Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/IeAOnvbZbd0JxF7ran2IKsJXZmY.roa
File:                     IeAOnvbZbd0JxF7ran2IKsJXZmY.roa (raw, json)
Hash identifier:          a22ZpV1PraD9QyqLIF4t6hPyMcIcLe+GxaE9NUf90hg=
Subject key identifier:   21:E0:0E:9E:F6:D9:6D:DD:09:C4:5E:EB:6A:7D:88:2A:C2:57:66:66
Certificate issuer:       /CN=764928a97be955377013d382c62940e950dd212b
Certificate serial:       019422FBB3ADEC6C6A057739A4DC0CDF627B
Authority key identifier: 76:49:28:A9:7B:E9:55:37:70:13:D3:82:C6:29:40:E9:50:DD:21:2B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dkkoqXvpVTdwE9OCxilA6VDdISs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/IeAOnvbZbd0JxF7ran2IKsJXZmY.roa
Signing time:             Wed 01 Jan 2025 17:48:28 +0000
ROA not before:           Wed 01 Jan 2025 17:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51131
IP address blocks:        185.205.216.0/22 maxlen: 24
                          2a0b:cc0::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/dkkoqXvpVTdwE9OCxilA6VDdISs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/dkkoqXvpVTdwE9OCxilA6VDdISs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dkkoqXvpVTdwE9OCxilA6VDdISs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 17:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:b3:ad:ec:6c:6a:05:77:39:a4:dc:0c:df:62:7b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=764928a97be955377013d382c62940e950dd212b
        Validity
            Not Before: Jan  1 17:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21e00e9ef6d96ddd09c45eeb6a7d882ac2576666
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ad:9d:dd:e7:75:6a:8f:11:44:a7:7b:1c:9e:
                    a0:df:3b:d4:f8:ca:80:6c:64:ba:ed:7a:44:28:20:
                    3b:d8:c1:d6:5c:09:97:ec:65:fd:83:a4:4e:08:b7:
                    6b:71:3b:62:4e:56:f5:af:c8:0e:64:52:57:39:90:
                    d5:7f:28:6c:14:bf:0c:c2:01:69:0f:29:7e:50:8c:
                    3b:a8:f3:93:85:16:79:24:36:25:7a:9e:bd:01:c9:
                    96:62:50:bc:b1:54:98:ce:f3:41:6e:63:04:43:34:
                    42:0c:0f:18:ff:e5:44:e2:93:bb:20:ed:20:8e:71:
                    24:46:95:c9:2a:b6:c0:ed:3a:1a:b8:c6:9a:77:6d:
                    b4:ee:a4:f5:85:74:62:55:6f:60:d0:4e:6b:5e:2a:
                    8f:b6:14:72:4d:38:fe:68:df:0f:30:f6:db:5c:d7:
                    61:42:c3:59:70:8d:33:80:b4:87:ca:d1:03:d9:59:
                    ac:6d:7f:8c:0a:7d:f9:0d:3b:61:4c:89:a1:a6:03:
                    4a:f3:31:09:dd:6f:d2:a9:5e:47:02:84:21:55:30:
                    1b:80:49:1c:1d:64:d5:8b:6d:e9:27:32:18:0b:b5:
                    00:8e:c7:57:79:0e:65:fa:4d:91:3b:80:fb:2e:a3:
                    c4:25:31:a8:19:0d:1b:95:dd:a9:ed:a8:d3:b8:e7:
                    4e:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:E0:0E:9E:F6:D9:6D:DD:09:C4:5E:EB:6A:7D:88:2A:C2:57:66:66
            X509v3 Authority Key Identifier:
                keyid:76:49:28:A9:7B:E9:55:37:70:13:D3:82:C6:29:40:E9:50:DD:21:2B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dkkoqXvpVTdwE9OCxilA6VDdISs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/IeAOnvbZbd0JxF7ran2IKsJXZmY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/63/9536f5-f566-4c80-a7d9-bc1522789d3b/1/dkkoqXvpVTdwE9OCxilA6VDdISs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.205.216.0/22
                IPv6:
                  2a0b:cc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         74:95:b7:c8:87:5e:09:b5:1d:e8:83:a4:f5:2e:18:44:f1:30:
         f2:c6:03:26:25:13:24:a8:c3:2a:6e:c7:5d:33:56:ca:7e:42:
         21:ad:f9:b6:2c:1b:12:1d:61:92:40:cf:a3:d9:68:4a:07:01:
         d6:88:d3:4d:88:b0:b7:06:e8:a9:31:d8:95:c4:62:1d:84:ec:
         f4:fd:86:a9:62:e4:c1:7b:c1:b4:d4:e8:7f:24:07:c4:f0:08:
         c2:16:3e:24:cd:92:b7:b4:a2:95:62:d3:9c:4b:77:e7:72:ac:
         38:c5:d3:45:08:0f:a6:48:32:2f:81:a2:be:6d:5a:e4:a7:d7:
         57:7a:bc:ce:39:8c:4f:5c:17:bd:24:cb:f0:11:fa:e2:a0:e7:
         82:9e:d7:3b:33:29:4c:64:49:80:d5:24:cd:fe:41:5b:07:48:
         10:06:a1:1c:45:88:ab:cf:f4:7d:3b:af:88:b5:e8:87:b1:95:
         39:6e:f3:8b:b8:c8:b3:64:d5:59:ab:d5:1f:04:4c:3e:cf:6f:
         ed:03:c6:1f:b4:43:63:64:b4:12:d9:13:a7:bd:f5:90:06:f9:
         ed:b7:a4:da:71:bc:f5:3e:36:bc:44:51:26:95:6a:04:b2:ac:
         54:f8:6a:33:44:1e:9b:10:6f:46:38:e5:e2:4d:2e:84:bd:8d:
         7b:f2:ab:1a
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQi+7Ot7GxqBXc5pNwM32J7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc2NDkyOGE5N2JlOTU1Mzc3MDEzZDM4MmM2Mjk0MGU5NTBk
ZDIxMmIwHhcNMjUwMTAxMTc0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWUwMGU5ZWY2ZDk2ZGRkMDljNDVlZWI2YTdkODgyYWMyNTc2NjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvK2d3ed1ao8RRKd7HJ6g3zvU+MqA
bGS67XpEKCA72MHWXAmX7GX9g6ROCLdrcTtiTlb1r8gOZFJXOZDVfyhsFL8MwgFp
Dyl+UIw7qPOThRZ5JDYlep69AcmWYlC8sVSYzvNBbmMEQzRCDA8Y/+VE4pO7IO0g
jnEkRpXJKrbA7ToauMaad2207qT1hXRiVW9g0E5rXiqPthRyTTj+aN8PMPbbXNdh
QsNZcI0zgLSHytED2VmsbX+MCn35DTthTImhpgNK8zEJ3W/SqV5HAoQhVTAbgEkc
HWTVi23pJzIYC7UAjsdXeQ5l+k2RO4D7LqPEJTGoGQ0bld2p7ajTuOdOHQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCHgDp722W3dCcRe62p9iCrCV2ZmMB8GA1UdIwQY
MBaAFHZJKKl76VU3cBPTgsYpQOlQ3SErMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZGtrb3FYdnBWVGR3RTlPQ3hpbEE2VkRkSVNzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82My85NTM2ZjUtZjU2Ni00YzgwLWE3ZDkt
YmMxNTIyNzg5ZDNiLzEvSWVBT252YlpiZDBKeEY3cmFuMklLc0pYWm1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82My85NTM2ZjUtZjU2Ni00YzgwLWE3ZDktYmMxNTIyNzg5ZDNi
LzEvZGtrb3FYdnBWVGR3RTlPQ3hpbEE2VkRkSVNzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuc3YMA0E
AgACMAcDBQAqCwzAMA0GCSqGSIb3DQEBCwUAA4IBAQB0lbfIh14JtR3og6T1LhhE
8TDyxgMmJRMkqMMqbsddM1bKfkIhrfm2LBsSHWGSQM+j2WhKBwHWiNNNiLC3Buip
MdiVxGIdhOz0/YapYuTBe8G01Oh/JAfE8AjCFj4kzZK3tKKVYtOcS3fncqw4xdNF
CA+mSDIvgaK+bVrkp9dXerzOOYxPXBe9JMvwEfrioOeCntc7MylMZEmA1STN/kFb
B0gQBqEcRYirz/R9O6+IteiHsZU5bvOLuMizZNVZq9UfBEw+z2/tA8YftENjZLQS
2ROnvfWQBvntt6Tacbz1Pja8RFEmlWoEsqxU+GozRB6bEG9GOOXiTS6EvY178qsa
-----END CERTIFICATE-----