Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/ETjV-BKWJLPwYpMPREKNFP_t814.roa
File:                     ETjV-BKWJLPwYpMPREKNFP_t814.roa (raw, json)
Hash identifier:          FEbx//ip3zOVOOaz/mGYLmuNmaoO9k1UL7AAezYzLxQ=
Subject key identifier:   11:38:D5:F8:12:96:24:B3:F0:62:93:0F:44:42:8D:14:FF:ED:F3:5E
Certificate issuer:       /CN=6b4137c95719de3b0651e44ad0683501ae67eb88
Certificate serial:       0194228DDBA7DCFC9227F0C8AD8590C02BED
Authority key identifier: 6B:41:37:C9:57:19:DE:3B:06:51:E4:4A:D0:68:35:01:AE:67:EB:88
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/ETjV-BKWJLPwYpMPREKNFP_t814.roa
Signing time:             Wed 01 Jan 2025 15:48:29 +0000
ROA not before:           Wed 01 Jan 2025 15:48:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     273171
IP address blocks:        185.240.214.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:db:a7:dc:fc:92:27:f0:c8:ad:85:90:c0:2b:ed
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b4137c95719de3b0651e44ad0683501ae67eb88
        Validity
            Not Before: Jan  1 15:48:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1138d5f8129624b3f062930f44428d14ffedf35e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:40:51:d9:9b:3e:e5:04:cb:79:33:41:df:a8:
                    10:8c:14:90:ce:4e:bc:61:04:09:bc:24:fd:97:73:
                    27:cf:25:05:6c:36:57:e1:18:69:12:b1:63:9c:86:
                    e6:4f:bf:76:95:ff:e2:d7:fd:43:76:52:86:08:fc:
                    1e:b6:42:2d:10:63:72:83:df:9e:10:a0:93:2e:38:
                    27:b5:38:05:55:54:0d:b8:32:bf:f8:dd:1a:5a:64:
                    fe:c6:7a:93:8e:dc:b1:a5:2f:03:0a:4e:21:95:a5:
                    f5:27:06:f5:a2:fa:5b:94:89:60:93:e5:f3:28:6c:
                    82:99:8c:97:fc:44:41:6f:5c:29:6b:c3:2d:3a:74:
                    0e:bb:24:ac:6b:74:ce:6b:3f:67:79:97:15:2c:b3:
                    43:43:f6:6c:da:62:df:41:bb:8f:6a:a0:9f:14:e3:
                    a8:77:36:1a:43:33:c5:b2:b1:58:a2:03:8a:7c:40:
                    9f:1b:de:01:09:ae:b3:a8:84:32:ac:ad:22:77:69:
                    77:be:98:04:d4:cf:36:c1:9e:98:b7:53:d4:a5:18:
                    6f:f3:d4:c2:92:6e:92:d6:b2:69:09:88:5c:ab:14:
                    f1:a1:e1:2a:00:1b:aa:fb:fe:be:69:73:00:88:e2:
                    8f:21:7d:4a:f9:32:3f:16:6c:ed:76:9d:ed:3c:b7:
                    2e:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:38:D5:F8:12:96:24:B3:F0:62:93:0F:44:42:8D:14:FF:ED:F3:5E
            X509v3 Authority Key Identifier:
                keyid:6B:41:37:C9:57:19:DE:3B:06:51:E4:4A:D0:68:35:01:AE:67:EB:88

