Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/be2903-3538-46ff-aae4-bd1d48d512ce/1/iuTZJrZ_xqcN--oZzppXYNl2GLY.roa
File:                     iuTZJrZ_xqcN--oZzppXYNl2GLY.roa (raw, json)
Hash identifier:          EaSRmqObnprgwhDFxETI2q5Xy3PnwGKEyMaUX8iySCI=
Subject key identifier:   8A:E4:D9:26:B6:7F:C6:A7:0D:FB:EA:19:CE:9A:57:60:D9:76:18:B6
Certificate issuer:       /CN=4127b0c0fe7c08935e258713fcf90fe958ee03ee
Certificate serial:       0194228D682124E7015875C9CC5C716D70A4
Authority key identifier: 41:27:B0:C0:FE:7C:08:93:5E:25:87:13:FC:F9:0F:E9:58:EE:03:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QSewwP58CJNeJYcT_PkP6VjuA-4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/be2903-3538-46ff-aae4-bd1d48d512ce/1/iuTZJrZ_xqcN--oZzppXYNl2GLY.roa
Signing time:             Wed 01 Jan 2025 15:48:00 +0000
ROA not before:           Wed 01 Jan 2025 15:48:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212850
IP address blocks:        185.120.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/be2903-3538-46ff-aae4-bd1d48d512ce/1/QSewwP58CJNeJYcT_PkP6VjuA-4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/be2903-3538-46ff-aae4-bd1d48d512ce/1/QSewwP58CJNeJYcT_PkP6VjuA-4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QSewwP58CJNeJYcT_PkP6VjuA-4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 03:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:68:21:24:e7:01:58:75:c9:cc:5c:71:6d:70:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4127b0c0fe7c08935e258713fcf90fe958ee03ee
        Validity
            Not Before: Jan  1 15:48:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8ae4d926b67fc6a70dfbea19ce9a5760d97618b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:fd:65:5e:88:53:e9:79:6a:05:6e:46:b5:d0:
                    e3:1f:9d:ee:e2:80:63:74:ac:2d:68:8d:ce:07:ea:
                    45:97:ee:73:93:53:8e:c6:ac:5d:18:93:14:1b:a9:
                    d1:db:11:f0:a3:ae:cd:82:6c:bd:88:4f:25:76:6a:
                    e3:6a:96:c7:9e:b1:b9:b2:33:ef:ba:48:1e:2a:48:
                    67:15:a2:a2:1b:c6:81:af:b2:e3:3f:05:59:46:ae:
                    67:5d:42:0c:d3:7a:cb:de:02:e9:e8:5c:f2:be:76:
                    a4:70:2e:b6:60:64:01:e0:72:d3:59:46:75:0c:bc:
                    77:cb:3c:9c:c3:e1:20:e1:ad:6b:28:a4:a7:24:a0:
                    fb:3e:fd:20:e0:07:25:25:b3:fa:e0:94:ff:c6:c9:
                    24:8f:1e:71:98:ac:8a:49:59:bd:55:24:c5:11:85:
                    05:e5:d8:a0:5c:20:64:fd:ef:99:8f:92:ae:fb:17:
                    94:e7:e9:b6:9f:91:be:56:9f:e0:1d:8a:1d:75:97:
                    84:84:36:0e:40:59:f9:ef:30:28:67:b4:b5:7b:b3:
                    34:bd:e1:43:31:3c:17:46:4d:8e:9a:59:dd:04:6a:
                    3c:ec:ce:ab:b0:95:65:62:df:b9:c6:03:24:bd:11:
                    37:a9:5a:ed:4c:3a:4f:7f:e4:6c:f0:d8:58:6b:3a:
                    55:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:E4:D9:26:B6:7F:C6:A7:0D:FB:EA:19:CE:9A:57:60:D9:76:18:B6
            X509v3 Authority Key Identifier:
                keyid:41:27:B0:C0:FE:7C:08:93:5E:25:87:13:FC:F9:0F:E9:58:EE:03:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QSewwP58CJNeJYcT_PkP6VjuA-4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/be2903-3538-46ff-aae4-bd1d48d512ce/1/iuTZJrZ_xqcN--oZzppXYNl2GLY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/be2903-3538-46ff-aae4-bd1d48d512ce/1/QSewwP58CJNeJYcT_PkP6VjuA-4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.120.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         70:87:16:62:bf:3f:86:92:3a:91:2d:6a:95:ef:20:2f:c1:d4:
         3f:f6:ed:8a:2a:68:c5:8e:c7:30:55:10:14:3a:dd:cf:88:79:
         97:b0:18:10:d2:84:f8:64:37:27:52:63:45:90:90:23:08:ab:
         bf:81:0f:b6:75:61:13:6f:ff:40:d2:37:06:54:52:c2:26:91:
         6b:0b:e5:97:97:62:b1:6d:92:29:ab:a3:a3:a8:02:f1:9e:7c:
         ca:ee:53:66:bc:6b:28:3b:c4:aa:13:de:1a:f5:e4:72:70:95:
         2d:cb:fe:9f:9d:15:13:6a:7c:f9:b2:64:1d:3b:f2:33:a9:26:
         32:aa:13:c8:72:0b:2b:b1:e1:ac:79:cb:d9:ab:66:79:ee:cb:
         f8:30:73:ac:95:89:29:35:4b:a5:0f:5c:5b:7d:c5:3b:dc:bd:
         06:66:f5:0c:98:f2:ba:a2:90:a6:9a:af:3e:3e:9e:53:6f:da:
         1b:c8:bb:76:b2:3e:88:24:43:e2:2d:a8:7b:e5:ae:98:ac:3a:
         9e:2c:e7:2c:83:44:f3:9b:05:09:7b:bf:f8:1e:f2:5d:9a:9d:
         ee:b3:5a:80:bc:a6:2e:b7:bf:c6:42:74:6f:83:43:59:4d:da:
         42:38:e3:b3:fd:b3:63:4d:66:c3:be:88:04:a9:0c:5d:ae:4c:
         b8:2e:58:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijWghJOcBWHXJzFxxbXCkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMjdiMGMwZmU3YzA4OTM1ZTI1ODcxM2ZjZjkwZmU5NThl
ZTAzZWUwHhcNMjUwMTAxMTU0ODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWU0ZDkyNmI2N2ZjNmE3MGRmYmVhMTljZTlhNTc2MGQ5NzYxOGI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApf1lXohT6XlqBW5GtdDjH53u4oBj
dKwtaI3OB+pFl+5zk1OOxqxdGJMUG6nR2xHwo67Ngmy9iE8ldmrjapbHnrG5sjPv
ukgeKkhnFaKiG8aBr7LjPwVZRq5nXUIM03rL3gLp6FzyvnakcC62YGQB4HLTWUZ1
DLx3yzycw+Eg4a1rKKSnJKD7Pv0g4AclJbP64JT/xskkjx5xmKyKSVm9VSTFEYUF
5digXCBk/e+Zj5Ku+xeU5+m2n5G+Vp/gHYoddZeEhDYOQFn57zAoZ7S1e7M0veFD
MTwXRk2OmlndBGo87M6rsJVlYt+5xgMkvRE3qVrtTDpPf+Rs8NhYazpVmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIrk2Sa2f8anDfvqGc6aV2DZdhi2MB8GA1UdIwQY
MBaAFEEnsMD+fAiTXiWHE/z5D+lY7gPuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVNld3dQNThDSk5lSlljVF9Qa1A2Vmp1QS00LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9iZTI5MDMtMzUzOC00NmZmLWFhZTQt
YmQxZDQ4ZDUxMmNlLzEvaXVUWkpyWl94cWNOLS1vWnpwcFhZTmwyR0xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9iZTI5MDMtMzUzOC00NmZmLWFhZTQtYmQxZDQ4ZDUxMmNl
LzEvUVNld3dQNThDSk5lSlljVF9Qa1A2Vmp1QS00LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXiMMA0G
CSqGSIb3DQEBCwUAA4IBAQBwhxZivz+GkjqRLWqV7yAvwdQ/9u2KKmjFjscwVRAU
Ot3PiHmXsBgQ0oT4ZDcnUmNFkJAjCKu/gQ+2dWETb/9A0jcGVFLCJpFrC+WXl2Kx
bZIpq6OjqALxnnzK7lNmvGsoO8SqE94a9eRycJUty/6fnRUTanz5smQdO/IzqSYy
qhPIcgsrseGsecvZq2Z57sv4MHOslYkpNUulD1xbfcU73L0GZvUMmPK6opCmmq8+
Pp5Tb9obyLt2sj6IJEPiLah75a6YrDqeLOcsg0TzmwUJe7/4HvJdmp3us1qAvKYu
t7/GQnRvg0NZTdpCOOOz/bNjTWbDvogEqQxdrky4LlhL
-----END CERTIFICATE-----