Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/B1Q4xWffdUN7zPjy1sq3Dtrabr0.roa
File:                     B1Q4xWffdUN7zPjy1sq3Dtrabr0.roa (raw, json)
Hash identifier:          XSRbcDFmD2SBWhC9QVnlq9zNA7EtDeg2/jCNqGJ6Vow=
Subject key identifier:   07:54:38:C5:67:DF:75:43:7B:CC:F8:F2:D6:CA:B7:0E:DA:DA:6E:BD
Certificate issuer:       /CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
Certificate serial:       019421B1B244A69EADD0E42DBF509190F793
Authority key identifier: 1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/B1Q4xWffdUN7zPjy1sq3Dtrabr0.roa
Signing time:             Wed 01 Jan 2025 11:48:01 +0000
ROA not before:           Wed 01 Jan 2025 11:48:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216127
IP address blocks:        185.221.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 13:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:b2:44:a6:9e:ad:d0:e4:2d:bf:50:91:90:f7:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e9fdc7fb39ebbbed4ee54f703d3ac6153ddee69
        Validity
            Not Before: Jan  1 11:48:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=075438c567df75437bccf8f2d6cab70edada6ebd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:a3:c0:b5:83:8e:47:bb:da:03:dc:8f:d2:c5:
                    72:96:83:1b:f3:bb:ba:8f:8a:4c:5f:40:d9:c9:54:
                    ca:8c:4f:e0:eb:1b:41:04:90:4a:1b:0c:10:d2:dd:
                    cf:d0:00:74:20:86:be:f6:35:d3:df:a1:d2:fe:66:
                    dc:5f:3a:e6:43:02:4e:00:49:43:63:ee:0c:ad:cf:
                    8c:76:57:aa:ba:ff:06:bb:e7:ba:6e:7c:32:65:55:
                    36:f2:17:fe:ee:47:50:16:3c:a5:d0:9d:c2:ba:c6:
                    cc:36:f7:04:93:a8:6c:72:b4:53:35:03:24:6e:76:
                    52:72:f3:81:7b:29:b3:26:44:9e:7b:cd:47:f5:a3:
                    12:00:1a:7a:fb:57:ed:43:a6:b2:cc:35:66:a5:fc:
                    91:63:32:8a:46:07:9a:a0:92:79:01:aa:a3:4a:84:
                    38:bc:d7:c1:ae:b8:a8:45:b1:af:99:5c:83:7d:b0:
                    9b:2f:d0:6f:1d:ff:e6:6c:d7:d4:a9:b3:9c:b3:1e:
                    9a:e0:6a:e6:2e:22:d6:92:ed:63:5e:65:7a:52:12:
                    06:c8:a9:9c:9b:17:70:c3:33:f3:d3:04:02:5e:05:
                    24:e0:49:a5:5d:76:ce:65:42:f2:ec:f0:f8:40:6a:
                    7b:7e:3b:50:4a:cd:ab:5e:4c:57:73:a4:3e:b2:fa:
                    49:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:54:38:C5:67:DF:75:43:7B:CC:F8:F2:D6:CA:B7:0E:DA:DA:6E:BD
            X509v3 Authority Key Identifier:
                keyid:1E:9F:DC:7F:B3:9E:BB:BE:D4:EE:54:F7:03:D3:AC:61:53:DD:EE:69

