Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/Z2fOpxeOdQMYHdkDGfltSVuJwJQ.roa
File:                     Z2fOpxeOdQMYHdkDGfltSVuJwJQ.roa (raw, json)
Hash identifier:          cNSmYsaFbWz1KHK5w6io+60UGsIvpGDu7K4HhPw9GkE=
Subject key identifier:   67:67:CE:A7:17:8E:75:03:18:1D:D9:03:19:F9:6D:49:5B:89:C0:94
Certificate issuer:       /CN=ed800950a31dcdacaac56adb936a42beb845e24b
Certificate serial:       01941FFA390B6F9F1D48856FBCD31CD96A8B
Authority key identifier: ED:80:09:50:A3:1D:CD:AC:AA:C5:6A:DB:93:6A:42:BE:B8:45:E2:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/Z2fOpxeOdQMYHdkDGfltSVuJwJQ.roa
Signing time:             Wed 01 Jan 2025 03:47:59 +0000
ROA not before:           Wed 01 Jan 2025 03:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1239
IP address blocks:        185.221.217.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 21:01:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:39:0b:6f:9f:1d:48:85:6f:bc:d3:1c:d9:6a:8b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed800950a31dcdacaac56adb936a42beb845e24b
        Validity
            Not Before: Jan  1 03:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6767cea7178e7503181dd90319f96d495b89c094
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:5a:66:dc:a0:c4:b8:b5:0d:75:38:ae:eb:99:
                    db:ec:ba:72:38:36:95:eb:69:69:c7:f1:4a:f2:9d:
                    d0:4d:2a:f0:8b:1c:8e:0d:69:ac:b8:ff:a4:37:ac:
                    f9:f3:32:56:21:c1:3c:e0:e4:03:74:30:3f:88:e0:
                    21:dd:ed:d6:7e:b4:eb:d0:b5:64:bf:2b:f7:8e:76:
                    22:75:31:6e:ca:d2:f8:4d:1a:36:f4:bb:17:95:6b:
                    ec:45:38:cb:28:74:05:1b:8b:3b:2e:32:66:69:4c:
                    12:c9:f5:60:b5:c7:f3:c1:8e:9a:53:04:99:1b:83:
                    89:64:e4:04:b3:d8:0c:dc:11:1f:fd:97:85:4d:94:
                    b6:b0:30:ab:79:6c:3f:36:03:f9:47:88:92:71:e6:
                    cb:51:1d:da:28:77:e4:1a:ac:50:e1:80:23:5c:3e:
                    b6:ac:d9:2e:d7:74:a6:86:e6:3c:54:84:9f:c9:cc:
                    ac:05:98:e4:75:61:a8:cc:c3:12:5c:c3:7d:c1:fa:
                    4c:63:bf:1c:b9:0b:af:4d:52:b6:66:5e:a4:bd:6e:
                    c5:1a:b3:00:60:d0:ab:bb:19:c0:e6:38:c0:d3:b3:
                    f4:ec:fc:39:97:71:af:b9:81:60:43:ae:29:02:7b:
                    39:5a:89:b4:77:fb:cc:09:02:45:83:bd:30:ea:58:
                    f5:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:67:CE:A7:17:8E:75:03:18:1D:D9:03:19:F9:6D:49:5B:89:C0:94
            X509v3 Authority Key Identifier:
