Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/soNsg1OGi8NnYafVFwalJm7LzGg.roa
File:                     soNsg1OGi8NnYafVFwalJm7LzGg.roa (raw, json)
Hash identifier:          Ski4G94G44Xz9Lzoq75tTUzLO2vhTjQfsGV7Hc+GMsw=
Subject key identifier:   B2:83:6C:83:53:86:8B:C3:67:61:A7:D5:17:06:A5:26:6E:CB:CC:68
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       0194221FD0635217D11C785617242F8057BB
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/soNsg1OGi8NnYafVFwalJm7LzGg.roa
Signing time:             Wed 01 Jan 2025 13:48:17 +0000
ROA not before:           Wed 01 Jan 2025 13:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205738
IP address blocks:        85.219.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:d0:63:52:17:d1:1c:78:56:17:24:2f:80:57:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 13:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b2836c8353868bc36761a7d51706a5266ecbcc68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:10:70:c7:9d:e6:ee:4a:a8:ed:a5:b7:24:4d:
                    41:49:d1:92:7f:e4:71:86:6a:73:d6:63:e5:79:1d:
                    08:b6:f3:f1:08:c2:23:e5:df:cd:9f:fe:ef:e3:81:
                    79:3c:09:1b:b7:c6:01:48:8c:00:cb:58:68:ad:6b:
                    dd:aa:2e:28:71:91:a1:56:d6:22:07:66:32:27:9f:
                    b3:18:a1:21:b2:d4:25:5f:41:d9:ed:f8:7d:01:a2:
                    67:9d:87:42:e8:8c:99:5c:08:a8:a0:58:46:99:21:
                    a2:cb:a2:38:21:31:fa:39:ce:91:94:af:2e:2e:86:
                    2a:fb:fd:07:cc:e6:1c:f0:1e:a9:e9:cb:44:cf:fe:
                    1f:59:7e:27:b3:c1:77:a0:ce:e1:2a:aa:3e:7c:65:
                    20:c6:b9:c5:40:23:b6:0a:23:c7:cf:98:1c:d0:35:
                    f4:ab:93:ff:b1:35:59:28:81:20:ad:40:a9:49:c5:
                    26:d9:12:74:6f:50:ef:5b:8f:71:46:9f:63:d6:ca:
                    ed:db:86:4f:74:72:92:0f:ba:13:25:68:e7:dd:d4:
                    05:d2:d1:eb:d9:4f:5d:3c:dc:f4:48:59:28:20:b6:
                    16:56:00:b9:d0:cd:a3:a5:7f:12:10:15:de:45:f5:
                    04:c9:f4:7b:8e:f0:ea:f6:29:2c:86:de:5f:4b:67:
                    28:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:83:6C:83:53:86:8B:C3:67:61:A7:D5:17:06:A5:26:6E:CB:CC:68
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/soNsg1OGi8NnYafVFwalJm7LzGg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.219.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:ae:1f:bf:82:a1:5e:e3:c8:30:88:fd:28:8b:6c:64:4d:ad:
         fc:16:6c:e4:f6:d4:ba:1c:bd:b1:7b:a7:db:5e:d9:2d:80:53:
         9b:cd:2d:96:7c:78:f8:be:b5:10:f8:ef:76:e7:dc:54:43:75:
         47:76:28:ee:7a:fe:2b:3b:c7:18:62:c9:0d:2a:75:72:76:0e:
         f7:0b:7f:5f:03:78:40:06:7c:54:02:94:cd:56:bf:d6:93:28:
         1f:ff:77:25:dd:51:1d:48:44:d7:68:f8:85:db:6c:09:c7:eb:
         fb:87:5f:65:de:09:4c:b3:fa:85:f9:12:0b:ab:07:3f:20:13:
         25:48:47:a6:01:ff:02:9d:10:64:8b:2d:a4:0f:bc:f6:4f:14:
         5c:dd:62:46:66:a9:27:fb:25:04:51:2d:9f:b8:d3:d4:c6:18:
         bd:74:51:2d:93:8f:c1:5f:ad:ce:67:2e:1a:f9:d3:ea:49:97:
         f2:dd:0f:ea:18:fd:72:8a:82:f3:a4:c7:aa:83:48:de:27:a4:
         06:52:8e:31:97:3d:7b:ba:49:ed:73:f7:3b:b1:c4:ea:d3:0f:
         7a:35:90:e3:24:f8:87:45:8a:d3:ae:c8:88:3e:33:68:de:17:
         2b:28:04:1e:c1:23:72:85:58:d7:86:e8:45:90:dd:26:3a:35:
         0c:3f:e0:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH9BjUhfRHHhWFyQvgFe7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjUwMTAxMTM0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjgzNmM4MzUzODY4YmMzNjc2MWE3ZDUxNzA2YTUyNjZlY2JjYzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhBwx53m7kqo7aW3JE1BSdGSf+Rx
hmpz1mPleR0ItvPxCMIj5d/Nn/7v44F5PAkbt8YBSIwAy1horWvdqi4ocZGhVtYi
B2YyJ5+zGKEhstQlX0HZ7fh9AaJnnYdC6IyZXAiooFhGmSGiy6I4ITH6Oc6RlK8u
LoYq+/0HzOYc8B6p6ctEz/4fWX4ns8F3oM7hKqo+fGUgxrnFQCO2CiPHz5gc0DX0
q5P/sTVZKIEgrUCpScUm2RJ0b1DvW49xRp9j1srt24ZPdHKSD7oTJWjn3dQF0tHr
2U9dPNz0SFkoILYWVgC50M2jpX8SEBXeRfUEyfR7jvDq9iksht5fS2coZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLKDbINThovDZ2Gn1RcGpSZuy8xoMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvc29Oc2cxT0dpOE5uWWFmVkZ3YWxKbTdMekdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdvYMA0G
CSqGSIb3DQEBCwUAA4IBAQB0rh+/gqFe48gwiP0oi2xkTa38Fmzk9tS6HL2xe6fb
XtktgFObzS2WfHj4vrUQ+O9259xUQ3VHdijuev4rO8cYYskNKnVydg73C39fA3hA
BnxUApTNVr/Wkygf/3cl3VEdSETXaPiF22wJx+v7h19l3glMs/qF+RILqwc/IBMl
SEemAf8CnRBkiy2kD7z2TxRc3WJGZqkn+yUEUS2fuNPUxhi9dFEtk4/BX63OZy4a
+dPqSZfy3Q/qGP1yioLzpMeqg0jeJ6QGUo4xlz17ukntc/c7scTq0w96NZDjJPiH
RYrTrsiIPjNo3hcrKAQewSNyhVjXhuhFkN0mOjUMP+CB
-----END CERTIFICATE-----