Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/iWGEXnEPXxzoReYN-FEsf4aFJQY.roa
File:                     iWGEXnEPXxzoReYN-FEsf4aFJQY.roa (raw, json)
Hash identifier:          dtn5VaSAPdMXhoWMZJ95tYIXmvmlhmh6t50ZuHEawYw=
Subject key identifier:   89:61:84:5E:71:0F:5F:1C:E8:45:E6:0D:F8:51:2C:7F:86:85:25:06
Certificate issuer:       /CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
Certificate serial:       01942827725C72342AC351721A3DCEF90564
Authority key identifier: 7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/iWGEXnEPXxzoReYN-FEsf4aFJQY.roa
Signing time:             Thu 02 Jan 2025 17:54:21 +0000
ROA not before:           Thu 02 Jan 2025 17:54:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214438
IP address blocks:        185.141.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:27:72:5c:72:34:2a:c3:51:72:1a:3d:ce:f9:05:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7da5d32d5b09c93c1b5e3fc5a2aa20d746fcfed1
        Validity
            Not Before: Jan  2 17:54:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8961845e710f5f1ce845e60df8512c7f86852506
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:3c:7f:cf:0c:3c:c9:53:7d:59:72:ea:77:53:
                    ea:d2:4f:25:a4:da:fc:c6:de:66:29:59:3c:ee:f1:
                    aa:15:18:7f:15:31:6b:4e:75:fc:1f:53:f3:5d:d7:
                    83:f7:a3:46:8e:1a:8d:c6:6b:2f:ef:68:be:cb:3e:
                    ed:ab:a3:60:e4:d6:73:c7:19:5f:8e:83:bf:8e:84:
                    0e:c3:c1:aa:ce:e5:b3:19:a9:4c:2f:7d:65:53:19:
                    78:c5:20:2e:b6:4e:39:36:0d:77:f6:c5:f5:81:b1:
                    d5:d0:4d:d2:34:51:ca:3f:18:fb:be:3c:d9:76:8e:
                    ca:52:6e:27:97:22:36:5d:19:7b:00:d3:3f:2c:bc:
                    12:fa:9d:84:13:74:55:d5:0e:5e:69:eb:94:24:68:
                    80:b9:cc:b9:b5:ad:6a:68:58:2f:89:b2:52:6d:71:
                    c0:54:51:a8:35:e2:af:a6:ae:bd:de:47:c0:b0:1b:
                    30:3c:33:6b:3d:c1:46:2e:b6:0e:15:dd:e9:a2:46:
                    d3:5f:6f:39:11:af:fd:a5:77:ae:e6:a9:38:8a:b4:
                    2e:8c:7a:0b:bc:8a:6d:f7:1d:5e:40:27:0a:0d:f7:
                    11:1b:7d:79:bf:c6:d6:e4:bc:b1:ff:94:46:f2:5f:
                    f5:b1:9d:e1:8c:c6:b3:d8:99:93:ce:08:23:ae:da:
                    c0:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:61:84:5E:71:0F:5F:1C:E8:45:E6:0D:F8:51:2C:7F:86:85:25:06
            X509v3 Authority Key Identifier:
                keyid:7D:A5:D3:2D:5B:09:C9:3C:1B:5E:3F:C5:A2:AA:20:D7:46:FC:FE:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/faXTLVsJyTwbXj_Foqog10b8_tE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/iWGEXnEPXxzoReYN-FEsf4aFJQY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/4b18fb-d3ed-4b27-9bd0-e5839f43e583/1/faXTLVsJyTwbXj_Foqog10b8_tE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.141.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:8d:12:99:86:6e:54:26:bc:4e:2e:a7:79:4c:0f:ea:6c:6a:
         eb:e8:ae:b3:a2:f0:21:bd:d7:ef:6b:65:8d:c5:0e:c7:ee:12:
         23:b9:ec:2f:43:aa:91:50:44:7a:b6:d7:fe:c5:3c:e7:2f:26:
         50:48:51:d8:a8:f6:a1:f1:13:70:f2:7f:de:05:c2:d1:12:c6:
         d2:89:21:f9:ea:07:db:aa:fc:61:46:89:78:a5:20:24:8e:bb:
         ce:77:31:b6:d7:22:20:14:8c:08:13:ec:5e:c3:8f:7d:36:4b:
         2d:d2:9d:3c:11:bf:46:69:be:6c:ab:0a:ed:db:f1:82:2f:67:
         cd:40:a0:0f:ee:3d:c1:65:f2:53:d7:66:f1:40:9f:8b:8f:94:
         e8:a9:c6:93:8f:3a:b0:d3:5d:67:f4:d1:8c:22:3d:7d:10:e8:
         67:43:5a:4f:7d:86:cd:63:e7:75:74:cb:d4:4f:04:5e:a7:64:
         da:09:96:d5:9d:64:aa:59:44:28:70:50:fd:d3:ae:38:bf:8b:
         d9:d3:27:a2:38:a3:eb:84:f1:e2:13:ac:0a:e1:09:c7:e3:6f:
         f9:7c:db:64:b6:8c:0d:31:f2:2b:71:5b:6d:49:4a:d4:a5:48:
         0a:7f:ec:db:18:3a:ac:da:b9:5e:c3:f8:f3:c9:00:0c:d7:19:
         22:35:7e:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJ3JccjQqw1FyGj3O+QVkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkYTVkMzJkNWIwOWM5M2MxYjVlM2ZjNWEyYWEyMGQ3NDZm
Y2ZlZDEwHhcNMjUwMTAyMTc1NDIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTYxODQ1ZTcxMGY1ZjFjZTg0NWU2MGRmODUxMmM3Zjg2ODUyNTA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxTx/zww8yVN9WXLqd1Pq0k8lpNr8
xt5mKVk87vGqFRh/FTFrTnX8H1PzXdeD96NGjhqNxmsv72i+yz7tq6Ng5NZzxxlf
joO/joQOw8GqzuWzGalML31lUxl4xSAutk45Ng139sX1gbHV0E3SNFHKPxj7vjzZ
do7KUm4nlyI2XRl7ANM/LLwS+p2EE3RV1Q5eaeuUJGiAucy5ta1qaFgvibJSbXHA
VFGoNeKvpq693kfAsBswPDNrPcFGLrYOFd3pokbTX285Ea/9pXeu5qk4irQujHoL
vIpt9x1eQCcKDfcRG315v8bW5Lyx/5RG8l/1sZ3hjMaz2JmTzggjrtrAHQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIlhhF5xD18c6EXmDfhRLH+GhSUGMB8GA1UdIwQY
MBaAFH2l0y1bCck8G14/xaKqINdG/P7RMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAt
ZTU4MzlmNDNlNTgzLzEvaVdHRVhuRVBYeHpvUmVZTi1GRXNmNGFGSlFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni80YjE4ZmItZDNlZC00YjI3LTliZDAtZTU4MzlmNDNlNTgz
LzEvZmFYVExWc0p5VHdiWGpfRm9xb2cxMGI4X3RFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuY3aMA0G
CSqGSIb3DQEBCwUAA4IBAQAfjRKZhm5UJrxOLqd5TA/qbGrr6K6zovAhvdfva2WN
xQ7H7hIjuewvQ6qRUER6ttf+xTznLyZQSFHYqPah8RNw8n/eBcLREsbSiSH56gfb
qvxhRol4pSAkjrvOdzG21yIgFIwIE+xew499Nkst0p08Eb9Gab5sqwrt2/GCL2fN
QKAP7j3BZfJT12bxQJ+Lj5ToqcaTjzqw011n9NGMIj19EOhnQ1pPfYbNY+d1dMvU
TwRep2TaCZbVnWSqWUQocFD90644v4vZ0yeiOKPrhPHiE6wK4QnH42/5fNtktowN
MfIrcVttSUrUpUgKf+zbGDqs2rlew/jzyQAM1xkiNX6+
-----END CERTIFICATE-----