Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/Iav_qyY5ImtZ4ANKY_BlD16EiB4.roa
File:                     Iav_qyY5ImtZ4ANKY_BlD16EiB4.roa (raw, json)
Hash identifier:          o26HJXNrKDGMVRomgVXRlnZ79f/49jllECyaOAkuhL8=
Subject key identifier:   21:AB:FF:AB:26:39:22:6B:59:E0:03:4A:63:F0:65:0F:5E:84:88:1E
Certificate issuer:       /CN=12c889964b35b51ba8e5e679a15b19a31f133578
Certificate serial:       019420D5CBB455BF6DBD277ABD9F943A43F8
Authority key identifier: 12:C8:89:96:4B:35:B5:1B:A8:E5:E6:79:A1:5B:19:A3:1F:13:35:78
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/EsiJlks1tRuo5eZ5oVsZox8TNXg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/Iav_qyY5ImtZ4ANKY_BlD16EiB4.roa
Signing time:             Wed 01 Jan 2025 07:47:49 +0000
ROA not before:           Wed 01 Jan 2025 07:47:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     24634
IP address blocks:        82.146.160.0/19 maxlen: 24
                          91.245.248.0/22 maxlen: 24
                          2a0d:b3c0::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/EsiJlks1tRuo5eZ5oVsZox8TNXg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/EsiJlks1tRuo5eZ5oVsZox8TNXg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/EsiJlks1tRuo5eZ5oVsZox8TNXg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:cb:b4:55:bf:6d:bd:27:7a:bd:9f:94:3a:43:f8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=12c889964b35b51ba8e5e679a15b19a31f133578
        Validity
            Not Before: Jan  1 07:47:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21abffab2639226b59e0034a63f0650f5e84881e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:ba:50:e3:15:cf:3e:49:9d:ac:15:19:af:4c:
                    16:a6:f3:1f:0d:04:7c:53:39:5e:a4:78:16:89:47:
                    cc:ee:e6:63:1f:0c:87:86:85:77:99:ea:ce:ea:cd:
                    f3:16:37:a0:f1:e5:22:40:52:3f:f1:9f:75:90:f0:
                    0b:de:65:fe:3a:ad:3f:af:75:3d:ac:d4:ab:77:8a:
                    9e:a0:38:cb:d2:d8:9c:dc:cc:45:27:12:4d:06:c5:
                    97:b4:05:36:ae:9d:b8:85:26:17:ed:34:ae:0c:63:
                    61:30:6b:8d:3e:c1:a8:c1:51:e6:35:11:43:25:0f:
                    a4:6a:d1:05:42:df:f0:ef:f9:32:6b:a9:37:2b:48:
                    aa:30:34:a0:46:3b:b5:99:47:0d:0c:3c:6e:d1:ad:
                    cd:d4:a4:64:e3:63:6e:92:99:5e:ac:e7:1c:9d:e2:
                    a2:96:9f:5f:37:94:12:01:35:e6:d7:9a:56:a3:b6:
                    d3:26:d0:13:f8:66:a2:9d:fb:83:4a:f4:9d:be:df:
                    73:8b:05:40:35:4b:cb:f4:de:e6:c4:58:d6:1e:bc:
                    8e:1e:2f:44:02:18:bb:9c:9c:95:a7:40:91:0d:d4:
                    df:af:d0:4e:86:e2:6b:50:e1:89:1a:0f:15:d1:48:
                    3a:bb:83:f8:62:0d:28:ab:66:74:ce:4a:89:ae:2c:
                    29:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:AB:FF:AB:26:39:22:6B:59:E0:03:4A:63:F0:65:0F:5E:84:88:1E
            X509v3 Authority Key Identifier:
                keyid:12:C8:89:96:4B:35:B5:1B:A8:E5:E6:79:A1:5B:19:A3:1F:13:35:78