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/ETjV-BKWJLPwYpMPREKNFP_t814.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/92/ab7f0d-dd30-48df-bb0c-85b26b3ed983/1/a0E3yVcZ3jsGUeRK0Gg1Aa5n64g.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.240.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         38:99:2b:9f:59:ee:0d:8d:2c:44:c1:dd:2f:c0:7b:16:60:ab:
         0d:a7:3e:6e:05:f7:82:df:5b:b5:23:62:bb:7e:a6:09:db:a8:
         7b:2c:8b:7b:73:73:09:1b:86:07:0a:cb:4f:4b:40:8a:ac:a3:
         19:f1:51:ce:46:28:17:d6:bb:20:ca:3d:54:86:21:66:d1:f8:
         e5:85:69:23:4a:7b:35:f9:47:be:14:d4:3f:f9:08:05:f5:31:
         9a:9b:26:11:db:39:d8:57:0c:30:6a:62:03:b3:7b:98:d1:f0:
         5c:41:9b:47:d9:6b:1a:e8:93:14:80:e4:ec:da:b0:0b:ec:66:
         91:79:df:05:92:18:dc:47:a5:f8:59:48:5f:6a:1c:67:b3:66:
         55:8b:dc:ec:28:09:fc:5b:25:5c:7a:c2:a3:d7:b0:13:42:58:
         d5:ff:09:72:3f:6b:0e:29:50:e4:a7:b1:e1:97:4e:bd:a1:3d:
         cc:01:72:d6:1c:84:02:19:b8:8c:c5:fc:ff:69:69:7a:a7:12:
         bc:a1:4e:01:8f:e5:dd:4d:4d:7f:b0:9e:e5:f8:71:78:d5:7f:
         48:1a:dc:ae:40:44:69:45:e6:87:ee:b9:b6:d5:63:2f:81:c8:
         ae:cc:48:74:27:7b:03:b5:88:28:9f:6e:48:05:ed:d6:8b:92:
         08:27:17:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijdun3PySJ/DIrYWQwCvtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiNDEzN2M5NTcxOWRlM2IwNjUxZTQ0YWQwNjgzNTAxYWU2
N2ViODgwHhcNMjUwMTAxMTU0ODI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTM4ZDVmODEyOTYyNGIzZjA2MjkzMGY0NDQyOGQxNGZmZWRmMzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EBR2Zs+5QTLeTNB36gQjBSQzk68
YQQJvCT9l3MnzyUFbDZX4RhpErFjnIbmT792lf/i1/1DdlKGCPwetkItEGNyg9+e
EKCTLjgntTgFVVQNuDK/+N0aWmT+xnqTjtyxpS8DCk4hlaX1Jwb1ovpblIlgk+Xz
KGyCmYyX/ERBb1wpa8MtOnQOuySsa3TOaz9neZcVLLNDQ/Zs2mLfQbuPaqCfFOOo
dzYaQzPFsrFYogOKfECfG94BCa6zqIQyrK0id2l3vpgE1M82wZ6Yt1PUpRhv89TC
km6S1rJpCYhcqxTxoeEqABuq+/6+aXMAiOKPIX1K+TI/Fmztdp3tPLcu9wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBE41fgSliSz8GKTD0RCjRT/7fNeMB8GA1UdIwQY
MBaAFGtBN8lXGd47BlHkStBoNQGuZ+uIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTBFM3lWY1ozanNHVWVSSzBHZzFBYTVuNjRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9hYjdmMGQtZGQzMC00OGRmLWJiMGMt
ODViMjZiM2VkOTgzLzEvRVRqVi1CS1dKTFB3WXBNUFJFS05GUF90ODE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9hYjdmMGQtZGQzMC00OGRmLWJiMGMtODViMjZiM2VkOTgz
LzEvYTBFM3lWY1ozanNHVWVSSzBHZzFBYTVuNjRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufDWMA0G
CSqGSIb3DQEBCwUAA4IBAQA4mSufWe4NjSxEwd0vwHsWYKsNpz5uBfeC31u1I2K7
fqYJ26h7LIt7c3MJG4YHCstPS0CKrKMZ8VHORigX1rsgyj1UhiFm0fjlhWkjSns1
+Ue+FNQ/+QgF9TGamyYR2znYVwwwamIDs3uY0fBcQZtH2Wsa6JMUgOTs2rAL7GaR
ed8FkhjcR6X4WUhfahxns2ZVi9zsKAn8WyVcesKj17ATQljV/wlyP2sOKVDkp7Hh
l069oT3MAXLWHIQCGbiMxfz/aWl6pxK8oU4Bj+XdTU1/sJ7l+HF41X9IGtyuQERp
ReaH7rm21WMvgciuzEh0J3sDtYgon25IBe3Wi5IIJxcM
-----END CERTIFICATE-----