Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/27e870-3e8d-42b0-b30c-bbcdcda61612/1/iCajC07N1wXhLZhUBQa5qaDtpkc.roa
File:                     iCajC07N1wXhLZhUBQa5qaDtpkc.roa (raw, json)
Hash identifier:          TBjsHC2hLzzwIzsyf+O4ISG2vQbLL5AsHhFZzfGik5g=
Subject key identifier:   88:26:A3:0B:4E:CD:D7:05:E1:2D:98:54:05:06:B9:A9:A0:ED:A6:47
Certificate issuer:       /CN=c1eeb0bbbcb6d47a8434cf411151f2e248780815
Certificate serial:       0194AC50F8A58E4BFBE533CFDA9B10F86C9B
Authority key identifier: C1:EE:B0:BB:BC:B6:D4:7A:84:34:CF:41:11:51:F2:E2:48:78:08:15
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/we6wu7y21HqENM9BEVHy4kh4CBU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/27e870-3e8d-42b0-b30c-bbcdcda61612/1/iCajC07N1wXhLZhUBQa5qaDtpkc.roa
Signing time:             Tue 28 Jan 2025 09:49:35 +0000
ROA not before:           Tue 28 Jan 2025 09:49:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15830
IP address blocks:        185.184.231.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/27e870-3e8d-42b0-b30c-bbcdcda61612/1/we6wu7y21HqENM9BEVHy4kh4CBU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/27e870-3e8d-42b0-b30c-bbcdcda61612/1/we6wu7y21HqENM9BEVHy4kh4CBU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/we6wu7y21HqENM9BEVHy4kh4CBU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:ac:50:f8:a5:8e:4b:fb:e5:33:cf:da:9b:10:f8:6c:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c1eeb0bbbcb6d47a8434cf411151f2e248780815
        Validity
            Not Before: Jan 28 09:49:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8826a30b4ecdd705e12d98540506b9a9a0eda647
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:b5:3c:c9:d4:29:83:80:8d:43:ac:9c:73:2b:
                    11:33:4b:31:d9:87:76:e5:6f:5c:c1:d1:ab:20:0c:
                    b8:5c:ec:66:9f:66:ac:dc:28:54:ca:6c:fd:29:34:
                    85:ff:6c:92:86:df:2f:48:79:84:b4:53:5d:5c:b2:
                    75:d4:a4:74:e7:57:c7:3e:ec:d7:e7:21:d1:fd:bf:
                    c4:93:97:d5:92:74:90:90:6e:e2:45:93:90:5a:61:
                    d7:3f:bd:4b:a4:9d:ff:88:d1:de:87:89:c7:db:eb:
                    fa:6f:64:7f:fc:97:fd:07:81:68:a9:87:35:1c:d6:
                    3f:c6:af:39:1b:ca:5b:44:b1:77:2a:1c:e8:59:39:
                    1e:00:eb:22:f7:19:d1:fd:72:6a:f2:b7:77:e0:2f:
                    b7:5b:dd:62:ea:a5:1b:d8:56:58:3b:54:b7:ff:95:
                    85:94:3a:da:df:d1:1f:e8:e4:24:37:63:cf:1f:73:
                    9f:53:8c:a6:33:03:a8:f9:f6:03:90:ca:2a:f5:c8:
                    b1:5b:1c:0a:0a:58:ad:17:20:59:90:96:0f:fc:d7:
                    fc:93:9a:d6:c4:eb:f4:42:cd:66:f9:b7:44:d6:bf:
                    7e:6e:52:69:51:50:91:90:88:23:07:e4:2e:2b:d0:
                    12:86:35:ab:5a:66:2b:d6:be:64:09:d6:ce:07:bb:
                    d8:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:26:A3:0B:4E:CD:D7:05:E1:2D:98:54:05:06:B9:A9:A0:ED:A6:47
            X509v3 Authority Key Identifier:
                keyid:C1:EE:B0:BB:BC:B6:D4:7A:84:34:CF:41:11:51:F2:E2:48:78:08:15

