Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/EXx4otQ9wEKxlGQE9Ljf5VFh44M.roa
File:                     EXx4otQ9wEKxlGQE9Ljf5VFh44M.roa (raw, json)
Hash identifier:          0fk02nAFtzvrv7AaNHLjiagOPLyu3rzzcmp2AUlOxAA=
Subject key identifier:   11:7C:78:A2:D4:3D:C0:42:B1:94:64:04:F4:B8:DF:E5:51:61:E3:83
Certificate issuer:       /CN=ed800950a31dcdacaac56adb936a42beb845e24b
Certificate serial:       018FDD7A8EB86FE38274D9DA075093833693
Authority key identifier: ED:80:09:50:A3:1D:CD:AC:AA:C5:6A:DB:93:6A:42:BE:B8:45:E2:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/EXx4otQ9wEKxlGQE9Ljf5VFh44M.roa
Signing time:             Mon 03 Jun 2024 09:42:27 +0000
ROA not before:           Mon 03 Jun 2024 09:42:27 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     1239
IP address blocks:        185.221.217.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Oct 2024 14:44:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:dd:7a:8e:b8:6f:e3:82:74:d9:da:07:50:93:83:36:93
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed800950a31dcdacaac56adb936a42beb845e24b
        Validity
            Not Before: Jun  3 09:42:27 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=117c78a2d43dc042b1946404f4b8dfe55161e383
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:8b:fd:1e:b5:b5:86:fa:d9:37:56:3e:04:17:
                    26:84:4b:a1:45:44:b5:c1:b7:d0:96:d7:cd:79:f8:
                    84:de:4b:96:05:5e:5f:eb:fa:3e:f1:39:d0:74:61:
                    24:6c:8a:a7:ae:56:40:82:35:2e:2a:9c:cc:c8:0c:
                    59:bf:66:e4:ab:00:09:03:26:f0:e3:80:97:b7:12:
                    a8:dc:7f:28:bd:07:67:93:c4:b5:0b:a1:be:06:67:
                    23:e7:c5:b1:63:73:5c:c4:f0:96:81:f1:b2:12:6f:
                    01:5e:91:6e:94:e1:62:ca:64:6a:8a:1c:57:fa:69:
                    b0:b3:bb:c9:2c:2d:49:22:fb:08:52:98:08:d4:77:
                    7d:b7:ff:c8:72:bc:06:1d:63:ec:fc:c1:e2:f1:94:
                    9d:7b:61:db:61:9d:00:7b:57:cc:b3:f8:9f:3b:16:
                    39:47:e9:73:87:8d:23:4a:c9:13:b0:a0:83:ce:11:
                    27:69:82:2e:14:93:bb:86:de:ca:cb:9d:67:48:bf:
                    be:97:93:f7:db:0f:b6:e6:a5:85:e2:cf:3e:d9:f7:
                    fc:d1:41:29:54:f4:c3:07:50:79:af:0b:ec:47:72:
                    8d:51:8d:e6:1a:f5:4d:41:54:a0:ce:31:8b:18:49:
                    a9:fe:1d:90:9d:61:00:98:84:37:0a:c4:b7:34:38:
                    b1:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:7C:78:A2:D4:3D:C0:42:B1:94:64:04:F4:B8:DF:E5:51:61:E3:83
            X509v3 Authority Key Identifier:
                keyid:ED:80:09:50:A3:1D:CD:AC:AA:C5:6A:DB:93:6A:42:BE:B8:45:E2:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/EXx4otQ9wEKxlGQE9Ljf5VFh44M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:70:c5:11:31:38:86:6e:7e:48:8a:69:51:fc:fb:36:34:e7:
         1a:dd:a4:69:b1:66:d3:03:ca:3e:12:c0:5f:81:59:47:f6:3c:
         1c:e2:8e:aa:5a:dd:33:aa:e8:f0:32:b9:03:72:4e:a7:12:48:
         87:5b:ae:32:96:11:4e:fe:6f:2b:30:07:f0:1a:e5:b5:a8:c9:
         70:54:8e:04:b8:65:48:36:14:b1:ed:ee:ef:04:9d:48:5a:a4:
         3d:2e:78:a9:e2:05:b7:ed:b6:aa:0c:03:b7:e2:0a:20:81:ea:
         58:c5:c2:ec:35:30:69:a3:af:e8:e6:ba:96:09:0b:c9:e7:6b:
         d0:6c:4a:f0:c4:5b:c0:1f:52:60:43:b8:db:29:cf:c8:97:4c:
         ac:6d:ab:a7:d5:bb:a8:88:aa:d7:34:12:9c:c6:1c:51:c4:fd:
         a5:7e:c3:dd:95:e0:b3:c5:10:e1:02:1f:13:01:86:77:ff:cd:
         7c:31:89:8e:22:0f:24:c3:bf:1e:c9:cf:54:ff:55:0c:bc:91:
         17:11:d4:1f:a7:1c:82:fe:49:aa:da:c2:d1:69:90:d6:67:7a:
         c4:5d:2a:f8:65:b2:ff:7f:58:bf:9c:69:65:05:a7:90:40:b2:
         3e:db:90:05:e3:64:58:4a:4f:03:f9:e1:b8:c8:1a:bb:4d:34:
         a9:18:34:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY/deo64b+OCdNnaB1CTgzaTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkODAwOTUwYTMxZGNkYWNhYWM1NmFkYjkzNmE0MmJlYjg0
NWUyNGIwHhcNMjQwNjAzMDk0MjI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTdjNzhhMmQ0M2RjMDQyYjE5NDY0MDRmNGI4ZGZlNTUxNjFlMzgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyYv9HrW1hvrZN1Y+BBcmhEuhRUS1
wbfQltfNefiE3kuWBV5f6/o+8TnQdGEkbIqnrlZAgjUuKpzMyAxZv2bkqwAJAybw
44CXtxKo3H8ovQdnk8S1C6G+Bmcj58WxY3NcxPCWgfGyEm8BXpFulOFiymRqihxX
+mmws7vJLC1JIvsIUpgI1Hd9t//IcrwGHWPs/MHi8ZSde2HbYZ0Ae1fMs/ifOxY5
R+lzh40jSskTsKCDzhEnaYIuFJO7ht7Ky51nSL++l5P32w+25qWF4s8+2ff80UEp
VPTDB1B5rwvsR3KNUY3mGvVNQVSgzjGLGEmp/h2QnWEAmIQ3CsS3NDixdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBF8eKLUPcBCsZRkBPS43+VRYeODMB8GA1UdIwQY
MBaAFO2ACVCjHc2sqsVq25NqQr64ReJLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1lBSlVLTWR6YXlxeFdyYmsycEN2cmhGNGtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC84YTZmNzItYzgyMi00NTFmLWE1YzUt
YTdmZDZjOGU3MGZkLzEvRVh4NG90UTl3RUt4bEdRRTlMamY1VkZoNDRNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC84YTZmNzItYzgyMi00NTFmLWE1YzUtYTdmZDZjOGU3MGZk
LzEvN1lBSlVLTWR6YXlxeFdyYmsycEN2cmhGNGtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud3ZMA0G
CSqGSIb3DQEBCwUAA4IBAQBycMURMTiGbn5IimlR/Ps2NOca3aRpsWbTA8o+EsBf
gVlH9jwc4o6qWt0zqujwMrkDck6nEkiHW64ylhFO/m8rMAfwGuW1qMlwVI4EuGVI
NhSx7e7vBJ1IWqQ9Lnip4gW37baqDAO34goggepYxcLsNTBpo6/o5rqWCQvJ52vQ
bErwxFvAH1JgQ7jbKc/Il0ysbaun1buoiKrXNBKcxhxRxP2lfsPdleCzxRDhAh8T
AYZ3/818MYmOIg8kw78eyc9U/1UMvJEXEdQfpxyC/kmq2sLRaZDWZ3rEXSr4ZbL/
f1i/nGllBaeQQLI+25AF42RYSk8D+eG4yBq7TTSpGDSB
-----END CERTIFICATE-----