Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/69/3cce22-c301-4bbc-b027-64eecaed11dc/1/Ice-tIEUF1Y7bJNvkEWlbR55Vaw.roa
File:                     Ice-tIEUF1Y7bJNvkEWlbR55Vaw.roa (raw, json)
Hash identifier:          MtUFbwOo7nZHN6qSqL8LtBj2Ae2yCW5yZnsbKZTHysw=
Subject key identifier:   21:C7:BE:B4:81:14:17:56:3B:6C:93:6F:90:45:A5:6D:1E:79:55:AC
Certificate issuer:       /CN=fad949f66253543ee89b9196390736b5a6ed7cb8
Certificate serial:       019422FB8AB8D05FAF9B17BFCCF3E38CD348
Authority key identifier: FA:D9:49:F6:62:53:54:3E:E8:9B:91:96:39:07:36:B5:A6:ED:7C:B8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-tlJ9mJTVD7om5GWOQc2tabtfLg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/69/3cce22-c301-4bbc-b027-64eecaed11dc/1/Ice-tIEUF1Y7bJNvkEWlbR55Vaw.roa
Signing time:             Wed 01 Jan 2025 17:48:17 +0000
ROA not before:           Wed 01 Jan 2025 17:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14445
IP address blocks:        185.218.2.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/69/3cce22-c301-4bbc-b027-64eecaed11dc/1/1-tlJ9mJTVD7om5GWOQc2tabtfLg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/69/3cce22-c301-4bbc-b027-64eecaed11dc/1/1-tlJ9mJTVD7om5GWOQc2tabtfLg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-tlJ9mJTVD7om5GWOQc2tabtfLg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:8a:b8:d0:5f:af:9b:17:bf:cc:f3:e3:8c:d3:48
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fad949f66253543ee89b9196390736b5a6ed7cb8
        Validity
            Not Before: Jan  1 17:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21c7beb4811417563b6c936f9045a56d1e7955ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ad:14:69:9f:07:28:f2:21:89:a8:c1:ad:db:
                    d7:84:5f:31:30:e0:52:d8:d0:0b:04:e9:c1:3b:3b:
                    f6:f7:f4:3d:8d:5c:a0:36:73:73:ce:c3:85:22:a1:
                    f8:33:58:4b:3b:12:6a:34:5a:ee:46:0d:f9:51:bf:
                    61:fc:3b:b4:91:01:c8:88:5c:21:a4:97:49:de:a2:
                    4e:74:12:94:49:07:2b:c7:46:cb:ae:40:c7:23:22:
                    63:ba:b2:a5:ea:00:53:08:33:c9:33:5e:64:18:b6:
                    2e:bb:ff:2d:91:a9:a6:17:6d:9a:fe:01:b0:0c:1c:
                    13:c8:25:ec:77:84:8f:41:8f:d7:ad:69:47:5e:43:
                    b1:e5:51:ca:fb:78:5e:97:8d:77:fa:2f:20:41:b9:
                    c0:af:af:3d:39:d0:56:92:3d:b0:d5:1b:72:aa:52:
                    6f:0a:ec:0c:7e:71:23:2f:6f:45:aa:a5:54:39:08:
                    90:c0:7e:7b:33:9a:ed:51:4b:fd:9e:a5:c5:f2:6d:
                    8d:18:32:0d:54:1c:d7:14:c5:91:8f:7f:c9:0f:71:
                    b9:89:25:79:54:7e:f2:69:22:06:1a:c1:8e:58:fe:
                    fb:ce:08:1e:76:56:e4:8b:93:59:12:b3:bf:48:af:
                    05:46:34:1b:a8:d7:4a:8e:0a:2e:fa:2a:04:f1:79:
                    d9:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:C7:BE:B4:81:14:17:56:3B:6C:93:6F:90:45:A5:6D:1E:79:55:AC
            X509v3 Authority Key Identifier:
                keyid:FA:D9:49:F6:62:53:54:3E:E8:9B:91:96:39:07:36:B5:A6:ED:7C:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-tlJ9mJTVD7om5GWOQc2tabtfLg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/69/3cce22-c301-4bbc-b027-64eecaed11dc/1/Ice-tIEUF1Y7bJNvkEWlbR55Vaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/69/3cce22-c301-4bbc-b027-64eecaed11dc/1/1-tlJ9mJTVD7om5GWOQc2tabtfLg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:11:a4:43:0c:de:6f:1d:b9:0d:d2:39:de:c2:0b:9e:3b:4b:
         62:62:f9:64:75:04:3f:02:c6:b7:09:8d:2e:84:5d:60:05:ad:
         b1:5e:c4:1f:e9:1d:20:f4:7a:46:54:cb:e4:37:6d:5b:b8:76:
         ac:75:13:c5:4d:4a:ca:73:d1:4b:08:b2:9d:1c:5e:9e:0c:00:
         27:c2:14:30:1d:94:98:b8:0e:a7:3c:28:6c:38:d2:6a:6e:b7:
         3f:1d:f7:1d:62:bc:df:63:9f:37:ff:00:5e:a2:ad:96:c0:c1:
         04:71:8d:39:06:b3:71:fd:d9:4a:13:3a:ed:7a:a9:47:46:be:
         34:5d:04:b9:e7:7f:c9:6a:b3:5f:f0:06:ea:08:f0:3b:6d:a1:
         a4:44:4a:22:9e:45:c3:0d:52:1f:51:ba:ed:ae:a2:c4:75:b6:
         18:71:05:3f:45:0c:3f:b7:40:ce:db:24:0f:af:aa:f6:31:d0:
         35:34:c6:94:35:75:cb:53:2d:65:0d:7d:7f:43:7f:7e:43:32:
         90:1e:bb:06:6d:bd:60:a1:77:a6:11:ff:cc:5e:5b:48:a1:bf:
         29:5e:d3:ba:83:f1:ee:51:d1:14:aa:3c:2a:ae:46:6a:b8:b5:
         4c:fd:a7:ba:8e:45:cb:f2:f5:32:d5:85:cf:0f:12:d1:dd:1f:
         66:aa:20:93
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQi+4q40F+vmxe/zPPjjNNIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhZDk0OWY2NjI1MzU0M2VlODliOTE5NjM5MDczNmI1YTZl
ZDdjYjgwHhcNMjUwMTAxMTc0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWM3YmViNDgxMTQxNzU2M2I2YzkzNmY5MDQ1YTU2ZDFlNzk1NWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwK0UaZ8HKPIhiajBrdvXhF8xMOBS
2NALBOnBOzv29/Q9jVygNnNzzsOFIqH4M1hLOxJqNFruRg35Ub9h/Du0kQHIiFwh
pJdJ3qJOdBKUSQcrx0bLrkDHIyJjurKl6gBTCDPJM15kGLYuu/8tkammF22a/gGw
DBwTyCXsd4SPQY/XrWlHXkOx5VHK+3hel413+i8gQbnAr689OdBWkj2w1RtyqlJv
CuwMfnEjL29FqqVUOQiQwH57M5rtUUv9nqXF8m2NGDINVBzXFMWRj3/JD3G5iSV5
VH7yaSIGGsGOWP77zggedlbki5NZErO/SK8FRjQbqNdKjgou+ioE8XnZ0QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFCHHvrSBFBdWO2yTb5BFpW0eeVWsMB8GA1UdIwQY
MBaAFPrZSfZiU1Q+6JuRljkHNrWm7Xy4MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS10bEo5bUpUVkQ3b201R1dPUWMydGFidGZMZy5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjkvM2NjZTIyLWMzMDEtNGJiYy1iMDI3
LTY0ZWVjYWVkMTFkYy8xL0ljZS10SUVVRjFZN2JKTnZrRVdsYlI1NVZhdy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjkvM2NjZTIyLWMzMDEtNGJiYy1iMDI3LTY0ZWVjYWVkMTFk
Yy8xLzEtdGxKOW1KVFZEN29tNUdXT1FjMnRhYnRmTGcuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC52gIw
DQYJKoZIhvcNAQELBQADggEBAIMRpEMM3m8duQ3SOd7CC547S2Ji+WR1BD8CxrcJ
jS6EXWAFrbFexB/pHSD0ekZUy+Q3bVu4dqx1E8VNSspz0UsIsp0cXp4MACfCFDAd
lJi4Dqc8KGw40mputz8d9x1ivN9jnzf/AF6irZbAwQRxjTkGs3H92UoTOu16qUdG
vjRdBLnnf8lqs1/wBuoI8DttoaRESiKeRcMNUh9Ruu2uosR1thhxBT9FDD+3QM7b
JA+vqvYx0DU0xpQ1dctTLWUNfX9Df35DMpAeuwZtvWChd6YR/8xeW0ihvyle07qD
8e5R0RSqPCquRmq4tUz9p7qORcvy9TLVhc8PEtHdH2aqIJM=
-----END CERTIFICATE-----