Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4e/31d2ed-8e2f-4fa9-83ca-70405e3528af/1/iAKwu0FCFCsG-u4j0uUU3e7V0to.roa
File:                     iAKwu0FCFCsG-u4j0uUU3e7V0to.roa (raw, json)
Hash identifier:          aFD2zsZtjltC/vwpNr5sAlXxHDjwIU9VRcONuFQwgo0=
Subject key identifier:   88:02:B0:BB:41:42:14:2B:06:FA:EE:23:D2:E5:14:DD:EE:D5:D2:DA
Certificate issuer:       /CN=76e2ba5cc150b353cbd34b9f045ea0509740844d
Certificate serial:       019427480A2901DFC40CF3569DB4D8165AC3
Authority key identifier: 76:E2:BA:5C:C1:50:B3:53:CB:D3:4B:9F:04:5E:A0:50:97:40:84:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/duK6XMFQs1PL00ufBF6gUJdAhE0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4e/31d2ed-8e2f-4fa9-83ca-70405e3528af/1/iAKwu0FCFCsG-u4j0uUU3e7V0to.roa
Signing time:             Thu 02 Jan 2025 13:50:20 +0000
ROA not before:           Thu 02 Jan 2025 13:50:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200069
IP address blocks:        185.211.120.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4e/31d2ed-8e2f-4fa9-83ca-70405e3528af/1/duK6XMFQs1PL00ufBF6gUJdAhE0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4e/31d2ed-8e2f-4fa9-83ca-70405e3528af/1/duK6XMFQs1PL00ufBF6gUJdAhE0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/duK6XMFQs1PL00ufBF6gUJdAhE0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:0a:29:01:df:c4:0c:f3:56:9d:b4:d8:16:5a:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=76e2ba5cc150b353cbd34b9f045ea0509740844d
        Validity
            Not Before: Jan  2 13:50:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8802b0bb4142142b06faee23d2e514ddeed5d2da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:91:45:e1:4f:df:1a:c7:34:9a:71:24:b4:a3:1d:
                    87:9b:78:05:0a:98:2d:28:c8:02:53:4d:0a:a2:31:
                    15:de:83:2a:99:f4:60:b7:14:50:57:41:11:6b:6f:
                    f3:c9:25:9e:86:58:81:c1:72:4a:01:0c:7a:f2:42:
                    9a:2e:39:1c:e9:80:84:a0:90:c7:24:c4:ce:87:56:
                    d1:55:11:9f:33:23:48:5f:9d:76:53:a2:68:26:07:
                    0a:63:98:e5:77:94:1a:e3:c5:86:c2:b6:bf:fe:27:
                    b3:f8:6a:59:f4:1b:70:f6:89:9b:30:01:3d:a9:c9:
                    53:93:57:74:98:34:2e:a3:2d:92:1a:64:ef:8e:68:
                    d4:ec:f1:19:f8:e4:34:4a:28:7f:c1:36:b3:cb:9f:
                    61:ab:c4:06:80:d5:3f:82:ed:d1:f1:6a:9a:33:d1:
                    a6:b2:5b:22:63:a5:da:91:6c:01:9e:1c:c6:d2:a1:
                    af:83:c6:08:ca:cb:41:21:0d:f7:89:6a:5b:9b:c9:
                    46:1e:4a:a9:30:2c:e0:86:a6:4e:4b:6e:4a:82:4e:
                    f3:b1:de:f2:e8:3e:96:8e:40:85:58:f3:d2:b9:68:
                    36:ea:c7:43:19:c6:6d:6c:22:94:05:a3:3a:bd:8f:
                    62:38:d6:a3:14:3a:de:3f:76:af:6d:0f:5f:43:fc:
                    76:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:02:B0:BB:41:42:14:2B:06:FA:EE:23:D2:E5:14:DD:EE:D5:D2:DA
            X509v3 Authority Key Identifier:
                keyid:76:E2:BA:5C:C1:50:B3:53:CB:D3:4B:9F:04:5E:A0:50:97:40:84:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/duK6XMFQs1PL00ufBF6gUJdAhE0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/31d2ed-8e2f-4fa9-83ca-70405e3528af/1/iAKwu0FCFCsG-u4j0uUU3e7V0to.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4e/31d2ed-8e2f-4fa9-83ca-70405e3528af/1/duK6XMFQs1PL00ufBF6gUJdAhE0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.211.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         92:4a:fd:df:d1:3d:65:66:47:45:91:bc:b9:d0:d1:24:4b:fb:
         4e:cb:fd:bf:e5:2b:0b:3c:7e:81:a9:7f:c6:e7:67:c3:de:ec:
         32:06:4f:cf:ba:ec:44:2e:7e:c2:86:0e:f1:43:c4:20:b4:69:
         b6:e7:8c:b4:d9:64:55:7c:ad:62:47:04:30:d4:db:59:0c:0c:
         f4:c5:d3:19:50:53:b3:72:2f:3f:65:b8:f3:f5:32:3f:26:94:
         93:ac:08:5a:17:85:24:90:38:f9:f5:26:31:29:01:21:99:a5:
         a1:37:8e:c6:3c:82:1a:dc:64:06:ca:61:18:90:7b:9d:57:0d:
         86:57:8e:9b:43:47:4e:12:01:5a:7b:4b:19:fe:04:c4:2b:74:
         9e:ef:ad:5c:5c:a2:fa:59:ee:aa:bb:8d:07:c1:4d:a8:26:0a:
         73:b4:9f:c8:26:bc:81:77:72:8d:ca:cf:1c:be:a9:78:fb:97:
         5f:c2:bc:08:79:f2:e9:d6:8f:30:8f:2c:e2:8c:20:a7:fa:47:
         c1:fd:4e:77:cd:4a:91:a1:a0:ad:f1:57:7e:08:81:35:34:19:
         ee:fb:21:03:08:04:16:c7:ee:28:ff:0c:91:95:12:eb:34:ab:
         08:de:40:f9:79:a6:8d:61:e2:0e:d8:e8:4c:af:b9:d5:eb:3a:
         30:00:a2:18
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnSAopAd/EDPNWnbTYFlrDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2ZTJiYTVjYzE1MGIzNTNjYmQzNGI5ZjA0NWVhMDUwOTc0
MDg0NGQwHhcNMjUwMTAyMTM1MDIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODAyYjBiYjQxNDIxNDJiMDZmYWVlMjNkMmU1MTRkZGVlZDVkMmRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUXhT98axzSacSS0ox2Hm3gFCpgt
KMgCU00KojEV3oMqmfRgtxRQV0ERa2/zySWehliBwXJKAQx68kKaLjkc6YCEoJDH
JMTOh1bRVRGfMyNIX512U6JoJgcKY5jld5Qa48WGwra//iez+GpZ9Btw9ombMAE9
qclTk1d0mDQuoy2SGmTvjmjU7PEZ+OQ0Sih/wTazy59hq8QGgNU/gu3R8WqaM9Gm
slsiY6XakWwBnhzG0qGvg8YIystBIQ33iWpbm8lGHkqpMCzghqZOS25Kgk7zsd7y
6D6WjkCFWPPSuWg26sdDGcZtbCKUBaM6vY9iONajFDreP3avbQ9fQ/x2RQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIgCsLtBQhQrBvruI9LlFN3u1dLaMB8GA1UdIwQY
MBaAFHbiulzBULNTy9NLnwReoFCXQIRNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZHVLNlhNRlFzMVBMMDB1ZkJGNmdVSmRBaEUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZS8zMWQyZWQtOGUyZi00ZmE5LTgzY2Et
NzA0MDVlMzUyOGFmLzEvaUFLd3UwRkNGQ3NHLXU0ajB1VVUzZTdWMHRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZS8zMWQyZWQtOGUyZi00ZmE5LTgzY2EtNzA0MDVlMzUyOGFm
LzEvZHVLNlhNRlFzMVBMMDB1ZkJGNmdVSmRBaEUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudN4MA0G
CSqGSIb3DQEBCwUAA4IBAQCSSv3f0T1lZkdFkby50NEkS/tOy/2/5SsLPH6BqX/G
52fD3uwyBk/PuuxELn7Chg7xQ8QgtGm254y02WRVfK1iRwQw1NtZDAz0xdMZUFOz
ci8/Zbjz9TI/JpSTrAhaF4UkkDj59SYxKQEhmaWhN47GPIIa3GQGymEYkHudVw2G
V46bQ0dOEgFae0sZ/gTEK3Se761cXKL6We6qu40HwU2oJgpztJ/IJryBd3KNys8c
vql4+5dfwrwIefLp1o8wjyzijCCn+kfB/U53zUqRoaCt8Vd+CIE1NBnu+yEDCAQW
x+4o/wyRlRLrNKsI3kD5eaaNYeIO2OhMr7nV6zowAKIY
-----END CERTIFICATE-----