Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/0e6962-96b7-4fb8-a839-9ec7add0eb68/1/IcETYwlc_-KgNo_zGrXE42SFFec.roa
File:                     IcETYwlc_-KgNo_zGrXE42SFFec.roa (raw, json)
Hash identifier:          RlFmWgshC+pvWh0mvFLPwFZKZrLanGt8JE5zTU8vXBU=
Subject key identifier:   21:C1:13:63:09:5C:FF:E2:A0:36:8F:F3:1A:B5:C4:E3:64:85:15:E7
Certificate issuer:       /CN=4a7f4f8ac8ca7343ed1b4ff12ce276318b69d10e
Certificate serial:       0194282378549E4C5547CCFF860C21B00617
Authority key identifier: 4A:7F:4F:8A:C8:CA:73:43:ED:1B:4F:F1:2C:E2:76:31:8B:69:D1:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Sn9PisjKc0PtG0_xLOJ2MYtp0Q4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bb/0e6962-96b7-4fb8-a839-9ec7add0eb68/1/IcETYwlc_-KgNo_zGrXE42SFFec.roa
Signing time:             Thu 02 Jan 2025 17:50:00 +0000
ROA not before:           Thu 02 Jan 2025 17:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211623
IP address blocks:        185.253.58.0/24 maxlen: 24
                          2a10:b9c0::/29 maxlen: 48
                          2a10:b9c0::/32 maxlen: 48
                          2a10:b9c1::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bb/0e6962-96b7-4fb8-a839-9ec7add0eb68/1/Sn9PisjKc0PtG0_xLOJ2MYtp0Q4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bb/0e6962-96b7-4fb8-a839-9ec7add0eb68/1/Sn9PisjKc0PtG0_xLOJ2MYtp0Q4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Sn9PisjKc0PtG0_xLOJ2MYtp0Q4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:78:54:9e:4c:55:47:cc:ff:86:0c:21:b0:06:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4a7f4f8ac8ca7343ed1b4ff12ce276318b69d10e
        Validity
            Not Before: Jan  2 17:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=21c11363095cffe2a0368ff31ab5c4e3648515e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:15:86:60:17:a6:04:c1:29:a5:54:8d:87:98:
                    8b:81:81:80:d5:5e:ba:2e:ac:fb:85:de:d3:90:a1:
                    e4:75:8d:4c:b0:1f:dc:b3:b2:93:01:f0:be:c8:97:
                    bd:bc:8f:13:99:74:7b:2f:0b:7c:fd:82:6d:58:1d:
                    bb:0a:23:a7:bf:a5:7b:b7:6c:2c:df:d0:15:69:3e:
                    10:d1:dc:bf:f2:af:a8:e4:ad:6c:1e:a8:e8:44:b1:
                    8f:93:67:2b:f8:ef:ec:e0:7c:a7:70:b6:f8:8c:16:
                    18:2b:21:6c:9b:c0:2d:6b:bb:21:dc:4b:97:a5:87:
                    77:1b:48:74:8b:36:80:a5:76:88:60:b8:4d:2a:16:
                    b5:b0:be:dc:84:ec:a8:de:ae:76:a1:15:b5:96:b7:
                    bb:b6:3a:79:05:be:df:18:be:57:5d:a8:aa:ff:60:
                    c7:49:20:d9:36:05:33:7c:f2:95:80:dc:97:6b:4c:
                    08:17:8e:7f:7f:34:29:19:e5:5c:81:b3:d0:71:d2:
                    2e:1a:a9:02:7a:8a:3e:20:4f:76:f5:1c:ef:6e:be:
                    e5:0e:9a:f1:87:61:40:7b:eb:ef:10:8f:c6:1e:57:
                    01:15:a3:51:57:5e:a7:88:f7:9f:d9:59:d3:f3:20:
                    ba:9c:5f:7f:aa:36:e3:19:01:96:dc:ca:8a:d7:5c:
                    75:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:C1:13:63:09:5C:FF:E2:A0:36:8F:F3:1A:B5:C4:E3:64:85:15:E7
            X509v3 Authority Key Identifier:
