Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/I1TR6PkHLqcK9JhqQozTxA2F8dM.roa
File:                     I1TR6PkHLqcK9JhqQozTxA2F8dM.roa (raw, json)
Hash identifier:          pz5C+r8mg2AZGBZBVvOWJslEqCo+j9NeWY7YNXwFyuM=
Subject key identifier:   23:54:D1:E8:F9:07:2E:A7:0A:F4:98:6A:42:8C:D3:C4:0D:85:F1:D3
Certificate issuer:       /CN=0dd441c3ffae829842249e944b03851081f4d9e0
Certificate serial:       01941FFA4584FFAABBD89CB5DBB56B082609
Authority key identifier: 0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/I1TR6PkHLqcK9JhqQozTxA2F8dM.roa
Signing time:             Wed 01 Jan 2025 03:48:03 +0000
ROA not before:           Wed 01 Jan 2025 03:48:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207456
IP address blocks:        185.82.74.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:01:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:45:84:ff:aa:bb:d8:9c:b5:db:b5:6b:08:26:09
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0dd441c3ffae829842249e944b03851081f4d9e0
        Validity
            Not Before: Jan  1 03:48:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2354d1e8f9072ea70af4986a428cd3c40d85f1d3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:f5:e7:1d:2c:5d:73:3f:a1:9c:98:8e:b5:a6:
                    00:c0:dc:32:1a:e1:3f:f7:b6:e8:df:07:b5:e8:b3:
                    cc:55:3e:8e:66:3a:11:f3:b4:dd:c2:c1:42:ff:5b:
                    b7:02:4a:d5:d7:ec:72:9f:f0:f3:53:6b:3d:54:e8:
                    60:ef:7a:01:55:02:3a:0c:03:40:17:c1:b7:63:7c:
                    c6:ee:39:08:56:5b:77:ec:38:56:d1:35:8e:cb:ac:
                    63:e8:7c:62:09:19:8c:fb:26:de:f4:c3:e7:28:c2:
                    55:76:d6:56:58:45:fa:73:08:e0:c4:3a:0b:47:6f:
                    3a:75:d8:d6:fc:e1:29:1d:d1:73:28:4a:95:16:70:
                    d7:d5:be:64:b2:4a:63:4e:26:38:c6:94:a7:a8:45:
                    bf:29:53:ff:22:ed:70:07:a4:7c:0f:4d:92:a1:20:
                    c1:f9:8e:5d:29:3b:66:c9:74:b0:a5:a8:84:34:d8:
                    f8:f6:5a:ef:96:04:3a:ce:8b:fe:48:3d:1b:6f:42:
                    82:9e:3d:22:54:17:32:31:a9:a7:90:84:d5:25:c6:
                    a8:88:56:d5:83:79:62:9c:39:c1:fa:ae:b2:4c:72:
                    f5:d3:c9:79:75:db:97:8c:37:d8:f2:88:5a:ec:1b:
                    72:44:52:43:1c:af:92:db:c8:80:6d:23:f2:1a:7e:
                    6b:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:54:D1:E8:F9:07:2E:A7:0A:F4:98:6A:42:8C:D3:C4:0D:85:F1:D3
            X509v3 Authority Key Identifier:
                keyid:0D:D4:41:C3:FF:AE:82:98:42:24:9E:94:4B:03:85:10:81:F4:D9:E0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DdRBw_-ugphCJJ6USwOFEIH02eA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/I1TR6PkHLqcK9JhqQozTxA2F8dM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a7ef4d-dc44-4faf-9513-e9c9132836ff/1/DdRBw_-ugphCJJ6USwOFEIH02eA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.82.74.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:80:02:7e:bb:55:43:07:24:91:70:38:dd:d0:5a:7d:ee:22:
         db:9a:bc:be:13:db:10:67:66:c7:78:d4:6b:24:9f:d9:fd:ef:
         18:90:88:7e:34:8f:e9:e8:bd:13:60:11:cb:af:d3:0c:56:79:
         ed:1b:28:89:6b:3f:f7:6c:35:d2:11:80:37:47:2c:98:bd:47:
         b0:fe:a6:bf:06:8a:4e:6b:dc:6a:5e:17:f1:00:12:e0:30:44:
         e3:cb:4b:41:7c:72:f6:bc:b7:7e:c7:50:e9:89:4f:7f:8f:af:
         96:9c:00:28:c5:f7:04:c1:32:4a:e7:16:6a:9f:d6:6b:96:67:
         e0:01:f0:a5:c0:aa:72:5e:2b:11:51:88:74:7b:da:43:d9:f3:
         d0:9d:14:29:55:8b:a6:49:18:39:ee:2f:41:a6:96:c2:0c:f3:
         fb:8b:33:fd:4c:d6:7f:43:06:6d:d6:12:75:b6:70:13:be:fa:
         76:c8:e5:fb:be:5e:6b:aa:47:da:2f:cb:89:74:ad:c7:af:bb:
         52:ab:f2:99:58:4d:4d:38:4e:8a:4a:43:70:03:f0:7d:9a:4b:
         72:92:e4:4a:6b:4c:d4:b4:b7:b1:24:bd:3c:47:49:6c:af:fe:
         7e:4a:57:50:9d:1d:7f:55:05:d2:e0:03:02:af:39:70:8e:e4:
         60:39:51:71
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+kWE/6q72Jy127VrCCYJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkZDQ0MWMzZmZhZTgyOTg0MjI0OWU5NDRiMDM4NTEwODFm
NGQ5ZTAwHhcNMjUwMTAxMDM0ODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzU0ZDFlOGY5MDcyZWE3MGFmNDk4NmE0MjhjZDNjNDBkODVmMWQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4/XnHSxdcz+hnJiOtaYAwNwyGuE/
97bo3we16LPMVT6OZjoR87TdwsFC/1u3AkrV1+xyn/DzU2s9VOhg73oBVQI6DANA
F8G3Y3zG7jkIVlt37DhW0TWOy6xj6HxiCRmM+ybe9MPnKMJVdtZWWEX6cwjgxDoL
R286ddjW/OEpHdFzKEqVFnDX1b5kskpjTiY4xpSnqEW/KVP/Iu1wB6R8D02SoSDB
+Y5dKTtmyXSwpaiENNj49lrvlgQ6zov+SD0bb0KCnj0iVBcyMamnkITVJcaoiFbV
g3linDnB+q6yTHL108l5dduXjDfY8oha7BtyRFJDHK+S28iAbSPyGn5rrQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNU0ej5By6nCvSYakKM08QNhfHTMB8GA1UdIwQY
MBaAFA3UQcP/roKYQiSelEsDhRCB9NngMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMt
ZTljOTEzMjgzNmZmLzEvSTFUUjZQa0hMcWNLOUpocVFvelR4QTJGOGRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hN2VmNGQtZGM0NC00ZmFmLTk1MTMtZTljOTEzMjgzNmZm
LzEvRGRSQndfLXVncGhDSko2VVN3T0ZFSUgwMmVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuVJKMA0G
CSqGSIb3DQEBCwUAA4IBAQCZgAJ+u1VDBySRcDjd0Fp97iLbmry+E9sQZ2bHeNRr
JJ/Z/e8YkIh+NI/p6L0TYBHLr9MMVnntGyiJaz/3bDXSEYA3RyyYvUew/qa/BopO
a9xqXhfxABLgMETjy0tBfHL2vLd+x1DpiU9/j6+WnAAoxfcEwTJK5xZqn9Zrlmfg
AfClwKpyXisRUYh0e9pD2fPQnRQpVYumSRg57i9BppbCDPP7izP9TNZ/QwZt1hJ1
tnATvvp2yOX7vl5rqkfaL8uJdK3Hr7tSq/KZWE1NOE6KSkNwA/B9mktykuRKa0zU
tLexJL08R0lsr/5+SldQnR1/VQXS4AMCrzlwjuRgOVFx
-----END CERTIFICATE-----