Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2c/a324f4-9770-4a58-a6ef-d62fa6319fd4/1/hTXyI46q8ybU3Dz0eS3ayB3HFbg.roa
File:                     hTXyI46q8ybU3Dz0eS3ayB3HFbg.roa (raw, json)
Hash identifier:          XI37ysO8Yf94g3nRE6Kdilk8PRdJybt6ja3RqZ8LGfw=
Subject key identifier:   85:35:F2:23:8E:AA:F3:26:D4:DC:3C:F4:79:2D:DA:C8:1D:C7:15:B8
Certificate issuer:       /CN=49ee1194bd81d1946c39f10f7fdfdf22d1a03112
Certificate serial:       019422FB83A0356DADA53D5ED011F321EFF2
Authority key identifier: 49:EE:11:94:BD:81:D1:94:6C:39:F1:0F:7F:DF:DF:22:D1:A0:31:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Se4RlL2B0ZRsOfEPf9_fItGgMRI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2c/a324f4-9770-4a58-a6ef-d62fa6319fd4/1/hTXyI46q8ybU3Dz0eS3ayB3HFbg.roa
Signing time:             Wed 01 Jan 2025 17:48:16 +0000
ROA not before:           Wed 01 Jan 2025 17:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60423
IP address blocks:        185.83.113.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2c/a324f4-9770-4a58-a6ef-d62fa6319fd4/1/Se4RlL2B0ZRsOfEPf9_fItGgMRI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2c/a324f4-9770-4a58-a6ef-d62fa6319fd4/1/Se4RlL2B0ZRsOfEPf9_fItGgMRI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Se4RlL2B0ZRsOfEPf9_fItGgMRI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 04:01:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:83:a0:35:6d:ad:a5:3d:5e:d0:11:f3:21:ef:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=49ee1194bd81d1946c39f10f7fdfdf22d1a03112
        Validity
            Not Before: Jan  1 17:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8535f2238eaaf326d4dc3cf4792ddac81dc715b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:45:09:7e:9b:39:c5:33:39:fd:f1:0f:03:5f:
                    77:32:39:6e:03:62:de:cf:62:3f:11:28:c5:c1:e9:
                    66:88:ae:ed:e3:e9:29:56:3e:54:0b:59:e8:45:73:
                    c5:14:46:2d:5a:0a:de:dc:67:2b:97:35:03:8f:7b:
                    17:11:40:95:2d:fa:84:f6:14:ca:75:e4:3b:1a:43:
                    ef:bf:d6:2f:d8:1a:58:c1:fe:fc:2a:00:1d:04:cd:
                    72:44:b5:b8:29:e2:2d:45:d9:4b:aa:0d:1d:da:14:
                    62:3a:07:bd:e0:d4:25:37:b8:3b:b3:e9:b9:67:d6:
                    04:6c:bd:16:4a:06:af:44:cb:37:96:f8:af:5c:3b:
                    1e:89:e9:2d:f5:dd:4f:15:37:5f:cc:32:00:3d:81:
                    bb:eb:9b:2f:0e:96:aa:06:f2:08:40:5f:9f:c6:65:
                    64:60:a0:e0:a2:49:af:15:e0:21:a4:d1:93:64:4d:
                    db:c4:9c:a9:31:dd:35:62:d8:44:b3:27:73:3f:32:
                    f6:eb:de:4d:2c:ce:0f:35:79:0a:9e:be:13:fb:c6:
                    9d:2f:e4:24:d9:9a:59:ed:03:6f:4c:0c:c9:73:75:
                    5e:f4:70:ae:49:0b:5d:95:cb:9d:40:df:04:0f:d6:
                    8b:79:2b:97:83:b0:4f:cd:a4:51:1a:34:99:0d:60:
                    0f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:35:F2:23:8E:AA:F3:26:D4:DC:3C:F4:79:2D:DA:C8:1D:C7:15:B8
            X509v3 Authority Key Identifier:
                keyid:49:EE:11:94:BD:81:D1:94:6C:39:F1:0F:7F:DF:DF:22:D1:A0:31:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Se4RlL2B0ZRsOfEPf9_fItGgMRI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a324f4-9770-4a58-a6ef-d62fa6319fd4/1/hTXyI46q8ybU3Dz0eS3ayB3HFbg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2c/a324f4-9770-4a58-a6ef-d62fa6319fd4/1/Se4RlL2B0ZRsOfEPf9_fItGgMRI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.113.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:8a:44:23:0c:a6:72:cd:35:02:cd:63:bd:3b:72:19:4b:82:
         be:21:00:58:00:a5:96:83:96:1e:15:21:d2:e9:35:7f:dd:69:
         b5:31:27:43:f5:74:1a:f0:22:0d:3c:e8:32:99:f6:0e:5f:76:
         c9:a6:0f:d6:3f:77:87:d2:07:c5:82:80:ba:ef:29:48:76:cd:
         66:cf:54:21:f0:dc:d1:69:f7:c9:a8:e4:7c:66:09:4d:f0:c3:
         c6:02:13:5d:61:e5:72:5d:52:cb:a9:59:d3:a6:ac:68:8a:ec:
         f8:6d:e3:1e:fd:2b:89:85:11:70:15:ef:c5:c1:ec:2f:aa:57:
         12:ed:83:92:29:7d:96:35:9d:52:ea:3a:43:1d:2a:5a:d7:47:
         81:3e:c8:18:f5:57:c7:3e:09:7b:d6:63:84:3f:e4:65:7d:56:
         82:09:3e:ca:44:0a:1b:a6:04:6b:9d:9c:49:27:47:ac:12:6c:
         fd:96:62:9d:fa:99:a3:a7:6b:05:32:cf:f5:2d:66:03:ac:de:
         62:0d:b0:9a:11:f2:61:72:44:40:0d:22:1d:2b:6c:69:b1:59:
         49:1d:31:ae:d8:63:d9:b9:51:7f:bb:26:52:43:b7:fa:83:82:
         eb:3c:05:01:49:a2:0c:67:3f:a4:0d:96:21:19:aa:81:52:87:
         44:5e:e4:d7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+4OgNW2tpT1e0BHzIe/yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ5ZWUxMTk0YmQ4MWQxOTQ2YzM5ZjEwZjdmZGZkZjIyZDFh
MDMxMTIwHhcNMjUwMTAxMTc0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTM1ZjIyMzhlYWFmMzI2ZDRkYzNjZjQ3OTJkZGFjODFkYzcxNWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApEUJfps5xTM5/fEPA193MjluA2Le
z2I/ESjFwelmiK7t4+kpVj5UC1noRXPFFEYtWgre3GcrlzUDj3sXEUCVLfqE9hTK
deQ7GkPvv9Yv2BpYwf78KgAdBM1yRLW4KeItRdlLqg0d2hRiOge94NQlN7g7s+m5
Z9YEbL0WSgavRMs3lvivXDseiekt9d1PFTdfzDIAPYG765svDpaqBvIIQF+fxmVk
YKDgokmvFeAhpNGTZE3bxJypMd01YthEsydzPzL2695NLM4PNXkKnr4T+8adL+Qk
2ZpZ7QNvTAzJc3Ve9HCuSQtdlcudQN8ED9aLeSuXg7BPzaRRGjSZDWAPUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIU18iOOqvMm1Nw89Hkt2sgdxxW4MB8GA1UdIwQY
MBaAFEnuEZS9gdGUbDnxD3/f3yLRoDESMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU2U0UmxMMkIwWlJzT2ZFUGY5X2ZJdEdnTVJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYy9hMzI0ZjQtOTc3MC00YTU4LWE2ZWYt
ZDYyZmE2MzE5ZmQ0LzEvaFRYeUk0NnE4eWJVM0R6MGVTM2F5QjNIRmJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYy9hMzI0ZjQtOTc3MC00YTU4LWE2ZWYtZDYyZmE2MzE5ZmQ0
LzEvU2U0UmxMMkIwWlJzT2ZFUGY5X2ZJdEdnTVJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVNxMA0G
CSqGSIb3DQEBCwUAA4IBAQACikQjDKZyzTUCzWO9O3IZS4K+IQBYAKWWg5YeFSHS
6TV/3Wm1MSdD9XQa8CINPOgymfYOX3bJpg/WP3eH0gfFgoC67ylIds1mz1Qh8NzR
affJqOR8ZglN8MPGAhNdYeVyXVLLqVnTpqxoiuz4beMe/SuJhRFwFe/FwewvqlcS
7YOSKX2WNZ1S6jpDHSpa10eBPsgY9VfHPgl71mOEP+RlfVaCCT7KRAobpgRrnZxJ
J0esEmz9lmKd+pmjp2sFMs/1LWYDrN5iDbCaEfJhckRADSIdK2xpsVlJHTGu2GPZ
uVF/uyZSQ7f6g4LrPAUBSaIMZz+kDZYhGaqBUodEXuTX
-----END CERTIFICATE-----