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/B1Q4xWffdUN7zPjy1sq3Dtrabr0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/40fdd1-1092-4f69-b648-691ff5b44b01/1/Hp_cf7Oeu77U7lT3A9OsYVPd7mk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:91:b1:ca:85:7c:7c:cb:54:b1:2d:23:11:e3:99:38:55:eb:
         64:66:03:61:2f:01:75:bf:f8:a8:3d:5d:f6:4f:b0:a8:8c:60:
         4f:66:70:be:3a:42:9f:73:2f:34:0a:3c:26:92:dd:03:12:86:
         d4:88:d6:80:e9:9f:bb:ce:f3:74:2e:1d:fd:be:16:dc:06:5c:
         e4:4d:87:36:43:e7:6a:4b:49:44:e2:15:dd:60:26:99:a2:d1:
         0e:62:a0:34:4c:29:97:ae:8a:c7:9e:ee:c0:54:a0:51:f8:69:
         3b:f2:8a:05:19:22:7c:c6:3a:90:89:b0:5b:a9:dd:d4:a1:36:
         f7:45:f4:93:c3:0e:36:29:a2:fd:cc:92:ac:40:9a:d4:f6:3e:
         83:27:c5:fb:b5:f6:ca:53:bc:31:86:c2:85:b8:20:ca:74:e3:
         2f:d2:48:9e:13:0c:cc:7f:8d:39:e2:ea:1b:27:35:2f:fe:37:
         d3:00:7e:2e:bf:68:64:b3:b7:42:0b:20:94:25:46:5e:50:fe:
         43:f7:1b:0a:b0:a1:7f:d8:b9:da:42:84:4d:2f:26:29:e4:97:
         b4:bf:13:3a:46:c7:64:a1:b1:2e:c1:1e:33:85:41:4c:10:67:
         7d:c7:24:b0:94:20:6d:77:fe:99:6b:b8:6e:98:d7:c3:11:71:
         79:86:4f:50
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsbJEpp6t0OQtv1CRkPeTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlOWZkYzdmYjM5ZWJiYmVkNGVlNTRmNzAzZDNhYzYxNTNk
ZGVlNjkwHhcNMjUwMTAxMTE0ODAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNzU0MzhjNTY3ZGY3NTQzN2JjY2Y4ZjJkNmNhYjcwZWRhZGE2ZWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKPAtYOOR7vaA9yP0sVyloMb87u6
j4pMX0DZyVTKjE/g6xtBBJBKGwwQ0t3P0AB0IIa+9jXT36HS/mbcXzrmQwJOAElD
Y+4Mrc+Mdlequv8Gu+e6bnwyZVU28hf+7kdQFjyl0J3CusbMNvcEk6hscrRTNQMk
bnZScvOBeymzJkSee81H9aMSABp6+1ftQ6ayzDVmpfyRYzKKRgeaoJJ5AaqjSoQ4
vNfBrrioRbGvmVyDfbCbL9BvHf/mbNfUqbOcsx6a4GrmLiLWku1jXmV6UhIGyKmc
mxdwwzPz0wQCXgUk4EmlXXbOZULy7PD4QGp7fjtQSs2rXkxXc6Q+svpJUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAdUOMVn33VDe8z48tbKtw7a2m69MB8GA1UdIwQY
MBaAFB6f3H+znru+1O5U9wPTrGFT3e5pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgt
NjkxZmY1YjQ0YjAxLzEvQjFRNHhXZmZkVU43elBqeTFzcTNEdHJhYnIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS80MGZkZDEtMTA5Mi00ZjY5LWI2NDgtNjkxZmY1YjQ0YjAx
LzEvSHBfY2Y3T2V1NzdVN2xUM0E5T3NZVlBkN21rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud3GMA0G
CSqGSIb3DQEBCwUAA4IBAQAwkbHKhXx8y1SxLSMR45k4VetkZgNhLwF1v/ioPV32
T7CojGBPZnC+OkKfcy80Cjwmkt0DEobUiNaA6Z+7zvN0Lh39vhbcBlzkTYc2Q+dq
S0lE4hXdYCaZotEOYqA0TCmXrorHnu7AVKBR+Gk78ooFGSJ8xjqQibBbqd3UoTb3
RfSTww42KaL9zJKsQJrU9j6DJ8X7tfbKU7wxhsKFuCDKdOMv0kieEwzMf4054uob
JzUv/jfTAH4uv2hks7dCCyCUJUZeUP5D9xsKsKF/2LnaQoRNLyYp5Je0vxM6Rsdk
obEuwR4zhUFMEGd9xySwlCBtd/6Za7humNfDEXF5hk9Q
-----END CERTIFICATE-----