Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/1794e8-8998-4514-b7e1-216d289f1764/1/Il2poWeT4F_H4KiL-0HdiaMsadA.roa
File:                     Il2poWeT4F_H4KiL-0HdiaMsadA.roa (raw, json)
Hash identifier:          VrsL8H9loMqzLX65T7cvzeckeITcvwECmwnt6mshIP0=
Subject key identifier:   22:5D:A9:A1:67:93:E0:5F:C7:E0:A8:8B:FB:41:DD:89:A3:2C:69:D0
Certificate issuer:       /CN=bc063d650534aa9f06931fd8ed6e0bb276ebd3bf
Certificate serial:       0194258E14CCF75E030504C42DB3545B1214
Authority key identifier: BC:06:3D:65:05:34:AA:9F:06:93:1F:D8:ED:6E:0B:B2:76:EB:D3:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vAY9ZQU0qp8Gkx_Y7W4Lsnbr078.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/1794e8-8998-4514-b7e1-216d289f1764/1/Il2poWeT4F_H4KiL-0HdiaMsadA.roa
Signing time:             Thu 02 Jan 2025 05:47:35 +0000
ROA not before:           Thu 02 Jan 2025 05:47:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35349
IP address blocks:        185.239.248.0/22 maxlen: 22
                          2a0c:6780::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/1794e8-8998-4514-b7e1-216d289f1764/1/vAY9ZQU0qp8Gkx_Y7W4Lsnbr078.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/1794e8-8998-4514-b7e1-216d289f1764/1/vAY9ZQU0qp8Gkx_Y7W4Lsnbr078.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vAY9ZQU0qp8Gkx_Y7W4Lsnbr078.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:14:cc:f7:5e:03:05:04:c4:2d:b3:54:5b:12:14
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bc063d650534aa9f06931fd8ed6e0bb276ebd3bf
        Validity
            Not Before: Jan  2 05:47:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=225da9a16793e05fc7e0a88bfb41dd89a32c69d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:2b:40:45:57:51:6d:cf:5c:aa:d9:fb:e8:1b:
                    be:83:a4:7e:53:e6:91:f0:37:67:57:fa:86:04:8b:
                    66:55:3a:56:98:4f:c6:d1:48:9b:57:96:c6:02:93:
                    8a:f0:1b:5f:70:cf:0b:84:3c:8a:28:f6:3d:e0:b5:
                    29:f2:0c:8d:92:86:27:44:05:7f:10:a3:07:43:62:
                    ad:c4:a4:41:7d:8d:a4:4a:a5:aa:da:9c:67:5b:bd:
                    1c:cc:e9:89:ab:5f:46:cb:d1:f9:72:77:76:e4:ec:
                    96:6c:d4:57:d9:8b:16:03:a9:8a:f1:14:0e:1e:5e:
                    9c:d9:fb:da:86:fb:f1:90:e0:ab:e4:25:b2:d1:03:
                    51:74:3c:59:73:ad:cf:02:be:9b:c5:3f:69:fc:77:
                    65:8a:f4:48:a5:40:7f:31:07:c5:46:11:ed:dd:c4:
                    48:e6:71:d4:6e:0b:00:66:9e:69:2f:bb:2f:ce:29:
                    00:3e:78:88:70:d1:a2:3c:e6:d6:9e:15:5b:5b:12:
                    f4:cb:39:a8:af:9c:a5:f3:4d:be:09:a5:ff:a7:04:
                    3f:95:b7:d4:09:55:36:d9:52:8e:55:a5:96:7b:db:
                    5f:9f:15:b4:16:5b:c4:ca:fd:52:fd:d9:37:bd:b0:
                    36:f1:8a:00:5e:18:6b:48:3e:b0:50:d8:ca:97:6a:
                    1a:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:5D:A9:A1:67:93:E0:5F:C7:E0:A8:8B:FB:41:DD:89:A3:2C:69:D0
            X509v3 Authority Key Identifier:
