Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/e65152-39fb-4976-8cda-70e7d057ff2d/1/iR8kHHuMHXHdpW9oFEB19MCcm1M.roa
File:                     iR8kHHuMHXHdpW9oFEB19MCcm1M.roa (raw, json)
Hash identifier:          cqHEhbc9Bc/QLDbHqxDN/gK7OPZ3taLde0WraYz/2vs=
Subject key identifier:   89:1F:24:1C:7B:8C:1D:71:DD:A5:6F:68:14:40:75:F4:C0:9C:9B:53
Certificate issuer:       /CN=115c040ec9754320236cdca64e39390bdde3626a
Certificate serial:       0194258F6BE27DCB0DE220EE30F6575410D6
Authority key identifier: 11:5C:04:0E:C9:75:43:20:23:6C:DC:A6:4E:39:39:0B:DD:E3:62:6A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EVwEDsl1QyAjbNymTjk5C93jYmo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/e65152-39fb-4976-8cda-70e7d057ff2d/1/iR8kHHuMHXHdpW9oFEB19MCcm1M.roa
Signing time:             Thu 02 Jan 2025 05:49:03 +0000
ROA not before:           Thu 02 Jan 2025 05:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30742
IP address blocks:        185.48.220.0/22 maxlen: 22
                          2a01:9ba0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/e65152-39fb-4976-8cda-70e7d057ff2d/1/EVwEDsl1QyAjbNymTjk5C93jYmo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/e65152-39fb-4976-8cda-70e7d057ff2d/1/EVwEDsl1QyAjbNymTjk5C93jYmo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EVwEDsl1QyAjbNymTjk5C93jYmo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:6b:e2:7d:cb:0d:e2:20:ee:30:f6:57:54:10:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=115c040ec9754320236cdca64e39390bdde3626a
        Validity
            Not Before: Jan  2 05:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=891f241c7b8c1d71dda56f68144075f4c09c9b53
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:5f:a0:38:dc:bd:f6:ad:9a:5f:65:20:9d:78:
                    33:b4:5d:a6:56:aa:6b:e7:85:2f:09:6c:d2:e2:1c:
                    c2:66:02:6b:b8:d8:29:f8:ac:a0:dc:65:1d:f9:b9:
                    fd:1a:5b:23:35:c4:bd:cb:44:94:91:f2:09:f2:ef:
                    e7:5e:bd:17:03:30:b6:00:7a:3b:be:ff:dc:58:d5:
                    f6:82:38:0f:18:2d:32:5e:a8:1b:11:fe:25:40:ce:
                    11:6e:62:3f:e7:c4:43:12:0e:d2:2c:ad:08:13:75:
                    6d:8a:22:9b:dc:05:6e:c6:73:26:f1:40:64:a2:71:
                    0d:c6:02:3c:47:1b:4b:51:a1:de:66:b1:71:bf:33:
                    77:e1:be:34:bc:a1:3f:ca:eb:a4:97:92:b6:b2:fc:
                    20:c4:b2:f9:1d:83:e1:d2:ad:f7:fa:bf:b5:7c:6c:
                    5d:23:bf:2c:4e:d6:d7:2c:1e:8d:b6:7e:b6:b8:f7:
                    60:21:73:95:a0:aa:5a:14:74:92:7b:d5:f8:be:57:
                    e7:c0:51:23:f9:e6:9a:fb:ce:d3:15:46:30:c7:c2:
                    b7:bb:1d:c8:fe:2e:25:6a:c5:59:a0:9c:fc:dd:90:
                    ec:16:79:57:07:69:9d:2f:42:d9:fe:25:6f:06:db:
                    b3:9e:4c:b0:ea:a8:57:eb:9a:42:5d:8a:d0:0d:d0:
                    44:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:1F:24:1C:7B:8C:1D:71:DD:A5:6F:68:14:40:75:F4:C0:9C:9B:53
            X509v3 Authority Key Identifier:
                keyid:11:5C:04:0E:C9:75:43:20:23:6C:DC:A6:4E:39:39:0B:DD:E3:62:6A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EVwEDsl1QyAjbNymTjk5C93jYmo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/e65152-39fb-4976-8cda-70e7d057ff2d/1/iR8kHHuMHXHdpW9oFEB19MCcm1M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/e65152-39fb-4976-8cda-70e7d057ff2d/1/EVwEDsl1QyAjbNymTjk5C93jYmo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.48.220.0/22
                IPv6:
                  2a01:9ba0::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:48:7b:ca:8e:ac:93:26:a5:04:4f:e6:18:f0:4d:a8:93:23:
         4d:b9:ef:93:78:6f:12:aa:5c:2f:d1:81:90:c9:84:07:c6:d4:
         04:24:9b:27:4a:88:1e:8f:c9:59:ec:02:bc:d2:90:50:62:39:
         e8:6b:da:19:8d:65:ba:df:72:4d:1c:b9:5c:18:98:ee:09:06:
         31:26:1d:d8:19:a4:30:cc:16:52:64:4a:6c:21:77:1b:fd:43:
         b4:43:78:9f:71:00:7c:94:cc:fa:24:6e:ae:e9:f1:04:22:e5:
         a0:f8:90:37:d6:1d:06:44:52:7c:68:4b:25:96:33:a8:05:27:
         c4:78:4f:c0:a9:b3:a1:38:3e:9c:6f:92:ba:dc:22:16:3d:b4:
         55:65:da:c2:77:f8:5e:43:3f:02:53:b7:87:a0:d8:46:c8:34:
         76:5a:81:a9:dc:6e:30:54:08:92:4b:67:1a:78:b9:47:6c:43:
         fb:d5:cb:ab:4a:15:ed:62:19:ce:5f:52:3c:cc:1a:74:9e:f0:
         67:da:e5:5c:15:73:e4:cf:91:f0:3a:a1:c6:20:69:79:bd:ae:
         a4:73:e7:12:af:fb:52:7e:ef:00:0c:91:41:b3:0b:f4:36:e5:
         4e:8a:14:2b:43:bb:a9:63:f3:14:a1:e7:86:16:e1:df:3d:4e:
         6b:3b:8e:c0
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlj2vifcsN4iDuMPZXVBDWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDExNWMwNDBlYzk3NTQzMjAyMzZjZGNhNjRlMzkzOTBiZGRl
MzYyNmEwHhcNMjUwMTAyMDU0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTFmMjQxYzdiOGMxZDcxZGRhNTZmNjgxNDQwNzVmNGMwOWM5YjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiV+gONy99q2aX2UgnXgztF2mVqpr
54UvCWzS4hzCZgJruNgp+Kyg3GUd+bn9GlsjNcS9y0SUkfIJ8u/nXr0XAzC2AHo7
vv/cWNX2gjgPGC0yXqgbEf4lQM4RbmI/58RDEg7SLK0IE3VtiiKb3AVuxnMm8UBk
onENxgI8RxtLUaHeZrFxvzN34b40vKE/yuukl5K2svwgxLL5HYPh0q33+r+1fGxd
I78sTtbXLB6Ntn62uPdgIXOVoKpaFHSSe9X4vlfnwFEj+eaa+87TFUYwx8K3ux3I
/i4lasVZoJz83ZDsFnlXB2mdL0LZ/iVvBtuznkyw6qhX65pCXYrQDdBE5wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIkfJBx7jB1x3aVvaBRAdfTAnJtTMB8GA1UdIwQY
MBaAFBFcBA7JdUMgI2zcpk45OQvd42JqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRVZ3RURzbDFReUFqYk55bVRqazVDOTNqWW1vLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC9lNjUxNTItMzlmYi00OTc2LThjZGEt
NzBlN2QwNTdmZjJkLzEvaVI4a0hIdU1IWEhkcFc5b0ZFQjE5TUNjbTFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC9lNjUxNTItMzlmYi00OTc2LThjZGEtNzBlN2QwNTdmZjJk
LzEvRVZ3RURzbDFReUFqYk55bVRqazVDOTNqWW1vLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuTDcMA0E
AgACMAcDBQAqAZugMA0GCSqGSIb3DQEBCwUAA4IBAQB2SHvKjqyTJqUET+YY8E2o
kyNNue+TeG8Sqlwv0YGQyYQHxtQEJJsnSogej8lZ7AK80pBQYjnoa9oZjWW633JN
HLlcGJjuCQYxJh3YGaQwzBZSZEpsIXcb/UO0Q3ifcQB8lMz6JG6u6fEEIuWg+JA3
1h0GRFJ8aEslljOoBSfEeE/AqbOhOD6cb5K63CIWPbRVZdrCd/heQz8CU7eHoNhG
yDR2WoGp3G4wVAiSS2caeLlHbEP71curShXtYhnOX1I8zBp0nvBn2uVcFXPkz5Hw
OqHGIGl5va6kc+cSr/tSfu8ADJFBswv0NuVOihQrQ7upY/MUoeeGFuHfPU5rO47A
-----END CERTIFICATE-----