Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/Ihlsr9rpvmkWxK02pmiA4lbKi7A.roa
File:                     Ihlsr9rpvmkWxK02pmiA4lbKi7A.roa (raw, json)
Hash identifier:          1gw28Etq9hJVkaq3S2dfCHriH+wtNxKLqiZRcbkKaJU=
Subject key identifier:   22:19:6C:AF:DA:E9:BE:69:16:C4:AD:36:A6:68:80:E2:56:CA:8B:B0
Certificate issuer:       /CN=833e0e480411b9c88e916def90fc3a901026394a
Certificate serial:       0194228D705AA5A8BA8B729A174873D0B1BF
Authority key identifier: 83:3E:0E:48:04:11:B9:C8:8E:91:6D:EF:90:FC:3A:90:10:26:39:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gz4OSAQRuciOkW3vkPw6kBAmOUo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/Ihlsr9rpvmkWxK02pmiA4lbKi7A.roa
Signing time:             Wed 01 Jan 2025 15:48:02 +0000
ROA not before:           Wed 01 Jan 2025 15:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.7.73.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/gz4OSAQRuciOkW3vkPw6kBAmOUo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/gz4OSAQRuciOkW3vkPw6kBAmOUo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gz4OSAQRuciOkW3vkPw6kBAmOUo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 15:00:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:70:5a:a5:a8:ba:8b:72:9a:17:48:73:d0:b1:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=833e0e480411b9c88e916def90fc3a901026394a
        Validity
            Not Before: Jan  1 15:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22196cafdae9be6916c4ad36a66880e256ca8bb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:5f:c1:42:32:d5:b1:66:5a:d2:f3:ed:f5:ae:
                    26:9a:d0:7e:40:bc:4c:4e:3d:a0:50:41:ce:a3:0e:
                    3b:68:9f:a6:10:73:1f:bc:c2:cf:61:53:66:27:c6:
                    c0:fc:83:22:37:86:31:a7:1f:6f:16:41:c5:1c:b2:
                    09:5d:e4:56:54:d1:77:f7:08:14:cd:ba:c8:6a:5e:
                    52:c2:08:a3:d2:1a:9e:5c:e4:2c:c2:da:a0:67:e4:
                    cd:18:55:ce:72:15:95:74:60:c8:42:73:6c:ef:13:
                    73:cd:b1:e1:db:5a:c2:cc:f0:59:d2:c2:ef:b5:45:
                    a5:66:14:6c:ed:e1:5f:3a:23:61:29:df:95:3a:1f:
                    28:5f:56:92:14:7c:df:ec:c6:6d:c1:f0:00:ce:63:
                    41:22:5a:4a:79:e9:5e:86:e0:ba:36:06:17:0c:f0:
                    ce:69:cf:80:55:32:f5:71:41:22:2e:44:c1:4b:ef:
                    3a:7a:f5:c6:54:df:52:a7:ab:26:b7:b8:cb:91:80:
                    9d:cd:08:86:78:5f:61:fe:b9:6e:4c:5d:51:43:6a:
                    5b:ec:73:21:c0:d8:49:21:48:6c:bb:f7:ec:b5:41:
                    88:68:44:bc:97:fa:50:86:ae:cb:f3:d8:90:ec:11:
                    a8:e1:92:6d:db:1f:c7:c7:30:01:fc:47:ac:f1:99:
                    02:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:19:6C:AF:DA:E9:BE:69:16:C4:AD:36:A6:68:80:E2:56:CA:8B:B0
            X509v3 Authority Key Identifier:
                keyid:83:3E:0E:48:04:11:B9:C8:8E:91:6D:EF:90:FC:3A:90:10:26:39:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gz4OSAQRuciOkW3vkPw6kBAmOUo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/Ihlsr9rpvmkWxK02pmiA4lbKi7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a782cc-1e09-4480-a6dc-6c20ebaf30a9/1/gz4OSAQRuciOkW3vkPw6kBAmOUo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.7.73.0/24

    Signature Algorithm: sha256WithRSAEncryption
         23:8f:c9:39:b3:d9:05:3b:d7:72:79:bc:30:75:9e:b1:93:29:
         d2:bb:fb:39:c4:25:36:db:dc:b3:24:4b:7b:64:51:f0:d0:57:
         c1:43:c3:0e:69:1e:93:d2:ef:b8:11:26:d1:2f:f1:92:2f:af:
         ce:0e:24:f5:94:c6:ed:f6:5c:8c:dc:59:5d:1f:a8:17:89:46:
         54:f1:e1:42:a7:c1:5c:78:75:6e:0d:56:4b:31:59:d5:7c:dd:
         58:a4:73:e3:11:d9:e2:58:20:1a:3d:9b:c8:f3:f4:3b:40:42:
         23:fb:0d:ac:d7:af:1c:e2:01:0e:25:ca:78:4c:35:4c:25:ab:
         f8:02:94:21:e6:41:aa:ec:b4:6e:a3:b2:f6:4d:e9:28:37:96:
         6a:3b:d3:8f:ba:19:d1:14:82:5e:9f:9d:a9:17:54:c0:73:aa:
         f4:2e:b5:b8:79:00:0f:0c:33:b2:a9:c2:48:78:63:2b:3d:b5:
         a0:d0:a3:0b:25:6d:56:54:55:ac:4d:28:87:8d:5d:8f:47:4b:
         78:5f:b3:e0:ec:df:7e:91:19:82:df:fd:b3:7f:2a:43:ac:f2:
         09:40:10:6d:53:43:55:f4:d3:ab:ad:f2:fe:ce:ca:07:05:09:
         8a:d8:6d:58:90:e4:b9:4c:84:d3:cd:8e:6d:6d:97:8a:54:87:
         8f:f5:ac:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijXBapai6i3KaF0hz0LG/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzM2UwZTQ4MDQxMWI5Yzg4ZTkxNmRlZjkwZmMzYTkwMTAy
NjM5NGEwHhcNMjUwMTAxMTU0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjE5NmNhZmRhZTliZTY5MTZjNGFkMzZhNjY4ODBlMjU2Y2E4YmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0V/BQjLVsWZa0vPt9a4mmtB+QLxM
Tj2gUEHOow47aJ+mEHMfvMLPYVNmJ8bA/IMiN4Yxpx9vFkHFHLIJXeRWVNF39wgU
zbrIal5Swgij0hqeXOQswtqgZ+TNGFXOchWVdGDIQnNs7xNzzbHh21rCzPBZ0sLv
tUWlZhRs7eFfOiNhKd+VOh8oX1aSFHzf7MZtwfAAzmNBIlpKeelehuC6NgYXDPDO
ac+AVTL1cUEiLkTBS+86evXGVN9Sp6smt7jLkYCdzQiGeF9h/rluTF1RQ2pb7HMh
wNhJIUhsu/fstUGIaES8l/pQhq7L89iQ7BGo4ZJt2x/HxzAB/Ees8ZkCBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCIZbK/a6b5pFsStNqZogOJWyouwMB8GA1UdIwQY
MBaAFIM+DkgEEbnIjpFt75D8OpAQJjlKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ3o0T1NBUVJ1Y2lPa1czdmtQdzZrQkFtT1VvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9hNzgyY2MtMWUwOS00NDgwLWE2ZGMt
NmMyMGViYWYzMGE5LzEvSWhsc3I5cnB2bWtXeEswMnBtaUE0bGJLaTdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9hNzgyY2MtMWUwOS00NDgwLWE2ZGMtNmMyMGViYWYzMGE5
LzEvZ3o0T1NBUVJ1Y2lPa1czdmtQdzZrQkFtT1VvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQdJMA0G
CSqGSIb3DQEBCwUAA4IBAQAjj8k5s9kFO9dyebwwdZ6xkynSu/s5xCU229yzJEt7
ZFHw0FfBQ8MOaR6T0u+4ESbRL/GSL6/ODiT1lMbt9lyM3FldH6gXiUZU8eFCp8Fc
eHVuDVZLMVnVfN1YpHPjEdniWCAaPZvI8/Q7QEIj+w2s168c4gEOJcp4TDVMJav4
ApQh5kGq7LRuo7L2TekoN5ZqO9OPuhnRFIJen52pF1TAc6r0LrW4eQAPDDOyqcJI
eGMrPbWg0KMLJW1WVFWsTSiHjV2PR0t4X7Pg7N9+kRmC3/2zfypDrPIJQBBtU0NV
9NOrrfL+zsoHBQmK2G1YkOS5TITTzY5tbZeKVIeP9axO
-----END CERTIFICATE-----