Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/46/16fb84-fa29-41b2-8dbb-59decd8d5a0c/1/DiY5VK-6JORpLYohOA3eEOX0gEg.roa
File:                     DiY5VK-6JORpLYohOA3eEOX0gEg.roa (raw, json)
Hash identifier:          tPQ07ahlxA30mMATuVo2hJ+wEmf9vgItJrH9Fyn7bOk=
Subject key identifier:   0E:26:39:54:AF:BA:24:E4:69:2D:8A:21:38:0D:DE:10:E5:F4:80:48
Certificate issuer:       /CN=d6fac3967ea9859227d9f7be744e2a6ea486e117
Certificate serial:       0194206806706B50096C6111CD2570B8D269
Authority key identifier: D6:FA:C3:96:7E:A9:85:92:27:D9:F7:BE:74:4E:2A:6E:A4:86:E1:17
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1vrDln6phZIn2fe-dE4qbqSG4Rc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/46/16fb84-fa29-41b2-8dbb-59decd8d5a0c/1/DiY5VK-6JORpLYohOA3eEOX0gEg.roa
Signing time:             Wed 01 Jan 2025 05:47:55 +0000
ROA not before:           Wed 01 Jan 2025 05:47:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207519
IP address blocks:        185.99.221.0/24 maxlen: 24
                          185.99.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/46/16fb84-fa29-41b2-8dbb-59decd8d5a0c/1/1vrDln6phZIn2fe-dE4qbqSG4Rc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/46/16fb84-fa29-41b2-8dbb-59decd8d5a0c/1/1vrDln6phZIn2fe-dE4qbqSG4Rc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1vrDln6phZIn2fe-dE4qbqSG4Rc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 05:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:06:70:6b:50:09:6c:61:11:cd:25:70:b8:d2:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d6fac3967ea9859227d9f7be744e2a6ea486e117
        Validity
            Not Before: Jan  1 05:47:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0e263954afba24e4692d8a21380dde10e5f48048
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:dd:7b:00:61:24:ac:47:ef:b0:2c:16:77:12:
                    76:d0:d6:b6:24:cf:ef:f0:26:d4:dd:d7:88:c1:b3:
                    21:ca:36:4c:e1:a0:70:46:5a:4d:b7:7a:43:6f:d8:
                    9c:6f:46:e1:9e:f7:21:5e:62:35:5c:5d:18:c4:6f:
                    03:95:0d:75:2d:0c:9b:fa:35:d3:7b:99:dd:4f:db:
                    10:bc:ff:59:53:51:f2:c4:e0:8d:e2:a9:b5:ac:5e:
                    42:4a:f7:8d:89:0b:49:e0:cd:19:d2:69:24:3b:c5:
                    09:6d:a5:70:41:6b:d0:db:a6:d8:d1:a4:bf:1d:5a:
                    e5:d9:40:16:aa:1f:25:96:7e:2d:8a:ca:fb:95:c4:
                    ca:97:ee:fa:30:8c:cb:83:fd:12:48:00:12:f4:24:
                    06:f8:26:78:4f:75:27:6a:85:b0:33:43:5b:ff:cc:
                    60:c5:36:14:7c:77:f8:71:b8:15:41:bf:92:f4:b5:
                    c0:55:f2:13:45:4a:bb:1d:5b:c1:c7:fd:c4:75:3e:
                    bd:8d:08:27:10:b0:15:fb:29:51:b8:f7:84:0c:e4:
                    e5:3d:8e:f4:34:eb:33:2b:c6:6a:80:20:03:d9:36:
                    f1:3c:7e:66:eb:8c:49:3c:5b:cb:41:b8:34:89:2a:
                    7e:66:49:6c:bc:91:2c:c0:92:f5:52:a5:76:a8:6a:
                    e2:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0E:26:39:54:AF:BA:24:E4:69:2D:8A:21:38:0D:DE:10:E5:F4:80:48
            X509v3 Authority Key Identifier:
                keyid:D6:FA:C3:96:7E:A9:85:92:27:D9:F7:BE:74:4E:2A:6E:A4:86:E1:17

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1vrDln6phZIn2fe-dE4qbqSG4Rc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/46/16fb84-fa29-41b2-8dbb-59decd8d5a0c/1/DiY5VK-6JORpLYohOA3eEOX0gEg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/46/16fb84-fa29-41b2-8dbb-59decd8d5a0c/1/1vrDln6phZIn2fe-dE4qbqSG4Rc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.99.221.0-185.99.222.255

    Signature Algorithm: sha256WithRSAEncryption
         56:c3:12:cf:52:f2:79:32:1b:4a:1e:ba:4c:d1:df:d0:7a:7f:
         40:9e:57:38:d0:29:72:b2:2e:89:3d:b3:be:55:ea:96:28:ec:
         d5:fc:5f:69:aa:36:bc:e9:b2:5f:97:a5:73:2b:d3:4f:eb:dd:
         10:5a:26:08:83:2a:79:eb:44:c4:d3:e5:d2:b4:18:91:05:ad:
         8c:15:f7:7b:8b:2c:26:df:f4:02:9e:02:df:cc:33:f7:99:9a:
         8b:c6:ba:17:e7:e8:7b:61:d0:13:06:cf:df:1a:4e:f5:06:60:
         82:56:52:6c:81:1a:21:c9:d3:d4:10:dc:77:36:c3:de:c0:5f:
         c6:97:b3:d9:95:ec:47:7e:5d:87:cf:ce:f3:10:8e:7f:ed:8e:
         f6:49:9e:59:47:2a:88:be:0c:d3:25:ea:9b:dc:bd:70:8c:58:
         10:b6:99:96:19:19:91:74:ed:49:ca:c1:e2:a8:e2:2a:29:e7:
         24:88:94:13:63:3e:67:9a:56:f3:67:82:16:86:a2:f2:37:68:
         60:5d:af:3d:ed:3f:e7:9b:e2:44:ba:17:e8:28:16:86:c8:ef:
         ef:56:2f:e5:0f:8b:7e:54:22:86:21:34:6e:5b:d1:47:6a:99:
         25:8d:c2:52:00:35:07:f1:ee:20:ba:e2:e9:7c:9b:14:31:ee:
         6c:4f:48:51
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQgaAZwa1AJbGERzSVwuNJpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZmFjMzk2N2VhOTg1OTIyN2Q5ZjdiZTc0NGUyYTZlYTQ4
NmUxMTcwHhcNMjUwMTAxMDU0NzU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTI2Mzk1NGFmYmEyNGU0NjkyZDhhMjEzODBkZGUxMGU1ZjQ4MDQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu917AGEkrEfvsCwWdxJ20Na2JM/v
8CbU3deIwbMhyjZM4aBwRlpNt3pDb9icb0bhnvchXmI1XF0YxG8DlQ11LQyb+jXT
e5ndT9sQvP9ZU1HyxOCN4qm1rF5CSveNiQtJ4M0Z0mkkO8UJbaVwQWvQ26bY0aS/
HVrl2UAWqh8lln4tisr7lcTKl+76MIzLg/0SSAAS9CQG+CZ4T3UnaoWwM0Nb/8xg
xTYUfHf4cbgVQb+S9LXAVfITRUq7HVvBx/3EdT69jQgnELAV+ylRuPeEDOTlPY70
NOszK8ZqgCAD2TbxPH5m64xJPFvLQbg0iSp+ZklsvJEswJL1UqV2qGriXwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFA4mOVSvuiTkaS2KITgN3hDl9IBIMB8GA1UdIwQY
MBaAFNb6w5Z+qYWSJ9n3vnROKm6khuEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXZyRGxuNnBoWkluMmZlLWRFNHFicVNHNFJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ni8xNmZiODQtZmEyOS00MWIyLThkYmIt
NTlkZWNkOGQ1YTBjLzEvRGlZNVZLLTZKT1JwTFlvaE9BM2VFT1gwZ0VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ni8xNmZiODQtZmEyOS00MWIyLThkYmItNTlkZWNkOGQ1YTBj
LzEvMXZyRGxuNnBoWkluMmZlLWRFNHFicVNHNFJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5Y90D
BAC5Y94wDQYJKoZIhvcNAQELBQADggEBAFbDEs9S8nkyG0oeukzR39B6f0CeVzjQ
KXKyLok9s75V6pYo7NX8X2mqNrzpsl+XpXMr00/r3RBaJgiDKnnrRMTT5dK0GJEF
rYwV93uLLCbf9AKeAt/MM/eZmovGuhfn6Hth0BMGz98aTvUGYIJWUmyBGiHJ09QQ
3Hc2w97AX8aXs9mV7Ed+XYfPzvMQjn/tjvZJnllHKoi+DNMl6pvcvXCMWBC2mZYZ
GZF07UnKweKo4iop5ySIlBNjPmeaVvNnghaGovI3aGBdrz3tP+eb4kS6F+goFobI
7+9WL+UPi35UIoYhNG5b0UdqmSWNwlIANQfx7iC64ul8mxQx7mxPSFE=
-----END CERTIFICATE-----