Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/b3c065-ed1c-4585-99a6-407e3fe63945/1/sUbLpeFS3XLLLQIvzdPabGUHzHo.roa
File:                     sUbLpeFS3XLLLQIvzdPabGUHzHo.roa (raw, json)
Hash identifier:          3V72mhpNF2hyMt7Kyc3iG5tEZ6zvkVberiaxQXV1Hcc=
Subject key identifier:   B1:46:CB:A5:E1:52:DD:72:CB:2D:02:2F:CD:D3:DA:6C:65:07:CC:7A
Certificate issuer:       /CN=1779b95d8a58fcca6a812e777e7ef69453f8ac98
Certificate serial:       0194266C4678082734A781891F47E043967F
Authority key identifier: 17:79:B9:5D:8A:58:FC:CA:6A:81:2E:77:7E:7E:F6:94:53:F8:AC:98
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F3m5XYpY_MpqgS53fn72lFP4rJg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/35/b3c065-ed1c-4585-99a6-407e3fe63945/1/sUbLpeFS3XLLLQIvzdPabGUHzHo.roa
Signing time:             Thu 02 Jan 2025 09:50:17 +0000
ROA not before:           Thu 02 Jan 2025 09:50:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209620
IP address blocks:        185.184.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/35/b3c065-ed1c-4585-99a6-407e3fe63945/1/F3m5XYpY_MpqgS53fn72lFP4rJg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/35/b3c065-ed1c-4585-99a6-407e3fe63945/1/F3m5XYpY_MpqgS53fn72lFP4rJg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F3m5XYpY_MpqgS53fn72lFP4rJg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:46:78:08:27:34:a7:81:89:1f:47:e0:43:96:7f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1779b95d8a58fcca6a812e777e7ef69453f8ac98
        Validity
            Not Before: Jan  2 09:50:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b146cba5e152dd72cb2d022fcdd3da6c6507cc7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:12:ac:c8:6f:df:b6:f9:45:1f:c8:b3:de:56:
                    41:d4:ed:0f:e2:b3:20:3e:32:5a:60:0c:3e:3c:55:
                    f2:f7:c1:c0:f5:df:c4:47:83:10:18:9b:46:f0:af:
                    c4:27:dd:aa:74:26:fe:24:30:de:5e:1c:e3:37:59:
                    6f:cc:bc:98:fc:3f:02:f1:af:25:87:18:a7:26:25:
                    0f:43:6f:f4:89:22:cd:83:ec:5c:ab:4b:53:45:73:
                    1b:5c:b1:64:81:1b:48:96:e1:86:ea:81:77:31:94:
                    d3:65:86:a0:3b:fe:1c:71:01:06:77:50:ac:61:9e:
                    22:d6:6d:b8:66:89:c4:20:67:2a:4e:02:7f:3c:8a:
                    8d:f5:35:89:24:0c:11:e4:f5:da:ec:97:9c:48:77:
                    c0:e3:d4:3d:ba:1a:7d:ad:4e:f1:a1:01:5a:da:2d:
                    3e:f4:86:03:06:5b:f3:8e:90:6e:f6:68:9d:c2:8a:
                    98:91:2c:2b:91:99:21:5d:8b:cb:b5:67:56:4d:14:
                    23:f8:b1:05:d8:03:5a:34:f5:75:ff:40:de:a1:ba:
                    bf:dc:ef:2b:92:3c:25:65:bc:f9:73:8f:e7:5f:c8:
                    d7:80:31:61:74:19:8c:70:e0:72:6d:a4:6c:e4:9d:
                    4d:d7:32:c4:17:9c:af:db:e6:95:f0:3a:21:40:35:
                    e4:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:46:CB:A5:E1:52:DD:72:CB:2D:02:2F:CD:D3:DA:6C:65:07:CC:7A
            X509v3 Authority Key Identifier:
                keyid:17:79:B9:5D:8A:58:FC:CA:6A:81:2E:77:7E:7E:F6:94:53:F8:AC:98

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F3m5XYpY_MpqgS53fn72lFP4rJg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/b3c065-ed1c-4585-99a6-407e3fe63945/1/sUbLpeFS3XLLLQIvzdPabGUHzHo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/35/b3c065-ed1c-4585-99a6-407e3fe63945/1/F3m5XYpY_MpqgS53fn72lFP4rJg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:56:d3:25:37:9b:6c:24:46:ee:26:92:39:83:74:80:7a:90:
         0b:29:d4:a3:54:2a:5c:89:94:4a:31:e9:67:51:ce:cb:7f:4c:
         1a:81:ca:2d:8e:03:6c:98:34:21:10:6a:b4:c3:a2:21:78:d5:
         12:44:ac:78:0c:8d:fd:27:d6:d2:05:68:76:f8:cd:49:8d:3e:
         fb:c2:05:c8:8c:c9:1c:07:3a:69:13:5f:74:b1:4a:1d:e1:86:
         9a:55:4b:e8:d0:28:37:f5:c7:d9:21:ef:aa:5f:20:4d:9b:ab:
         fe:f7:94:7c:d5:f9:3b:57:ba:9b:42:e1:75:d0:f8:81:12:08:
         3a:8f:61:af:ce:ec:7b:1d:a2:94:4b:41:65:cf:29:8f:ec:f8:
         1f:f6:68:1d:c2:d4:0c:41:bf:06:91:52:fd:e1:69:a0:fe:e1:
         98:ed:43:0d:42:bd:37:70:7c:6f:5e:5c:fb:52:28:49:7d:ee:
         53:71:c5:a3:a0:37:a2:95:ce:62:9b:86:25:d1:9f:39:44:71:
         e5:72:f4:8c:1f:b9:d9:7c:af:d2:42:c6:63:3c:e5:43:a7:2f:
         e5:04:18:92:2c:14:e7:d0:d1:09:b5:2f:9b:e3:fb:97:a7:67:
         12:a7:cf:e5:51:9f:0b:31:e0:41:87:1f:23:cc:32:e0:13:e7:
         c3:80:69:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbEZ4CCc0p4GJH0fgQ5Z/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NzliOTVkOGE1OGZjY2E2YTgxMmU3NzdlN2VmNjk0NTNm
OGFjOTgwHhcNMjUwMTAyMDk1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMTQ2Y2JhNWUxNTJkZDcyY2IyZDAyMmZjZGQzZGE2YzY1MDdjYzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtRKsyG/ftvlFH8iz3lZB1O0P4rMg
PjJaYAw+PFXy98HA9d/ER4MQGJtG8K/EJ92qdCb+JDDeXhzjN1lvzLyY/D8C8a8l
hxinJiUPQ2/0iSLNg+xcq0tTRXMbXLFkgRtIluGG6oF3MZTTZYagO/4ccQEGd1Cs
YZ4i1m24ZonEIGcqTgJ/PIqN9TWJJAwR5PXa7JecSHfA49Q9uhp9rU7xoQFa2i0+
9IYDBlvzjpBu9midwoqYkSwrkZkhXYvLtWdWTRQj+LEF2ANaNPV1/0Deobq/3O8r
kjwlZbz5c4/nX8jXgDFhdBmMcOBybaRs5J1N1zLEF5yv2+aV8DohQDXk+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLFGy6XhUt1yyy0CL83T2mxlB8x6MB8GA1UdIwQY
MBaAFBd5uV2KWPzKaoEud35+9pRT+KyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjNtNVhZcFlfTXBxZ1M1M2ZuNzJsRlA0ckpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNS9iM2MwNjUtZWQxYy00NTg1LTk5YTYt
NDA3ZTNmZTYzOTQ1LzEvc1ViTHBlRlMzWExMTFFJdnpkUGFiR1VIekhvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNS9iM2MwNjUtZWQxYy00NTg1LTk5YTYtNDA3ZTNmZTYzOTQ1
LzEvRjNtNVhZcFlfTXBxZ1M1M2ZuNzJsRlA0ckpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubjVMA0G
CSqGSIb3DQEBCwUAA4IBAQBzVtMlN5tsJEbuJpI5g3SAepALKdSjVCpciZRKMeln
Uc7Lf0wagcotjgNsmDQhEGq0w6IheNUSRKx4DI39J9bSBWh2+M1JjT77wgXIjMkc
BzppE190sUod4YaaVUvo0Cg39cfZIe+qXyBNm6v+95R81fk7V7qbQuF10PiBEgg6
j2Gvzux7HaKUS0FlzymP7Pgf9mgdwtQMQb8GkVL94Wmg/uGY7UMNQr03cHxvXlz7
UihJfe5TccWjoDeilc5im4Yl0Z85RHHlcvSMH7nZfK/SQsZjPOVDpy/lBBiSLBTn
0NEJtS+b4/uXp2cSp8/lUZ8LMeBBhx8jzDLgE+fDgGlQ
-----END CERTIFICATE-----