Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/iXWiAu38fSPYWYABMk3KTWR8J94.roa
File:                     iXWiAu38fSPYWYABMk3KTWR8J94.roa (raw, json)
Hash identifier:          PeV/ss1h89xDLD9aBvw1HJFSN2Rx7428f2qqc6I2rMA=
Subject key identifier:   89:75:A2:02:ED:FC:7D:23:D8:59:80:01:32:4D:CA:4D:64:7C:27:DE
Certificate issuer:       /CN=ed800950a31dcdacaac56adb936a42beb845e24b
Certificate serial:       01941FFA39764F4860A55C714C21828BF32E
Authority key identifier: ED:80:09:50:A3:1D:CD:AC:AA:C5:6A:DB:93:6A:42:BE:B8:45:E2:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/iXWiAu38fSPYWYABMk3KTWR8J94.roa
Signing time:             Wed 01 Jan 2025 03:47:59 +0000
ROA not before:           Wed 01 Jan 2025 03:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60781
IP address blocks:        185.221.218.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 10:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:39:76:4f:48:60:a5:5c:71:4c:21:82:8b:f3:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed800950a31dcdacaac56adb936a42beb845e24b
        Validity
            Not Before: Jan  1 03:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8975a202edfc7d23d8598001324dca4d647c27de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:53:22:08:ea:0f:65:0f:59:2f:11:7f:ea:51:
                    85:52:07:a5:9b:36:75:b2:e7:3e:e9:09:d7:3e:e5:
                    68:b8:04:7f:66:df:3c:ce:45:b8:75:71:16:61:8b:
                    9b:9f:ec:e3:3b:f6:fa:b0:87:e5:d6:5d:40:9a:2a:
                    dc:f0:57:ba:19:32:4a:b0:18:ed:c8:3c:dc:44:f1:
                    a2:b8:9e:aa:1c:8f:53:c2:6b:2d:11:33:1a:b0:1b:
                    eb:56:2c:d0:fe:4d:9a:d5:16:5c:a1:ce:4d:cc:42:
                    6d:22:55:2d:9e:84:6e:b5:85:d7:3d:f8:0d:b9:64:
                    e2:42:70:fa:67:e3:c6:92:dc:09:4f:95:b0:a7:7d:
                    8f:38:5f:a1:54:27:6e:32:9e:1a:95:c5:88:83:1f:
                    10:a1:2a:ab:be:8e:c1:e1:17:23:3c:58:d1:10:db:
                    30:e1:bf:e7:a0:53:e7:87:58:c2:6d:fb:53:33:5b:
                    c6:67:13:83:51:82:c1:08:62:5e:a9:8f:2c:67:45:
                    3b:3b:67:f3:73:80:3a:88:87:f4:47:5e:4b:70:5c:
                    7f:05:55:cc:48:bd:e9:a9:6b:5b:19:c9:de:bc:5f:
                    c2:5b:8c:b4:c7:64:f2:51:06:4a:00:96:bf:f1:16:
                    ce:9e:45:7a:9a:c0:a4:54:c1:62:fb:cf:6c:a5:a9:
                    69:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:75:A2:02:ED:FC:7D:23:D8:59:80:01:32:4D:CA:4D:64:7C:27:DE
            X509v3 Authority Key Identifier:
                keyid:ED:80:09:50:A3:1D:CD:AC:AA:C5:6A:DB:93:6A:42:BE:B8:45:E2:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7YAJUKMdzayqxWrbk2pCvrhF4ks.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/iXWiAu38fSPYWYABMk3KTWR8J94.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/98/8a6f72-c822-451f-a5c5-a7fd6c8e70fd/1/7YAJUKMdzayqxWrbk2pCvrhF4ks.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.218.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4b:44:25:cc:ba:d6:a5:39:06:90:3c:b7:f2:be:f9:b7:ce:7f:
         19:10:52:71:b7:a6:04:37:21:1b:fc:ef:81:fe:ed:19:69:83:
         b0:6e:0d:8a:90:c7:09:ef:13:5c:87:e4:7e:12:b4:e1:db:27:
         6b:e3:70:43:04:f6:19:0b:96:fb:e2:11:3b:79:9f:3c:66:4d:
         e8:a3:22:b9:54:74:17:f2:08:b1:90:a2:d9:3e:c2:b2:9c:9d:
         92:21:53:ef:01:a9:76:f8:50:0e:ff:95:a4:30:d9:80:f2:e8:
         70:28:2e:60:d4:60:66:69:81:31:af:72:04:08:e8:9e:12:2d:
         6f:79:09:33:8c:05:07:b0:09:0d:73:70:84:10:22:b2:63:b6:
         53:9c:d4:e3:cb:6d:5a:b8:37:e0:28:ff:7b:07:dd:44:83:92:
         d1:39:d8:75:fb:de:00:00:eb:85:ae:45:d8:9e:8d:72:45:3f:
         e3:1c:32:fa:98:3f:21:70:b1:d2:1a:07:6e:b9:19:c8:3c:fb:
         ad:0c:dd:57:f0:b8:c7:76:d2:60:c4:2e:05:79:58:e7:93:e2:
         f3:8e:c5:19:f6:ca:2e:31:c2:06:0a:3f:c7:51:8d:46:46:5d:
         14:f6:56:9c:61:f0:54:31:ba:df:3b:a3:09:c8:50:c7:33:9e:
         8c:79:4d:01
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+jl2T0hgpVxxTCGCi/MuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkODAwOTUwYTMxZGNkYWNhYWM1NmFkYjkzNmE0MmJlYjg0
NWUyNGIwHhcNMjUwMTAxMDM0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTc1YTIwMmVkZmM3ZDIzZDg1OTgwMDEzMjRkY2E0ZDY0N2MyN2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFMiCOoPZQ9ZLxF/6lGFUgelmzZ1
suc+6QnXPuVouAR/Zt88zkW4dXEWYYubn+zjO/b6sIfl1l1Amirc8Fe6GTJKsBjt
yDzcRPGiuJ6qHI9TwmstETMasBvrVizQ/k2a1RZcoc5NzEJtIlUtnoRutYXXPfgN
uWTiQnD6Z+PGktwJT5Wwp32POF+hVCduMp4alcWIgx8QoSqrvo7B4RcjPFjRENsw
4b/noFPnh1jCbftTM1vGZxODUYLBCGJeqY8sZ0U7O2fzc4A6iIf0R15LcFx/BVXM
SL3pqWtbGcnevF/CW4y0x2TyUQZKAJa/8RbOnkV6msCkVMFi+89spalp9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIl1ogLt/H0j2FmAATJNyk1kfCfeMB8GA1UdIwQY
MBaAFO2ACVCjHc2sqsVq25NqQr64ReJLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1lBSlVLTWR6YXlxeFdyYmsycEN2cmhGNGtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC84YTZmNzItYzgyMi00NTFmLWE1YzUt
YTdmZDZjOGU3MGZkLzEvaVhXaUF1MzhmU1BZV1lBQk1rM0tUV1I4Sjk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC84YTZmNzItYzgyMi00NTFmLWE1YzUtYTdmZDZjOGU3MGZk
LzEvN1lBSlVLTWR6YXlxeFdyYmsycEN2cmhGNGtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud3aMA0G
CSqGSIb3DQEBCwUAA4IBAQBLRCXMutalOQaQPLfyvvm3zn8ZEFJxt6YENyEb/O+B
/u0ZaYOwbg2KkMcJ7xNch+R+ErTh2ydr43BDBPYZC5b74hE7eZ88Zk3ooyK5VHQX
8gixkKLZPsKynJ2SIVPvAal2+FAO/5WkMNmA8uhwKC5g1GBmaYExr3IECOieEi1v
eQkzjAUHsAkNc3CEECKyY7ZTnNTjy21auDfgKP97B91Eg5LROdh1+94AAOuFrkXY
no1yRT/jHDL6mD8hcLHSGgduuRnIPPutDN1X8LjHdtJgxC4FeVjnk+LzjsUZ9sou
McIGCj/HUY1GRl0U9lacYfBUMbrfO6MJyFDHM56MeU0B
-----END CERTIFICATE-----