Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/8944f4-f342-4254-b5a7-9d7e5af4dfc5/1/opItG7iycfoqyIbeJkA-iBhJGY4.roa
File:                     opItG7iycfoqyIbeJkA-iBhJGY4.roa (raw, json)
Hash identifier:          3K1U6liu+Oy3aeOJx85XxOBGN8iAYZ7rHauSs3gu8HQ=
Subject key identifier:   A2:92:2D:1B:B8:B2:71:FA:2A:C8:86:DE:26:40:3E:88:18:49:19:8E
Certificate issuer:       /CN=9bbc03f6c5a284fa00dbb5aa609c515b7c589969
Certificate serial:       019427482333A82DC1CCE943605C646DC1FF
Authority key identifier: 9B:BC:03:F6:C5:A2:84:FA:00:DB:B5:AA:60:9C:51:5B:7C:58:99:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/m7wD9sWihPoA27WqYJxRW3xYmWk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/1e/8944f4-f342-4254-b5a7-9d7e5af4dfc5/1/opItG7iycfoqyIbeJkA-iBhJGY4.roa
Signing time:             Thu 02 Jan 2025 13:50:26 +0000
ROA not before:           Thu 02 Jan 2025 13:50:26 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.122.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/1e/8944f4-f342-4254-b5a7-9d7e5af4dfc5/1/m7wD9sWihPoA27WqYJxRW3xYmWk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/1e/8944f4-f342-4254-b5a7-9d7e5af4dfc5/1/m7wD9sWihPoA27WqYJxRW3xYmWk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/m7wD9sWihPoA27WqYJxRW3xYmWk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:23:33:a8:2d:c1:cc:e9:43:60:5c:64:6d:c1:ff
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9bbc03f6c5a284fa00dbb5aa609c515b7c589969
        Validity
            Not Before: Jan  2 13:50:26 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a2922d1bb8b271fa2ac886de26403e881849198e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f1:3e:66:4c:4e:49:a8:85:a8:7d:eb:7a:0e:
                    cf:0d:f0:56:b9:6c:75:db:74:95:ee:11:69:b6:ab:
                    63:3e:29:62:84:d2:a3:27:21:b0:d3:23:77:eb:bb:
                    f0:09:46:90:0c:fb:37:4a:b4:85:30:89:1b:f3:b0:
                    13:4e:c9:17:97:61:29:8b:c4:25:6c:3e:52:59:4a:
                    61:60:22:50:a3:b8:df:52:70:d0:d8:d6:ba:cf:75:
                    59:ed:a6:51:ed:4b:af:01:7a:4f:3d:dd:a4:d7:6e:
                    6e:dd:7d:97:21:6d:c8:80:4d:c0:2a:a4:32:63:0b:
                    19:ec:b0:08:55:ab:a4:c3:20:6a:8b:5c:9c:98:d4:
                    d0:69:9f:5e:4a:9b:e4:56:64:54:a8:c9:73:fe:d4:
                    e4:44:8d:20:1f:07:d2:79:e9:7c:bf:13:c4:6e:11:
                    06:ee:06:dd:ee:71:46:88:29:77:17:f9:ef:d2:89:
                    7b:71:06:81:8f:bd:c6:57:b4:3d:71:59:43:28:39:
                    07:e2:df:d6:a0:c0:fb:c9:6a:d9:70:86:d0:8e:0e:
                    24:72:f2:31:7c:2e:9f:8f:7b:50:50:9f:b2:5a:61:
                    dd:0e:47:01:af:d6:e2:46:29:82:d9:80:d4:72:ad:
                    fa:63:86:e0:cf:62:ac:fd:da:1a:79:1d:4b:aa:5f:
                    5f:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:92:2D:1B:B8:B2:71:FA:2A:C8:86:DE:26:40:3E:88:18:49:19:8E
            X509v3 Authority Key Identifier:
                keyid:9B:BC:03:F6:C5:A2:84:FA:00:DB:B5:AA:60:9C:51:5B:7C:58:99:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/m7wD9sWihPoA27WqYJxRW3xYmWk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/8944f4-f342-4254-b5a7-9d7e5af4dfc5/1/opItG7iycfoqyIbeJkA-iBhJGY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/8944f4-f342-4254-b5a7-9d7e5af4dfc5/1/m7wD9sWihPoA27WqYJxRW3xYmWk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.122.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:26:f1:a9:b3:7e:cf:4d:17:2e:49:c8:a7:ad:56:ec:79:94:
         4c:93:dd:f6:f0:d4:6f:54:49:9b:f8:9e:78:7b:b6:5e:07:1c:
         03:2d:dd:d8:81:96:b3:7e:c9:6f:a5:8a:3c:5a:45:a8:88:d8:
         71:75:56:2b:bc:de:76:3b:ef:f7:8c:3f:69:55:f4:f9:bd:b4:
         d4:11:8c:89:72:b6:aa:b9:93:7d:45:84:4f:8a:7d:e8:5f:fe:
         e2:a5:1c:fd:9d:8a:27:0c:be:6a:ca:c1:74:0e:8b:c8:37:e0:
         70:fa:41:11:a3:57:28:df:32:ec:d8:16:63:25:a3:f6:47:b5:
         70:13:19:5a:61:a9:51:96:e6:9f:5d:5f:d8:03:91:de:70:0a:
         c4:2f:2b:c9:b9:ba:be:9e:0a:10:6e:69:22:19:15:53:05:87:
         f9:d9:e3:75:29:6e:6e:31:ce:fc:30:9c:8f:e3:16:af:cd:52:
         13:b6:82:55:ed:d3:72:cd:e6:3b:6c:07:08:64:4a:cc:6e:56:
         e9:ab:ea:91:3e:45:6b:87:97:6a:24:be:49:60:be:ea:40:d4:
         d8:92:d2:22:4d:aa:f2:f9:d4:33:42:5f:7b:23:36:49:82:a3:
         e7:bc:87:7f:b8:5f:d5:c5:30:13:52:0b:96:b2:8c:2c:fd:d4:
         d0:52:e3:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSCMzqC3BzOlDYFxkbcH/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDliYmMwM2Y2YzVhMjg0ZmEwMGRiYjVhYTYwOWM1MTViN2M1
ODk5NjkwHhcNMjUwMTAyMTM1MDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjkyMmQxYmI4YjI3MWZhMmFjODg2ZGUyNjQwM2U4ODE4NDkxOThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/E+ZkxOSaiFqH3reg7PDfBWuWx1
23SV7hFptqtjPilihNKjJyGw0yN367vwCUaQDPs3SrSFMIkb87ATTskXl2Epi8Ql
bD5SWUphYCJQo7jfUnDQ2Na6z3VZ7aZR7UuvAXpPPd2k125u3X2XIW3IgE3AKqQy
YwsZ7LAIVaukwyBqi1ycmNTQaZ9eSpvkVmRUqMlz/tTkRI0gHwfSeel8vxPEbhEG
7gbd7nFGiCl3F/nv0ol7cQaBj73GV7Q9cVlDKDkH4t/WoMD7yWrZcIbQjg4kcvIx
fC6fj3tQUJ+yWmHdDkcBr9biRimC2YDUcq36Y4bgz2Ks/doaeR1Lql9fPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKKSLRu4snH6KsiG3iZAPogYSRmOMB8GA1UdIwQY
MBaAFJu8A/bFooT6ANu1qmCcUVt8WJlpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbTd3RDlzV2loUG9BMjdXcVlKeFJXM3hZbVdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS84OTQ0ZjQtZjM0Mi00MjU0LWI1YTct
OWQ3ZTVhZjRkZmM1LzEvb3BJdEc3aXljZm9xeUliZUprQS1pQmhKR1k0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS84OTQ0ZjQtZjM0Mi00MjU0LWI1YTctOWQ3ZTVhZjRkZmM1
LzEvbTd3RDlzV2loUG9BMjdXcVlKeFJXM3hZbVdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXrWMA0G
CSqGSIb3DQEBCwUAA4IBAQCJJvGps37PTRcuScinrVbseZRMk9328NRvVEmb+J54
e7ZeBxwDLd3YgZazfslvpYo8WkWoiNhxdVYrvN52O+/3jD9pVfT5vbTUEYyJcraq
uZN9RYRPin3oX/7ipRz9nYonDL5qysF0DovIN+Bw+kERo1co3zLs2BZjJaP2R7Vw
ExlaYalRluafXV/YA5HecArELyvJubq+ngoQbmkiGRVTBYf52eN1KW5uMc78MJyP
4xavzVITtoJV7dNyzeY7bAcIZErMblbpq+qRPkVrh5dqJL5JYL7qQNTYktIiTary
+dQzQl97IzZJgqPnvId/uF/VxTATUguWsows/dTQUuMq
-----END CERTIFICATE-----