Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/485fb4-3027-46cc-bd67-809a4b7ab4b5/1/EhPdkmEcd5kZgSYia-f_ZpjHYY0.roa
File:                     EhPdkmEcd5kZgSYia-f_ZpjHYY0.roa (raw, json)
Hash identifier:          3TfVzsPjB0vFUIoLoSrG9hGoNnzjzko9raGZf0VmPMQ=
Subject key identifier:   12:13:DD:92:61:1C:77:99:19:81:26:22:6B:E7:FF:66:98:C7:61:8D
Certificate issuer:       /CN=05f2748cb43862a104b56f8c6204b6209706558c
Certificate serial:       0194221FE1DE3A4BDF8B7C1AF85E7458F7B4
Authority key identifier: 05:F2:74:8C:B4:38:62:A1:04:B5:6F:8C:62:04:B6:20:97:06:55:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BfJ0jLQ4YqEEtW-MYgS2IJcGVYw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/74/485fb4-3027-46cc-bd67-809a4b7ab4b5/1/EhPdkmEcd5kZgSYia-f_ZpjHYY0.roa
Signing time:             Wed 01 Jan 2025 13:48:22 +0000
ROA not before:           Wed 01 Jan 2025 13:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211098
IP address blocks:        185.184.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/74/485fb4-3027-46cc-bd67-809a4b7ab4b5/1/BfJ0jLQ4YqEEtW-MYgS2IJcGVYw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/74/485fb4-3027-46cc-bd67-809a4b7ab4b5/1/BfJ0jLQ4YqEEtW-MYgS2IJcGVYw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BfJ0jLQ4YqEEtW-MYgS2IJcGVYw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:e1:de:3a:4b:df:8b:7c:1a:f8:5e:74:58:f7:b4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=05f2748cb43862a104b56f8c6204b6209706558c
        Validity
            Not Before: Jan  1 13:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1213dd92611c7799198126226be7ff6698c7618d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:60:d8:7f:77:11:9d:f7:44:5d:4f:55:3e:0f:
                    ec:40:a3:3c:5a:ab:f4:5c:59:0d:d8:01:78:61:67:
                    64:9e:8e:3e:57:84:e5:be:c6:0f:4a:02:4d:36:fd:
                    e3:0b:94:55:3e:94:c7:5e:64:2d:24:aa:33:13:32:
                    92:7d:0f:d9:cd:0b:ec:20:4c:08:d0:8e:31:d8:33:
                    34:42:55:f1:90:e2:dd:38:42:85:7d:6e:8a:c2:76:
                    16:c7:59:3b:91:ab:ee:69:7b:96:9e:f7:da:f2:14:
                    44:09:62:06:21:5d:50:9d:32:a8:c5:95:cf:4a:92:
                    b4:0e:69:70:df:e0:f7:3c:39:13:d2:07:61:7d:23:
                    36:62:3b:1f:18:be:8c:63:93:09:18:a7:27:d0:59:
                    85:a0:60:eb:61:59:77:8d:38:af:d0:81:19:ac:0f:
                    30:d0:67:84:23:27:3b:3a:e2:8c:ef:c8:af:84:b7:
                    da:e6:09:1f:51:76:0f:6d:fe:ce:1d:00:02:c9:1c:
                    32:ab:fc:e3:4b:e7:c2:b5:d3:ad:98:3b:bd:3d:a8:
                    89:c7:76:c4:6f:6d:2d:75:2e:64:f9:c7:d1:88:73:
                    68:99:95:86:6f:8d:a7:25:c2:5f:8b:c0:08:9f:07:
                    f0:45:6f:22:0c:72:98:6c:01:6b:9e:29:3f:65:f2:
                    26:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:13:DD:92:61:1C:77:99:19:81:26:22:6B:E7:FF:66:98:C7:61:8D
            X509v3 Authority Key Identifier:
                keyid:05:F2:74:8C:B4:38:62:A1:04:B5:6F:8C:62:04:B6:20:97:06:55:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BfJ0jLQ4YqEEtW-MYgS2IJcGVYw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/485fb4-3027-46cc-bd67-809a4b7ab4b5/1/EhPdkmEcd5kZgSYia-f_ZpjHYY0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/74/485fb4-3027-46cc-bd67-809a4b7ab4b5/1/BfJ0jLQ4YqEEtW-MYgS2IJcGVYw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         57:cd:61:c1:6c:eb:ab:02:0c:2b:33:c5:ba:cb:95:1a:5f:b7:
         1e:ed:5f:04:0d:08:89:5f:af:10:93:36:9a:4e:c8:c1:38:bc:
         b8:1b:a2:14:bc:0b:3b:b5:df:68:a5:5e:d5:05:e4:5a:b1:e7:
         78:0b:81:95:d5:16:97:4c:61:65:e8:44:f1:64:00:64:b7:e4:
         e4:c0:b4:23:6e:f4:da:2e:28:0a:c8:b5:87:04:02:d7:ea:4a:
         7c:e3:79:d0:d2:cd:75:1f:f9:63:08:38:52:c4:9c:cc:03:c4:
         aa:de:1e:98:41:94:a0:b9:52:6e:09:7e:c9:0a:11:a1:b8:eb:
         54:15:21:22:3a:ea:92:73:ee:0a:83:0c:b2:64:63:29:04:76:
         5c:00:14:e4:0e:0f:66:b8:ec:a2:6b:75:54:ec:82:e6:2a:6b:
         1a:77:e1:e5:46:13:9b:3b:46:80:55:47:e9:a2:fd:c1:0a:0d:
         db:6a:7e:e7:b0:ce:16:88:5d:46:37:61:6f:e7:d4:0d:b8:4e:
         8c:1e:c0:98:4b:95:15:0e:91:b4:73:d3:0a:56:90:01:0a:07:
         57:53:89:0d:be:3e:93:fa:6f:46:6b:a7:73:b9:7e:05:2e:ac:
         68:90:3f:21:5f:5f:f7:1b:cc:9c:b7:59:fa:cc:66:c6:3d:f4:
         b6:bb:f2:e1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH+HeOkvfi3wa+F50WPe0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1ZjI3NDhjYjQzODYyYTEwNGI1NmY4YzYyMDRiNjIwOTcw
NjU1OGMwHhcNMjUwMTAxMTM0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjEzZGQ5MjYxMWM3Nzk5MTk4MTI2MjI2YmU3ZmY2Njk4Yzc2MThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw2DYf3cRnfdEXU9VPg/sQKM8Wqv0
XFkN2AF4YWdkno4+V4TlvsYPSgJNNv3jC5RVPpTHXmQtJKozEzKSfQ/ZzQvsIEwI
0I4x2DM0QlXxkOLdOEKFfW6KwnYWx1k7kavuaXuWnvfa8hRECWIGIV1QnTKoxZXP
SpK0Dmlw3+D3PDkT0gdhfSM2YjsfGL6MY5MJGKcn0FmFoGDrYVl3jTiv0IEZrA8w
0GeEIyc7OuKM78ivhLfa5gkfUXYPbf7OHQACyRwyq/zjS+fCtdOtmDu9PaiJx3bE
b20tdS5k+cfRiHNomZWGb42nJcJfi8AInwfwRW8iDHKYbAFrnik/ZfImowIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBIT3ZJhHHeZGYEmImvn/2aYx2GNMB8GA1UdIwQY
MBaAFAXydIy0OGKhBLVvjGIEtiCXBlWMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmZKMGpMUTRZcUVFdFctTVlnUzJJSmNHVll3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC80ODVmYjQtMzAyNy00NmNjLWJkNjct
ODA5YTRiN2FiNGI1LzEvRWhQZGttRWNkNWtaZ1NZaWEtZl9acGpIWVkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC80ODVmYjQtMzAyNy00NmNjLWJkNjctODA5YTRiN2FiNGI1
LzEvQmZKMGpMUTRZcUVFdFctTVlnUzJJSmNHVll3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubjZMA0G
CSqGSIb3DQEBCwUAA4IBAQBXzWHBbOurAgwrM8W6y5UaX7ce7V8EDQiJX68Qkzaa
TsjBOLy4G6IUvAs7td9opV7VBeRased4C4GV1RaXTGFl6ETxZABkt+TkwLQjbvTa
LigKyLWHBALX6kp843nQ0s11H/ljCDhSxJzMA8Sq3h6YQZSguVJuCX7JChGhuOtU
FSEiOuqSc+4KgwyyZGMpBHZcABTkDg9muOyia3VU7ILmKmsad+HlRhObO0aAVUfp
ov3BCg3ban7nsM4WiF1GN2Fv59QNuE6MHsCYS5UVDpG0c9MKVpABCgdXU4kNvj6T
+m9Ga6dzuX4FLqxokD8hX1/3G8yct1n6zGbGPfS2u/Lh
-----END CERTIFICATE-----