Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/38/854e86-51bb-458c-a014-6923a7e61a6b/1/2HsIGyT4rIJuu6UrqRcR2fc9b3I.roa
File:                     2HsIGyT4rIJuu6UrqRcR2fc9b3I.roa (raw, json)
Hash identifier:          hUQqgn+fKEmkw/9ErWQL/8TgPXVZMyjAW7UPwj4OttA=
Subject key identifier:   D8:7B:08:1B:24:F8:AC:82:6E:BB:A5:2B:A9:17:11:D9:F7:3D:6F:72
Certificate issuer:       /CN=fc83525d142fbf4b94b3d169445365c66ddfddfd
Certificate serial:       01952583B28B3D974E0AF264C172C3A23B7E
Authority key identifier: FC:83:52:5D:14:2F:BF:4B:94:B3:D1:69:44:53:65:C6:6D:DF:DD:FD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_INSXRQvv0uUs9FpRFNlxm3f3f0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/38/854e86-51bb-458c-a014-6923a7e61a6b/1/2HsIGyT4rIJuu6UrqRcR2fc9b3I.roa
Signing time:             Thu 20 Feb 2025 22:39:02 +0000
ROA not before:           Thu 20 Feb 2025 22:39:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47603
IP address blocks:        185.84.226.0/24 maxlen: 27
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/38/854e86-51bb-458c-a014-6923a7e61a6b/1/_INSXRQvv0uUs9FpRFNlxm3f3f0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/38/854e86-51bb-458c-a014-6923a7e61a6b/1/_INSXRQvv0uUs9FpRFNlxm3f3f0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_INSXRQvv0uUs9FpRFNlxm3f3f0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:25:83:b2:8b:3d:97:4e:0a:f2:64:c1:72:c3:a2:3b:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc83525d142fbf4b94b3d169445365c66ddfddfd
        Validity
            Not Before: Feb 20 22:39:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d87b081b24f8ac826ebba52ba91711d9f73d6f72
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:23:70:ae:b4:ec:fd:7c:36:cd:63:25:98:ef:
                    55:f5:cc:aa:07:dc:28:f5:c9:97:40:17:1b:01:de:
                    6d:19:35:19:8a:fb:97:1f:24:fd:b2:fd:08:ff:99:
                    e5:74:44:ff:70:81:56:0c:40:7d:40:cf:ff:63:d7:
                    52:d1:16:98:90:79:e5:f0:9d:20:25:9d:fc:b9:7e:
                    7e:1c:31:36:74:49:06:a9:08:73:97:c3:15:aa:d1:
                    02:e4:ce:0d:0b:82:a4:11:9f:be:aa:56:6e:54:9b:
                    6c:ad:29:f5:3c:87:e3:5f:6c:49:f6:98:fe:f7:76:
                    c0:a2:f9:16:b4:28:d6:5b:32:3a:25:f3:ae:8f:2e:
                    8d:9b:05:3f:2c:20:5c:e4:48:80:38:dc:36:19:33:
                    65:0a:1c:77:39:d7:e1:8d:8e:c9:1b:13:1d:4f:4e:
                    90:fd:9d:36:49:1d:7e:9b:19:48:6e:f7:4d:90:98:
                    70:4a:ed:c9:5d:f7:c5:12:3c:57:a2:72:ac:42:e0:
                    80:fa:46:da:b6:fe:89:a5:59:6f:16:fe:5d:95:b3:
                    d9:37:75:6b:2e:09:00:6f:c4:11:ad:9b:8f:12:e7:
                    79:f9:7c:f9:b7:21:0e:33:16:06:8e:f3:bb:a1:c8:
                    92:d5:9a:b7:13:58:88:b9:f9:5e:13:4c:09:f8:88:
                    22:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:7B:08:1B:24:F8:AC:82:6E:BB:A5:2B:A9:17:11:D9:F7:3D:6F:72
            X509v3 Authority Key Identifier:
                keyid:FC:83:52:5D:14:2F:BF:4B:94:B3:D1:69:44:53:65:C6:6D:DF:DD:FD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_INSXRQvv0uUs9FpRFNlxm3f3f0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/38/854e86-51bb-458c-a014-6923a7e61a6b/1/2HsIGyT4rIJuu6UrqRcR2fc9b3I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/38/854e86-51bb-458c-a014-6923a7e61a6b/1/_INSXRQvv0uUs9FpRFNlxm3f3f0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:02:ce:15:cd:34:4c:7d:b5:ef:f9:f4:92:4b:f6:89:66:7a:
         e6:9b:40:bd:1d:ab:4d:34:49:dd:7d:97:ec:1a:cd:a6:bd:56:
         ab:dc:99:2a:f0:f4:45:ac:99:d7:99:ec:f5:14:0f:6f:40:58:
         66:67:30:9f:48:92:69:b4:c5:3f:59:f6:b9:3f:f2:4e:4f:0b:
         ae:10:8a:cf:fc:67:19:a8:33:b1:f5:b6:c1:89:78:d9:4e:6c:
         64:e8:7c:47:15:b1:76:93:8b:d5:a2:67:f6:b6:ce:97:aa:ef:
         9c:b4:3f:34:52:59:ae:b5:8c:71:bb:26:0e:7d:7e:bd:1c:f8:
         ba:9e:eb:ee:27:0c:93:9a:43:f1:bc:91:c6:01:9c:f4:93:d7:
         b6:d8:8b:17:4a:0f:9c:a6:11:6e:6d:be:1a:c5:5a:34:ac:58:
         97:49:4b:a1:26:32:49:b4:9d:a0:e4:a5:65:df:0c:11:8c:94:
         69:7b:af:ab:88:5b:6d:8d:af:4f:fe:af:2d:c2:60:a7:85:f2:
         d4:94:df:33:d4:91:1f:c2:69:52:3a:3a:0d:4a:ad:fd:63:9e:
         1c:f9:da:a2:46:c1:ed:3d:ad:c8:aa:46:3b:51:e3:31:02:2f:
         71:a3:24:61:47:f2:ae:73:58:d4:d0:10:1a:85:56:56:47:4a:
         cd:9b:5b:c1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZUlg7KLPZdOCvJkwXLDojt+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjODM1MjVkMTQyZmJmNGI5NGIzZDE2OTQ0NTM2NWM2NmRk
ZmRkZmQwHhcNMjUwMjIwMjIzOTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkODdiMDgxYjI0ZjhhYzgyNmViYmE1MmJhOTE3MTFkOWY3M2Q2ZjcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnSNwrrTs/Xw2zWMlmO9V9cyqB9wo
9cmXQBcbAd5tGTUZivuXHyT9sv0I/5nldET/cIFWDEB9QM//Y9dS0RaYkHnl8J0g
JZ38uX5+HDE2dEkGqQhzl8MVqtEC5M4NC4KkEZ++qlZuVJtsrSn1PIfjX2xJ9pj+
93bAovkWtCjWWzI6JfOujy6NmwU/LCBc5EiAONw2GTNlChx3OdfhjY7JGxMdT06Q
/Z02SR1+mxlIbvdNkJhwSu3JXffFEjxXonKsQuCA+kbatv6JpVlvFv5dlbPZN3Vr
LgkAb8QRrZuPEud5+Xz5tyEOMxYGjvO7ociS1Zq3E1iIufleE0wJ+IgiiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNh7CBsk+KyCbrulK6kXEdn3PW9yMB8GA1UdIwQY
MBaAFPyDUl0UL79LlLPRaURTZcZt3939MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0lOU1hSUXZ2MHVVczlGcFJGTmx4bTNmM2YwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOC84NTRlODYtNTFiYi00NThjLWEwMTQt
NjkyM2E3ZTYxYTZiLzEvMkhzSUd5VDRySUp1dTZVcnFSY1IyZmM5YjNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOC84NTRlODYtNTFiYi00NThjLWEwMTQtNjkyM2E3ZTYxYTZi
LzEvX0lOU1hSUXZ2MHVVczlGcFJGTmx4bTNmM2YwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVTiMA0G
CSqGSIb3DQEBCwUAA4IBAQB2As4VzTRMfbXv+fSSS/aJZnrmm0C9HatNNEndfZfs
Gs2mvVar3Jkq8PRFrJnXmez1FA9vQFhmZzCfSJJptMU/Wfa5P/JOTwuuEIrP/GcZ
qDOx9bbBiXjZTmxk6HxHFbF2k4vVomf2ts6Xqu+ctD80UlmutYxxuyYOfX69HPi6
nuvuJwyTmkPxvJHGAZz0k9e22IsXSg+cphFubb4axVo0rFiXSUuhJjJJtJ2g5KVl
3wwRjJRpe6+riFttja9P/q8twmCnhfLUlN8z1JEfwmlSOjoNSq39Y54c+dqiRsHt
Pa3IqkY7UeMxAi9xoyRhR/Kuc1jU0BAahVZWR0rNm1vB
-----END CERTIFICATE-----