Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/ItDOSAPXP7fGwIUCyAUKyyhkB4Q.roa
File:                     ItDOSAPXP7fGwIUCyAUKyyhkB4Q.roa (raw, json)
Hash identifier:          OWstEJSZcgCk402ChRTJkXohNTIeEApse64rKCImRuM=
Subject key identifier:   22:D0:CE:48:03:D7:3F:B7:C6:C0:85:02:C8:05:0A:CB:28:64:07:84
Certificate issuer:       /CN=826be1fb71af48d6b318510aa8bdf9a815f33db8
Certificate serial:       01942823477A72DF473FCEA2EF34438302CB
Authority key identifier: 82:6B:E1:FB:71:AF:48:D6:B3:18:51:0A:A8:BD:F9:A8:15:F3:3D:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gmvh-3GvSNazGFEKqL35qBXzPbg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/ItDOSAPXP7fGwIUCyAUKyyhkB4Q.roa
Signing time:             Thu 02 Jan 2025 17:49:48 +0000
ROA not before:           Thu 02 Jan 2025 17:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62563
IP address blocks:        192.166.226.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/gmvh-3GvSNazGFEKqL35qBXzPbg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/gmvh-3GvSNazGFEKqL35qBXzPbg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gmvh-3GvSNazGFEKqL35qBXzPbg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:47:7a:72:df:47:3f:ce:a2:ef:34:43:83:02:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=826be1fb71af48d6b318510aa8bdf9a815f33db8
        Validity
            Not Before: Jan  2 17:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22d0ce4803d73fb7c6c08502c8050acb28640784
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:d2:b4:45:67:a5:a4:79:f3:ab:f8:bb:64:67:
                    d1:38:00:a2:02:79:33:13:10:e6:96:8e:c1:d7:c6:
                    61:7b:72:2e:16:35:8a:c2:fa:01:9d:98:0f:7f:d7:
                    f1:9e:59:cd:ad:f2:d3:27:53:60:24:fe:21:e8:6c:
                    b2:9e:f2:06:72:27:77:aa:c2:86:ce:49:8c:de:67:
                    99:81:f4:0a:e3:6d:e3:53:14:ef:d5:53:19:b4:bc:
                    70:9b:08:e0:5e:29:76:70:d2:4f:1c:80:63:12:70:
                    b4:99:02:88:0f:af:8e:01:72:10:aa:77:2e:aa:43:
                    ef:67:35:90:77:79:3c:d2:0c:53:dd:6a:be:fb:18:
                    bf:23:a4:16:51:a0:bb:23:cb:d9:04:39:f3:e5:6b:
                    8c:d9:a9:58:c9:1b:8f:b8:a5:72:23:ef:b0:0c:51:
                    6f:20:63:c3:0e:bd:cb:0b:41:7f:e0:da:0e:04:e3:
                    0a:1a:9b:4b:95:8c:d1:97:15:0f:12:49:86:cf:1c:
                    44:2f:19:b0:9d:c7:21:dc:5f:af:bc:d6:29:92:13:
                    f7:d2:4d:b3:10:5c:66:27:f3:fb:dd:6a:a2:c5:81:
                    fe:c8:83:18:6c:d5:98:0b:82:7d:6c:bd:e9:94:75:
                    c8:cd:ea:14:3c:49:d8:9e:fc:26:59:be:bf:51:fc:
                    64:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:D0:CE:48:03:D7:3F:B7:C6:C0:85:02:C8:05:0A:CB:28:64:07:84
            X509v3 Authority Key Identifier:
                keyid:82:6B:E1:FB:71:AF:48:D6:B3:18:51:0A:A8:BD:F9:A8:15:F3:3D:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gmvh-3GvSNazGFEKqL35qBXzPbg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/ItDOSAPXP7fGwIUCyAUKyyhkB4Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/ac689b-0e36-49fd-8f9c-ded720142744/1/gmvh-3GvSNazGFEKqL35qBXzPbg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.166.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         24:8c:9c:1d:b7:c4:cc:7e:40:a9:81:fb:50:5c:07:d7:28:0c:
         21:38:b0:1f:3f:c1:db:6f:da:24:6c:c7:6b:be:ee:e6:da:04:
         eb:e7:c8:ed:e3:21:a9:88:4e:3a:1a:bd:c6:d8:20:fc:1f:b2:
         d4:07:54:70:da:36:b3:17:d3:d7:0b:ba:95:d5:20:97:47:f6:
         28:95:c6:4c:8a:35:9c:ec:18:03:4a:0e:cb:8b:5e:07:9f:43:
         7a:4b:93:de:3c:44:1d:30:d7:0f:c5:54:b0:be:0f:d7:83:18:
         64:fa:4b:65:4c:6f:eb:71:75:21:23:67:65:d3:c1:19:52:e8:
         9c:c7:a1:d3:a0:bb:be:3a:22:e9:37:68:34:9b:0c:2d:a3:92:
         79:32:2f:1b:82:9a:3e:b0:82:d4:89:ae:e3:e8:de:06:0b:6b:
         47:ff:ef:37:6e:e2:80:9f:08:3c:16:91:0a:30:34:6e:c3:19:
         57:21:c4:8f:bb:65:a4:da:f4:29:78:fe:55:6d:1d:e6:81:0f:
         78:a0:32:22:80:a7:3a:ea:78:e8:e4:2f:2d:6a:cd:f3:71:66:
         51:32:35:d9:a9:89:8f:a0:e5:76:01:a6:78:01:b0:2d:4f:ce:
         d2:82:01:7a:b9:d4:78:60:3c:fb:31:66:2a:93:9b:b4:2c:cb:
         20:86:5e:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoI0d6ct9HP86i7zRDgwLLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgyNmJlMWZiNzFhZjQ4ZDZiMzE4NTEwYWE4YmRmOWE4MTVm
MzNkYjgwHhcNMjUwMTAyMTc0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmQwY2U0ODAzZDczZmI3YzZjMDg1MDJjODA1MGFjYjI4NjQwNzg0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtdK0RWelpHnzq/i7ZGfROACiAnkz
ExDmlo7B18Zhe3IuFjWKwvoBnZgPf9fxnlnNrfLTJ1NgJP4h6GyynvIGcid3qsKG
zkmM3meZgfQK423jUxTv1VMZtLxwmwjgXil2cNJPHIBjEnC0mQKID6+OAXIQqncu
qkPvZzWQd3k80gxT3Wq++xi/I6QWUaC7I8vZBDnz5WuM2alYyRuPuKVyI++wDFFv
IGPDDr3LC0F/4NoOBOMKGptLlYzRlxUPEkmGzxxELxmwncch3F+vvNYpkhP30k2z
EFxmJ/P73WqixYH+yIMYbNWYC4J9bL3plHXIzeoUPEnYnvwmWb6/UfxktQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCLQzkgD1z+3xsCFAsgFCssoZAeEMB8GA1UdIwQY
MBaAFIJr4ftxr0jWsxhRCqi9+agV8z24MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ212aC0zR3ZTTmF6R0ZFS3FMMzVxQlh6UGJnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9hYzY4OWItMGUzNi00OWZkLThmOWMt
ZGVkNzIwMTQyNzQ0LzEvSXRET1NBUFhQN2ZHd0lVQ3lBVUt5eWhrQjRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9hYzY4OWItMGUzNi00OWZkLThmOWMtZGVkNzIwMTQyNzQ0
LzEvZ212aC0zR3ZTTmF6R0ZFS3FMMzVxQlh6UGJnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwKbiMA0G
CSqGSIb3DQEBCwUAA4IBAQAkjJwdt8TMfkCpgftQXAfXKAwhOLAfP8Hbb9okbMdr
vu7m2gTr58jt4yGpiE46Gr3G2CD8H7LUB1Rw2jazF9PXC7qV1SCXR/YolcZMijWc
7BgDSg7Li14Hn0N6S5PePEQdMNcPxVSwvg/Xgxhk+ktlTG/rcXUhI2dl08EZUuic
x6HToLu+OiLpN2g0mwwto5J5Mi8bgpo+sILUia7j6N4GC2tH/+83buKAnwg8FpEK
MDRuwxlXIcSPu2Wk2vQpeP5VbR3mgQ94oDIigKc66njo5C8tas3zcWZRMjXZqYmP
oOV2AaZ4AbAtT87SggF6udR4YDz7MWYqk5u0LMsghl6b
-----END CERTIFICATE-----