Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/6h2yqqYWrRghoIoxZYGFzpWfew0.roa
File:                     6h2yqqYWrRghoIoxZYGFzpWfew0.roa (raw, json)
Hash identifier:          U+lnqoe9GQk5UXj86Etet1S1TemuykTuT7gj4NeX2wA=
Subject key identifier:   EA:1D:B2:AA:A6:16:AD:18:21:A0:8A:31:65:81:85:CE:95:9F:7B:0D
Certificate issuer:       /CN=ed800950a31dcdacaac56adb936a42beb845e24b
Certificate serial:       01941FFA3852142B727A7FEB819308FA9291
Authority key identifier: ED:80:09:50:A3:1D:CD:AC:AA:C5:6A:DB:93:6A:42:BE:B8:45:E2:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/6h2yqqYWrRghoIoxZYGFzpWfew0.roa
Signing time:             Wed 01 Jan 2025 03:47:59 +0000
ROA not before:           Wed 01 Jan 2025 03:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        185.221.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:38:52:14:2b:72:7a:7f:eb:81:93:08:fa:92:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed800950a31dcdacaac56adb936a42beb845e24b
        Validity
            Not Before: Jan  1 03:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ea1db2aaa616ad1821a08a31658185ce959f7b0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:71:f1:88:09:fb:fb:af:69:1e:a8:f1:c6:8e:
                    d3:aa:d2:af:82:e7:36:7d:b2:96:d0:2d:f4:67:0a:
                    44:8c:6a:a6:21:38:a3:4f:37:42:67:ac:9e:4c:7c:
                    30:c1:55:23:ab:ec:cd:29:a4:1f:c1:7f:3a:07:f7:
                    ee:be:92:90:f2:ec:06:d2:20:80:34:9b:90:08:4b:
                    8f:4f:48:32:b0:69:04:30:0e:94:07:56:61:e8:b5:
                    7f:b7:d9:81:1f:f9:9b:a5:fa:60:1d:11:13:26:f7:
                    7b:92:0c:47:4c:05:e4:04:65:95:63:fd:6e:c2:cc:
                    f0:3c:f9:bb:26:07:bf:21:c3:39:57:67:38:05:7d:
                    9c:23:10:e1:ac:3b:62:a4:87:21:ab:71:fa:4e:51:
                    89:44:3a:23:5a:29:ca:1d:b8:c9:2a:9b:58:ea:db:
                    2b:46:20:5c:2a:ff:bc:da:d3:39:1a:17:0e:8c:55:
                    c8:f3:27:2d:bb:e0:09:24:5c:9a:23:87:d0:4e:93:
                    bf:39:c8:4e:65:27:d3:d6:92:1c:4c:05:d4:03:e2:
                    d7:26:94:55:8e:ed:b9:52:d2:9c:e4:7d:06:2b:69:
                    5b:7c:d7:a6:b3:61:56:7f:63:38:fb:a9:6c:75:75:
                    23:ef:07:44:1d:1e:84:9d:5d:43:96:1c:50:ba:7b:
                    0b:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:1D:B2:AA:A6:16:AD:18:21:A0:8A:31:65:81:85:CE:95:9F:7B:0D
            X509v3 Authority Key Identifier:
                keyid:ED:80:09:50:A3:1D:CD:AC:AA:C5:6A:DB:93:6A:42:BE:B8:45:E2:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/6h2yqqYWrRghoIoxZYGFzpWfew0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:f4:03:02:54:d7:65:68:0b:2d:be:72:60:b8:94:ff:e1:e1:
         64:dc:20:4a:2a:2a:e3:23:c9:7d:a2:4f:92:1e:e9:7e:c3:f4:
         7f:63:92:96:6b:52:17:ce:fa:6a:f6:9d:be:8a:f7:c3:09:05:
         1a:45:1a:aa:38:3e:43:fb:72:5a:78:04:6e:50:d9:ce:9c:6d:
         01:53:09:29:68:f1:88:5a:2e:e9:9d:5d:bf:8a:3a:dc:8d:73:
         67:ae:fb:4f:8a:97:09:0f:e0:5e:89:ca:78:0a:19:f4:c0:0c:
         2b:99:f3:2a:69:b8:4e:02:79:cc:16:db:7b:4f:95:b0:7a:d9:
         23:bb:84:b8:8a:10:64:64:50:d5:71:31:97:df:d9:d8:f5:91:
         6f:17:ce:8b:93:8a:0c:19:8a:45:54:9e:cd:d3:60:e0:8e:99:
         24:58:29:d7:da:d2:ce:5d:85:d8:bb:16:8a:25:48:3a:e1:f8:
         29:9c:8d:71:7b:87:42:75:19:b1:5d:77:f3:c1:00:a7:41:ef:
         b4:fe:d9:20:7e:c3:ce:f9:62:fa:bb:de:8e:42:cf:fd:e9:60:
         d9:1b:23:03:6c:fd:af:3a:9f:f8:29:00:35:1c:f5:b8:86:83:
         e6:f7:24:47:e8:fd:57:f4:82:4e:e8:d4:6b:3a:2e:c7:c9:48:
         e3:58:41:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+jhSFCtyen/rgZMI+pKRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkODAwOTUwYTMxZGNkYWNhYWM1NmFkYjkzNmE0MmJlYjg0
NWUyNGIwHhcNMjUwMTAxMDM0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTFkYjJhYWE2MTZhZDE4MjFhMDhhMzE2NTgxODVjZTk1OWY3YjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoHHxiAn7+69pHqjxxo7TqtKvguc2
fbKW0C30ZwpEjGqmITijTzdCZ6yeTHwwwVUjq+zNKaQfwX86B/fuvpKQ8uwG0iCA
NJuQCEuPT0gysGkEMA6UB1Zh6LV/t9mBH/mbpfpgHRETJvd7kgxHTAXkBGWVY/1u
wszwPPm7Jge/IcM5V2c4BX2cIxDhrDtipIchq3H6TlGJRDojWinKHbjJKptY6tsr
RiBcKv+82tM5GhcOjFXI8yctu+AJJFyaI4fQTpO/OchOZSfT1pIcTAXUA+LXJpRV
ju25UtKc5H0GK2lbfNems2FWf2M4+6lsdXUj7wdEHR6EnV1DlhxQunsLywIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOodsqqmFq0YIaCKMWWBhc6Vn3sNMB8GA1UdIwQY
MBaAFO2ACVCjHc2sqsVq25NqQr64ReJLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1lBSlVLTWR6YXlxeFdyYmsycEN2cmhGNGtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC84YTZmNzItYzgyMi00NTFmLWE1YzUt
YTdmZDZjOGU3MGZkLzEvNmgyeXFxWVdyUmdob0lveFpZR0Z6cFdmZXcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC84YTZmNzItYzgyMi00NTFmLWE1YzUtYTdmZDZjOGU3MGZk
LzEvN1lBSlVLTWR6YXlxeFdyYmsycEN2cmhGNGtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud3ZMA0G
CSqGSIb3DQEBCwUAA4IBAQBP9AMCVNdlaAstvnJguJT/4eFk3CBKKirjI8l9ok+S
Hul+w/R/Y5KWa1IXzvpq9p2+ivfDCQUaRRqqOD5D+3JaeARuUNnOnG0BUwkpaPGI
Wi7pnV2/ijrcjXNnrvtPipcJD+Beicp4Chn0wAwrmfMqabhOAnnMFtt7T5Wwetkj
u4S4ihBkZFDVcTGX39nY9ZFvF86Lk4oMGYpFVJ7N02DgjpkkWCnX2tLOXYXYuxaK
JUg64fgpnI1xe4dCdRmxXXfzwQCnQe+0/tkgfsPO+WL6u96OQs/96WDZGyMDbP2v
Op/4KQA1HPW4hoPm9yRH6P1X9IJO6NRrOi7HyUjjWEHS
-----END CERTIFICATE-----