Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/30/f1370a-57ca-46a0-8af4-78ba6dc50086/1/Ihp0VP8oRNeTGrBSGwpts6D1JhE.roa
File:                     Ihp0VP8oRNeTGrBSGwpts6D1JhE.roa (raw, json)
Hash identifier:          Qldf3LszJ2g2XwaE6LEoxPc+aR59tijRa50IN/mT6PY=
Subject key identifier:   22:1A:74:54:FF:28:44:D7:93:1A:B0:52:1B:0A:6D:B3:A0:F5:26:11
Certificate issuer:       /CN=844a1791cb07f1d86123c63dc3adcfd754db101b
Certificate serial:       01941FFA11E0C19CC8DCF96DA97CF91AA187
Authority key identifier: 84:4A:17:91:CB:07:F1:D8:61:23:C6:3D:C3:AD:CF:D7:54:DB:10:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hEoXkcsH8dhhI8Y9w63P11TbEBs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/30/f1370a-57ca-46a0-8af4-78ba6dc50086/1/Ihp0VP8oRNeTGrBSGwpts6D1JhE.roa
Signing time:             Wed 01 Jan 2025 03:47:49 +0000
ROA not before:           Wed 01 Jan 2025 03:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35624
IP address blocks:        185.46.84.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/30/f1370a-57ca-46a0-8af4-78ba6dc50086/1/hEoXkcsH8dhhI8Y9w63P11TbEBs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/30/f1370a-57ca-46a0-8af4-78ba6dc50086/1/hEoXkcsH8dhhI8Y9w63P11TbEBs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hEoXkcsH8dhhI8Y9w63P11TbEBs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:11:e0:c1:9c:c8:dc:f9:6d:a9:7c:f9:1a:a1:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=844a1791cb07f1d86123c63dc3adcfd754db101b
        Validity
            Not Before: Jan  1 03:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=221a7454ff2844d7931ab0521b0a6db3a0f52611
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e8:e2:20:c2:b6:d4:22:ec:f1:85:17:d2:e9:
                    db:4c:23:f1:38:65:54:f1:51:67:c7:ef:10:55:78:
                    17:93:91:42:42:9c:1d:59:af:c8:4e:9b:b4:0d:a1:
                    bc:d7:02:22:f4:62:23:69:25:22:d2:76:38:06:ab:
                    5e:9e:ff:49:57:38:66:b9:29:a2:40:68:88:47:1d:
                    2e:73:86:ce:13:57:df:d3:96:2f:c9:f3:85:10:ac:
                    aa:d8:0c:b5:10:80:39:b0:ae:66:df:1f:7a:3c:98:
                    05:ed:86:51:5a:16:bc:f5:41:25:69:97:b0:11:a4:
                    00:db:cd:41:ad:93:4a:68:8f:bf:03:dc:ba:b9:b7:
                    29:a9:5c:61:d2:69:e8:48:26:c8:ba:c0:b4:e9:54:
                    d8:4f:2f:40:e8:f4:b9:e2:f8:2a:f5:1b:3d:c9:4b:
                    6f:f6:9a:ec:06:c4:dd:3f:66:83:6b:bd:3e:64:a1:
                    bb:61:72:9a:9c:fd:e9:19:b0:8c:6e:31:cd:c7:5a:
                    89:ea:5c:bb:7c:77:1b:2d:52:33:35:34:44:df:a3:
                    63:bd:6b:74:85:42:17:00:1f:66:95:ac:61:14:a7:
                    03:6b:65:4b:ba:5f:2c:c4:75:f2:31:b9:3e:01:97:
                    86:4f:34:20:12:7b:82:41:fa:b9:dc:1d:2a:5e:ff:
                    8b:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:1A:74:54:FF:28:44:D7:93:1A:B0:52:1B:0A:6D:B3:A0:F5:26:11
            X509v3 Authority Key Identifier:
                keyid:84:4A:17:91:CB:07:F1:D8:61:23:C6:3D:C3:AD:CF:D7:54:DB:10:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hEoXkcsH8dhhI8Y9w63P11TbEBs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/30/f1370a-57ca-46a0-8af4-78ba6dc50086/1/Ihp0VP8oRNeTGrBSGwpts6D1JhE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/30/f1370a-57ca-46a0-8af4-78ba6dc50086/1/hEoXkcsH8dhhI8Y9w63P11TbEBs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.46.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:61:60:f1:db:52:9d:12:26:1b:ab:39:58:3d:43:9d:81:b9:
         e7:91:9b:ee:d1:8f:0f:89:94:f4:49:16:d0:7f:26:4e:61:03:
         77:61:61:af:dc:b4:3e:6b:75:c2:00:0f:7e:f2:80:9b:52:f8:
         0c:ee:d4:ed:22:63:73:3a:eb:5b:57:ee:e5:d3:e5:4e:15:b8:
         ed:99:e3:8a:d9:00:dd:c3:fe:c0:4d:31:fa:6c:41:ca:b5:1e:
         fc:29:40:d4:42:9f:6e:56:af:88:8f:3a:0d:fb:1b:81:93:09:
         21:e6:ce:5f:18:a9:2e:21:f4:9f:b2:c2:ba:ce:5b:bc:a3:29:
         bb:c9:5b:55:a3:96:e7:66:7d:a5:96:04:b1:1d:2c:a7:e4:df:
         5a:18:36:f2:7f:c4:eb:2f:32:73:7a:c2:73:f4:b0:90:fa:53:
         16:c2:1b:1b:d0:d2:3b:02:82:8e:8c:99:8f:bb:bc:ec:8f:e0:
         f6:02:65:16:a2:5c:a1:5b:4d:cb:8d:b8:d7:99:ef:0c:e0:45:
         1a:a4:ec:6f:60:21:7a:10:73:9a:9a:c2:a4:90:ae:77:14:58:
         0f:01:b0:46:91:8e:bd:f0:99:6a:c6:2b:57:8e:eb:3e:9e:8d:
         4f:39:70:67:26:bc:66:da:e8:ab:b0:b1:1b:0b:70:d7:2c:c4:
         fe:29:6e:89
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+hHgwZzI3PltqXz5GqGHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NGExNzkxY2IwN2YxZDg2MTIzYzYzZGMzYWRjZmQ3NTRk
YjEwMWIwHhcNMjUwMTAxMDM0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjFhNzQ1NGZmMjg0NGQ3OTMxYWIwNTIxYjBhNmRiM2EwZjUyNjExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyujiIMK21CLs8YUX0unbTCPxOGVU
8VFnx+8QVXgXk5FCQpwdWa/ITpu0DaG81wIi9GIjaSUi0nY4Bqtenv9JVzhmuSmi
QGiIRx0uc4bOE1ff05YvyfOFEKyq2Ay1EIA5sK5m3x96PJgF7YZRWha89UElaZew
EaQA281BrZNKaI+/A9y6ubcpqVxh0mnoSCbIusC06VTYTy9A6PS54vgq9Rs9yUtv
9prsBsTdP2aDa70+ZKG7YXKanP3pGbCMbjHNx1qJ6ly7fHcbLVIzNTRE36NjvWt0
hUIXAB9mlaxhFKcDa2VLul8sxHXyMbk+AZeGTzQgEnuCQfq53B0qXv+LIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCIadFT/KETXkxqwUhsKbbOg9SYRMB8GA1UdIwQY
MBaAFIRKF5HLB/HYYSPGPcOtz9dU2xAbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEVvWGtjc0g4ZGhoSThZOXc2M1AxMVRiRUJzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMC9mMTM3MGEtNTdjYS00NmEwLThhZjQt
NzhiYTZkYzUwMDg2LzEvSWhwMFZQOG9STmVUR3JCU0d3cHRzNkQxSmhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMC9mMTM3MGEtNTdjYS00NmEwLThhZjQtNzhiYTZkYzUwMDg2
LzEvaEVvWGtjc0g4ZGhoSThZOXc2M1AxMVRiRUJzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuS5UMA0G
CSqGSIb3DQEBCwUAA4IBAQCeYWDx21KdEiYbqzlYPUOdgbnnkZvu0Y8PiZT0SRbQ
fyZOYQN3YWGv3LQ+a3XCAA9+8oCbUvgM7tTtImNzOutbV+7l0+VOFbjtmeOK2QDd
w/7ATTH6bEHKtR78KUDUQp9uVq+IjzoN+xuBkwkh5s5fGKkuIfSfssK6zlu8oym7
yVtVo5bnZn2llgSxHSyn5N9aGDbyf8TrLzJzesJz9LCQ+lMWwhsb0NI7AoKOjJmP
u7zsj+D2AmUWolyhW03LjbjXme8M4EUapOxvYCF6EHOamsKkkK53FFgPAbBGkY69
8JlqxitXjus+no1POXBnJrxm2uirsLEbC3DXLMT+KW6J
-----END CERTIFICATE-----