Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/IeBOBUfUxZRfZYnboH8Yo384TO8.roa
File:                     IeBOBUfUxZRfZYnboH8Yo384TO8.roa (raw, json)
Hash identifier:          +FXKj6GwaPTgTzAH0wbpiw9kK/W99j28kwsDhoebFCY=
Subject key identifier:   21:E0:4E:05:47:D4:C5:94:5F:65:89:DB:A0:7F:18:A3:7F:38:4C:EF
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01942827780E617D0BF8E79B32EC8FC81365
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/IeBOBUfUxZRfZYnboH8Yo384TO8.roa
Signing time:             Thu 02 Jan 2025 17:54:22 +0000
ROA not before:           Thu 02 Jan 2025 17:54:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216040
IP address blocks:        185.212.119.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:78:0e:61:7d:0b:f8:e7:9b:32:ec:8f:c8:13:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21e04e0547d4c5945f6589dba07f18a37f384cef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e0:44:cf:32:24:8b:48:23:8f:4e:cd:9c:7b:
                    8f:3a:ee:44:d5:3c:33:04:43:58:40:0d:a8:51:45:
                    74:af:fd:06:b6:59:80:e4:b0:ae:4a:00:e8:83:77:
                    c3:d1:bb:ef:18:1d:96:b9:9a:cd:d5:8b:7e:d8:38:
                    9b:ba:85:d7:6d:7e:0d:57:5a:a9:5d:67:56:0e:e8:
                    0a:81:69:a6:f2:a8:5b:18:95:46:93:4f:37:3f:d5:
                    61:14:aa:9b:6c:61:5f:94:76:ef:42:45:d1:7d:35:
                    68:5c:5d:0d:8b:94:6f:3d:a6:83:6d:f7:89:5b:1b:
                    5b:ca:74:3e:59:66:f8:f3:0d:f5:13:4d:6b:47:35:
                    15:98:3f:5b:c4:8a:8b:44:8d:e6:9b:42:98:e5:67:
                    e7:8d:0c:8f:82:ce:22:b9:41:a0:44:a7:5d:1e:d5:
                    08:60:ff:61:89:ee:19:ba:45:72:79:39:69:1d:ad:
                    82:0c:60:7c:dc:82:30:7f:18:e1:69:c3:c7:1c:02:
                    eb:af:98:41:59:a9:7d:86:bc:0c:c0:3b:29:66:fb:
                    9e:7c:c3:ac:db:24:78:52:e5:e3:4b:08:53:b3:ef:
                    45:df:f1:3e:63:fe:0f:54:32:5a:2a:75:6c:65:d3:
                    7a:81:6e:4c:da:e1:df:71:16:ee:41:46:96:fb:5a:
                    50:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:E0:4E:05:47:D4:C5:94:5F:65:89:DB:A0:7F:18:A3:7F:38:4C:EF
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/IeBOBUfUxZRfZYnboH8Yo384TO8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:e0:a3:b6:52:eb:ea:eb:f3:b3:45:53:d4:df:f7:d2:5a:f5:
         24:eb:d2:27:f7:a4:79:4a:8f:45:32:34:fc:9b:0f:4d:76:93:
         e4:e9:9c:1e:84:50:3a:e4:bd:d4:95:54:47:6d:30:8d:6b:7d:
         95:77:6f:95:f7:9a:19:4c:35:75:d7:09:62:e0:16:96:0b:4a:
         26:b0:e7:4f:4b:32:44:75:8b:9c:06:87:30:96:b7:f6:3a:98:
         44:06:ae:5e:7b:4f:b8:bd:3c:59:7c:35:dc:7d:2e:87:b3:87:
         20:ac:bb:f9:dc:7b:e7:d7:a2:f2:5b:57:0d:79:df:a5:6e:41:
         55:96:c5:b4:54:84:50:50:b1:54:2d:17:eb:64:1f:15:28:e3:
         98:6d:66:27:37:02:ef:1f:bd:e0:be:e8:30:29:46:d2:95:62:
         9e:31:4e:05:4f:64:d6:57:6d:2f:53:da:d9:2d:4b:33:0f:3a:
         36:bc:35:7b:a2:ca:2d:e8:4c:0f:eb:32:54:df:17:ae:1e:d0:
         e4:ca:ad:4f:9e:79:58:69:24:45:98:be:5f:55:b3:c0:4f:de:
         51:c9:bc:9e:ea:91:bb:ef:d1:91:b1:ba:db:bb:72:c4:7b:6b:
         bf:84:d2:d8:25:ae:f7:e1:90:aa:6f:0a:68:e1:21:88:8a:b1:
         77:44:46:3d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ3gOYX0L+OebMuyPyBNlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWUwNGUwNTQ3ZDRjNTk0NWY2NTg5ZGJhMDdmMThhMzdmMzg0Y2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAteBEzzIki0gjj07NnHuPOu5E1Twz
BENYQA2oUUV0r/0GtlmA5LCuSgDog3fD0bvvGB2WuZrN1Yt+2DibuoXXbX4NV1qp
XWdWDugKgWmm8qhbGJVGk083P9VhFKqbbGFflHbvQkXRfTVoXF0Ni5RvPaaDbfeJ
WxtbynQ+WWb48w31E01rRzUVmD9bxIqLRI3mm0KY5WfnjQyPgs4iuUGgRKddHtUI
YP9hie4ZukVyeTlpHa2CDGB83IIwfxjhacPHHALrr5hBWal9hrwMwDspZvuefMOs
2yR4UuXjSwhTs+9F3/E+Y/4PVDJaKnVsZdN6gW5M2uHfcRbuQUaW+1pQVwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCHgTgVH1MWUX2WJ26B/GKN/OEzvMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvSWVCT0JVZlV4WlJmWlluYm9IOFlvMzg0VE84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudR3MA0G
CSqGSIb3DQEBCwUAA4IBAQBX4KO2Uuvq6/OzRVPU3/fSWvUk69In96R5So9FMjT8
mw9NdpPk6ZwehFA65L3UlVRHbTCNa32Vd2+V95oZTDV11wli4BaWC0omsOdPSzJE
dYucBocwlrf2OphEBq5ee0+4vTxZfDXcfS6Hs4cgrLv53Hvn16LyW1cNed+lbkFV
lsW0VIRQULFULRfrZB8VKOOYbWYnNwLvH73gvugwKUbSlWKeMU4FT2TWV20vU9rZ
LUszDzo2vDV7osot6EwP6zJU3xeuHtDkyq1PnnlYaSRFmL5fVbPAT95Rybye6pG7
79GRsbrbu3LEe2u/hNLYJa734ZCqbwpo4SGIirF3REY9
-----END CERTIFICATE-----