Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/b2397c-b36d-46a3-a240-1d9a19f1295b/1/1H2Y74rOLQCMhy2O3X9ouFiEkFY.roa
File:                     1H2Y74rOLQCMhy2O3X9ouFiEkFY.roa (raw, json)
Hash identifier:          fzT1x1Cd9KzjMSBAyqcBMyBoif3guu8C9asSN6fBGTo=
Subject key identifier:   D4:7D:98:EF:8A:CE:2D:00:8C:87:2D:8E:DD:7F:68:B8:58:84:90:56
Certificate issuer:       /CN=83f5bd23bec5d0639833a9141985cc5753886e16
Certificate serial:       019427484B92C7149AEFE470338EA05624CA
Authority key identifier: 83:F5:BD:23:BE:C5:D0:63:98:33:A9:14:19:85:CC:57:53:88:6E:16
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/g_W9I77F0GOYM6kUGYXMV1OIbhY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/b2397c-b36d-46a3-a240-1d9a19f1295b/1/1H2Y74rOLQCMhy2O3X9ouFiEkFY.roa
Signing time:             Thu 02 Jan 2025 13:50:36 +0000
ROA not before:           Thu 02 Jan 2025 13:50:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12344
IP address blocks:        185.119.96.0/22 maxlen: 22
                          2a04:f310::/31 maxlen: 31
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/b2397c-b36d-46a3-a240-1d9a19f1295b/1/g_W9I77F0GOYM6kUGYXMV1OIbhY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/b2397c-b36d-46a3-a240-1d9a19f1295b/1/g_W9I77F0GOYM6kUGYXMV1OIbhY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/g_W9I77F0GOYM6kUGYXMV1OIbhY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 10:01:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:4b:92:c7:14:9a:ef:e4:70:33:8e:a0:56:24:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=83f5bd23bec5d0639833a9141985cc5753886e16
        Validity
            Not Before: Jan  2 13:50:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d47d98ef8ace2d008c872d8edd7f68b858849056
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:25:c4:de:7a:34:bc:dc:ec:dc:d7:1f:b0:29:
                    21:9d:61:1e:91:b0:c4:c5:89:63:48:c5:b3:e0:f5:
                    6c:10:14:cb:97:8a:54:95:c8:db:10:3f:5e:72:73:
                    e5:82:3e:19:bf:b2:b6:3d:54:9b:9c:85:1b:eb:31:
                    9b:77:90:0c:7a:62:69:1e:e0:36:65:15:5b:6b:26:
                    45:58:cf:02:a9:32:3f:29:dc:d8:9d:81:3d:f4:9b:
                    83:b8:9d:79:17:4b:c6:20:52:80:22:e9:a9:02:75:
                    b9:6b:c6:d7:0c:a8:13:d8:e0:d3:41:20:b5:6a:f3:
                    ca:15:69:62:ad:7d:d2:e8:cd:ed:73:0f:ad:ae:f9:
                    b7:d8:4b:d7:3c:69:ce:3b:39:99:64:e1:7c:28:ac:
                    d4:41:9a:64:43:a3:b7:94:1d:c5:fc:22:09:fb:ec:
                    af:0a:7e:ee:54:ce:da:07:06:a5:af:29:d7:6f:a5:
                    73:13:99:ba:d5:e2:7f:a4:5b:93:64:03:c7:9e:1b:
                    e2:ad:5d:fe:ed:fc:b4:81:33:cd:02:70:6a:ce:47:
                    62:7c:5e:35:9a:11:81:4b:be:85:de:fb:93:0e:78:
                    6b:f0:4f:33:14:10:2c:2f:9d:0d:9f:b3:47:f8:c3:
                    26:ed:5f:61:ac:f6:21:ca:79:3f:a4:2d:13:91:2f:
                    ff:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:7D:98:EF:8A:CE:2D:00:8C:87:2D:8E:DD:7F:68:B8:58:84:90:56
            X509v3 Authority Key Identifier:
                keyid:83:F5:BD:23:BE:C5:D0:63:98:33:A9:14:19:85:CC:57:53:88:6E:16

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g_W9I77F0GOYM6kUGYXMV1OIbhY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/b2397c-b36d-46a3-a240-1d9a19f1295b/1/1H2Y74rOLQCMhy2O3X9ouFiEkFY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/b2397c-b36d-46a3-a240-1d9a19f1295b/1/g_W9I77F0GOYM6kUGYXMV1OIbhY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.96.0/22
                IPv6:
                  2a04:f310::/31

    Signature Algorithm: sha256WithRSAEncryption
         b2:2a:f6:d1:ee:6b:a2:8d:95:49:1b:a7:77:4f:41:98:71:18:
         12:ff:e8:f0:9d:f7:f9:a0:24:ba:10:5c:30:6c:26:4e:c4:54:
         5a:e0:95:e9:cc:8b:74:18:88:29:15:c4:cc:ef:e9:65:63:7c:
         fa:0d:b2:b7:99:8c:7c:22:1e:8a:da:03:2e:69:26:02:a7:f7:
         45:50:ba:62:cb:03:39:70:cb:eb:db:30:f1:cd:18:b2:cb:c0:
         0a:e3:52:b4:42:aa:20:e1:1c:53:10:e0:d6:5d:1d:4a:52:fe:
         a4:4e:1a:ac:b8:28:d5:46:05:ba:55:aa:25:65:54:bc:cd:92:
         06:f0:9b:de:fe:11:43:c3:6a:f7:4f:e1:bb:93:1d:52:eb:da:
         9e:52:19:48:b8:c4:5f:8f:ce:27:1f:85:6f:a8:6c:69:08:bb:
         c7:b9:05:92:d0:2c:c8:a7:80:6d:c2:c0:ce:ab:13:49:0b:24:
         72:9c:30:5d:10:9a:7a:ba:21:3d:bf:27:86:92:e4:f7:52:40:
         37:1c:07:fc:5b:da:92:09:c8:36:e5:d2:c8:15:96:f9:6f:33:
         fc:c6:90:78:52:4f:71:c3:0d:97:69:e8:e9:8e:af:6c:bd:ed:
         66:e8:fc:d7:cb:9f:a9:b0:8b:7f:37:e2:51:28:71:7c:7c:6e:
         85:88:75:91
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQnSEuSxxSa7+RwM46gViTKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzZjViZDIzYmVjNWQwNjM5ODMzYTkxNDE5ODVjYzU3NTM4
ODZlMTYwHhcNMjUwMTAyMTM1MDM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDdkOThlZjhhY2UyZDAwOGM4NzJkOGVkZDdmNjhiODU4ODQ5MDU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAySXE3no0vNzs3NcfsCkhnWEekbDE
xYljSMWz4PVsEBTLl4pUlcjbED9ecnPlgj4Zv7K2PVSbnIUb6zGbd5AMemJpHuA2
ZRVbayZFWM8CqTI/KdzYnYE99JuDuJ15F0vGIFKAIumpAnW5a8bXDKgT2ODTQSC1
avPKFWlirX3S6M3tcw+trvm32EvXPGnOOzmZZOF8KKzUQZpkQ6O3lB3F/CIJ++yv
Cn7uVM7aBwalrynXb6VzE5m61eJ/pFuTZAPHnhvirV3+7fy0gTPNAnBqzkdifF41
mhGBS76F3vuTDnhr8E8zFBAsL50Nn7NH+MMm7V9hrPYhynk/pC0TkS//4wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNR9mO+Kzi0AjIctjt1/aLhYhJBWMB8GA1UdIwQY
MBaAFIP1vSO+xdBjmDOpFBmFzFdTiG4WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ19XOUk3N0YwR09ZTTZrVUdZWE1WMU9JYmhZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi9iMjM5N2MtYjM2ZC00NmEzLWEyNDAt
MWQ5YTE5ZjEyOTViLzEvMUgyWTc0ck9MUUNNaHkyTzNYOW91RmlFa0ZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi9iMjM5N2MtYjM2ZC00NmEzLWEyNDAtMWQ5YTE5ZjEyOTVi
LzEvZ19XOUk3N0YwR09ZTTZrVUdZWE1WMU9JYmhZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXdgMA0E
AgACMAcDBQEqBPMQMA0GCSqGSIb3DQEBCwUAA4IBAQCyKvbR7muijZVJG6d3T0GY
cRgS/+jwnff5oCS6EFwwbCZOxFRa4JXpzIt0GIgpFcTM7+llY3z6DbK3mYx8Ih6K
2gMuaSYCp/dFULpiywM5cMvr2zDxzRiyy8AK41K0Qqog4RxTEODWXR1KUv6kThqs
uCjVRgW6VaolZVS8zZIG8Jve/hFDw2r3T+G7kx1S69qeUhlIuMRfj84nH4VvqGxp
CLvHuQWS0CzIp4BtwsDOqxNJCyRynDBdEJp6uiE9vyeGkuT3UkA3HAf8W9qSCcg2
5dLIFZb5bzP8xpB4Uk9xww2Xaejpjq9sve1m6PzXy5+psIt/N+JRKHF8fG6FiHWR
-----END CERTIFICATE-----