Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/506b38-76ec-472e-a94b-87034f9fce61/1/EmLYbat0-CjjrryGAbAlQnrrrrQ.roa
File:                     EmLYbat0-CjjrryGAbAlQnrrrrQ.roa (raw, json)
Hash identifier:          8A9ahdOL6eJIIDSIKOF59+Qm0B8lNaZhUtGUWL64Trk=
Subject key identifier:   12:62:D8:6D:AB:74:F8:28:E3:AE:BC:86:01:B0:25:42:7A:EB:AE:B4
Certificate issuer:       /CN=1ffa7f772b323b24dbe69d3f3acf755e69d601cd
Certificate serial:       019427B63422357BBDDE2390B60F22D0D7D3
Authority key identifier: 1F:FA:7F:77:2B:32:3B:24:DB:E6:9D:3F:3A:CF:75:5E:69:D6:01:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/H_p_dysyOyTb5p0_Os91XmnWAc0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a7/506b38-76ec-472e-a94b-87034f9fce61/1/EmLYbat0-CjjrryGAbAlQnrrrrQ.roa
Signing time:             Thu 02 Jan 2025 15:50:39 +0000
ROA not before:           Thu 02 Jan 2025 15:50:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202936
IP address blocks:        185.148.64.0/22 maxlen: 23
                          185.241.232.0/22 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a7/506b38-76ec-472e-a94b-87034f9fce61/1/H_p_dysyOyTb5p0_Os91XmnWAc0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a7/506b38-76ec-472e-a94b-87034f9fce61/1/H_p_dysyOyTb5p0_Os91XmnWAc0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/H_p_dysyOyTb5p0_Os91XmnWAc0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 21:00:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:34:22:35:7b:bd:de:23:90:b6:0f:22:d0:d7:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1ffa7f772b323b24dbe69d3f3acf755e69d601cd
        Validity
            Not Before: Jan  2 15:50:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1262d86dab74f828e3aebc8601b025427aebaeb4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:89:de:88:d7:d3:30:8b:1a:a5:ec:a1:18:57:63:
                    9d:c1:65:de:cf:bf:c6:07:41:8e:3a:4c:01:c3:9a:
                    ac:73:40:28:a5:8f:61:b2:f8:00:90:4a:3d:b3:22:
                    be:02:f7:6d:e7:56:c8:cb:ea:47:0e:47:ac:8b:72:
                    a3:89:f4:02:bf:b1:21:2d:d5:06:0e:e3:4e:86:14:
                    65:37:07:61:62:7d:a8:b5:5d:cf:3f:1d:18:9c:ae:
                    50:e2:98:44:27:6e:49:0f:eb:56:ce:f3:07:2b:a0:
                    f9:f6:c5:42:51:b8:e4:ef:30:a6:11:d9:31:2d:2c:
                    77:da:79:94:f0:dc:ae:ab:d2:5b:aa:35:23:60:02:
                    28:c7:95:77:85:97:f3:3a:b2:0e:4f:ec:28:8a:06:
                    4b:81:d7:3b:db:34:63:cd:2f:98:0b:a2:0d:02:86:
                    7e:ad:61:f3:b4:4a:bc:35:ee:ab:85:22:cd:7b:89:
                    96:a8:e7:b8:a2:2d:f0:73:64:66:dd:06:26:c9:4b:
                    d3:87:b5:5d:e1:ba:7b:e1:34:a2:b7:ca:29:a1:a6:
                    53:ad:a2:de:35:0d:05:a5:38:df:84:80:0b:76:5d:
                    9c:51:39:7d:65:90:9f:9f:e5:74:f7:20:f6:0c:3b:
                    ad:9c:35:5a:ce:d4:a7:20:8b:00:e7:a1:f1:19:14:
                    bf:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:62:D8:6D:AB:74:F8:28:E3:AE:BC:86:01:B0:25:42:7A:EB:AE:B4
            X509v3 Authority Key Identifier:
