Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/2435cc-5533-4f70-bb82-9caf25a499d7/1/f9bSypnQ1K1dn8AOmITCAE2WfeM.roa
File:                     f9bSypnQ1K1dn8AOmITCAE2WfeM.roa (raw, json)
Hash identifier:          laJDW9FEQ26/eBw7OzSphhRdw2m3zDOPQril8cOuxC0=
Subject key identifier:   7F:D6:D2:CA:99:D0:D4:AD:5D:9F:C0:0E:98:84:C2:00:4D:96:7D:E3
Certificate issuer:       /CN=e2c137106c1a46aea07c24b11729fd7d216a24f5
Certificate serial:       01942368CEAC400157FA416EC1433DE91816
Authority key identifier: E2:C1:37:10:6C:1A:46:AE:A0:7C:24:B1:17:29:FD:7D:21:6A:24:F5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4sE3EGwaRq6gfCSxFyn9fSFqJPU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1d/2435cc-5533-4f70-bb82-9caf25a499d7/1/f9bSypnQ1K1dn8AOmITCAE2WfeM.roa
Signing time:             Wed 01 Jan 2025 19:47:38 +0000
ROA not before:           Wed 01 Jan 2025 19:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39686
IP address blocks:        185.222.232.0/22 maxlen: 22
                          185.222.233.0/24 maxlen: 24
                          185.222.234.0/24 maxlen: 24
                          2a0d:800::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1d/2435cc-5533-4f70-bb82-9caf25a499d7/1/4sE3EGwaRq6gfCSxFyn9fSFqJPU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1d/2435cc-5533-4f70-bb82-9caf25a499d7/1/4sE3EGwaRq6gfCSxFyn9fSFqJPU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4sE3EGwaRq6gfCSxFyn9fSFqJPU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:68:ce:ac:40:01:57:fa:41:6e:c1:43:3d:e9:18:16
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e2c137106c1a46aea07c24b11729fd7d216a24f5
        Validity
            Not Before: Jan  1 19:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7fd6d2ca99d0d4ad5d9fc00e9884c2004d967de3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:19:a0:b7:14:73:f5:45:d8:11:ca:92:26:9a:
                    bc:41:d6:92:a4:db:4c:83:1b:40:bf:33:e9:90:0d:
                    62:2b:2b:30:dc:44:0a:ef:e0:5b:c8:c5:04:e5:41:
                    7b:be:c8:d5:c5:df:ee:35:cb:6b:f6:fc:36:73:3e:
                    27:76:1d:48:6a:0a:8d:01:4a:c8:a9:f3:fd:75:4d:
                    1b:43:32:39:1d:a6:68:36:00:51:df:89:d4:a0:f6:
                    6c:e8:5c:c5:31:86:1d:e6:25:0d:50:3b:a6:cc:46:
                    35:61:f1:58:e0:a3:6c:e3:85:68:60:dc:89:09:9c:
                    6c:15:7a:e3:24:69:e1:61:65:42:ae:91:fc:d3:97:
                    6b:b0:69:1b:94:90:cb:73:8a:a4:15:f9:32:ac:67:
                    4a:33:44:cf:7e:21:69:a7:ec:92:e6:71:33:9c:03:
                    4d:a1:ca:6b:9a:8e:c4:2d:c3:36:4d:c9:6f:c2:db:
                    c2:5f:f5:73:cd:2f:50:95:44:0b:12:ac:9d:94:5b:
                    03:bc:7d:c2:e8:33:e8:da:91:3c:05:47:4a:43:98:
                    ef:ce:5c:f4:e3:f9:b0:07:f6:59:41:0d:2d:ff:d3:
                    e7:d5:dc:57:53:30:cc:68:d5:40:ab:3b:12:86:2e:
                    83:cb:83:27:d9:c4:a4:09:70:aa:a4:72:fb:9b:c1:
                    b1:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:D6:D2:CA:99:D0:D4:AD:5D:9F:C0:0E:98:84:C2:00:4D:96:7D:E3
            X509v3 Authority Key Identifier:
                keyid:E2:C1:37:10:6C:1A:46:AE:A0:7C:24:B1:17:29:FD:7D:21:6A:24:F5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4sE3EGwaRq6gfCSxFyn9fSFqJPU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/2435cc-5533-4f70-bb82-9caf25a499d7/1/f9bSypnQ1K1dn8AOmITCAE2WfeM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/2435cc-5533-4f70-bb82-9caf25a499d7/1/4sE3EGwaRq6gfCSxFyn9fSFqJPU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.222.232.0/22
                IPv6:
                  2a0d:800::/29

    Signature Algorithm: sha256WithRSAEncryption
         c6:3b:b9:4b:fc:d2:1b:88:b8:29:ef:17:b9:0f:7a:d5:c7:82:
         4f:3f:27:46:f5:5e:8f:3f:01:ac:d1:03:fa:c5:5b:23:f0:87:
         09:ce:92:37:64:b0:a5:0a:22:3e:00:67:d7:99:28:4a:04:ce:
         95:df:7d:ff:bb:e8:a1:4c:2c:a8:19:88:2c:52:e8:91:64:03:
         7f:35:61:40:03:58:50:ae:bb:cc:4f:00:67:9b:20:72:05:44:
         c0:85:c8:a1:30:29:f6:16:5e:4f:5f:ff:f3:fb:c6:83:5b:5f:
         87:5e:38:61:5c:3f:0f:6b:78:0a:1a:a2:14:0b:ed:34:98:fd:
         97:84:54:c1:fe:3b:b1:79:8a:f1:8e:d9:84:ae:b2:25:f4:4d:
         c4:6f:7f:5f:1f:68:e0:a1:2e:ab:7f:3a:ec:7f:19:fc:58:d8:
         3f:e2:18:c9:14:60:6c:b3:b7:c7:a3:63:b8:8b:d0:65:ab:eb:
         33:0f:6b:3a:02:02:cc:4d:e8:58:19:ab:e1:7d:e4:54:22:77:
         ec:e8:be:d7:7a:91:52:ea:74:14:c3:6f:01:1a:e2:26:cd:6d:
         fe:90:4d:d4:cc:c5:4a:3f:e2:61:d0:5d:c2:a0:08:79:7f:44:
         4f:10:af:89:9f:a8:0b:91:74:c1:81:bf:bd:42:ea:25:ff:6c:
         a8:32:d1:a7
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjaM6sQAFX+kFuwUM96RgWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUyYzEzNzEwNmMxYTQ2YWVhMDdjMjRiMTE3MjlmZDdkMjE2
YTI0ZjUwHhcNMjUwMTAxMTk0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZmQ2ZDJjYTk5ZDBkNGFkNWQ5ZmMwMGU5ODg0YzIwMDRkOTY3ZGUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1BmgtxRz9UXYEcqSJpq8QdaSpNtM
gxtAvzPpkA1iKysw3EQK7+BbyMUE5UF7vsjVxd/uNctr9vw2cz4ndh1IagqNAUrI
qfP9dU0bQzI5HaZoNgBR34nUoPZs6FzFMYYd5iUNUDumzEY1YfFY4KNs44VoYNyJ
CZxsFXrjJGnhYWVCrpH805drsGkblJDLc4qkFfkyrGdKM0TPfiFpp+yS5nEznANN
ocprmo7ELcM2TclvwtvCX/VzzS9QlUQLEqydlFsDvH3C6DPo2pE8BUdKQ5jvzlz0
4/mwB/ZZQQ0t/9Pn1dxXUzDMaNVAqzsShi6Dy4Mn2cSkCXCqpHL7m8GxpwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFH/W0sqZ0NStXZ/ADpiEwgBNln3jMB8GA1UdIwQY
MBaAFOLBNxBsGkauoHwksRcp/X0haiT1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNHNFM0VHd2FScTZnZkNTeEZ5bjlmU0ZxSlBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC8yNDM1Y2MtNTUzMy00ZjcwLWJiODIt
OWNhZjI1YTQ5OWQ3LzEvZjliU3lwblExSzFkbjhBT21JVENBRTJXZmVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC8yNDM1Y2MtNTUzMy00ZjcwLWJiODItOWNhZjI1YTQ5OWQ3
LzEvNHNFM0VHd2FScTZnZkNTeEZ5bjlmU0ZxSlBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCud7oMA0E
AgACMAcDBQMqDQgAMA0GCSqGSIb3DQEBCwUAA4IBAQDGO7lL/NIbiLgp7xe5D3rV
x4JPPydG9V6PPwGs0QP6xVsj8IcJzpI3ZLClCiI+AGfXmShKBM6V333/u+ihTCyo
GYgsUuiRZAN/NWFAA1hQrrvMTwBnmyByBUTAhcihMCn2Fl5PX//z+8aDW1+HXjhh
XD8Pa3gKGqIUC+00mP2XhFTB/juxeYrxjtmErrIl9E3Eb39fH2jgoS6rfzrsfxn8
WNg/4hjJFGBss7fHo2O4i9Blq+szD2s6AgLMTehYGavhfeRUInfs6L7XepFS6nQU
w28BGuImzW3+kE3UzMVKP+Jh0F3CoAh5f0RPEK+Jn6gLkXTBgb+9Quol/2yoMtGn
-----END CERTIFICATE-----