Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/JIOTHuHxMtqBMx5mXgc6EZ3pd2k.roa
File:                     JIOTHuHxMtqBMx5mXgc6EZ3pd2k.roa (raw, json)
Hash identifier:          DCxRs8r4ffmbTDh+ON4DjiCp8BK/u4NKeBfbW9CrT2I=
Subject key identifier:   24:83:93:1E:E1:F1:32:DA:81:33:1E:66:5E:07:3A:11:9D:E9:77:69
Certificate issuer:       /CN=3aba1172472ea80265d12982967de0a8b0bc5901
Certificate serial:       019424B2789266F836E72EBCAAF174728EFA
Authority key identifier: 3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/JIOTHuHxMtqBMx5mXgc6EZ3pd2k.roa
Signing time:             Thu 02 Jan 2025 01:47:43 +0000
ROA not before:           Thu 02 Jan 2025 01:47:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213006
IP address blocks:        185.21.135.0/24 maxlen: 24
                          195.182.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b2:78:92:66:f8:36:e7:2e:bc:aa:f1:74:72:8e:fa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3aba1172472ea80265d12982967de0a8b0bc5901
        Validity
            Not Before: Jan  2 01:47:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2483931ee1f132da81331e665e073a119de97769
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:c9:c3:98:cc:d6:5e:ca:b1:f5:7b:f2:26:f9:
                    18:c7:c5:72:a1:33:7b:ea:8c:ed:f6:29:47:06:5d:
                    f9:47:20:50:42:db:37:f5:19:6f:cb:7f:73:47:fc:
                    93:75:50:52:e8:1b:34:ab:70:fd:8e:ea:98:a2:bc:
                    be:4e:f2:d8:16:f0:e3:a6:0b:da:aa:10:6e:7c:30:
                    e0:48:21:48:80:67:09:b8:13:9b:5f:d4:c4:b3:de:
                    8c:94:0d:bb:10:cf:fc:4e:f8:69:fc:70:2d:26:53:
                    ea:8d:7d:33:57:3f:cd:ed:11:40:db:c6:3a:3f:6d:
                    e5:62:f1:ab:ca:60:88:da:d0:9a:49:7d:4e:c5:b6:
                    23:f2:bf:da:4b:ea:86:c0:4d:9d:2c:ca:94:3c:39:
                    c3:d5:98:b8:5b:27:92:8b:10:4c:b1:62:08:fd:40:
                    08:0e:90:a5:3e:eb:2c:a9:34:48:e3:c6:6d:8c:cf:
                    7a:ce:2a:cf:0b:15:c3:ce:ff:17:40:12:64:60:7c:
                    be:ae:a9:28:85:df:e7:55:df:28:e1:2b:5c:20:01:
                    90:8d:c5:d0:f8:b6:70:0e:ed:01:c0:e6:07:32:14:
                    9b:59:0a:06:4c:7f:4d:cb:4b:72:44:ea:7d:de:5e:
                    fa:2b:e9:d9:e0:d8:1e:d8:69:a5:e7:35:49:b2:99:
                    e5:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:83:93:1E:E1:F1:32:DA:81:33:1E:66:5E:07:3A:11:9D:E9:77:69
            X509v3 Authority Key Identifier:
                keyid:3A:BA:11:72:47:2E:A8:02:65:D1:29:82:96:7D:E0:A8:B0:BC:59:01

