuer:       /CN=ff32d6463621b13f78e530d144feac023e1e4582
Certificate serial:       019662A9B3346E19D9D2685DA089DC39DE03
Authority key identifier: FF:32:D6:46:36:21:B1:3F:78:E5:30:D1:44:FE:AC:02:3E:1E:45:82
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_zLWRjYhsT945TDRRP6sAj4eRYI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7e/f96900-cf17-41f5-ae28-2b00ea32937b/1/dKsuZKXaanXrDp2my4AYexk9Tzc.roa
Signing time:             Wed 23 Apr 2025 12:40:10 +0000
ROA not before:           Wed 23 Apr 2025 12:40:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213659
IP address blocks:        185.84.158.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7e/f96900-cf17-41f5-ae28-2b00ea32937b/1/_zLWRjYhsT945TDRRP6sAj4eRYI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7e/f96900-cf17-41f5-ae28-2b00ea32937b/1/_zLWRjYhsT945TDRRP6sAj4eRYI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_zLWRjYhsT945TDRRP6sAj4eRYI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 14:31:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:62:a9:b3:34:6e:19:d9:d2:68:5d:a0:89:dc:39:de:03
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ff32d6463621b13f78e530d144feac023e1e4582
        Validity
            Not Before: Apr 23 12:40:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=74ab2e64a5da6a75eb0e9da6cb80187b193d4f37
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:87:c7:f2:97:2e:15:5e:16:a4:b2:ca:29:36:
                    12:72:fe:ab:3f:19:bc:ed:cd:2a:24:31:93:50:64:
                    35:02:c7:f5:1c:d0:c2:5c:62:14:65:a3:f3:f9:4f:
                    8d:80:63:50:91:e7:b1:0d:6c:27:c7:28:47:82:5d:
                    e1:e2:f5:3d:38:98:1e:aa:71:65:de:43:4d:95:2c:
                    42:8a:82:36:6c:3d:bb:99:a9:15:1d:6b:f0:27:6c:
                    7c:af:88:3f:a2:db:c1:22:97:fb:87:60:8c:ec:d3:
                    d6:b3:72:da:75:cd:ab:6f:88:15:c2:1b:d4:14:0f:
                    f3:51:45:85:09:65:18:92:e6:e3:ec:45:ff:88:f4:
                    9d:c6:73:b9:9f:c9:c3:73:d7:ef:43:d2:e7:05:f8:
                    52:1b:4c:54:c2:6c:50:0d:51:31:e4:95:f0:fd:3a:
                    dd:8f:1d:4d:b8:42:62:c4:f2:fb:97:85:7e:4f:d2:
                    9c:a5:67:c2:0f:cb:52:08:f1:79:08:c1:22:d6:22:
                    7e:b4:e2:c9:d0:38:0e:56:cb:0d:c9:6d:0f:8c:c4:
                    fc:73:35:0a:bf:f6:c4:56:26:65:26:99:bf:b0:3a:
                    89:c1:5a:dd:90:1e:f5:00:07:c3:ea:fb:da:1f:5f:
                    96:1c:d7:da:cb:65:2f:01:58:b0:dd:d4:69:a4:4d:
                    c9:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:AB:2E:64:A5:DA:6A:75:EB:0E:9D:A6:CB:80:18:7B:19:3D:4F:37
            X509v3 Authority Key Identifier:
                keyid:FF:32:D6:46:36:21:B1:3F:78:E5:30:D1:44:FE:AC:02:3E:1E:45:82