                keyid:1F:FA:7F:77:2B:32:3B:24:DB:E6:9D:3F:3A:CF:75:5E:69:D6:01:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H_p_dysyOyTb5p0_Os91XmnWAc0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/506b38-76ec-472e-a94b-87034f9fce61/1/EmLYbat0-CjjrryGAbAlQnrrrrQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/506b38-76ec-472e-a94b-87034f9fce61/1/H_p_dysyOyTb5p0_Os91XmnWAc0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.148.64.0/22
                  185.241.232.0/22

    Signature Algorithm: sha256WithRSAEncryption
         06:c5:ab:2f:54:bb:74:8e:b4:45:20:28:8b:ca:88:e7:2b:6d:
         97:83:7b:a7:e3:07:67:59:7a:dc:db:fd:97:06:1c:02:9a:f7:
         63:e8:0e:91:b2:99:5a:71:5e:06:44:9c:6c:c5:7f:f9:3b:96:
         b6:af:f7:42:b0:86:5c:b0:c3:79:52:ec:24:65:4a:8e:c3:50:
         fd:42:9f:ff:cd:48:ad:47:36:cd:35:d2:c1:d7:39:a0:1f:a0:
         11:bd:29:c3:4d:34:f8:5d:82:63:cc:f5:5c:3c:d6:87:8f:92:
         0b:dc:93:82:aa:a9:4d:9c:10:b2:21:72:e0:5b:66:ce:85:8d:
         b8:6c:ea:5c:2a:7c:a7:b4:cd:62:28:ae:ab:6c:7e:4d:00:39:
         76:29:a9:6a:e5:61:23:ec:eb:9e:a2:4e:84:d0:38:cb:5f:35:
         aa:d8:ab:e8:ea:bb:d1:a5:00:5f:13:36:34:ed:0f:97:c5:cd:
         d4:84:4a:64:b7:41:b5:88:ee:70:d8:c3:a4:fb:c5:3c:18:68:
         7c:62:ce:f4:5c:e7:05:54:10:73:d2:1b:b1:d0:07:6e:0d:41:
         42:6e:0d:e0:44:b5:9e:aa:0d:18:a1:ca:6f:79:87:28:54:da:
         4e:3e:00:83:a4:d4:2f:c3:c0:cc:ce:f1:98:c1:e7:d4:82:e5:
         6f:3f:f7:b4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQntjQiNXu93iOQtg8i0NfTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmZmE3Zjc3MmIzMjNiMjRkYmU2OWQzZjNhY2Y3NTVlNjlk
NjAxY2QwHhcNMjUwMTAyMTU1MDM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjYyZDg2ZGFiNzRmODI4ZTNhZWJjODYwMWIwMjU0MjdhZWJhZWI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAid6I19Mwixql7KEYV2OdwWXez7/G
B0GOOkwBw5qsc0AopY9hsvgAkEo9syK+Avdt51bIy+pHDkesi3KjifQCv7EhLdUG
DuNOhhRlNwdhYn2otV3PPx0YnK5Q4phEJ25JD+tWzvMHK6D59sVCUbjk7zCmEdkx
LSx32nmU8Nyuq9JbqjUjYAIox5V3hZfzOrIOT+woigZLgdc72zRjzS+YC6INAoZ+
rWHztEq8Ne6rhSLNe4mWqOe4oi3wc2Rm3QYmyUvTh7Vd4bp74TSit8opoaZTraLe
NQ0FpTjfhIALdl2cUTl9ZZCfn+V09yD2DDutnDVaztSnIIsA56HxGRS/9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBJi2G2rdPgo4668hgGwJUJ66660MB8GA1UdIwQY
MBaAFB/6f3crMjsk2+adPzrPdV5p1gHNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSF9wX2R5c3lPeVRiNXAwX09zOTFYbW5XQWMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy81MDZiMzgtNzZlYy00NzJlLWE5NGIt
ODcwMzRmOWZjZTYxLzEvRW1MWWJhdDAtQ2pqcnJ5R0FiQWxRbnJycnJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy81MDZiMzgtNzZlYy00NzJlLWE5NGItODcwMzRmOWZjZTYx
LzEvSF9wX2R5c3lPeVRiNXAwX09zOTFYbW5XQWMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuZRAAwQC
ufHoMA0GCSqGSIb3DQEBCwUAA4IBAQAGxasvVLt0jrRFICiLyojnK22Xg3un4wdn
WXrc2/2XBhwCmvdj6A6RsplacV4GRJxsxX/5O5a2r/dCsIZcsMN5UuwkZUqOw1D9
Qp//zUitRzbNNdLB1zmgH6ARvSnDTTT4XYJjzPVcPNaHj5IL3JOCqqlNnBCyIXLg
W2bOhY24bOpcKnyntM1iKK6rbH5NADl2Kalq5WEj7Oueok6E0DjLXzWq2Kvo6rvR
pQBfEzY07Q+Xxc3UhEpkt0G1iO5w2MOk+8U8GGh8Ys70XOcFVBBz0hux0AduDUFC
bg3gRLWeqg0YocpveYcoVNpOPgCDpNQvw8DMzvGYwefUguVvP/e0
-----END CERTIFICATE-----