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OroRckcuqAJl0SmCln3gqLC8WQE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/JIOTHuHxMtqBMx5mXgc6EZ3pd2k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/83/7b1c55-ddd0-4281-8378-4dd04346abc3/1/OroRckcuqAJl0SmCln3gqLC8WQE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.21.135.0/24
                  195.182.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         48:73:61:e8:7b:47:16:b2:dc:9f:26:af:02:20:23:71:42:de:
         21:14:37:2e:36:6e:12:29:ae:90:c3:1a:01:f5:d6:10:22:c0:
         09:e5:b3:57:fa:58:d7:42:61:d0:7e:f1:dc:e1:96:11:12:6f:
         42:b5:9c:11:a3:7b:b3:7b:b6:e0:2f:36:75:33:a6:90:27:66:
         54:76:e1:1a:8f:d9:07:f9:80:f8:28:a5:ff:e1:28:3c:ad:16:
         1c:a7:fb:d9:9a:9c:2a:f2:3d:9d:e8:b4:0f:e6:d1:e8:78:65:
         54:15:9b:9a:7a:98:d6:60:e7:b0:c0:ef:f2:f9:08:02:1c:35:
         6b:df:6b:e5:fd:6a:73:83:8e:92:5d:e9:7a:74:cf:1a:49:ab:
         c8:ad:86:38:3d:34:2d:32:2c:42:ee:cd:66:93:b1:09:79:c0:
         21:03:52:c7:0a:7e:13:c7:17:db:20:2e:d3:ca:fa:1c:f0:e9:
         c5:c3:2b:ac:69:05:b0:14:e9:09:71:4a:ec:a4:ff:d6:9f:be:
         0b:76:09:46:c4:cb:90:5e:91:cb:42:ee:d3:c4:86:27:82:00:
         f7:91:1d:e2:13:07:10:8a:c7:73:72:9e:99:c4:f9:97:8e:7a:
         9f:46:cd:c8:0d:31:c9:29:89:5f:d7:00:a9:90:1a:91:55:d8:
         a9:ff:db:42
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQksniSZvg25y68qvF0co76MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNhYmExMTcyNDcyZWE4MDI2NWQxMjk4Mjk2N2RlMGE4YjBi
YzU5MDEwHhcNMjUwMTAyMDE0NzQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNDgzOTMxZWUxZjEzMmRhODEzMzFlNjY1ZTA3M2ExMTlkZTk3NzY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs8nDmMzWXsqx9XvyJvkYx8VyoTN7
6ozt9ilHBl35RyBQQts39Rlvy39zR/yTdVBS6Bs0q3D9juqYory+TvLYFvDjpgva
qhBufDDgSCFIgGcJuBObX9TEs96MlA27EM/8Tvhp/HAtJlPqjX0zVz/N7RFA28Y6
P23lYvGrymCI2tCaSX1OxbYj8r/aS+qGwE2dLMqUPDnD1Zi4WyeSixBMsWII/UAI
DpClPussqTRI48ZtjM96zirPCxXDzv8XQBJkYHy+rqkohd/nVd8o4StcIAGQjcXQ
+LZwDu0BwOYHMhSbWQoGTH9Ny0tyROp93l76K+nZ4Nge2Gml5zVJspnlwQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCSDkx7h8TLagTMeZl4HOhGd6XdpMB8GA1UdIwQY
MBaAFDq6EXJHLqgCZdEpgpZ94KiwvFkBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgt
NGRkMDQzNDZhYmMzLzEvSklPVEh1SHhNdHFCTXg1bVhnYzZFWjNwZDJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84My83YjFjNTUtZGRkMC00MjgxLTgzNzgtNGRkMDQzNDZhYmMz
LzEvT3JvUmNrY3VxQUpsMFNtQ2xuM2dxTEM4V1FFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuRWHAwQA
w7bMMA0GCSqGSIb3DQEBCwUAA4IBAQBIc2Hoe0cWstyfJq8CICNxQt4hFDcuNm4S
Ka6QwxoB9dYQIsAJ5bNX+ljXQmHQfvHc4ZYREm9CtZwRo3uze7bgLzZ1M6aQJ2ZU
duEaj9kH+YD4KKX/4Sg8rRYcp/vZmpwq8j2d6LQP5tHoeGVUFZuaepjWYOewwO/y
+QgCHDVr32vl/Wpzg46SXel6dM8aSavIrYY4PTQtMixC7s1mk7EJecAhA1LHCn4T
xxfbIC7Tyvoc8OnFwyusaQWwFOkJcUrspP/Wn74LdglGxMuQXpHLQu7TxIYnggD3
kR3iEwcQisdzcp6ZxPmXjnqfRs3IDTHJKYlf1wCpkBqRVdip/9tC
-----END CERTIFICATE-----