Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/isgHEY3DLcIdH7fzaoi9hSSweWI.roa
File:                     isgHEY3DLcIdH7fzaoi9hSSweWI.roa (raw, json)
Hash identifier:          UYsZ1nus3c+5ErOsOKu1wsJtYaH8MiA2+iXpl5haTe4=
Subject key identifier:   8A:C8:07:11:8D:C3:2D:C2:1D:1F:B7:F3:6A:88:BD:85:24:B0:79:62
Certificate issuer:       /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial:       019427B3C351BD2E019C539D07543353D580
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/isgHEY3DLcIdH7fzaoi9hSSweWI.roa
Signing time:             Thu 02 Jan 2025 15:47:59 +0000
ROA not before:           Thu 02 Jan 2025 15:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200450
IP address blocks:        185.225.236.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:c3:51:bd:2e:01:9c:53:9d:07:54:33:53:d5:80
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
        Validity
            Not Before: Jan  2 15:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ac807118dc32dc21d1fb7f36a88bd8524b07962
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:fc:b2:e1:be:58:eb:d6:cc:11:c3:25:48:3d:
                    90:0b:6f:27:6f:06:81:f5:63:22:5a:45:26:c5:e4:
                    4f:26:f9:3a:4c:2a:a4:d0:fb:cf:72:cc:6d:f9:34:
                    ee:2a:f2:8c:f6:c2:6a:66:db:a3:27:92:80:f6:9e:
                    3a:74:7b:07:0b:ae:cd:19:a5:14:de:48:54:08:e2:
                    44:6c:63:7c:79:8a:6f:dc:06:fc:eb:52:ac:9e:cc:
                    3e:a4:36:8c:08:15:fd:29:14:6b:8e:31:cd:a0:9d:
                    91:b9:97:15:78:64:35:80:8e:56:d5:47:03:d2:ae:
                    a3:b6:6b:60:25:df:88:31:2e:c0:dd:64:38:9a:ba:
                    07:3e:b6:88:4f:0d:e8:bd:13:a0:38:3c:ea:a3:86:
                    5f:a2:8a:82:2c:d8:29:96:6d:4e:43:4a:5b:20:92:
                    bb:ba:c3:c7:44:30:cf:df:e8:35:a0:80:2b:cd:df:
                    7a:0d:38:a9:a5:87:ba:f8:24:dd:75:dc:4c:92:2d:
                    fb:18:9a:3a:81:e2:9b:9c:69:d8:7e:15:e9:a8:b9:
                    ae:72:2d:64:a4:34:89:24:7d:52:bd:75:a2:8e:ac:
                    5b:c8:3a:42:f1:44:ba:a7:f4:00:32:f5:22:b1:fb:
                    3d:6f:fd:72:f6:29:ec:42:60:6a:f5:09:39:8f:02:
                    75:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:C8:07:11:8D:C3:2D:C2:1D:1F:B7:F3:6A:88:BD:85:24:B0:79:62
            X509v3 Authority Key Identifier:
                keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/isgHEY3DLcIdH7fzaoi9hSSweWI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.236.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:c1:fe:24:ae:fc:88:eb:5b:59:67:47:a0:92:0e:b2:40:8a:
         b3:f4:4e:d1:da:b0:5d:ea:de:b9:33:bd:68:71:da:04:56:bc:
         70:7f:fe:d8:72:5e:50:55:2a:e6:a2:17:ed:5a:c2:89:80:d8:
         7d:36:90:a1:5f:71:a3:da:03:0b:ed:ff:14:8f:79:38:13:9b:
         8c:98:d1:4f:bf:85:d5:34:06:89:98:ae:c0:b8:79:b7:ff:b1:
         03:0c:57:94:b3:8e:08:45:f1:ec:99:9d:ed:56:80:77:cc:ff:
         48:69:02:51:b5:92:56:ff:14:b5:3d:4f:98:2b:2b:b1:6f:cf:
         4f:bd:8e:e0:be:f3:00:90:ef:4f:76:88:9a:a4:fe:4d:17:8e:
         99:1f:b3:c3:00:48:ec:e2:68:7e:42:4d:47:d9:15:66:0b:43:
         22:fe:83:73:a2:b2:f2:b0:d4:b0:bb:e1:00:f0:ab:11:2f:67:
         4b:78:8b:7c:7e:16:df:ee:d3:aa:c9:0f:06:b3:42:5d:57:39:
         88:ef:9e:b6:20:99:eb:6f:8e:10:de:8b:6e:fd:77:fc:eb:fa:
         1b:3b:c5:37:0c:42:0b:9e:75:4e:a8:8c:6c:b4:0c:43:92:0b:
         ca:6c:d7:68:d3:93:03:1f:84:46:f2:c8:ce:53:c7:4e:d7:8f:
         05:e4:59:ea
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQns8NRvS4BnFOdB1QzU9WAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjUwMTAyMTU0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWM4MDcxMThkYzMyZGMyMWQxZmI3ZjM2YTg4YmQ4NTI0YjA3OTYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Pyy4b5Y69bMEcMlSD2QC28nbwaB
9WMiWkUmxeRPJvk6TCqk0PvPcsxt+TTuKvKM9sJqZtujJ5KA9p46dHsHC67NGaUU
3khUCOJEbGN8eYpv3Ab861Ksnsw+pDaMCBX9KRRrjjHNoJ2RuZcVeGQ1gI5W1UcD
0q6jtmtgJd+IMS7A3WQ4mroHPraITw3ovROgODzqo4ZfooqCLNgplm1OQ0pbIJK7
usPHRDDP3+g1oIArzd96DTippYe6+CTdddxMki37GJo6geKbnGnYfhXpqLmuci1k
pDSJJH1SvXWijqxbyDpC8US6p/QAMvUisfs9b/1y9insQmBq9Qk5jwJ1iwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIrIBxGNwy3CHR+382qIvYUksHliMB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEvaXNnSEVZM0RMY0lkSDdmemFvaTloU1N3ZVdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueHsMA0G
CSqGSIb3DQEBCwUAA4IBAQBPwf4krvyI61tZZ0egkg6yQIqz9E7R2rBd6t65M71o
cdoEVrxwf/7Ycl5QVSrmohftWsKJgNh9NpChX3Gj2gML7f8Uj3k4E5uMmNFPv4XV
NAaJmK7AuHm3/7EDDFeUs44IRfHsmZ3tVoB3zP9IaQJRtZJW/xS1PU+YKyuxb89P
vY7gvvMAkO9PdoiapP5NF46ZH7PDAEjs4mh+Qk1H2RVmC0Mi/oNzorLysNSwu+EA
8KsRL2dLeIt8fhbf7tOqyQ8Gs0JdVzmI7562IJnrb44Q3otu/Xf86/obO8U3DEIL
nnVOqIxstAxDkgvKbNdo05MDH4RG8sjOU8dO148F5Fnq
-----END CERTIFICATE-----