Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2a/800eb6-868b-4a30-b402-4bce424723d9/1/9ie56jozGctsQMPeP2PnRQlQSUc.roa
File:                     9ie56jozGctsQMPeP2PnRQlQSUc.roa (raw, json)
Hash identifier:          5kDUdIA6jw7l4e4ssTIC7py/rMtiw/D++uBoc2CI0Qo=
Subject key identifier:   F6:27:B9:EA:3A:33:19:CB:6C:40:C3:DE:3F:63:E7:45:09:50:49:47
Certificate issuer:       /CN=b414b09beeab905ff41e6813256054b182294297
Certificate serial:       019421443F85E339199AA0A9B5628AE53E3E
Authority key identifier: B4:14:B0:9B:EE:AB:90:5F:F4:1E:68:13:25:60:54:B1:82:29:42:97
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tBSwm-6rkF_0HmgTJWBUsYIpQpc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2a/800eb6-868b-4a30-b402-4bce424723d9/1/9ie56jozGctsQMPeP2PnRQlQSUc.roa
Signing time:             Wed 01 Jan 2025 09:48:28 +0000
ROA not before:           Wed 01 Jan 2025 09:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205198
IP address blocks:        185.225.48.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2a/800eb6-868b-4a30-b402-4bce424723d9/1/tBSwm-6rkF_0HmgTJWBUsYIpQpc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2a/800eb6-868b-4a30-b402-4bce424723d9/1/tBSwm-6rkF_0HmgTJWBUsYIpQpc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tBSwm-6rkF_0HmgTJWBUsYIpQpc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 01:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:3f:85:e3:39:19:9a:a0:a9:b5:62:8a:e5:3e:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b414b09beeab905ff41e6813256054b182294297
        Validity
            Not Before: Jan  1 09:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f627b9ea3a3319cb6c40c3de3f63e74509504947
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:23:99:77:c5:fe:2b:03:c3:41:3f:e8:4d:90:
                    e4:77:ab:d0:eb:3d:00:7d:37:17:08:c9:ef:90:b4:
                    e3:06:88:32:57:30:a8:dd:d0:2a:02:d2:17:11:d5:
                    23:81:ba:67:76:c0:02:b6:ff:57:be:42:50:39:a7:
                    9e:f2:6b:42:48:f2:77:8d:56:31:41:8c:19:fe:31:
                    b6:9b:0b:47:35:28:8f:00:b6:a0:db:75:9f:a2:01:
                    22:97:ff:8f:50:81:d8:2c:b3:02:bb:9e:0b:bc:a8:
                    07:58:f2:12:2f:3e:bf:31:b6:83:7a:ca:3c:50:18:
                    90:57:30:ad:9c:30:e6:9a:b7:01:b0:b6:29:e3:50:
                    d7:fc:1c:58:d4:f3:2f:6b:4c:6a:42:3d:cb:8b:00:
                    5a:1b:8e:ff:68:7b:99:cb:bd:7f:b2:7a:aa:ef:86:
                    da:83:74:ef:fc:4f:58:f4:18:3b:f7:60:1b:a5:8b:
                    f6:72:d6:5c:61:4d:2d:5e:8e:ba:b7:69:9b:d5:36:
                    57:0d:c2:09:b2:08:18:6d:c0:b5:97:9f:c1:89:f3:
                    f9:93:ab:fd:eb:db:f3:f2:1d:54:e9:c8:a1:7c:94:
                    52:e0:95:e4:13:7d:15:b6:67:82:21:ad:d2:0e:65:
                    72:3e:0e:b5:55:9b:f3:3c:45:62:3a:62:e3:bd:4c:
                    72:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:27:B9:EA:3A:33:19:CB:6C:40:C3:DE:3F:63:E7:45:09:50:49:47
            X509v3 Authority Key Identifier:
                keyid:B4:14:B0:9B:EE:AB:90:5F:F4:1E:68:13:25:60:54:B1:82:29:42:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tBSwm-6rkF_0HmgTJWBUsYIpQpc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/800eb6-868b-4a30-b402-4bce424723d9/1/9ie56jozGctsQMPeP2PnRQlQSUc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2a/800eb6-868b-4a30-b402-4bce424723d9/1/tBSwm-6rkF_0HmgTJWBUsYIpQpc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:60:db:e2:a8:bc:0f:3b:a8:ed:4a:f9:29:7c:39:2a:27:0a:
         44:59:0f:1d:0a:d1:82:60:0e:ec:ca:4d:95:47:ce:f2:67:19:
         91:2a:bc:60:d3:e3:f7:32:00:32:8e:95:f6:fe:ee:a0:7e:80:
         d6:77:f3:97:7b:03:87:fc:f9:49:e6:63:81:f9:59:db:0a:d7:
         11:7a:29:20:6e:07:e7:4b:8b:58:19:97:38:7b:b4:c9:d6:f2:
         f0:da:b8:47:f4:3f:49:e4:8b:70:b8:99:68:58:f8:7d:14:9e:
         05:b4:56:16:d4:1f:f2:bf:d0:19:99:6f:76:92:81:7a:3f:71:
         5d:b9:10:48:3a:79:8e:12:9e:93:46:fe:01:6d:fb:6d:bd:e9:
         c2:80:03:3e:a3:5d:4f:18:34:19:3b:7c:62:97:62:32:98:b9:
         64:a1:d8:ac:63:2d:ea:0d:81:9c:09:0c:93:5f:1e:a4:d8:ee:
         ab:8a:2c:28:2d:40:b5:5b:53:c8:60:60:f8:86:62:9e:5e:c7:
         9e:eb:e3:57:2f:bc:f1:20:c6:27:77:65:43:3c:1a:48:27:b5:
         37:51:a9:4b:9c:09:ff:45:25:e0:57:1a:d3:81:4a:fb:57:dc:
         95:dc:6b:42:82:1a:0f:99:39:b7:fa:dc:1e:7b:a6:1c:af:08:
         2a:9a:d7:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRD+F4zkZmqCptWKK5T4+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0MTRiMDliZWVhYjkwNWZmNDFlNjgxMzI1NjA1NGIxODIy
OTQyOTcwHhcNMjUwMTAxMDk0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjI3YjllYTNhMzMxOWNiNmM0MGMzZGUzZjYzZTc0NTA5NTA0OTQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArCOZd8X+KwPDQT/oTZDkd6vQ6z0A
fTcXCMnvkLTjBogyVzCo3dAqAtIXEdUjgbpndsACtv9XvkJQOaee8mtCSPJ3jVYx
QYwZ/jG2mwtHNSiPALag23WfogEil/+PUIHYLLMCu54LvKgHWPISLz6/MbaDeso8
UBiQVzCtnDDmmrcBsLYp41DX/BxY1PMva0xqQj3LiwBaG47/aHuZy71/snqq74ba
g3Tv/E9Y9Bg792AbpYv2ctZcYU0tXo66t2mb1TZXDcIJsggYbcC1l5/BifP5k6v9
69vz8h1U6cihfJRS4JXkE30VtmeCIa3SDmVyPg61VZvzPEViOmLjvUxy8wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPYnueo6MxnLbEDD3j9j50UJUElHMB8GA1UdIwQY
MBaAFLQUsJvuq5Bf9B5oEyVgVLGCKUKXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEJTd20tNnJrRl8wSG1nVEpXQlVzWUlwUXBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYS84MDBlYjYtODY4Yi00YTMwLWI0MDIt
NGJjZTQyNDcyM2Q5LzEvOWllNTZqb3pHY3RzUU1QZVAyUG5SUWxRU1VjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYS84MDBlYjYtODY4Yi00YTMwLWI0MDItNGJjZTQyNDcyM2Q5
LzEvdEJTd20tNnJrRl8wSG1nVEpXQlVzWUlwUXBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCueEwMA0G
CSqGSIb3DQEBCwUAA4IBAQANYNviqLwPO6jtSvkpfDkqJwpEWQ8dCtGCYA7syk2V
R87yZxmRKrxg0+P3MgAyjpX2/u6gfoDWd/OXewOH/PlJ5mOB+VnbCtcReikgbgfn
S4tYGZc4e7TJ1vLw2rhH9D9J5ItwuJloWPh9FJ4FtFYW1B/yv9AZmW92koF6P3Fd
uRBIOnmOEp6TRv4BbfttvenCgAM+o11PGDQZO3xil2IymLlkodisYy3qDYGcCQyT
Xx6k2O6riiwoLUC1W1PIYGD4hmKeXsee6+NXL7zxIMYnd2VDPBpIJ7U3UalLnAn/
RSXgVxrTgUr7V9yV3GtCghoPmTm3+twee6YcrwgqmtfE
-----END CERTIFICATE-----