Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/399271-5d4a-4320-82ed-aad61639d9d6/1/s1JSRv9qjaGD9ezms7UcWMZoLZc.roa
File:                     s1JSRv9qjaGD9ezms7UcWMZoLZc.roa (raw, json)
Hash identifier:          m1XaHhOIwQT47gv3DHtN00RXZ5ujYkmfy6Ne91kvsN4=
Subject key identifier:   B3:52:52:46:FF:6A:8D:A1:83:F5:EC:E6:B3:B5:1C:58:C6:68:2D:97
Certificate issuer:       /CN=4be1298a215e5e4b7d1e05a85fbc591c389f9ddd
Certificate serial:       019420D6244A1BC778219D67EB7C2674958C
Authority key identifier: 4B:E1:29:8A:21:5E:5E:4B:7D:1E:05:A8:5F:BC:59:1C:38:9F:9D:DD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S-EpiiFeXkt9HgWoX7xZHDifnd0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/399271-5d4a-4320-82ed-aad61639d9d6/1/s1JSRv9qjaGD9ezms7UcWMZoLZc.roa
Signing time:             Wed 01 Jan 2025 07:48:12 +0000
ROA not before:           Wed 01 Jan 2025 07:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212282
IP address blocks:        185.220.82.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/399271-5d4a-4320-82ed-aad61639d9d6/1/S-EpiiFeXkt9HgWoX7xZHDifnd0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/399271-5d4a-4320-82ed-aad61639d9d6/1/S-EpiiFeXkt9HgWoX7xZHDifnd0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S-EpiiFeXkt9HgWoX7xZHDifnd0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:24:4a:1b:c7:78:21:9d:67:eb:7c:26:74:95:8c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4be1298a215e5e4b7d1e05a85fbc591c389f9ddd
        Validity
            Not Before: Jan  1 07:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b3525246ff6a8da183f5ece6b3b51c58c6682d97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:a0:9d:10:e3:ea:72:97:37:59:0d:e8:08:15:
                    ea:3b:55:d9:b4:68:8a:bd:d7:f7:f2:80:e4:a0:fa:
                    61:af:39:eb:0a:90:bc:a7:0f:c6:21:c4:82:9e:10:
                    99:f1:84:3a:8a:3a:f1:69:8b:35:e5:8c:14:97:8a:
                    d4:68:22:bf:2f:8d:91:b9:97:4b:c0:b4:88:b4:9e:
                    1c:24:cc:92:10:8b:d8:73:70:c5:80:c8:d8:05:00:
                    14:df:01:54:07:12:87:4d:d8:a7:2e:1a:1f:64:9f:
                    c1:47:f0:6f:e8:a3:22:88:2c:bd:50:80:7c:ce:28:
                    7c:25:a2:3c:91:a2:bb:be:26:9f:d8:6f:7d:74:6d:
                    c3:28:6e:97:07:12:23:91:8b:5b:1d:42:c6:6a:58:
                    fc:8c:04:d6:4f:26:bc:b3:fb:d4:93:df:19:8d:b4:
                    0d:bd:0e:b5:5b:e2:54:53:6b:ce:a0:ea:f5:21:85:
                    6f:b0:a9:c6:b6:b8:01:18:c2:2b:4f:2b:62:5a:7b:
                    55:17:cd:72:12:21:ea:b5:bb:65:76:c2:c3:9a:f1:
                    8f:db:d1:3d:36:fd:06:14:33:6e:d6:5c:62:b7:87:
                    89:57:9c:96:8d:d1:2b:85:4e:16:b8:f3:ac:c8:ff:
                    ab:60:60:93:cc:58:86:30:0a:ec:90:e3:8a:ea:32:
                    b8:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:52:52:46:FF:6A:8D:A1:83:F5:EC:E6:B3:B5:1C:58:C6:68:2D:97
            X509v3 Authority Key Identifier:
                keyid:4B:E1:29:8A:21:5E:5E:4B:7D:1E:05:A8:5F:BC:59:1C:38:9F:9D:DD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S-EpiiFeXkt9HgWoX7xZHDifnd0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/399271-5d4a-4320-82ed-aad61639d9d6/1/s1JSRv9qjaGD9ezms7UcWMZoLZc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/399271-5d4a-4320-82ed-aad61639d9d6/1/S-EpiiFeXkt9HgWoX7xZHDifnd0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:fe:c6:dc:16:45:9c:41:f7:d6:e8:fe:b8:f3:6b:37:6c:e6:
         a7:2e:81:ab:a7:94:1e:6d:80:7a:63:05:d3:df:c4:02:36:0a:
         df:cd:b2:3a:6f:38:5f:66:02:e7:ee:02:f1:4c:88:46:12:47:
         25:85:8a:db:de:5d:8f:f0:60:b0:43:12:5d:eb:37:02:b4:4d:
         4f:96:5b:cb:1b:4d:ea:bc:19:0b:46:7d:b2:02:ee:56:e4:14:
         68:56:27:36:fb:a5:6c:f7:4d:47:42:79:b0:0d:83:09:f4:92:
         ec:93:b5:64:eb:0d:64:6f:da:07:c6:53:41:c1:5d:f2:0a:cb:
         c5:43:24:ac:80:20:ae:dd:a8:be:fd:ea:a2:6f:35:a3:ed:6b:
         18:83:e5:e0:0a:5f:4a:81:f3:e7:fe:e5:7a:09:d9:4b:33:53:
         63:df:d8:75:7d:13:f7:9d:59:32:e7:1c:58:38:dd:56:07:9a:
         71:a8:97:b7:04:da:e1:ae:15:d9:b8:ea:d5:1b:34:20:7a:b7:
         c9:0f:f6:b6:99:31:3e:04:79:08:d5:85:0d:09:e7:0e:41:1a:
         da:ba:6a:0d:db:80:97:1d:20:16:6f:6c:73:60:e6:4c:6f:c6:
         59:fd:5b:b8:53:36:f3:80:98:17:c1:de:f7:d1:a6:9e:20:95:
         26:a5:71:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1iRKG8d4IZ1n63wmdJWMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiZTEyOThhMjE1ZTVlNGI3ZDFlMDVhODVmYmM1OTFjMzg5
ZjlkZGQwHhcNMjUwMTAxMDc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzUyNTI0NmZmNmE4ZGExODNmNWVjZTZiM2I1MWM1OGM2NjgyZDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0qCdEOPqcpc3WQ3oCBXqO1XZtGiK
vdf38oDkoPphrznrCpC8pw/GIcSCnhCZ8YQ6ijrxaYs15YwUl4rUaCK/L42RuZdL
wLSItJ4cJMySEIvYc3DFgMjYBQAU3wFUBxKHTdinLhofZJ/BR/Bv6KMiiCy9UIB8
zih8JaI8kaK7viaf2G99dG3DKG6XBxIjkYtbHULGalj8jATWTya8s/vUk98ZjbQN
vQ61W+JUU2vOoOr1IYVvsKnGtrgBGMIrTytiWntVF81yEiHqtbtldsLDmvGP29E9
Nv0GFDNu1lxit4eJV5yWjdErhU4WuPOsyP+rYGCTzFiGMArskOOK6jK4WQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLNSUkb/ao2hg/Xs5rO1HFjGaC2XMB8GA1UdIwQY
MBaAFEvhKYohXl5LfR4FqF+8WRw4n53dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUy1FcGlpRmVYa3Q5SGdXb1g3eFpIRGlmbmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8zOTkyNzEtNWQ0YS00MzIwLTgyZWQt
YWFkNjE2MzlkOWQ2LzEvczFKU1J2OXFqYUdEOWV6bXM3VWNXTVpvTFpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8zOTkyNzEtNWQ0YS00MzIwLTgyZWQtYWFkNjE2MzlkOWQ2
LzEvUy1FcGlpRmVYa3Q5SGdXb1g3eFpIRGlmbmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudxSMA0G
CSqGSIb3DQEBCwUAA4IBAQAO/sbcFkWcQffW6P6482s3bOanLoGrp5QebYB6YwXT
38QCNgrfzbI6bzhfZgLn7gLxTIhGEkclhYrb3l2P8GCwQxJd6zcCtE1PllvLG03q
vBkLRn2yAu5W5BRoVic2+6Vs901HQnmwDYMJ9JLsk7Vk6w1kb9oHxlNBwV3yCsvF
QySsgCCu3ai+/eqibzWj7WsYg+XgCl9KgfPn/uV6CdlLM1Nj39h1fRP3nVky5xxY
ON1WB5pxqJe3BNrhrhXZuOrVGzQgerfJD/a2mTE+BHkI1YUNCecOQRraumoN24CX
HSAWb2xzYOZMb8ZZ/Vu4UzbzgJgXwd730aaeIJUmpXE5
-----END CERTIFICATE-----