Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/1qEPEFv1rtnBwjLrj05KhcsiGsw.roa
File:                     1qEPEFv1rtnBwjLrj05KhcsiGsw.roa (raw, json)
Hash identifier:          efBys1jy+DGmejYCRhYEDwHiZZBi2kJ2HO+RtvkHBG0=
Subject key identifier:   D6:A1:0F:10:5B:F5:AE:D9:C1:C2:32:EB:8F:4E:4A:85:CB:22:1A:CC
Certificate issuer:       /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial:       019427B5C023D1472EC6FE4766CFB812507D
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/1qEPEFv1rtnBwjLrj05KhcsiGsw.roa
Signing time:             Thu 02 Jan 2025 15:50:10 +0000
ROA not before:           Thu 02 Jan 2025 15:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211142
IP address blocks:        185.83.229.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:c0:23:d1:47:2e:c6:fe:47:66:cf:b8:12:50:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
        Validity
            Not Before: Jan  2 15:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d6a10f105bf5aed9c1c232eb8f4e4a85cb221acc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:f2:4c:c9:91:47:40:41:20:d5:c2:95:48:7c:
                    92:f3:30:8d:2d:24:fe:dc:c2:c1:b1:f8:ad:7e:4d:
                    7c:59:48:b8:3b:3c:26:e5:f3:b4:04:a4:b4:19:82:
                    bd:69:fa:8e:cb:1b:75:8c:82:bc:0f:a6:bf:30:9a:
                    4b:68:2b:99:0e:4a:7f:9c:14:b2:ca:24:dd:bb:b6:
                    d9:0f:d5:cd:49:c0:e9:a3:ab:97:92:5a:93:15:c6:
                    87:f1:6c:37:90:a5:ca:bc:96:6a:fb:ba:8d:2e:24:
                    0f:21:d7:64:06:2a:5c:df:33:1f:97:22:f2:33:7c:
                    ba:e8:3d:ff:40:21:36:f2:bf:ac:7a:7f:e1:af:d7:
                    f7:c1:4e:48:3b:80:7c:4a:f6:c7:68:89:12:62:e1:
                    77:ea:4e:17:c4:93:2c:ee:7b:b5:9b:7f:1d:7a:32:
                    3c:08:5b:97:29:60:aa:f3:fb:c0:ab:56:dd:e3:14:
                    01:fe:c9:90:19:1c:3f:c7:6e:87:4b:6d:63:8d:9b:
                    82:d6:fe:f0:50:cf:17:54:ba:f4:0a:38:f5:b2:28:
                    5a:a8:bc:c6:66:d9:da:0f:9f:07:f8:09:60:e6:87:
                    4d:21:93:78:35:65:ce:3f:05:bc:10:9b:8f:5d:bc:
                    ba:d2:a4:bd:0e:7a:85:be:bc:d1:01:be:78:f4:8c:
                    fd:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:A1:0F:10:5B:F5:AE:D9:C1:C2:32:EB:8F:4E:4A:85:CB:22:1A:CC
            X509v3 Authority Key Identifier:
                keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/1qEPEFv1rtnBwjLrj05KhcsiGsw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.83.229.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:4f:47:6e:91:e6:79:7f:db:a7:40:27:03:06:02:35:e8:ab:
         5b:ee:b5:7d:45:41:1c:a8:5c:9d:68:16:5f:3c:35:6e:08:87:
         69:ed:78:9e:ec:44:3b:57:d5:a8:4b:36:9b:b8:c7:d6:50:18:
         67:92:f7:bf:89:a9:c3:a3:b2:8f:16:c6:35:a2:89:f3:ac:4e:
         af:33:66:0a:0c:e0:0d:74:d7:34:80:4f:c7:44:59:95:39:32:
         21:aa:c3:1e:8f:e9:51:2c:14:83:3f:0d:50:76:f5:f1:b8:39:
         bd:84:e9:d6:a6:46:3b:43:8a:bd:7e:bf:55:5e:89:96:7d:44:
         23:dd:71:ec:cf:46:94:b8:57:82:c7:70:4d:f1:3e:b1:3b:5d:
         5f:1b:18:83:41:af:5f:a3:95:f1:af:a7:fe:be:51:83:5c:c4:
         3d:fe:94:3a:cd:22:bb:36:22:0c:8b:ac:61:51:83:ae:60:89:
         79:a6:9e:cf:2b:9a:a8:eb:16:8a:ca:71:bf:2f:4f:34:cd:76:
         b6:99:d4:e4:c3:c7:04:5b:f9:77:ff:0d:67:bc:81:62:2f:53:
         70:be:ed:97:2f:77:bb:56:94:b6:a4:19:4b:4d:60:0d:fe:17:
         31:97:3a:e4:34:86:b4:15:c7:09:2f:98:18:8f:40:95:47:f0:
         d2:25:5e:f3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntcAj0Ucuxv5HZs+4ElB9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjUwMTAyMTU1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmExMGYxMDViZjVhZWQ5YzFjMjMyZWI4ZjRlNGE4NWNiMjIxYWNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArPJMyZFHQEEg1cKVSHyS8zCNLST+
3MLBsfitfk18WUi4Ozwm5fO0BKS0GYK9afqOyxt1jIK8D6a/MJpLaCuZDkp/nBSy
yiTdu7bZD9XNScDpo6uXklqTFcaH8Ww3kKXKvJZq+7qNLiQPIddkBipc3zMflyLy
M3y66D3/QCE28r+sen/hr9f3wU5IO4B8SvbHaIkSYuF36k4XxJMs7nu1m38dejI8
CFuXKWCq8/vAq1bd4xQB/smQGRw/x26HS21jjZuC1v7wUM8XVLr0Cjj1sihaqLzG
ZtnaD58H+Alg5odNIZN4NWXOPwW8EJuPXby60qS9DnqFvrzRAb549Iz97QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNahDxBb9a7ZwcIy649OSoXLIhrMMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvMXFFUEVGdjFydG5Cd2pMcmowNUtoY3NpR3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVPlMA0G
CSqGSIb3DQEBCwUAA4IBAQCjT0dukeZ5f9unQCcDBgI16Ktb7rV9RUEcqFydaBZf
PDVuCIdp7Xie7EQ7V9WoSzabuMfWUBhnkve/ianDo7KPFsY1oonzrE6vM2YKDOAN
dNc0gE/HRFmVOTIhqsMej+lRLBSDPw1QdvXxuDm9hOnWpkY7Q4q9fr9VXomWfUQj
3XHsz0aUuFeCx3BN8T6xO11fGxiDQa9fo5Xxr6f+vlGDXMQ9/pQ6zSK7NiIMi6xh
UYOuYIl5pp7PK5qo6xaKynG/L080zXa2mdTkw8cEW/l3/w1nvIFiL1Nwvu2XL3e7
VpS2pBlLTWAN/hcxlzrkNIa0FccJL5gYj0CVR/DSJV7z
-----END CERTIFICATE-----