Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/I2RMpoehzZUh9-QRH1pg1Pxoj0s.roa
File:                     I2RMpoehzZUh9-QRH1pg1Pxoj0s.roa (raw, json)
Hash identifier:          ex6A31hRg88+duFCCpZlcBqGssiM0JoiLjHCVzjtA8s=
Subject key identifier:   23:64:4C:A6:87:A1:CD:95:21:F7:E4:11:1F:5A:60:D4:FC:68:8F:4B
Certificate issuer:       /CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
Certificate serial:       0194228DAD229098CD839D75432CCFC21C00
Authority key identifier: 8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/I2RMpoehzZUh9-QRH1pg1Pxoj0s.roa
Signing time:             Wed 01 Jan 2025 15:48:17 +0000
ROA not before:           Wed 01 Jan 2025 15:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203925
IP address blocks:        213.14.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 10 Apr 2025 02:01:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:ad:22:90:98:cd:83:9d:75:43:2c:cf:c2:1c:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d59c4323f767ce4ffc85daad208b90c04fbd3e9
        Validity
            Not Before: Jan  1 15:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=23644ca687a1cd9521f7e4111f5a60d4fc688f4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:c3:b0:be:e8:6c:86:49:82:7b:bb:b6:38:b6:
                    60:4f:a7:23:a4:f2:12:2f:17:d1:20:4b:9c:b9:dd:
                    a6:4d:49:d4:54:b8:23:26:3e:1c:d2:1d:1d:70:aa:
                    32:88:69:d6:d7:88:82:13:54:a5:56:20:5f:2a:72:
                    37:06:e3:c4:e3:bb:7d:e2:30:e5:9b:bf:6b:f2:0c:
                    16:8e:d3:27:0a:48:f0:54:33:5d:7f:15:d0:06:5b:
                    04:59:2c:86:ef:56:db:99:e2:43:3f:e6:82:75:eb:
                    81:0e:89:99:38:bf:ec:91:0a:80:ee:a6:8b:a3:93:
                    d4:ef:f2:17:18:06:5f:26:9c:f5:28:83:ca:4a:50:
                    e3:e6:61:26:b3:4d:80:77:b0:b0:14:a2:c0:de:32:
                    29:35:c2:f4:18:cc:88:d9:d8:85:a2:24:d0:01:ac:
                    fd:9c:9a:7d:c1:63:dd:7d:20:ca:6d:65:19:19:e9:
                    c2:09:2d:b6:6c:5c:a9:06:21:e5:14:3f:42:e3:a0:
                    0c:61:56:16:cf:85:dd:16:94:44:9d:fc:19:73:52:
                    96:b5:9d:d0:b4:c2:00:ab:66:eb:96:d3:2f:ec:4f:
                    38:7a:95:24:43:70:56:30:de:1c:72:32:19:b1:f2:
                    e1:39:6a:9b:c2:86:ad:37:f0:7a:86:a3:b3:62:a4:
                    a3:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:64:4C:A6:87:A1:CD:95:21:F7:E4:11:1F:5A:60:D4:FC:68:8F:4B
            X509v3 Authority Key Identifier:
                keyid:8D:59:C4:32:3F:76:7C:E4:FF:C8:5D:AA:D2:08:B9:0C:04:FB:D3:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jVnEMj92fOT_yF2q0gi5DAT70-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/I2RMpoehzZUh9-QRH1pg1Pxoj0s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/66/f09ecf-e805-4158-b315-f2be9f6c664c/1/jVnEMj92fOT_yF2q0gi5DAT70-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.14.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:42:42:19:a2:ae:44:d7:18:db:d9:c4:bf:62:7d:c2:66:75:
         4c:ca:9e:50:5a:79:9d:75:9d:d0:61:83:be:91:37:a9:92:1a:
         04:88:6b:9e:79:d4:8e:62:40:c5:19:5f:71:50:40:98:dc:3b:
         15:67:2f:8b:4b:48:ee:89:56:32:80:88:24:0f:d6:b8:b5:c4:
         27:e9:85:d6:05:ef:a7:b7:55:a2:25:89:83:6c:29:fe:8b:8b:
         40:fc:37:84:ca:73:da:f2:78:9a:2c:d8:bd:cd:05:6e:20:b7:
         93:17:39:4c:89:44:1c:bb:bf:83:fc:34:2a:75:71:20:18:cf:
         08:94:63:13:6d:6b:b3:c9:37:9d:86:5c:ea:fe:ab:d8:6c:e0:
         a5:74:33:70:73:19:50:75:bc:71:b9:bb:7a:78:27:a2:b7:74:
         fa:7a:d2:c0:c4:a5:c6:cc:a8:8e:75:ca:ef:22:a8:96:80:4b:
         5e:06:07:5a:48:78:e3:6a:07:cd:4d:c0:8d:99:be:06:0c:29:
         99:8e:48:cf:1d:b1:4b:c6:c3:8c:a7:b4:cf:b0:5e:21:e9:7d:
         59:71:29:53:44:0d:bc:78:91:4a:64:42:70:9c:3d:18:3f:ed:
         aa:4c:5d:0a:44:e0:aa:da:fd:a0:4f:72:f5:95:0b:1f:be:aa:
         59:e3:2c:46
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQija0ikJjNg511QyzPwhwAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkNTljNDMyM2Y3NjdjZTRmZmM4NWRhYWQyMDhiOTBjMDRm
YmQzZTkwHhcNMjUwMTAxMTU0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzY0NGNhNjg3YTFjZDk1MjFmN2U0MTExZjVhNjBkNGZjNjg4ZjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvsOwvuhshkmCe7u2OLZgT6cjpPIS
LxfRIEucud2mTUnUVLgjJj4c0h0dcKoyiGnW14iCE1SlViBfKnI3BuPE47t94jDl
m79r8gwWjtMnCkjwVDNdfxXQBlsEWSyG71bbmeJDP+aCdeuBDomZOL/skQqA7qaL
o5PU7/IXGAZfJpz1KIPKSlDj5mEms02Ad7CwFKLA3jIpNcL0GMyI2diFoiTQAaz9
nJp9wWPdfSDKbWUZGenCCS22bFypBiHlFD9C46AMYVYWz4XdFpREnfwZc1KWtZ3Q
tMIAq2brltMv7E84epUkQ3BWMN4ccjIZsfLhOWqbwoatN/B6hqOzYqSjxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCNkTKaHoc2VIffkER9aYNT8aI9LMB8GA1UdIwQY
MBaAFI1ZxDI/dnzk/8hdqtIIuQwE+9PpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUt
ZjJiZTlmNmM2NjRjLzEvSTJSTXBvZWh6WlVoOS1RUkgxcGcxUHhvajBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni9mMDllY2YtZTgwNS00MTU4LWIzMTUtZjJiZTlmNmM2NjRj
LzEvalZuRU1qOTJmT1RfeUYycTBnaTVEQVQ3MC1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1Q7gMA0G
CSqGSIb3DQEBCwUAA4IBAQBJQkIZoq5E1xjb2cS/Yn3CZnVMyp5QWnmddZ3QYYO+
kTepkhoEiGueedSOYkDFGV9xUECY3DsVZy+LS0juiVYygIgkD9a4tcQn6YXWBe+n
t1WiJYmDbCn+i4tA/DeEynPa8niaLNi9zQVuILeTFzlMiUQcu7+D/DQqdXEgGM8I
lGMTbWuzyTedhlzq/qvYbOCldDNwcxlQdbxxubt6eCeit3T6etLAxKXGzKiOdcrv
IqiWgEteBgdaSHjjagfNTcCNmb4GDCmZjkjPHbFLxsOMp7TPsF4h6X1ZcSlTRA28
eJFKZEJwnD0YP+2qTF0KROCq2v2gT3L1lQsfvqpZ4yxG
-----END CERTIFICATE-----