Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/IqJ3eC22ti_hCfC22ZrM8rRTtzM.roa
File:                     IqJ3eC22ti_hCfC22ZrM8rRTtzM.roa (raw, json)
Hash identifier:          aJf0pzqxrkhhPFt7HEGF+gQN8TPi2v4BsqZ0KQ3SArc=
Subject key identifier:   22:A2:77:78:2D:B6:B6:2F:E1:09:F0:B6:D9:9A:CC:F2:B4:53:B7:33
Certificate issuer:       /CN=b79220a805e4378547e43bac731ce86fe01145c7
Certificate serial:       01959442A3CB7ABB4397D04DED62CBF45C2F
Authority key identifier: B7:92:20:A8:05:E4:37:85:47:E4:3B:AC:73:1C:E8:6F:E0:11:45:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/IqJ3eC22ti_hCfC22ZrM8rRTtzM.roa
Signing time:             Fri 14 Mar 2025 10:45:50 +0000
ROA not before:           Fri 14 Mar 2025 10:45:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34984
IP address blocks:        213.243.8.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:94:42:a3:cb:7a:bb:43:97:d0:4d:ed:62:cb:f4:5c:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b79220a805e4378547e43bac731ce86fe01145c7
        Validity
            Not Before: Mar 14 10:45:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=22a277782db6b62fe109f0b6d99accf2b453b733
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c3:e2:6b:7c:43:eb:f7:c8:bf:a7:52:53:1d:
                    92:ca:9f:b4:f6:62:72:0c:2e:33:67:0b:29:ea:24:
                    7a:12:f4:d0:71:12:e4:61:15:4f:5d:75:32:a1:da:
                    eb:a9:cb:47:6d:a7:70:67:f5:a0:4a:7f:52:42:62:
                    b7:53:b4:0c:a7:70:7f:b5:e1:73:52:e9:e3:73:f7:
                    85:0f:70:0a:06:2c:f2:5e:51:55:e4:57:ac:e5:91:
                    89:5e:68:47:a7:36:05:50:2d:be:99:85:6e:5c:8f:
                    d2:78:d9:9a:6e:3e:08:88:37:b4:aa:5c:8f:0d:65:
                    a9:01:75:60:85:9f:7e:51:49:90:df:77:04:99:e4:
                    70:eb:2f:62:21:53:3e:52:85:5e:34:18:ed:ce:d3:
                    79:11:eb:b6:12:cd:27:7a:d0:0b:71:95:ef:be:6d:
                    de:12:4a:65:5c:15:1c:34:28:b3:f7:48:ff:d8:ee:
                    93:90:7f:fc:5a:89:ab:c4:d5:df:ff:31:e5:22:96:
                    42:fb:3c:01:37:d4:69:1e:a0:f1:92:d1:ab:65:03:
                    3a:3c:64:f6:3d:89:fb:e3:8b:31:62:08:e5:76:fc:
                    89:67:34:c9:dc:9f:31:db:32:10:e8:d0:3d:d8:16:
                    e3:9e:17:1a:f8:50:94:49:93:61:92:29:75:33:40:
                    f1:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:A2:77:78:2D:B6:B6:2F:E1:09:F0:B6:D9:9A:CC:F2:B4:53:B7:33
            X509v3 Authority Key Identifier:
                keyid:B7:92:20:A8:05:E4:37:85:47:E4:3B:AC:73:1C:E8:6F:E0:11:45:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t5IgqAXkN4VH5Duscxzob-ARRcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/IqJ3eC22ti_hCfC22ZrM8rRTtzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/e7f884-cf7b-491c-9ed9-423afc2b68b8/1/t5IgqAXkN4VH5Duscxzob-ARRcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.243.8.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:61:97:6c:8d:f2:55:7e:5c:cb:4a:b8:78:ac:db:3d:e9:4f:
         28:38:9b:be:80:f0:9e:12:e7:26:39:18:ff:c5:c2:2c:18:b3:
         78:43:cf:d1:f3:9b:73:21:95:61:c3:31:fb:bf:af:5f:fd:a5:
         b8:32:72:7b:d7:bc:2f:d9:7b:fb:26:12:c0:ff:47:b5:8e:13:
         c8:34:37:5a:be:4e:9e:4b:0b:4d:42:1a:a0:42:03:cc:9c:dd:
         61:82:41:c5:0f:2e:2c:d0:6b:0c:39:30:7b:27:a8:d4:3d:1d:
         b1:f2:18:28:28:40:52:29:30:24:67:16:0f:5f:83:98:df:51:
         2c:2c:91:09:64:b1:8d:b5:ba:0d:84:7a:59:d7:cc:b9:43:f0:
         27:e9:01:01:02:80:fc:de:fc:61:58:f9:c9:05:a9:66:ae:53:
         48:98:c1:78:6f:db:bb:bd:37:e1:a7:ca:74:6b:6c:fd:f4:c3:
         f6:ba:eb:76:df:e3:ad:98:b6:c1:21:3e:79:f5:96:f5:4e:7a:
         9c:68:7d:0a:06:98:1d:b9:bb:5e:98:27:74:7c:3f:7e:71:07:
         42:3a:97:19:46:24:23:b7:bf:fc:d1:9d:77:7a:63:b0:ba:0f:
         f1:d5:16:40:a4:d3:37:89:e4:0c:c0:0b:9b:4f:93:51:d8:3d:
         fc:8b:9b:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWUQqPLertDl9BN7WLL9FwvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3OTIyMGE4MDVlNDM3ODU0N2U0M2JhYzczMWNlODZmZTAx
MTQ1YzcwHhcNMjUwMzE0MTA0NTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmEyNzc3ODJkYjZiNjJmZTEwOWYwYjZkOTlhY2NmMmI0NTNiNzMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMPia3xD6/fIv6dSUx2Syp+09mJy
DC4zZwsp6iR6EvTQcRLkYRVPXXUyodrrqctHbadwZ/WgSn9SQmK3U7QMp3B/teFz
Uunjc/eFD3AKBizyXlFV5Fes5ZGJXmhHpzYFUC2+mYVuXI/SeNmabj4IiDe0qlyP
DWWpAXVghZ9+UUmQ33cEmeRw6y9iIVM+UoVeNBjtztN5Eeu2Es0netALcZXvvm3e
EkplXBUcNCiz90j/2O6TkH/8WomrxNXf/zHlIpZC+zwBN9RpHqDxktGrZQM6PGT2
PYn744sxYgjldvyJZzTJ3J8x2zIQ6NA92Bbjnhca+FCUSZNhkil1M0DxTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKid3gttrYv4QnwttmazPK0U7czMB8GA1UdIwQY
MBaAFLeSIKgF5DeFR+Q7rHMc6G/gEUXHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDVJZ3FBWGtONFZINUR1c2N4em9iLUFSUmNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9lN2Y4ODQtY2Y3Yi00OTFjLTllZDkt
NDIzYWZjMmI2OGI4LzEvSXFKM2VDMjJ0aV9oQ2ZDMjJack04clJUdHpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9lN2Y4ODQtY2Y3Yi00OTFjLTllZDktNDIzYWZjMmI2OGI4
LzEvdDVJZ3FBWGtONFZINUR1c2N4em9iLUFSUmNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1fMIMA0G
CSqGSIb3DQEBCwUAA4IBAQB2YZdsjfJVflzLSrh4rNs96U8oOJu+gPCeEucmORj/
xcIsGLN4Q8/R85tzIZVhwzH7v69f/aW4MnJ717wv2Xv7JhLA/0e1jhPINDdavk6e
SwtNQhqgQgPMnN1hgkHFDy4s0GsMOTB7J6jUPR2x8hgoKEBSKTAkZxYPX4OY31Es
LJEJZLGNtboNhHpZ18y5Q/An6QEBAoD83vxhWPnJBalmrlNImMF4b9u7vTfhp8p0
a2z99MP2uut23+OtmLbBIT559Zb1TnqcaH0KBpgdubtemCd0fD9+cQdCOpcZRiQj
t7/80Z13emOwug/x1RZApNM3ieQMwAubT5NR2D38i5sp
-----END CERTIFICATE-----