Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/IGLb7JdpoxpYlnFXvXAzGRRfnEo.roa
File:                     IGLb7JdpoxpYlnFXvXAzGRRfnEo.roa (raw, json)
Hash identifier:          0HJkbHEqR9KGOAfONOEGNISfFQwVd9M/ZUhb0aiOuaQ=
Subject key identifier:   20:62:DB:EC:97:69:A3:1A:58:96:71:57:BD:70:33:19:14:5F:9C:4A
Certificate issuer:       /CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
Certificate serial:       019427485A82D09B8CC74755F29043121ACA
Authority key identifier: C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/IGLb7JdpoxpYlnFXvXAzGRRfnEo.roa
Signing time:             Thu 02 Jan 2025 13:50:40 +0000
ROA not before:           Thu 02 Jan 2025 13:50:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5089
IP address blocks:        185.33.184.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:5a:82:d0:9b:8c:c7:47:55:f2:90:43:12:1a:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c84d61cd17ed92e54bb3397f1e5a6b3904ac6f05
        Validity
            Not Before: Jan  2 13:50:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2062dbec9769a31a58967157bd703319145f9c4a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:bb:47:2d:91:d0:e4:4c:40:bb:5c:5a:63:9a:
                    c4:34:02:6e:66:66:cc:1d:21:85:bc:2d:a2:59:bc:
                    41:5d:8c:4b:7c:29:dc:4d:5a:17:a2:f9:80:51:db:
                    7b:fb:3f:50:d4:1a:1b:39:7a:da:86:bb:99:74:83:
                    eb:97:4c:6a:11:25:61:03:ca:d8:00:e7:d0:c4:38:
                    8d:8a:99:ab:44:83:b0:41:7e:6e:69:f8:26:8f:36:
                    bd:8b:c9:5c:71:ef:50:9e:6d:82:ef:45:dc:fd:96:
                    47:bd:b1:fd:43:f5:10:c9:89:89:e6:79:82:cf:74:
                    73:36:53:fc:c5:b8:20:18:ac:0f:d6:b9:04:18:e3:
                    06:40:a3:82:f5:19:cc:d2:c9:86:91:8f:f9:28:96:
                    09:f1:3f:e9:6e:c7:61:50:1a:f7:7c:02:12:9d:bf:
                    91:88:0c:af:d8:29:89:bf:1a:8b:38:7b:c3:f8:aa:
                    e3:6e:32:32:eb:4b:97:e4:40:83:89:c8:e8:58:f2:
                    67:7d:7d:e7:cf:18:59:8c:0e:1c:f7:f6:ae:e9:7f:
                    86:22:89:a5:2b:7f:9a:49:02:fa:ee:5c:8b:9e:ea:
                    5c:a9:71:a2:0d:f4:3e:88:96:d6:f7:d7:09:34:ef:
                    56:b6:d1:57:6c:e3:66:86:c0:51:eb:6e:92:dd:f2:
                    d3:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:62:DB:EC:97:69:A3:1A:58:96:71:57:BD:70:33:19:14:5F:9C:4A
            X509v3 Authority Key Identifier:
                keyid:C8:4D:61:CD:17:ED:92:E5:4B:B3:39:7F:1E:5A:6B:39:04:AC:6F:05