                keyid:4A:7F:4F:8A:C8:CA:73:43:ED:1B:4F:F1:2C:E2:76:31:8B:69:D1:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Sn9PisjKc0PtG0_xLOJ2MYtp0Q4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/0e6962-96b7-4fb8-a839-9ec7add0eb68/1/IcETYwlc_-KgNo_zGrXE42SFFec.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/0e6962-96b7-4fb8-a839-9ec7add0eb68/1/Sn9PisjKc0PtG0_xLOJ2MYtp0Q4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.253.58.0/24
                IPv6:
                  2a10:b9c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         47:c2:45:b6:71:32:a3:e9:6c:f9:8a:46:d5:5f:f1:e7:c9:0b:
         df:3f:06:f0:b1:04:b5:da:4f:f3:74:34:ae:76:b6:50:6e:24:
         79:2b:fb:be:8a:a2:c4:04:cd:a8:da:45:77:b1:ee:ba:c3:e2:
         0e:64:a1:a1:0c:ba:15:20:15:92:86:a3:82:6e:87:e3:cb:b9:
         1c:93:09:e7:a4:95:e5:7c:8e:2f:ee:09:47:52:91:52:11:7b:
         73:6d:de:b5:57:08:12:14:86:90:0b:40:79:46:63:1f:a9:6d:
         36:d1:06:3a:6a:52:e9:76:4c:09:79:33:b5:8b:0b:34:2f:13:
         1c:e8:a2:bd:ed:cb:70:9f:53:62:82:8c:05:b3:c7:45:cb:64:
         aa:91:5d:70:0b:a2:ed:00:e2:8a:d6:2e:e2:fb:30:06:b5:95:
         82:dc:39:1e:2a:80:ca:60:a9:ef:ca:45:cf:35:0d:0d:c9:f7:
         3a:89:23:82:37:b4:2c:bd:bf:af:2d:71:1c:bb:12:81:18:f4:
         b5:41:02:27:da:23:41:6c:fb:19:43:57:c1:67:9a:01:db:b0:
         59:ab:89:10:1d:29:52:5c:94:2b:4b:7e:aa:5b:60:c0:13:25:
         af:eb:6e:d4:8f:b4:9f:1d:29:9c:20:95:cb:67:93:03:ff:35:
         38:0b:77:c8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQoI3hUnkxVR8z/hgwhsAYXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRhN2Y0ZjhhYzhjYTczNDNlZDFiNGZmMTJjZTI3NjMxOGI2
OWQxMGUwHhcNMjUwMTAyMTc1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWMxMTM2MzA5NWNmZmUyYTAzNjhmZjMxYWI1YzRlMzY0ODUxNWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0xWGYBemBMEppVSNh5iLgYGA1V66
Lqz7hd7TkKHkdY1MsB/cs7KTAfC+yJe9vI8TmXR7Lwt8/YJtWB27CiOnv6V7t2ws
39AVaT4Q0dy/8q+o5K1sHqjoRLGPk2cr+O/s4HyncLb4jBYYKyFsm8Ata7sh3EuX
pYd3G0h0izaApXaIYLhNKha1sL7chOyo3q52oRW1lre7tjp5Bb7fGL5XXaiq/2DH
SSDZNgUzfPKVgNyXa0wIF45/fzQpGeVcgbPQcdIuGqkCeoo+IE929Rzvbr7lDprx
h2FAe+vvEI/GHlcBFaNRV16niPef2VnT8yC6nF9/qjbjGQGW3MqK11x1SwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCHBE2MJXP/ioDaP8xq1xONkhRXnMB8GA1UdIwQY
MBaAFEp/T4rIynND7RtP8SzidjGLadEOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU245UGlzaktjMFB0RzBfeExPSjJNWXRwMFE0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8wZTY5NjItOTZiNy00ZmI4LWE4Mzkt
OWVjN2FkZDBlYjY4LzEvSWNFVFl3bGNfLUtnTm9fekdyWEU0MlNGRmVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8wZTY5NjItOTZiNy00ZmI4LWE4MzktOWVjN2FkZDBlYjY4
LzEvU245UGlzaktjMFB0RzBfeExPSjJNWXRwMFE0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuf06MA0E
AgACMAcDBQMqELnAMA0GCSqGSIb3DQEBCwUAA4IBAQBHwkW2cTKj6Wz5ikbVX/Hn
yQvfPwbwsQS12k/zdDSudrZQbiR5K/u+iqLEBM2o2kV3se66w+IOZKGhDLoVIBWS
hqOCbofjy7kckwnnpJXlfI4v7glHUpFSEXtzbd61VwgSFIaQC0B5RmMfqW020QY6
alLpdkwJeTO1iws0LxMc6KK97ctwn1NigowFs8dFy2SqkV1wC6LtAOKK1i7i+zAG
tZWC3DkeKoDKYKnvykXPNQ0Nyfc6iSOCN7Qsvb+vLXEcuxKBGPS1QQIn2iNBbPsZ
Q1fBZ5oB27BZq4kQHSlSXJQrS36qW2DAEyWv627Uj7SfHSmcIJXLZ5MD/zU4C3fI
-----END CERTIFICATE-----