Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/IVEg-Oz4N8HoJcOwitIwCvH84DQ.roa
File:                     IVEg-Oz4N8HoJcOwitIwCvH84DQ.roa (raw, json)
Hash identifier:          mrO1YLSeGkOrJrSuy/pyl/SqkpS72x+fM+Ivcuv/Fp8=
Subject key identifier:   21:51:20:F8:EC:F8:37:C1:E8:25:C3:B0:8A:D2:30:0A:F1:FC:E0:34
Certificate issuer:       /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial:       019427B59DEE84ED4AA9F068573C5684B63E
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/IVEg-Oz4N8HoJcOwitIwCvH84DQ.roa
Signing time:             Thu 02 Jan 2025 15:50:01 +0000
ROA not before:           Thu 02 Jan 2025 15:50:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39556
IP address blocks:        185.232.28.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:9d:ee:84:ed:4a:a9:f0:68:57:3c:56:84:b6:3e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
        Validity
            Not Before: Jan  2 15:50:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=215120f8ecf837c1e825c3b08ad2300af1fce034
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ec:15:04:8c:cb:38:77:f1:ce:09:bd:ac:73:
                    61:71:9f:96:a1:b4:4b:54:2b:f1:eb:30:99:4d:ff:
                    f4:92:d0:46:5b:d5:48:ba:b8:f5:f9:2c:16:d9:39:
                    80:e0:5f:f7:97:c7:ba:a1:2b:eb:cc:fc:49:7c:45:
                    54:c0:9c:04:0d:f8:4a:19:46:c3:94:e8:c9:6b:29:
                    66:2b:77:83:0f:87:de:b6:fa:12:97:7b:a1:e2:a9:
                    8b:60:62:37:74:ee:55:4e:ee:91:5f:a6:db:b9:28:
                    58:e5:e9:ca:89:1e:48:5c:dd:59:53:80:ba:bb:47:
                    7c:fb:ec:0a:e0:17:a7:e6:a1:11:18:88:29:b6:69:
                    ef:f9:53:5b:30:5b:af:82:f9:30:46:78:b5:e7:bf:
                    bd:bc:1a:61:c9:d8:f3:57:91:40:73:11:3b:25:23:
                    69:6a:c8:d9:1c:16:98:98:3d:33:0b:29:e4:71:d3:
                    6e:11:9b:66:41:df:17:5d:21:f1:2e:2d:d4:4a:31:
                    b1:70:4c:9c:ec:5d:0b:55:48:65:a5:46:d1:be:58:
                    5f:be:31:f5:ef:8e:91:50:08:ed:d6:73:58:91:4c:
                    bd:61:78:c9:6a:1c:30:11:03:3d:4a:5b:af:19:cc:
                    03:a2:2d:c8:d5:0e:bd:38:0f:24:51:c4:b3:2e:4b:
                    7b:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:51:20:F8:EC:F8:37:C1:E8:25:C3:B0:8A:D2:30:0A:F1:FC:E0:34
            X509v3 Authority Key Identifier:
                keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/IVEg-Oz4N8HoJcOwitIwCvH84DQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a2:7a:17:02:f4:24:6a:72:0a:b5:f2:1a:8b:15:b6:d3:8b:0e:
         0f:42:36:e4:bd:e1:1d:08:4d:cb:1b:b3:0c:71:a1:52:ea:b7:
         e5:df:b6:8f:91:bf:60:2c:ea:e4:87:82:87:11:f3:75:53:85:
         6e:4e:69:4b:d7:79:81:a8:c8:dd:ed:14:d3:50:77:27:af:ea:
         35:5a:ff:4e:e0:46:35:36:01:40:2f:21:5e:02:c0:b5:e4:4e:
         e9:bc:d8:47:d1:68:4c:69:4c:9e:d1:5b:96:8d:9f:5f:93:50:
         51:0e:4d:03:50:91:b7:bb:4f:33:cc:33:35:11:d9:25:f3:c3:
         9f:63:76:68:23:3b:68:9b:5b:42:59:e1:2d:39:14:fa:b1:1b:
         c0:ab:37:c4:d6:7e:ab:3a:94:7b:3f:cf:e5:a6:97:f9:af:bd:
         7c:65:a4:bc:20:f8:51:bd:62:06:2a:2f:0b:75:99:bc:e6:7e:
         f2:d1:ce:a3:2c:a5:e8:39:64:91:69:8f:4e:e9:dc:37:c2:79:
         0b:13:ae:66:fa:6b:dc:1e:45:e6:bb:7f:3c:bd:e0:3a:46:22:
         fe:ea:c9:54:3a:d2:52:cd:84:12:28:3f:2a:6c:c4:f3:14:1d:
         a5:ad:d3:52:55:87:9c:f5:c9:fc:3a:6d:83:98:98:51:0c:6c:
         85:87:de:c4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntZ3uhO1KqfBoVzxWhLY+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjUwMTAyMTU1MDAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTUxMjBmOGVjZjgzN2MxZTgyNWMzYjA4YWQyMzAwYWYxZmNlMDM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwuwVBIzLOHfxzgm9rHNhcZ+WobRL
VCvx6zCZTf/0ktBGW9VIurj1+SwW2TmA4F/3l8e6oSvrzPxJfEVUwJwEDfhKGUbD
lOjJaylmK3eDD4fetvoSl3uh4qmLYGI3dO5VTu6RX6bbuShY5enKiR5IXN1ZU4C6
u0d8++wK4Ben5qERGIgptmnv+VNbMFuvgvkwRni157+9vBphydjzV5FAcxE7JSNp
asjZHBaYmD0zCynkcdNuEZtmQd8XXSHxLi3USjGxcEyc7F0LVUhlpUbRvlhfvjH1
746RUAjt1nNYkUy9YXjJahwwEQM9SluvGcwDoi3I1Q69OA8kUcSzLkt7SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCFRIPjs+DfB6CXDsIrSMArx/OA0MB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvSVZFZy1PejROOEhvSmNPd2l0SXdDdkg4NERRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuegcMA0G
CSqGSIb3DQEBCwUAA4IBAQCiehcC9CRqcgq18hqLFbbTiw4PQjbkveEdCE3LG7MM
caFS6rfl37aPkb9gLOrkh4KHEfN1U4VuTmlL13mBqMjd7RTTUHcnr+o1Wv9O4EY1
NgFALyFeAsC15E7pvNhH0WhMaUye0VuWjZ9fk1BRDk0DUJG3u08zzDM1Edkl88Of
Y3ZoIztom1tCWeEtORT6sRvAqzfE1n6rOpR7P8/lppf5r718ZaS8IPhRvWIGKi8L
dZm85n7y0c6jLKXoOWSRaY9O6dw3wnkLE65m+mvcHkXmu388veA6RiL+6slUOtJS
zYQSKD8qbMTzFB2lrdNSVYec9cn8Om2DmJhRDGyFh97E
-----END CERTIFICATE-----