Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/1-Y2dKMtSX_HHImXALZ9Ywq-mBt0.roa
File:                     1-Y2dKMtSX_HHImXALZ9Ywq-mBt0.roa (raw, json)
Hash identifier:          7qyTbmtwccyXrpltxd1wqJPnd+/MFLmBgiiCsu8AQkU=
Subject key identifier:   F9:8D:9D:28:CB:52:5F:F1:C7:22:65:C0:2D:9F:58:C2:AF:A6:06:DD
Certificate issuer:       /CN=8e626c909eb4951154bcee8221e43951b4257624
Certificate serial:       0194282588B5949C20804F83092FF69E66CF
Authority key identifier: 8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/1-Y2dKMtSX_HHImXALZ9Ywq-mBt0.roa
Signing time:             Thu 02 Jan 2025 17:52:15 +0000
ROA not before:           Thu 02 Jan 2025 17:52:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14178
IP address blocks:        185.70.112.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:88:b5:94:9c:20:80:4f:83:09:2f:f6:9e:66:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8e626c909eb4951154bcee8221e43951b4257624
        Validity
            Not Before: Jan  2 17:52:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f98d9d28cb525ff1c72265c02d9f58c2afa606dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:f0:a4:cd:a8:31:45:1f:3a:8f:03:b8:be:5c:
                    ce:db:ab:12:1d:1d:f6:c3:21:a7:02:c8:b2:88:d5:
                    49:cf:cc:75:77:02:b7:2b:08:44:e5:4b:3d:3f:32:
                    c6:7e:d3:c7:ef:11:13:df:b1:29:f8:69:1a:05:77:
                    c7:d5:8d:bc:f6:4c:27:f6:35:b9:81:34:cd:12:66:
                    69:aa:5b:04:57:76:0a:1a:b4:9f:3c:2a:ba:36:7b:
                    19:35:7a:52:40:2e:02:36:6d:b9:45:04:86:c0:dd:
                    29:25:f4:f3:02:60:ad:80:dc:80:52:79:88:72:0a:
                    05:d3:80:eb:72:04:34:57:12:1a:e5:a7:c1:1a:0e:
                    d9:c0:18:cd:b3:25:92:8d:19:10:08:d3:f0:af:83:
                    27:cb:b1:ad:5c:71:97:11:58:14:6c:66:be:ea:47:
                    0a:ed:11:72:c7:c0:ed:c9:66:bf:a3:1a:07:1d:7e:
                    b3:2e:5b:28:c7:44:8c:21:8a:cf:3f:59:a0:e1:3c:
                    c0:64:14:84:a3:36:d3:dd:5d:b5:05:48:d4:6d:1b:
                    53:50:02:94:f0:59:78:f4:d9:47:26:02:86:ac:01:
                    50:00:d2:8c:0e:9a:50:b7:29:53:4c:4c:60:5f:90:
                    67:c3:22:1c:6d:a9:9f:f6:85:c4:dd:86:f9:8b:aa:
                    51:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:8D:9D:28:CB:52:5F:F1:C7:22:65:C0:2D:9F:58:C2:AF:A6:06:DD
            X509v3 Authority Key Identifier:
                keyid:8E:62:6C:90:9E:B4:95:11:54:BC:EE:82:21:E4:39:51:B4:25:76:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jmJskJ60lRFUvO6CIeQ5UbQldiQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/1-Y2dKMtSX_HHImXALZ9Ywq-mBt0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/01/fe4266-7f54-4fb3-b810-e97d1d0220af/1/jmJskJ60lRFUvO6CIeQ5UbQldiQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.70.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:fe:38:35:97:eb:0f:56:f7:ab:d2:f3:65:cd:08:02:2c:e7:
         f1:8d:b1:a9:51:db:03:9e:3c:fd:0c:73:f2:d7:c0:bd:01:68:
         ca:96:d1:51:e9:54:61:22:cc:25:16:ce:0a:28:d6:a4:4d:50:
         11:20:d2:c4:ac:92:d7:5d:85:0c:83:8a:7a:f6:26:85:34:5c:
         01:e4:03:e4:19:96:2f:8b:af:fc:6e:ad:58:6e:89:7b:90:48:
         44:b5:86:64:9f:d1:86:fa:80:9e:ee:1e:98:68:7c:a7:3b:14:
         2d:ee:1e:3e:f7:bd:49:03:a0:17:60:b1:2e:d3:49:3b:56:90:
         8a:f1:f6:42:1d:5b:ce:2e:ce:8d:1d:f2:da:a1:81:db:d9:c2:
         43:d9:83:54:c0:e6:17:8c:c4:09:7a:27:6b:3d:30:f6:ad:ca:
         cc:dc:71:10:3f:e5:59:66:dd:bb:9f:f1:64:43:6a:6c:02:ed:
         f1:7e:10:0f:31:0d:17:2d:36:2a:42:40:20:46:81:a2:28:5c:
         2e:e6:28:88:fc:75:97:5d:2f:1b:bc:94:49:47:a3:54:6c:b5:
         eb:77:f6:ac:39:c1:b7:3e:13:3a:36:68:bb:d5:f7:71:d5:62:
         37:68:f6:80:83:ae:93:50:f3:a2:93:bc:21:61:0c:e7:64:46:
         32:99:36:0d
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQoJYi1lJwggE+DCS/2nmbPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlNjI2YzkwOWViNDk1MTE1NGJjZWU4MjIxZTQzOTUxYjQy
NTc2MjQwHhcNMjUwMTAyMTc1MjE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOThkOWQyOGNiNTI1ZmYxYzcyMjY1YzAyZDlmNThjMmFmYTYwNmRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4PCkzagxRR86jwO4vlzO26sSHR32
wyGnAsiyiNVJz8x1dwK3KwhE5Us9PzLGftPH7xET37Ep+GkaBXfH1Y289kwn9jW5
gTTNEmZpqlsEV3YKGrSfPCq6NnsZNXpSQC4CNm25RQSGwN0pJfTzAmCtgNyAUnmI
cgoF04DrcgQ0VxIa5afBGg7ZwBjNsyWSjRkQCNPwr4Mny7GtXHGXEVgUbGa+6kcK
7RFyx8DtyWa/oxoHHX6zLlsox0SMIYrPP1mg4TzAZBSEozbT3V21BUjUbRtTUAKU
8Fl49NlHJgKGrAFQANKMDppQtylTTExgX5BnwyIcbamf9oXE3Yb5i6pRuwIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPmNnSjLUl/xxyJlwC2fWMKvpgbdMB8GA1UdIwQY
MBaAFI5ibJCetJURVLzugiHkOVG0JXYkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam1Kc2tKNjBsUkZVdk82Q0llUTVVYlFsZGlRLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9mZTQyNjYtN2Y1NC00ZmIzLWI4MTAt
ZTk3ZDFkMDIyMGFmLzEvMS1ZMmRLTXRTWF9ISEltWEFMWjlZd3EtbUJ0MC5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDEvZmU0MjY2LTdmNTQtNGZiMy1iODEwLWU5N2QxZDAyMjBh
Zi8xL2ptSnNrSjYwbFJGVXZPNkNJZVE1VWJRbGRpUS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEArlGcDAN
BgkqhkiG9w0BAQsFAAOCAQEAbP44NZfrD1b3q9LzZc0IAizn8Y2xqVHbA548/Qxz
8tfAvQFoypbRUelUYSLMJRbOCijWpE1QESDSxKyS112FDIOKevYmhTRcAeQD5BmW
L4uv/G6tWG6Je5BIRLWGZJ/RhvqAnu4emGh8pzsULe4ePve9SQOgF2CxLtNJO1aQ
ivH2Qh1bzi7OjR3y2qGB29nCQ9mDVMDmF4zECXonaz0w9q3KzNxxED/lWWbdu5/x
ZENqbALt8X4QDzENFy02KkJAIEaBoihcLuYoiPx1l10vG7yUSUejVGy163f2rDnB
tz4TOjZou9X3cdViN2j2gIOuk1DzopO8IWEM52RGMpk2DQ==
-----END CERTIFICATE-----