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EsiJlks1tRuo5eZ5oVsZox8TNXg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/Iav_qyY5ImtZ4ANKY_BlD16EiB4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/16b02c-833a-48f0-ba56-ad6f0bf88438/1/EsiJlks1tRuo5eZ5oVsZox8TNXg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.146.160.0/19
                  91.245.248.0/22
                IPv6:
                  2a0d:b3c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         26:00:25:7d:21:f3:a3:59:cd:d7:9a:49:58:82:a7:e8:d9:1e:
         fe:d3:74:c4:38:4e:62:c6:40:32:ff:b0:e0:cf:c1:a5:a3:c4:
         83:30:38:0a:80:89:9d:c7:c5:bb:41:a9:dc:93:01:34:fb:e2:
         99:eb:64:41:62:1c:5c:7f:a6:c9:0c:ed:b9:1b:02:20:fa:b3:
         58:39:81:17:02:bf:2d:56:c4:bd:00:22:89:a6:14:c8:0e:e7:
         96:1d:cd:fa:50:67:dd:d6:bb:2f:91:90:bd:bc:b1:e7:91:a4:
         ae:58:f0:0b:80:71:d1:19:41:dd:be:20:8f:de:e4:c2:c5:a8:
         87:fa:71:af:b8:f4:8f:5c:38:b1:b8:b6:38:55:07:a0:96:4f:
         c0:43:51:44:d0:b8:0d:65:86:00:cf:f2:62:f4:54:66:d3:ea:
         aa:4d:09:74:0f:16:02:b7:1d:e6:46:08:11:eb:ce:e6:68:6f:
         0f:4d:c2:72:02:f6:ff:6c:01:7e:2f:3f:57:c2:18:16:89:df:
         73:5e:a3:2b:0e:a2:0b:11:a0:e1:27:d4:43:08:6e:80:de:08:
         cc:bf:9b:ec:bb:45:a7:2f:fa:a1:45:13:d2:2e:f4:d3:01:35:
         af:79:2c:16:2d:3b:fd:0a:74:ac:00:08:02:4b:09:23:c4:88:
         e5:2f:ee:37
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQg1cu0Vb9tvSd6vZ+UOkP4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEyYzg4OTk2NGIzNWI1MWJhOGU1ZTY3OWExNWIxOWEzMWYx
MzM1NzgwHhcNMjUwMTAxMDc0NzQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWFiZmZhYjI2MzkyMjZiNTllMDAzNGE2M2YwNjUwZjVlODQ4ODFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLpQ4xXPPkmdrBUZr0wWpvMfDQR8
UzlepHgWiUfM7uZjHwyHhoV3merO6s3zFjeg8eUiQFI/8Z91kPAL3mX+Oq0/r3U9
rNSrd4qeoDjL0tic3MxFJxJNBsWXtAU2rp24hSYX7TSuDGNhMGuNPsGowVHmNRFD
JQ+katEFQt/w7/kya6k3K0iqMDSgRju1mUcNDDxu0a3N1KRk42NukplerOccneKi
lp9fN5QSATXm15pWo7bTJtAT+GainfuDSvSdvt9ziwVANUvL9N7mxFjWHryOHi9E
Ahi7nJyVp0CRDdTfr9BOhuJrUOGJGg8V0Ug6u4P4Yg0oq2Z0zkqJriwpswIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFCGr/6smOSJrWeADSmPwZQ9ehIgeMB8GA1UdIwQY
MBaAFBLIiZZLNbUbqOXmeaFbGaMfEzV4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRXNpSmxrczF0UnVvNWVaNW9Wc1pveDhUTlhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS8xNmIwMmMtODMzYS00OGYwLWJhNTYt
YWQ2ZjBiZjg4NDM4LzEvSWF2X3F5WTVJbXRaNEFOS1lfQmxEMTZFaUI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS8xNmIwMmMtODMzYS00OGYwLWJhNTYtYWQ2ZjBiZjg4NDM4
LzEvRXNpSmxrczF0UnVvNWVaNW9Wc1pveDhUTlhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFUpKgAwQC
W/X4MA0EAgACMAcDBQMqDbPAMA0GCSqGSIb3DQEBCwUAA4IBAQAmACV9IfOjWc3X
mklYgqfo2R7+03TEOE5ixkAy/7Dgz8Glo8SDMDgKgImdx8W7QanckwE0++KZ62RB
Yhxcf6bJDO25GwIg+rNYOYEXAr8tVsS9ACKJphTIDueWHc36UGfd1rsvkZC9vLHn
kaSuWPALgHHRGUHdviCP3uTCxaiH+nGvuPSPXDixuLY4VQeglk/AQ1FE0LgNZYYA
z/Ji9FRm0+qqTQl0DxYCtx3mRggR687maG8PTcJyAvb/bAF+Lz9XwhgWid9zXqMr
DqILEaDhJ9RDCG6A3gjMv5vsu0WnL/qhRRPSLvTTATWveSwWLTv9CnSsAAgCSwkj
xIjlL+43
-----END CERTIFICATE-----