Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CFVx4Dm7v2K-bb13Zf2JTAiuaNs.roa
File:                     CFVx4Dm7v2K-bb13Zf2JTAiuaNs.roa (raw, json)
Hash identifier:          275lt+C+B9IOT40d713fIO6T/sFPQvXq3d142UNGbeQ=
Subject key identifier:   08:55:71:E0:39:BB:BF:62:BE:6D:BD:77:65:FD:89:4C:08:AE:68:DB
Certificate issuer:       /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial:       01942824D3AD2A222C17B74B84A58AE56D65
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CFVx4Dm7v2K-bb13Zf2JTAiuaNs.roa
Signing time:             Thu 02 Jan 2025 17:51:29 +0000
ROA not before:           Thu 02 Jan 2025 17:51:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216127
IP address blocks:        185.218.137.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:24:d3:ad:2a:22:2c:17:b7:4b:84:a5:8a:e5:6d:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
        Validity
            Not Before: Jan  2 17:51:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=085571e039bbbf62be6dbd7765fd894c08ae68db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:e5:52:a2:81:71:3f:41:21:aa:8d:40:fa:15:
                    83:37:d6:b1:27:4a:4e:75:05:cb:30:db:a1:29:e9:
                    e4:d0:fc:ff:70:88:bd:47:58:3f:a2:bd:dd:09:cb:
                    e1:6b:22:db:55:6d:72:3d:8b:66:0c:85:e3:22:af:
                    52:6e:24:81:d1:3c:c6:aa:b7:45:de:48:69:1f:9a:
                    c0:85:61:3b:ca:0c:d3:bd:df:14:61:cf:05:18:22:
                    34:36:23:88:7a:69:ec:f0:c8:60:b2:e1:c0:56:1c:
                    69:01:97:55:84:1c:b1:ec:f3:a7:17:c1:ec:52:31:
                    97:6c:90:75:03:b6:56:79:bc:c6:bd:52:cf:89:63:
                    74:47:98:7d:03:ab:81:19:19:11:14:09:b7:b2:9f:
                    73:36:b0:01:15:bc:a4:d2:b7:b4:83:d8:e8:87:52:
                    48:21:16:c3:d2:2f:25:ba:ce:0b:b5:91:64:73:eb:
                    0c:29:ff:01:0a:95:3a:f8:3e:b8:5a:b1:55:09:40:
                    aa:1b:7e:4f:6f:ae:e7:82:12:c5:6c:08:8c:ed:09:
                    86:49:13:e4:89:4d:62:bc:22:44:29:7d:d2:3f:99:
                    5a:b6:67:92:11:2c:49:9b:f9:7a:b6:d2:e9:3d:31:
                    5e:14:c2:da:9d:ed:81:01:a2:6c:01:75:3f:a9:0b:
                    5e:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:55:71:E0:39:BB:BF:62:BE:6D:BD:77:65:FD:89:4C:08:AE:68:DB
            X509v3 Authority Key Identifier:
                keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CFVx4Dm7v2K-bb13Zf2JTAiuaNs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.137.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:3c:8c:9e:26:3b:b9:22:07:a1:69:5e:54:35:83:b2:d6:aa:
         be:f0:a2:41:a2:06:10:cd:7f:2a:1d:92:ac:db:f6:7c:12:32:
         9f:94:30:1a:da:37:3e:22:03:a3:f7:cb:02:32:1e:f8:23:b5:
         e3:22:13:04:f4:62:0a:f4:ea:02:3e:35:8a:02:23:78:9b:d8:
         3e:ad:ed:6e:d5:06:25:d5:51:35:10:3d:0e:52:05:35:ae:c6:
         c7:f7:93:8b:1f:40:6b:d6:19:94:c3:d0:bf:13:78:66:b7:87:
         2f:84:e2:02:b4:c2:8c:00:ba:6d:6a:fc:d4:f4:36:2b:91:49:
         3d:7e:cb:1b:46:93:0c:06:65:7e:37:30:b8:6b:51:71:a1:ee:
         11:ec:39:4e:f0:6d:11:bd:dc:7a:ff:bf:14:59:a4:5d:69:b0:
         e2:22:45:e4:a3:39:7d:24:38:f3:97:c3:1f:67:41:40:e1:23:
         ef:ea:f2:d1:91:1c:26:5f:a4:66:fe:19:f9:03:55:43:9b:91:
         d8:e3:7a:cc:43:ad:92:a5:0e:03:34:97:e3:0c:21:dd:b9:41:
         db:62:9c:3b:91:7b:be:76:e3:86:b9:bb:8f:79:86:dc:3f:8e:
         7a:26:ba:fe:7c:99:cd:9f:ee:91:33:87:4a:c6:fa:e2:db:c0:
         91:47:e9:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJNOtKiIsF7dLhKWK5W1lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMTc1MTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODU1NzFlMDM5YmJiZjYyYmU2ZGJkNzc2NWZkODk0YzA4YWU2OGRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqeVSooFxP0Ehqo1A+hWDN9axJ0pO
dQXLMNuhKenk0Pz/cIi9R1g/or3dCcvhayLbVW1yPYtmDIXjIq9SbiSB0TzGqrdF
3khpH5rAhWE7ygzTvd8UYc8FGCI0NiOIemns8MhgsuHAVhxpAZdVhByx7POnF8Hs
UjGXbJB1A7ZWebzGvVLPiWN0R5h9A6uBGRkRFAm3sp9zNrABFbyk0re0g9joh1JI
IRbD0i8lus4LtZFkc+sMKf8BCpU6+D64WrFVCUCqG35Pb67nghLFbAiM7QmGSRPk
iU1ivCJEKX3SP5latmeSESxJm/l6ttLpPTFeFMLane2BAaJsAXU/qQtexwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAhVceA5u79ivm29d2X9iUwIrmjbMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQ0ZWeDREbTd2MkstYmIxM1pmMkpUQWl1YU5zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudqJMA0G
CSqGSIb3DQEBCwUAA4IBAQCxPIyeJju5IgehaV5UNYOy1qq+8KJBogYQzX8qHZKs
2/Z8EjKflDAa2jc+IgOj98sCMh74I7XjIhME9GIK9OoCPjWKAiN4m9g+re1u1QYl
1VE1ED0OUgU1rsbH95OLH0Br1hmUw9C/E3hmt4cvhOICtMKMALptavzU9DYrkUk9
fssbRpMMBmV+NzC4a1Fxoe4R7DlO8G0Rvdx6/78UWaRdabDiIkXkozl9JDjzl8Mf
Z0FA4SPv6vLRkRwmX6Rm/hn5A1VDm5HY43rMQ62SpQ4DNJfjDCHduUHbYpw7kXu+
duOGubuPeYbcP456Jrr+fJnNn+6RM4dKxvri28CRR+lz
-----END CERTIFICATE-----