Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/14/89460c-132f-4c91-bd81-cfc0fcba83a2/1/aeH9HJ9pJaNmWyF-L7DK5SJwZY4.roa
File:                     aeH9HJ9pJaNmWyF-L7DK5SJwZY4.roa (raw, json)
Hash identifier:          ZymKLot+S0ODnNv/ycCiCzvG9PSmkpOXHHZ4MxN5d9U=
Subject key identifier:   69:E1:FD:1C:9F:69:25:A3:66:5B:21:7E:2F:B0:CA:E5:22:70:65:8E
Certificate issuer:       /CN=4f4fe81f3231268f7ce3c314a496a82cc2277c3b
Certificate serial:       0194282637F26C53AAC321D779B2F1C604F7
Authority key identifier: 4F:4F:E8:1F:32:31:26:8F:7C:E3:C3:14:A4:96:A8:2C:C2:27:7C:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T0_oHzIxJo9848MUpJaoLMInfDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/14/89460c-132f-4c91-bd81-cfc0fcba83a2/1/aeH9HJ9pJaNmWyF-L7DK5SJwZY4.roa
Signing time:             Thu 02 Jan 2025 17:53:00 +0000
ROA not before:           Thu 02 Jan 2025 17:53:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213004
IP address blocks:        185.216.64.0/22 maxlen: 22
                          185.216.64.0/24 maxlen: 24
                          185.216.65.0/24 maxlen: 24
                          185.216.66.0/24 maxlen: 24
                          185.216.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/14/89460c-132f-4c91-bd81-cfc0fcba83a2/1/T0_oHzIxJo9848MUpJaoLMInfDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/14/89460c-132f-4c91-bd81-cfc0fcba83a2/1/T0_oHzIxJo9848MUpJaoLMInfDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T0_oHzIxJo9848MUpJaoLMInfDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:26:37:f2:6c:53:aa:c3:21:d7:79:b2:f1:c6:04:f7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f4fe81f3231268f7ce3c314a496a82cc2277c3b
        Validity
            Not Before: Jan  2 17:53:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=69e1fd1c9f6925a3665b217e2fb0cae52270658e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:74:e8:ba:f4:a3:05:d3:0e:2e:35:cd:66:c7:
                    39:8d:9a:40:bd:3b:2d:dc:51:d8:92:37:96:ee:25:
                    7f:09:70:5e:1b:af:0b:f5:3c:d8:fe:21:76:ed:d0:
                    f6:e5:38:92:83:47:19:24:01:87:6c:65:fe:7a:cd:
                    9b:ba:bd:31:35:f5:1c:75:3d:83:80:07:e1:cc:6f:
                    dd:17:48:67:74:70:bb:17:6b:b8:30:4e:b3:78:fa:
                    7b:6d:4f:a6:55:98:26:2e:91:40:1a:91:9a:0d:6d:
                    3a:f6:2d:6e:2d:8d:4c:4e:2b:95:1e:d2:65:dd:87:
                    27:23:40:19:f9:56:a9:f9:b5:f3:a2:6e:08:f6:d4:
                    2b:6d:3e:ef:c6:b2:95:d9:ea:6a:84:2c:1b:f1:9e:
                    0c:56:70:1e:8a:bf:9d:80:a5:2f:7c:b3:9b:6e:16:
                    8e:78:f6:b4:ec:3b:35:03:31:0f:bc:ba:53:b8:92:
                    cb:42:72:28:77:1c:be:30:a1:fe:e8:50:72:52:9b:
                    a1:f5:e8:d0:01:64:b9:da:00:58:33:b9:51:8a:10:
                    65:75:d9:70:5e:f0:ca:1b:41:8a:dd:bf:e2:47:fa:
                    1a:1d:39:02:17:7c:d8:d4:23:f8:22:a0:04:8f:b3:
                    b0:27:4f:fe:c2:82:ad:08:b7:ef:b5:39:5d:4f:db:
                    aa:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:E1:FD:1C:9F:69:25:A3:66:5B:21:7E:2F:B0:CA:E5:22:70:65:8E