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_zLWRjYhsT945TDRRP6sAj4eRYI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/f96900-cf17-41f5-ae28-2b00ea32937b/1/dKsuZKXaanXrDp2my4AYexk9Tzc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/f96900-cf17-41f5-ae28-2b00ea32937b/1/_zLWRjYhsT945TDRRP6sAj4eRYI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         28:8d:98:74:e2:2b:73:11:b2:54:38:26:91:7d:1c:11:33:e2:
         c5:37:1e:62:39:3c:e6:21:15:03:a2:5d:15:1c:ee:df:ee:7e:
         f0:ae:e4:bd:99:23:b9:c0:af:65:dc:c0:bb:f9:21:b7:fb:61:
         3d:53:27:f0:5e:f5:ba:3d:78:3b:07:f3:31:c6:58:aa:c5:b4:
         34:78:eb:99:f4:27:68:73:7b:cd:3f:b9:f4:0c:e8:0b:18:4f:
         19:01:af:f4:7d:72:de:f7:b6:5b:47:f4:20:b5:2b:50:a0:89:
         88:79:d3:e1:a1:97:c3:73:b6:f2:64:41:ce:8a:19:d3:77:11:
         e3:e3:7a:77:a1:d8:9f:51:5d:dd:a8:9d:38:02:fb:a9:2b:cc:
         b0:6d:0f:06:37:45:64:d6:5c:4b:24:54:22:d0:36:09:b9:16:
         49:17:67:f0:1e:60:99:35:c3:6f:52:5d:40:28:3f:31:25:2f:
         ee:d0:5a:7c:c7:bb:3e:1b:8d:25:1d:e7:4e:40:b0:75:ad:01:
         d8:af:13:29:af:52:7e:93:8b:c8:40:da:50:28:29:a9:b3:18:
         bd:41:0b:2a:30:ca:a6:14:db:3c:f5:c5:27:aa:91:7e:c7:15:
         f3:f2:ee:e1:3e:95:d3:2f:9d:74:62:20:24:00:4f:97:05:ff:
         6f:5f:41:41
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZiqbM0bhnZ0mhdoIncOd4DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZmMzJkNjQ2MzYyMWIxM2Y3OGU1MzBkMTQ0ZmVhYzAyM2Ux
ZTQ1ODIwHhcNMjUwNDIzMTI0MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGFiMmU2NGE1ZGE2YTc1ZWIwZTlkYTZjYjgwMTg3YjE5M2Q0ZjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwIfH8pcuFV4WpLLKKTYScv6rPxm8
7c0qJDGTUGQ1Asf1HNDCXGIUZaPz+U+NgGNQkeexDWwnxyhHgl3h4vU9OJgeqnFl
3kNNlSxCioI2bD27makVHWvwJ2x8r4g/otvBIpf7h2CM7NPWs3Ladc2rb4gVwhvU
FA/zUUWFCWUYkubj7EX/iPSdxnO5n8nDc9fvQ9LnBfhSG0xUwmxQDVEx5JXw/Trd
jx1NuEJixPL7l4V+T9KcpWfCD8tSCPF5CMEi1iJ+tOLJ0DgOVssNyW0PjMT8czUK
v/bEViZlJpm/sDqJwVrdkB71AAfD6vvaH1+WHNfay2UvAViw3dRppE3J0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHSrLmSl2mp16w6dpsuAGHsZPU83MB8GA1UdIwQY
MBaAFP8y1kY2IbE/eOUw0UT+rAI+HkWCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX3pMV1JqWWhzVDk0NVREUlJQNnNBajRlUllJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9mOTY5MDAtY2YxNy00MWY1LWFlMjgt
MmIwMGVhMzI5MzdiLzEvZEtzdVpLWGFhblhyRHAybXk0QVlleGs5VHpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9mOTY5MDAtY2YxNy00MWY1LWFlMjgtMmIwMGVhMzI5Mzdi
LzEvX3pMV1JqWWhzVDk0NVREUlJQNnNBajRlUllJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVSeMA0G
CSqGSIb3DQEBCwUAA4IBAQAojZh04itzEbJUOCaRfRwRM+LFNx5iOTzmIRUDol0V
HO7f7n7wruS9mSO5wK9l3MC7+SG3+2E9UyfwXvW6PXg7B/MxxliqxbQ0eOuZ9Cdo
c3vNP7n0DOgLGE8ZAa/0fXLe97ZbR/QgtStQoImIedPhoZfDc7byZEHOihnTdxHj
43p3odifUV3dqJ04AvupK8ywbQ8GN0Vk1lxLJFQi0DYJuRZJF2fwHmCZNcNvUl1A
KD8xJS/u0Fp8x7s+G40lHedOQLB1rQHYrxMpr1J+k4vIQNpQKCmpsxi9QQsqMMqm
FNs89cUnqpF+xxXz8u7hPpXTL510YiAkAE+XBf9vX0FB
-----END CERTIFICATE-----