                keyid:BC:06:3D:65:05:34:AA:9F:06:93:1F:D8:ED:6E:0B:B2:76:EB:D3:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vAY9ZQU0qp8Gkx_Y7W4Lsnbr078.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/1794e8-8998-4514-b7e1-216d289f1764/1/Il2poWeT4F_H4KiL-0HdiaMsadA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/1794e8-8998-4514-b7e1-216d289f1764/1/vAY9ZQU0qp8Gkx_Y7W4Lsnbr078.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.248.0/22
                IPv6:
                  2a0c:6780::/29

    Signature Algorithm: sha256WithRSAEncryption
         1a:c3:fd:7b:a2:97:5d:fd:38:0d:1e:4c:59:ee:3a:db:4a:27:
         cf:39:22:3a:6b:7e:0b:c7:c3:90:3b:63:9a:10:bb:8e:a2:b2:
         ff:52:cb:3a:5a:e7:50:95:da:c9:e5:b1:c4:36:c2:fb:4b:9f:
         2f:db:9e:d6:8d:1b:d4:f1:f4:19:e4:c5:ff:8f:16:8c:cc:2b:
         f3:98:84:7e:10:d1:20:af:94:b0:d2:40:02:b9:0e:37:82:60:
         40:80:7a:9c:a3:88:7c:6e:41:2c:eb:1e:d7:06:b7:35:12:38:
         e8:81:d9:c4:c9:94:9a:93:60:85:a0:3a:f8:f9:3a:95:ac:bb:
         30:60:8d:72:3a:ea:3a:3d:0f:13:bc:9d:18:36:15:bd:a0:32:
         89:3c:32:a3:3a:26:fe:de:9f:de:41:02:2e:21:71:25:dc:40:
         5f:86:d1:73:6d:7b:99:47:21:16:38:51:db:bf:69:09:b9:a8:
         28:65:48:da:6a:17:92:a6:42:60:44:7f:aa:f1:3e:b0:0b:09:
         22:17:58:b9:ec:cf:a8:73:c3:6d:7b:f8:0a:9f:33:07:ca:b3:
         1f:c6:01:4b:cc:e9:6f:e5:ff:72:69:58:16:17:15:da:af:4c:
         24:da:66:b2:d4:e4:8d:4e:f9:f0:cb:11:8c:8d:82:ec:52:a7:
         ca:71:59:df
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQljhTM914DBQTELbNUWxIUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjMDYzZDY1MDUzNGFhOWYwNjkzMWZkOGVkNmUwYmIyNzZl
YmQzYmYwHhcNMjUwMTAyMDU0NzM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjVkYTlhMTY3OTNlMDVmYzdlMGE4OGJmYjQxZGQ4OWEzMmM2OWQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtStARVdRbc9cqtn76Bu+g6R+U+aR
8DdnV/qGBItmVTpWmE/G0UibV5bGApOK8BtfcM8LhDyKKPY94LUp8gyNkoYnRAV/
EKMHQ2KtxKRBfY2kSqWq2pxnW70czOmJq19Gy9H5cnd25OyWbNRX2YsWA6mK8RQO
Hl6c2fvahvvxkOCr5CWy0QNRdDxZc63PAr6bxT9p/HdlivRIpUB/MQfFRhHt3cRI
5nHUbgsAZp5pL7svzikAPniIcNGiPObWnhVbWxL0yzmor5yl802+CaX/pwQ/lbfU
CVU22VKOVaWWe9tfnxW0FlvEyv1S/dk3vbA28YoAXhhrSD6wUNjKl2oa8QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCJdqaFnk+Bfx+Coi/tB3YmjLGnQMB8GA1UdIwQY
MBaAFLwGPWUFNKqfBpMf2O1uC7J269O/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdkFZOVpRVTBxcDhHa3hfWTdXNExzbmJyMDc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC8xNzk0ZTgtODk5OC00NTE0LWI3ZTEt
MjE2ZDI4OWYxNzY0LzEvSWwycG9XZVQ0Rl9INEtpTC0wSGRpYU1zYWRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC8xNzk0ZTgtODk5OC00NTE0LWI3ZTEtMjE2ZDI4OWYxNzY0
LzEvdkFZOVpRVTBxcDhHa3hfWTdXNExzbmJyMDc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCue/4MA0E
AgACMAcDBQMqDGeAMA0GCSqGSIb3DQEBCwUAA4IBAQAaw/17opdd/TgNHkxZ7jrb
SifPOSI6a34Lx8OQO2OaELuOorL/Uss6WudQldrJ5bHENsL7S58v257WjRvU8fQZ
5MX/jxaMzCvzmIR+ENEgr5Sw0kACuQ43gmBAgHqco4h8bkEs6x7XBrc1EjjogdnE
yZSak2CFoDr4+TqVrLswYI1yOuo6PQ8TvJ0YNhW9oDKJPDKjOib+3p/eQQIuIXEl
3EBfhtFzbXuZRyEWOFHbv2kJuagoZUjaaheSpkJgRH+q8T6wCwkiF1i57M+oc8Nt
e/gKnzMHyrMfxgFLzOlv5f9yaVgWFxXar0wk2may1OSNTvnwyxGMjYLsUqfKcVnf
-----END CERTIFICATE-----