                keyid:ED:80:09:50:A3:1D:CD:AC:AA:C5:6A:DB:93:6A:42:BE:B8:45:E2:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/Z2fOpxeOdQMYHdkDGfltSVuJwJQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.217.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:bd:5f:28:30:60:60:6b:8f:4c:c8:33:2d:dd:90:28:e4:1d:
         24:d7:ee:2e:e7:b9:01:b6:8a:f4:22:5e:dc:b1:7a:ab:92:df:
         a4:96:13:ad:a6:c7:e8:a8:09:18:d7:ad:ff:94:1f:40:b3:33:
         ab:14:0f:c5:55:b8:1b:d9:bc:ec:7b:d8:ae:16:88:7e:a5:ca:
         28:0a:4e:15:98:a5:4b:84:0b:97:28:4b:fe:a4:90:5d:23:9e:
         da:6c:01:5e:8f:18:da:d8:dd:eb:44:0b:c2:53:d1:6c:8a:a8:
         bb:ad:41:67:42:56:8b:2c:57:8c:18:7e:57:96:8d:d7:b9:fc:
         b2:1a:99:e8:d4:d8:cd:e4:a4:73:f0:ef:02:6d:0c:8c:01:de:
         7c:d6:7f:99:81:34:89:d9:43:2c:cc:b5:4b:e9:b7:d5:de:a0:
         d0:68:1c:e5:2d:d6:8b:be:ad:b0:37:6a:b0:b0:46:ec:01:73:
         7b:f9:77:70:2d:be:19:9f:00:a8:95:10:f8:fe:dc:f0:be:16:
         a0:e1:c7:95:26:55:24:74:85:53:ec:10:19:b5:c5:6e:1d:b1:
         8e:d4:6f:ed:2f:31:eb:a0:0d:34:96:e2:db:43:36:36:76:f1:
         eb:91:87:aa:23:4a:be:b9:03:e6:5f:cf:36:42:ff:c9:71:e2:
         4d:9c:b7:e9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+jkLb58dSIVvvNMc2WqLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkODAwOTUwYTMxZGNkYWNhYWM1NmFkYjkzNmE0MmJlYjg0
NWUyNGIwHhcNMjUwMTAxMDM0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzY3Y2VhNzE3OGU3NTAzMTgxZGQ5MDMxOWY5NmQ0OTViODljMDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuFpm3KDEuLUNdTiu65nb7LpyODaV
62lpx/FK8p3QTSrwixyODWmsuP+kN6z58zJWIcE84OQDdDA/iOAh3e3WfrTr0LVk
vyv3jnYidTFuytL4TRo29LsXlWvsRTjLKHQFG4s7LjJmaUwSyfVgtcfzwY6aUwSZ
G4OJZOQEs9gM3BEf/ZeFTZS2sDCreWw/NgP5R4iScebLUR3aKHfkGqxQ4YAjXD62
rNku13SmhuY8VISfycysBZjkdWGozMMSXMN9wfpMY78cuQuvTVK2Zl6kvW7FGrMA
YNCruxnA5jjA07P07Pw5l3GvuYFgQ64pAns5Wom0d/vMCQJFg70w6lj1sQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGdnzqcXjnUDGB3ZAxn5bUlbicCUMB8GA1UdIwQY
MBaAFO2ACVCjHc2sqsVq25NqQr64ReJLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1lBSlVLTWR6YXlxeFdyYmsycEN2cmhGNGtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC84YTZmNzItYzgyMi00NTFmLWE1YzUt
YTdmZDZjOGU3MGZkLzEvWjJmT3B4ZU9kUU1ZSGRrREdmbHRTVnVKd0pRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC84YTZmNzItYzgyMi00NTFmLWE1YzUtYTdmZDZjOGU3MGZk
LzEvN1lBSlVLTWR6YXlxeFdyYmsycEN2cmhGNGtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud3ZMA0G
CSqGSIb3DQEBCwUAA4IBAQATvV8oMGBga49MyDMt3ZAo5B0k1+4u57kBtor0Il7c
sXqrkt+klhOtpsfoqAkY163/lB9AszOrFA/FVbgb2bzse9iuFoh+pcooCk4VmKVL
hAuXKEv+pJBdI57abAFejxja2N3rRAvCU9Fsiqi7rUFnQlaLLFeMGH5Xlo3Xufyy
Gpno1NjN5KRz8O8CbQyMAd581n+ZgTSJ2UMszLVL6bfV3qDQaBzlLdaLvq2wN2qw
sEbsAXN7+XdwLb4ZnwColRD4/tzwvhag4ceVJlUkdIVT7BAZtcVuHbGO1G/tLzHr
oA00luLbQzY2dvHrkYeqI0q+uQPmX882Qv/JceJNnLfp
-----END CERTIFICATE-----