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yE1hzRftkuVLszl_HlprOQSsbwU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/IGLb7JdpoxpYlnFXvXAzGRRfnEo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1a/88eae8-4b86-4389-aadb-c257792dadc4/1/yE1hzRftkuVLszl_HlprOQSsbwU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.33.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         21:f2:b8:fa:10:8c:0d:69:de:6f:95:22:d9:38:bc:68:54:50:
         0d:66:bb:db:3f:dd:52:c0:e7:25:70:6c:33:99:86:46:01:e1:
         f3:af:53:fc:d6:53:88:d1:59:1f:51:60:30:37:6b:a6:3d:64:
         5b:9a:34:d7:e0:fa:1c:08:39:29:97:f7:18:37:65:b9:be:d8:
         1b:2a:41:5e:b3:40:42:e3:f4:bd:6b:99:c7:cc:46:f4:fe:55:
         b9:a5:08:6a:c8:2c:4b:43:eb:81:6c:31:3e:e4:88:8d:ae:b9:
         50:8d:5f:5a:e3:9c:95:d3:cf:dc:1f:7d:c7:41:8a:fd:5a:42:
         27:32:c8:83:ed:fc:a0:4b:2e:e0:a2:64:41:f6:50:ff:d2:fe:
         70:82:b2:27:88:3c:f9:78:f9:ce:74:c7:38:fa:9b:2f:1f:34:
         01:d6:8b:06:ce:c3:1c:78:0a:64:da:e6:53:a0:c0:a0:c6:fd:
         86:90:93:3f:d3:35:bd:52:93:1a:80:8c:b9:fa:c2:64:8a:29:
         c8:10:61:b6:f6:5f:1e:ef:83:28:14:b2:62:62:c9:2a:95:b6:
         e1:6a:c4:b6:de:a1:9f:97:f7:da:d1:0c:be:66:2c:1b:03:a2:
         d7:9b:5a:a5:c3:35:fe:e4:8c:03:a6:87:f3:be:22:a1:1e:dd:
         44:ac:af:8d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSFqC0JuMx0dV8pBDEhrKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4NGQ2MWNkMTdlZDkyZTU0YmIzMzk3ZjFlNWE2YjM5MDRh
YzZmMDUwHhcNMjUwMTAyMTM1MDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDYyZGJlYzk3NjlhMzFhNTg5NjcxNTdiZDcwMzMxOTE0NWY5YzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAortHLZHQ5ExAu1xaY5rENAJuZmbM
HSGFvC2iWbxBXYxLfCncTVoXovmAUdt7+z9Q1BobOXrahruZdIPrl0xqESVhA8rY
AOfQxDiNipmrRIOwQX5uafgmjza9i8lcce9Qnm2C70Xc/ZZHvbH9Q/UQyYmJ5nmC
z3RzNlP8xbggGKwP1rkEGOMGQKOC9RnM0smGkY/5KJYJ8T/pbsdhUBr3fAISnb+R
iAyv2CmJvxqLOHvD+KrjbjIy60uX5ECDicjoWPJnfX3nzxhZjA4c9/au6X+GIoml
K3+aSQL67lyLnupcqXGiDfQ+iJbW99cJNO9WttFXbONmhsBR626S3fLTiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCBi2+yXaaMaWJZxV71wMxkUX5xKMB8GA1UdIwQY
MBaAFMhNYc0X7ZLlS7M5fx5aazkErG8FMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGIt
YzI1Nzc5MmRhZGM0LzEvSUdMYjdKZHBveHBZbG5GWHZYQXpHUlJmbkVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYS84OGVhZTgtNGI4Ni00Mzg5LWFhZGItYzI1Nzc5MmRhZGM0
LzEveUUxaHpSZnRrdVZMc3psX0hscHJPUVNzYndVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuSG4MA0G
CSqGSIb3DQEBCwUAA4IBAQAh8rj6EIwNad5vlSLZOLxoVFANZrvbP91SwOclcGwz
mYZGAeHzr1P81lOI0VkfUWAwN2umPWRbmjTX4PocCDkpl/cYN2W5vtgbKkFes0BC
4/S9a5nHzEb0/lW5pQhqyCxLQ+uBbDE+5IiNrrlQjV9a45yV08/cH33HQYr9WkIn
MsiD7fygSy7gomRB9lD/0v5wgrIniDz5ePnOdMc4+psvHzQB1osGzsMceApk2uZT
oMCgxv2GkJM/0zW9UpMagIy5+sJkiinIEGG29l8e74MoFLJiYskqlbbhasS23qGf
l/fa0Qy+ZiwbA6LXm1qlwzX+5IwDpofzviKhHt1ErK+N
-----END CERTIFICATE-----