Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/166933-f68c-49a0-8869-bdf55db4a90a/1/EZLjMnt3YY1uGOfZ3nimgNl-yLU.roa
File:                     EZLjMnt3YY1uGOfZ3nimgNl-yLU.roa (raw, json)
Hash identifier:          Ko07ZGo7IwS8NL/yJPyHpJ9m0iW9ngaJs3DqWmHrpi0=
Subject key identifier:   11:92:E3:32:7B:77:61:8D:6E:18:E7:D9:DE:78:A6:80:D9:7E:C8:B5
Certificate issuer:       /CN=971aeeea8798f76ec9a434e75637ecd881092ec2
Certificate serial:       019422201EC57E9A31B0907DB55D497180C8
Authority key identifier: 97:1A:EE:EA:87:98:F7:6E:C9:A4:34:E7:56:37:EC:D8:81:09:2E:C2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lxru6oeY927JpDTnVjfs2IEJLsI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/166933-f68c-49a0-8869-bdf55db4a90a/1/EZLjMnt3YY1uGOfZ3nimgNl-yLU.roa
Signing time:             Wed 01 Jan 2025 13:48:37 +0000
ROA not before:           Wed 01 Jan 2025 13:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211908
IP address blocks:        185.117.9.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b2/166933-f68c-49a0-8869-bdf55db4a90a/1/lxru6oeY927JpDTnVjfs2IEJLsI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b2/166933-f68c-49a0-8869-bdf55db4a90a/1/lxru6oeY927JpDTnVjfs2IEJLsI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lxru6oeY927JpDTnVjfs2IEJLsI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:1e:c5:7e:9a:31:b0:90:7d:b5:5d:49:71:80:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=971aeeea8798f76ec9a434e75637ecd881092ec2
        Validity
            Not Before: Jan  1 13:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1192e3327b77618d6e18e7d9de78a680d97ec8b5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:21:d7:68:6d:69:a5:56:0c:6e:81:84:c3:98:
                    8e:d7:f7:c1:dd:a7:21:a0:38:7c:b6:f5:c2:9f:bb:
                    65:75:70:ac:74:1f:a1:ba:f7:74:fc:a7:40:2d:3a:
                    c0:25:12:d5:de:3e:bc:af:aa:cd:dd:dd:e6:7e:1f:
                    67:97:5d:b8:37:3e:19:b9:14:90:df:5c:79:b8:b3:
                    43:51:a7:dc:3d:d1:29:ca:35:e9:c5:9e:c3:df:2f:
                    26:ac:29:91:4c:65:ea:24:7e:7d:44:0a:e4:02:b0:
                    38:42:8a:1b:5b:9b:16:49:b9:2f:d1:9b:06:5e:70:
                    8a:f2:0e:78:22:55:ea:5a:c5:ca:4c:39:98:2f:0d:
                    d6:22:ca:0a:77:d9:d0:cf:87:19:ca:4c:32:9d:2f:
                    e2:13:06:52:8d:ed:48:2f:34:06:16:6a:db:3e:b7:
                    49:93:a7:c4:3e:d7:a6:12:96:46:8e:4d:09:6c:e0:
                    d5:13:a5:f4:84:08:e3:26:1e:f4:eb:0b:9d:96:0e:
                    37:42:9b:c8:4f:88:87:46:14:3d:fd:c5:7f:83:57:
                    5e:5b:43:31:07:c9:78:2d:de:92:67:7d:47:d1:ae:
                    d7:4f:7b:90:2d:e9:f0:57:c2:d5:cd:70:74:76:09:
                    70:bd:99:7f:bd:89:db:68:50:fa:2f:e0:03:6a:8f:
                    67:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:92:E3:32:7B:77:61:8D:6E:18:E7:D9:DE:78:A6:80:D9:7E:C8:B5
            X509v3 Authority Key Identifier:
                keyid:97:1A:EE:EA:87:98:F7:6E:C9:A4:34:E7:56:37:EC:D8:81:09:2E:C2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lxru6oeY927JpDTnVjfs2IEJLsI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/166933-f68c-49a0-8869-bdf55db4a90a/1/EZLjMnt3YY1uGOfZ3nimgNl-yLU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/166933-f68c-49a0-8869-bdf55db4a90a/1/lxru6oeY927JpDTnVjfs2IEJLsI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.9.0/24

    Signature Algorithm: sha256WithRSAEncryption
         18:d0:8c:9f:07:47:02:21:6d:8d:1d:b5:e2:b2:2d:ce:a7:be:
         39:ad:25:9c:3a:48:88:da:83:02:27:61:69:9d:75:73:5f:0d:
         8d:94:78:02:ab:b4:c7:cc:3a:a1:5d:af:97:de:5b:38:4d:de:
         d7:f2:6b:fd:4d:64:6e:9b:10:e8:c7:e6:94:e4:ab:28:76:47:
         82:cb:5f:7d:9b:7e:99:7f:f4:f4:62:5f:e5:6d:80:4d:b6:2a:
         e5:45:3b:55:2c:c9:60:da:3b:be:fd:5d:5f:dc:46:c9:de:ab:
         1a:6c:fb:75:ae:fd:02:c4:94:cd:48:b5:c1:46:5f:60:26:6e:
         70:25:1b:65:9d:40:d0:13:25:9b:13:58:ee:ed:39:84:20:77:
         bc:50:ca:74:11:0d:08:ff:9e:8f:98:09:64:1b:ba:75:9c:0f:
         82:d8:72:ec:68:80:68:0c:ae:70:03:fa:87:be:26:6d:f6:73:
         8e:06:96:8f:5f:69:75:85:f4:f5:1e:40:34:8f:7a:25:6e:5d:
         d2:73:b5:37:7b:01:6c:f5:b4:80:cc:6b:4d:a3:b5:a6:d7:58:
         dc:ef:de:e0:1f:61:3f:31:69:ab:7a:b5:de:c9:05:7c:76:f0:
         74:29:e7:28:9e:ad:86:e7:26:7c:6e:df:06:06:19:fd:cd:ed:
         08:35:dc:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIB7FfpoxsJB9tV1JcYDIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk3MWFlZWVhODc5OGY3NmVjOWE0MzRlNzU2MzdlY2Q4ODEw
OTJlYzIwHhcNMjUwMTAxMTM0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTkyZTMzMjdiNzc2MThkNmUxOGU3ZDlkZTc4YTY4MGQ5N2VjOGI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApiHXaG1ppVYMboGEw5iO1/fB3ach
oDh8tvXCn7tldXCsdB+huvd0/KdALTrAJRLV3j68r6rN3d3mfh9nl124Nz4ZuRSQ
31x5uLNDUafcPdEpyjXpxZ7D3y8mrCmRTGXqJH59RArkArA4QoobW5sWSbkv0ZsG
XnCK8g54IlXqWsXKTDmYLw3WIsoKd9nQz4cZykwynS/iEwZSje1ILzQGFmrbPrdJ
k6fEPtemEpZGjk0JbODVE6X0hAjjJh706wudlg43QpvIT4iHRhQ9/cV/g1deW0Mx
B8l4Ld6SZ31H0a7XT3uQLenwV8LVzXB0dglwvZl/vYnbaFD6L+ADao9ntwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBGS4zJ7d2GNbhjn2d54poDZfsi1MB8GA1UdIwQY
MBaAFJca7uqHmPduyaQ051Y37NiBCS7CMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbHhydTZvZVk5MjdKcERUblZqZnMySUVKTHNJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi8xNjY5MzMtZjY4Yy00OWEwLTg4Njkt
YmRmNTVkYjRhOTBhLzEvRVpMak1udDNZWTF1R09mWjNuaW1nTmwteUxVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi8xNjY5MzMtZjY4Yy00OWEwLTg4NjktYmRmNTVkYjRhOTBh
LzEvbHhydTZvZVk5MjdKcERUblZqZnMySUVKTHNJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXUJMA0G
CSqGSIb3DQEBCwUAA4IBAQAY0IyfB0cCIW2NHbXisi3Op745rSWcOkiI2oMCJ2Fp
nXVzXw2NlHgCq7THzDqhXa+X3ls4Td7X8mv9TWRumxDox+aU5KsodkeCy199m36Z
f/T0Yl/lbYBNtirlRTtVLMlg2ju+/V1f3EbJ3qsabPt1rv0CxJTNSLXBRl9gJm5w
JRtlnUDQEyWbE1ju7TmEIHe8UMp0EQ0I/56PmAlkG7p1nA+C2HLsaIBoDK5wA/qH
viZt9nOOBpaPX2l1hfT1HkA0j3olbl3Sc7U3ewFs9bSAzGtNo7Wm11jc797gH2E/
MWmrerXeyQV8dvB0Keconq2G5yZ8bt8GBhn9ze0INdw/
-----END CERTIFICATE-----