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/we6wu7y21HqENM9BEVHy4kh4CBU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/27e870-3e8d-42b0-b30c-bbcdcda61612/1/iCajC07N1wXhLZhUBQa5qaDtpkc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/27e870-3e8d-42b0-b30c-bbcdcda61612/1/we6wu7y21HqENM9BEVHy4kh4CBU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.231.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:59:2f:bc:09:3b:a2:74:17:80:b9:05:15:59:a5:fd:e7:81:
         97:b8:94:16:7e:13:d3:8d:97:e1:82:6a:22:42:df:b7:8c:2e:
         da:5d:2a:8f:e0:8d:36:d7:31:47:52:91:c5:ab:a2:16:9f:6e:
         d7:82:3d:85:1e:b9:5e:4b:9a:ad:f7:d1:fb:f4:e4:d3:a2:db:
         03:59:81:43:a6:80:03:03:5d:4d:53:4a:42:bc:62:e1:72:9b:
         b0:4b:73:a6:9a:a6:ae:c0:9f:21:12:a4:86:7b:d1:78:90:6a:
         74:01:cd:77:95:9c:68:a7:80:71:26:8b:00:4c:4a:8e:a9:a1:
         04:59:e1:b7:38:df:81:14:2a:db:42:67:27:42:c6:96:d2:41:
         d3:9a:7c:c6:19:16:a2:dc:4e:81:62:2d:6e:1f:cf:e4:05:76:
         a2:c7:18:ee:fb:ee:75:84:2e:82:f2:2a:35:a4:41:43:a8:41:
         a7:ad:cb:b2:2f:97:66:e6:38:4c:09:a3:a1:98:ce:7c:ab:f1:
         79:dc:95:de:27:76:41:1d:5f:fb:69:d7:3a:8d:38:8c:1c:61:
         01:95:ce:ff:63:8e:0f:84:43:92:7b:3c:70:58:54:48:da:52:
         2f:4e:73:e9:7b:ca:57:ef:f2:e8:08:7f:ed:e6:47:a8:3a:37:
         c7:5d:f4:85
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSsUPiljkv75TPP2psQ+GybMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxZWViMGJiYmNiNmQ0N2E4NDM0Y2Y0MTExNTFmMmUyNDg3
ODA4MTUwHhcNMjUwMTI4MDk0OTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODI2YTMwYjRlY2RkNzA1ZTEyZDk4NTQwNTA2YjlhOWEwZWRhNjQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvrU8ydQpg4CNQ6yccysRM0sx2Yd2
5W9cwdGrIAy4XOxmn2as3ChUymz9KTSF/2ySht8vSHmEtFNdXLJ11KR051fHPuzX
5yHR/b/Ek5fVknSQkG7iRZOQWmHXP71LpJ3/iNHeh4nH2+v6b2R//Jf9B4FoqYc1
HNY/xq85G8pbRLF3KhzoWTkeAOsi9xnR/XJq8rd34C+3W91i6qUb2FZYO1S3/5WF
lDra39Ef6OQkN2PPH3OfU4ymMwOo+fYDkMoq9cixWxwKClitFyBZkJYP/Nf8k5rW
xOv0Qs1m+bdE1r9+blJpUVCRkIgjB+QuK9AShjWrWmYr1r5kCdbOB7vYvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIgmowtOzdcF4S2YVAUGuamg7aZHMB8GA1UdIwQY
MBaAFMHusLu8ttR6hDTPQRFR8uJIeAgVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd2U2d3U3eTIxSHFFTk05QkVWSHk0a2g0Q0JVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8yN2U4NzAtM2U4ZC00MmIwLWIzMGMt
YmJjZGNkYTYxNjEyLzEvaUNhakMwN04xd1hoTFpoVUJRYTVxYUR0cGtjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8yN2U4NzAtM2U4ZC00MmIwLWIzMGMtYmJjZGNkYTYxNjEy
LzEvd2U2d3U3eTIxSHFFTk05QkVWSHk0a2g0Q0JVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubjnMA0G
CSqGSIb3DQEBCwUAA4IBAQBMWS+8CTuidBeAuQUVWaX954GXuJQWfhPTjZfhgmoi
Qt+3jC7aXSqP4I021zFHUpHFq6IWn27Xgj2FHrleS5qt99H79OTTotsDWYFDpoAD
A11NU0pCvGLhcpuwS3OmmqauwJ8hEqSGe9F4kGp0Ac13lZxop4BxJosATEqOqaEE
WeG3ON+BFCrbQmcnQsaW0kHTmnzGGRai3E6BYi1uH8/kBXaixxju++51hC6C8io1
pEFDqEGnrcuyL5dm5jhMCaOhmM58q/F53JXeJ3ZBHV/7adc6jTiMHGEBlc7/Y44P
hEOSezxwWFRI2lIvTnPpe8pX7/LoCH/t5keoOjfHXfSF
-----END CERTIFICATE-----