Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/71dee2-e1c1-40ce-b311-3f33866192d0/1/1-g-eI2OgO4zZor0A412WKAODJ50.roa
File:                     1-g-eI2OgO4zZor0A412WKAODJ50.roa (raw, json)
Hash identifier:          Hwiootkn4sAit4hhVLjLyU16720LmONg0Hs78oV4hss=
Subject key identifier:   FA:0F:9E:23:63:A0:3B:8C:D9:A2:BD:00:E3:5D:96:28:03:83:27:9D
Certificate issuer:       /CN=12ee6257d0c3a2b930561af2522d9e5af7f9cbc7
Certificate serial:       0194228E3C220ED9FF236106219FBAE2AB21
Authority key identifier: 12:EE:62:57:D0:C3:A2:B9:30:56:1A:F2:52:2D:9E:5A:F7:F9:CB:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Eu5iV9DDorkwVhryUi2eWvf5y8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/71dee2-e1c1-40ce-b311-3f33866192d0/1/1-g-eI2OgO4zZor0A412WKAODJ50.roa
Signing time:             Wed 01 Jan 2025 15:48:54 +0000
ROA not before:           Wed 01 Jan 2025 15:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.235.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/71dee2-e1c1-40ce-b311-3f33866192d0/1/Eu5iV9DDorkwVhryUi2eWvf5y8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/71dee2-e1c1-40ce-b311-3f33866192d0/1/Eu5iV9DDorkwVhryUi2eWvf5y8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Eu5iV9DDorkwVhryUi2eWvf5y8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8e:3c:22:0e:d9:ff:23:61:06:21:9f:ba:e2:ab:21
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12ee6257d0c3a2b930561af2522d9e5af7f9cbc7
        Validity
            Not Before: Jan  1 15:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fa0f9e2363a03b8cd9a2bd00e35d96280383279d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:0b:14:37:00:8d:e5:47:b9:be:ad:8d:6d:46:
                    79:e9:f3:82:c1:54:21:91:08:b8:55:63:71:34:b9:
                    80:46:87:62:98:cc:d0:ee:32:09:68:8c:0d:e0:e7:
                    b5:5e:5f:14:4c:5e:56:1a:72:39:6b:3a:77:41:d8:
                    4d:dd:4d:c1:f7:f0:5c:04:0b:0b:6b:98:b4:e3:c7:
                    2b:9f:64:15:88:4c:7d:63:ac:a8:2c:9a:b4:5d:3f:
                    9d:12:39:9d:04:fb:25:46:41:c1:93:58:bf:57:c4:
                    a1:49:22:90:34:0e:38:af:bd:9f:78:0d:a4:02:b3:
                    d4:b3:26:3b:f2:ce:2b:22:10:5d:29:18:1c:a7:f9:
                    2b:93:0c:8c:e3:09:bf:18:29:57:a6:05:af:b5:02:
                    62:8e:f3:c5:b9:11:0e:fb:fd:72:03:78:14:94:e8:
                    e0:88:07:72:1d:01:92:92:86:6b:b6:f9:46:72:64:
                    28:d1:de:76:13:cd:ee:13:62:d0:f9:6c:fd:03:5c:
                    09:a1:e2:01:59:0c:91:29:20:b3:4f:80:56:c1:75:
                    66:df:5c:4f:56:02:d9:a1:79:6f:49:7f:f6:67:fb:
                    56:d2:8e:06:d7:0b:e5:61:f3:91:36:cf:cc:66:ff:
                    53:c6:33:35:53:ed:94:41:7e:45:46:3f:c4:d7:25:
                    83:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:0F:9E:23:63:A0:3B:8C:D9:A2:BD:00:E3:5D:96:28:03:83:27:9D
            X509v3 Authority Key Identifier:
                keyid:12:EE:62:57:D0:C3:A2:B9:30:56:1A:F2:52:2D:9E:5A:F7:F9:CB:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Eu5iV9DDorkwVhryUi2eWvf5y8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/71dee2-e1c1-40ce-b311-3f33866192d0/1/1-g-eI2OgO4zZor0A412WKAODJ50.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/71dee2-e1c1-40ce-b311-3f33866192d0/1/Eu5iV9DDorkwVhryUi2eWvf5y8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b5:6e:6b:7f:e6:70:fa:61:74:c6:12:d2:34:6e:99:04:34:08:
         37:46:da:07:12:91:7a:4d:57:b6:24:fa:a3:ca:90:5f:a0:42:
         43:90:59:10:57:0e:3e:5f:7d:95:68:32:d5:3c:a2:75:9b:d5:
         2f:3d:64:f1:65:d2:f5:f0:e4:1c:c9:d0:f5:e0:4a:e8:36:34:
         89:a1:a7:c6:5b:f2:16:6e:32:5d:35:ff:1f:f2:98:79:af:f6:
         24:58:ed:c2:84:5c:2b:ad:1d:ea:7e:d6:c6:e3:3e:02:af:8c:
         ea:36:6e:fc:4f:01:62:b1:d1:44:e5:ae:bd:14:56:a7:fc:5b:
         ba:ed:ad:e6:2e:8f:db:09:43:c2:11:6d:7c:03:5b:dd:a2:5d:
         de:a2:f7:6c:fd:e7:21:fc:1d:9c:89:60:6c:11:db:c9:02:55:
         55:01:a3:be:e6:ff:18:a9:12:b1:fd:59:da:81:20:1f:29:d2:
         18:60:43:e4:8b:50:09:20:14:af:3c:1e:a8:ef:d9:b8:ed:b9:
         b6:12:4c:6b:65:65:b1:12:9f:59:a9:d3:8d:2d:db:a7:b6:a1:
         ea:1c:db:61:ff:86:87:b3:4c:46:8c:3e:7a:8c:cd:8e:96:2e:
         ce:a1:5f:0b:85:74:1a:97:70:a5:cf:ae:99:02:72:83:cb:8f:
         15:c1:1a:7a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQijjwiDtn/I2EGIZ+64qshMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyZWU2MjU3ZDBjM2EyYjkzMDU2MWFmMjUyMmQ5ZTVhZjdm
OWNiYzcwHhcNMjUwMTAxMTU0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYTBmOWUyMzYzYTAzYjhjZDlhMmJkMDBlMzVkOTYyODAzODMyNzlkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsQsUNwCN5Ue5vq2NbUZ56fOCwVQh
kQi4VWNxNLmARodimMzQ7jIJaIwN4Oe1Xl8UTF5WGnI5azp3QdhN3U3B9/BcBAsL
a5i048crn2QViEx9Y6yoLJq0XT+dEjmdBPslRkHBk1i/V8ShSSKQNA44r72feA2k
ArPUsyY78s4rIhBdKRgcp/krkwyM4wm/GClXpgWvtQJijvPFuREO+/1yA3gUlOjg
iAdyHQGSkoZrtvlGcmQo0d52E83uE2LQ+Wz9A1wJoeIBWQyRKSCzT4BWwXVm31xP
VgLZoXlvSX/2Z/tW0o4G1wvlYfORNs/MZv9TxjM1U+2UQX5FRj/E1yWDrwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPoPniNjoDuM2aK9AONdligDgyedMB8GA1UdIwQY
MBaAFBLuYlfQw6K5MFYa8lItnlr3+cvHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXU1aVY5RERvcmt3VmhyeVVpMmVXdmY1eThjLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS83MWRlZTItZTFjMS00MGNlLWIzMTEt
M2YzMzg2NjE5MmQwLzEvMS1nLWVJMk9nTzR6Wm9yMEE0MTJXS0FPREo1MC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmUvNzFkZWUyLWUxYzEtNDBjZS1iMzExLTNmMzM4NjYxOTJk
MC8xL0V1NWlWOUREb3Jrd1ZocnlVaTJlV3ZmNXk4Yy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALnrJjAN
BgkqhkiG9w0BAQsFAAOCAQEAtW5rf+Zw+mF0xhLSNG6ZBDQIN0baBxKRek1XtiT6
o8qQX6BCQ5BZEFcOPl99lWgy1TyidZvVLz1k8WXS9fDkHMnQ9eBK6DY0iaGnxlvy
Fm4yXTX/H/KYea/2JFjtwoRcK60d6n7WxuM+Aq+M6jZu/E8BYrHRROWuvRRWp/xb
uu2t5i6P2wlDwhFtfANb3aJd3qL3bP3nIfwdnIlgbBHbyQJVVQGjvub/GKkSsf1Z
2oEgHynSGGBD5ItQCSAUrzweqO/ZuO25thJMa2VlsRKfWanTjS3bp7ah6hzbYf+G
h7NMRow+eozNjpYuzqFfC4V0Gpdwpc+umQJyg8uPFcEaeg==
-----END CERTIFICATE-----