            X509v3 Authority Key Identifier:
                keyid:4F:4F:E8:1F:32:31:26:8F:7C:E3:C3:14:A4:96:A8:2C:C2:27:7C:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T0_oHzIxJo9848MUpJaoLMInfDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/14/89460c-132f-4c91-bd81-cfc0fcba83a2/1/aeH9HJ9pJaNmWyF-L7DK5SJwZY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/14/89460c-132f-4c91-bd81-cfc0fcba83a2/1/T0_oHzIxJo9848MUpJaoLMInfDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.216.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c2:f7:14:bd:92:7b:f0:95:d2:84:d3:11:e5:74:c8:b7:e4:11:
         2c:21:22:90:e1:92:90:31:86:91:68:d8:9f:b8:6b:22:eb:44:
         e3:b1:7f:3f:d1:b3:03:a1:1e:8c:da:47:1d:9b:92:94:cc:9d:
         8d:0b:da:07:f3:10:e0:5f:f9:14:c2:d6:8a:ca:ff:6b:16:25:
         e2:b7:f9:a2:6e:f3:d3:90:d6:2d:89:34:0b:c8:11:f0:d4:e3:
         e2:2b:ad:f9:9a:68:dc:5b:97:fc:a7:23:cf:0e:8a:52:cf:31:
         bf:9b:ee:3e:fe:e9:ff:15:3d:e3:71:7c:37:7c:0d:69:01:d0:
         93:9a:0b:ce:63:0e:bc:47:ea:ba:e5:07:97:6c:c2:df:9f:09:
         62:91:38:8b:d1:3d:00:5f:3e:e8:a8:4c:d7:81:82:10:21:3b:
         c2:90:7c:78:de:54:7e:b0:c7:f1:f7:2e:01:ea:09:44:69:c5:
         35:72:2a:ba:a0:c0:62:f0:dc:9d:c6:86:d6:49:ca:91:44:97:
         4d:9c:12:0c:ab:ae:0c:34:e7:4f:8a:e5:6a:3f:bb:14:f5:11:
         5e:8b:52:d2:91:af:63:d6:b2:64:b2:23:cc:43:eb:1c:0f:9b:
         10:be:85:f7:44:2a:79:42:fc:67:62:74:3b:f8:1c:f1:f5:98:
         25:46:98:7f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJjfybFOqwyHXebLxxgT3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNGZlODFmMzIzMTI2OGY3Y2UzYzMxNGE0OTZhODJjYzIy
NzdjM2IwHhcNMjUwMTAyMTc1MzAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OWUxZmQxYzlmNjkyNWEzNjY1YjIxN2UyZmIwY2FlNTIyNzA2NThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonTouvSjBdMOLjXNZsc5jZpAvTst
3FHYkjeW7iV/CXBeG68L9TzY/iF27dD25TiSg0cZJAGHbGX+es2bur0xNfUcdT2D
gAfhzG/dF0hndHC7F2u4ME6zePp7bU+mVZgmLpFAGpGaDW069i1uLY1MTiuVHtJl
3YcnI0AZ+Vap+bXzom4I9tQrbT7vxrKV2epqhCwb8Z4MVnAeir+dgKUvfLObbhaO
ePa07Ds1AzEPvLpTuJLLQnIodxy+MKH+6FByUpuh9ejQAWS52gBYM7lRihBlddlw
XvDKG0GK3b/iR/oaHTkCF3zY1CP4IqAEj7OwJ0/+woKtCLfvtTldT9uqnwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGnh/RyfaSWjZlshfi+wyuUicGWOMB8GA1UdIwQY
MBaAFE9P6B8yMSaPfOPDFKSWqCzCJ3w7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDBfb0h6SXhKbzk4NDhNVXBKYW9MTUluZkRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNC84OTQ2MGMtMTMyZi00YzkxLWJkODEt
Y2ZjMGZjYmE4M2EyLzEvYWVIOUhKOXBKYU5tV3lGLUw3REs1U0p3Wlk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNC84OTQ2MGMtMTMyZi00YzkxLWJkODEtY2ZjMGZjYmE4M2Ey
LzEvVDBfb0h6SXhKbzk4NDhNVXBKYW9MTUluZkRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudhAMA0G
CSqGSIb3DQEBCwUAA4IBAQDC9xS9knvwldKE0xHldMi35BEsISKQ4ZKQMYaRaNif
uGsi60TjsX8/0bMDoR6M2kcdm5KUzJ2NC9oH8xDgX/kUwtaKyv9rFiXit/mibvPT
kNYtiTQLyBHw1OPiK635mmjcW5f8pyPPDopSzzG/m+4+/un/FT3jcXw3fA1pAdCT
mgvOYw68R+q65QeXbMLfnwlikTiL0T0AXz7oqEzXgYIQITvCkHx43lR+sMfx9y4B
6glEacU1ciq6oMBi8NydxobWScqRRJdNnBIMq64MNOdPiuVqP7sU9RFei1LSka9j
1rJksiPMQ+scD5sQvoX3RCp5QvxnYnQ7+Bzx9ZglRph/
-----END CERTIFICATE-----