Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/FTGHUrnOnM0CZqV9qHNon3zzeQk.roa
File:                     FTGHUrnOnM0CZqV9qHNon3zzeQk.roa (raw, json)
Hash identifier:          qfEgLxXIZ1yGqxOy4Va2BU39hv93XgdmfKbFLCHxqtY=
Subject key identifier:   15:31:87:52:B9:CE:9C:CD:02:66:A5:7D:A8:73:68:9F:7C:F3:79:09
Certificate issuer:       /CN=28b0ff7998ca8854ce7c475a972ed1d52a5c60cd
Certificate serial:       01941FFA04C0CF81F54B7E4A57219A78A992
Authority key identifier: 28:B0:FF:79:98:CA:88:54:CE:7C:47:5A:97:2E:D1:D5:2A:5C:60:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KLD_eZjKiFTOfEdaly7R1SpcYM0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/FTGHUrnOnM0CZqV9qHNon3zzeQk.roa
Signing time:             Wed 01 Jan 2025 03:47:46 +0000
ROA not before:           Wed 01 Jan 2025 03:47:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        185.119.221.0/24 maxlen: 24
                          185.119.223.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/KLD_eZjKiFTOfEdaly7R1SpcYM0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/KLD_eZjKiFTOfEdaly7R1SpcYM0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KLD_eZjKiFTOfEdaly7R1SpcYM0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:04:c0:cf:81:f5:4b:7e:4a:57:21:9a:78:a9:92
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=28b0ff7998ca8854ce7c475a972ed1d52a5c60cd
        Validity
            Not Before: Jan  1 03:47:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15318752b9ce9ccd0266a57da873689f7cf37909
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:27:c8:54:b8:6f:6d:51:2e:37:fb:7d:bf:c7:
                    e0:b3:2e:c0:10:05:35:89:2a:f2:4a:24:54:1d:06:
                    75:e9:aa:c4:29:d9:b0:64:61:58:c6:1e:34:a5:70:
                    e1:29:08:14:19:7d:2f:23:0b:90:c3:63:09:11:a6:
                    74:06:81:5f:84:99:2d:90:89:36:11:01:02:41:c2:
                    8c:66:15:89:aa:86:ee:c7:bd:3e:bf:fe:cc:e3:59:
                    b4:e2:93:71:4a:40:ed:8b:a8:b2:a4:01:6a:a3:f9:
                    11:38:7c:3b:77:53:58:cb:59:9a:bf:b1:1f:89:e5:
                    1d:df:0f:3c:39:e5:f8:50:b9:ec:37:25:13:4b:cf:
                    f5:66:c0:ad:75:b2:3c:e1:8c:04:76:9c:fe:23:a3:
                    30:d9:37:5e:4c:c2:db:d3:23:f4:01:0b:a4:0e:2b:
                    88:6d:a1:79:f9:1b:27:1d:7d:ca:0d:ec:78:db:6f:
                    67:cf:09:5f:82:48:fd:d0:40:b8:7d:38:51:74:24:
                    1a:4d:d3:4a:87:eb:8c:78:f5:24:5c:3f:93:31:63:
                    f9:66:c7:06:bc:69:45:b0:a1:ac:ae:52:41:f9:90:
                    27:c6:69:62:00:f8:82:09:aa:27:37:49:4e:14:90:
                    f8:dc:d1:79:f2:8b:e0:b8:0e:43:5a:96:55:bd:d7:
                    90:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:31:87:52:B9:CE:9C:CD:02:66:A5:7D:A8:73:68:9F:7C:F3:79:09
            X509v3 Authority Key Identifier:
                keyid:28:B0:FF:79:98:CA:88:54:CE:7C:47:5A:97:2E:D1:D5:2A:5C:60:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KLD_eZjKiFTOfEdaly7R1SpcYM0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/FTGHUrnOnM0CZqV9qHNon3zzeQk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/a0d674-87b6-4318-bed2-267547ea1e35/1/KLD_eZjKiFTOfEdaly7R1SpcYM0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.221.0/24
                  185.119.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:c4:b5:a2:3a:53:3b:84:82:5f:3e:85:72:64:cd:6e:e9:79:
         26:60:b3:a0:e8:37:95:e6:f1:2f:95:ee:1e:90:66:0a:db:84:
         e2:e5:96:e4:e1:5d:cd:09:4b:a0:36:aa:39:54:4d:dc:d3:bb:
         14:10:8e:57:52:3a:dd:fd:e7:fc:12:38:ba:e2:a7:6c:e0:ab:
         d0:07:a6:ef:78:03:e0:e0:a4:79:aa:95:a2:36:8e:4c:e9:7e:
         e9:03:4b:c9:43:70:29:0a:d8:fe:fc:48:d6:f8:f1:79:9b:dd:
         58:8d:54:40:fe:1f:a4:ed:a2:95:fa:86:68:a5:08:09:8d:9d:
         54:69:18:94:90:ce:9a:6a:69:a7:26:6e:83:31:3b:b3:29:6b:
         2a:ee:6c:c0:ae:c0:18:f2:2f:94:bd:29:3d:44:45:b1:20:c1:
         75:c6:c9:63:65:3c:0b:13:d6:ca:56:9c:55:c0:d5:d3:76:f5:
         e9:78:c7:40:5f:af:a3:ff:2d:5e:c6:92:48:5a:39:93:81:72:
         24:c4:61:7c:81:29:28:33:b7:b6:e5:a5:c5:ad:6c:f9:a5:dd:
         9c:d5:19:3c:64:f4:d8:42:c0:5b:4b:24:c6:38:4f:c7:8c:0f:
         8a:36:0c:5b:f3:67:1a:79:11:f4:17:9d:fa:cb:f7:90:d0:89:
         26:10:c4:2c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+gTAz4H1S35KVyGaeKmSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI4YjBmZjc5OThjYTg4NTRjZTdjNDc1YTk3MmVkMWQ1MmE1
YzYwY2QwHhcNMjUwMTAxMDM0NzQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNTMxODc1MmI5Y2U5Y2NkMDI2NmE1N2RhODczNjg5ZjdjZjM3OTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1ifIVLhvbVEuN/t9v8fgsy7AEAU1
iSrySiRUHQZ16arEKdmwZGFYxh40pXDhKQgUGX0vIwuQw2MJEaZ0BoFfhJktkIk2
EQECQcKMZhWJqobux70+v/7M41m04pNxSkDti6iypAFqo/kROHw7d1NYy1mav7Ef
ieUd3w88OeX4ULnsNyUTS8/1ZsCtdbI84YwEdpz+I6Mw2TdeTMLb0yP0AQukDiuI
baF5+RsnHX3KDex4229nzwlfgkj90EC4fThRdCQaTdNKh+uMePUkXD+TMWP5ZscG
vGlFsKGsrlJB+ZAnxmliAPiCCaonN0lOFJD43NF58ovguA5DWpZVvdeQEwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBUxh1K5zpzNAmalfahzaJ9883kJMB8GA1UdIwQY
MBaAFCiw/3mYyohUznxHWpcu0dUqXGDNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS0xEX2VaaktpRlRPZkVkYWx5N1IxU3BjWU0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9hMGQ2NzQtODdiNi00MzE4LWJlZDIt
MjY3NTQ3ZWExZTM1LzEvRlRHSFVybk9uTTBDWnFWOXFITm9uM3p6ZVFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9hMGQ2NzQtODdiNi00MzE4LWJlZDItMjY3NTQ3ZWExZTM1
LzEvS0xEX2VaaktpRlRPZkVkYWx5N1IxU3BjWU0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuXfdAwQA
uXffMA0GCSqGSIb3DQEBCwUAA4IBAQBzxLWiOlM7hIJfPoVyZM1u6XkmYLOg6DeV
5vEvle4ekGYK24Ti5Zbk4V3NCUugNqo5VE3c07sUEI5XUjrd/ef8Eji64qds4KvQ
B6bveAPg4KR5qpWiNo5M6X7pA0vJQ3ApCtj+/EjW+PF5m91YjVRA/h+k7aKV+oZo
pQgJjZ1UaRiUkM6aammnJm6DMTuzKWsq7mzArsAY8i+UvSk9REWxIMF1xsljZTwL
E9bKVpxVwNXTdvXpeMdAX6+j/y1expJIWjmTgXIkxGF8gSkoM7e25aXFrWz5pd2c
1Rk8ZPTYQsBbSyTGOE/HjA+KNgxb82caeRH0F536y/eQ0IkmEMQs
-----END CERTIFICATE-----