Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c1/2dc208-6912-4a12-8dbb-dbb69f284f23/1/1-WaRefIqk9cTwAge18iSThry2Bk.roa
File:                     1-WaRefIqk9cTwAge18iSThry2Bk.roa (raw, json)
Hash identifier:          u2PbRYzxV5DP0Zvmm7MZK3eMuZerbQoMidmwaTRf9M0=
Subject key identifier:   F9:66:91:79:F2:2A:93:D7:13:C0:08:1E:D7:C8:92:4E:1A:F2:D8:19
Certificate issuer:       /CN=453f8ca684037c5433a4b4406211b31d76e13eab
Certificate serial:       0194258F6BF8FDAAAA43E067A1063301AFB6
Authority key identifier: 45:3F:8C:A6:84:03:7C:54:33:A4:B4:40:62:11:B3:1D:76:E1:3E:AB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RT-MpoQDfFQzpLRAYhGzHXbhPqs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c1/2dc208-6912-4a12-8dbb-dbb69f284f23/1/1-WaRefIqk9cTwAge18iSThry2Bk.roa
Signing time:             Thu 02 Jan 2025 05:49:03 +0000
ROA not before:           Thu 02 Jan 2025 05:49:03 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214215
IP address blocks:        185.154.117.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c1/2dc208-6912-4a12-8dbb-dbb69f284f23/1/RT-MpoQDfFQzpLRAYhGzHXbhPqs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c1/2dc208-6912-4a12-8dbb-dbb69f284f23/1/RT-MpoQDfFQzpLRAYhGzHXbhPqs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RT-MpoQDfFQzpLRAYhGzHXbhPqs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:6b:f8:fd:aa:aa:43:e0:67:a1:06:33:01:af:b6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=453f8ca684037c5433a4b4406211b31d76e13eab
        Validity
            Not Before: Jan  2 05:49:03 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f9669179f22a93d713c0081ed7c8924e1af2d819
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:7a:d1:e7:28:4d:e9:3b:73:27:9d:ff:16:a5:
                    0e:aa:fb:39:2c:56:a6:35:2a:22:c3:61:29:f0:cb:
                    92:18:a2:71:58:6e:b5:93:07:30:3e:ce:02:a0:24:
                    9a:03:10:0c:9e:78:09:ba:e3:c0:13:75:5a:34:a9:
                    ff:bf:4e:c2:a3:d2:70:ed:87:cf:fd:9d:19:d4:58:
                    9e:a7:91:b9:cb:c5:96:ff:ab:5d:02:63:d0:f8:bc:
                    e9:84:21:6a:3b:d6:28:78:88:b6:a6:bc:ec:e6:5e:
                    0b:4d:bf:36:5d:e6:7e:d4:77:d8:99:a0:9c:cb:ed:
                    88:84:c6:e6:da:c8:12:0e:f4:4c:05:72:43:78:4c:
                    50:fd:0c:57:33:d4:c5:82:59:66:b0:d9:d3:6e:d5:
                    5e:0a:fb:71:a0:73:95:c8:dc:26:0d:66:8e:7e:6c:
                    dd:4d:11:73:7e:1f:db:d6:9a:21:77:ae:13:06:7a:
                    b0:7d:33:2b:8e:44:b7:c5:86:43:5a:8f:b5:a7:d0:
                    db:b8:0a:f5:96:73:c0:04:3e:bd:23:9b:dc:c1:86:
                    7b:0b:6c:b7:3d:f8:0a:aa:37:15:31:33:82:7f:d5:
                    d8:a9:f8:86:aa:fa:87:b9:2b:e7:cf:93:48:91:1a:
                    09:87:1c:da:2b:23:38:e8:91:9a:4d:f4:18:49:8d:
                    3f:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:66:91:79:F2:2A:93:D7:13:C0:08:1E:D7:C8:92:4E:1A:F2:D8:19
            X509v3 Authority Key Identifier:
                keyid:45:3F:8C:A6:84:03:7C:54:33:A4:B4:40:62:11:B3:1D:76:E1:3E:AB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RT-MpoQDfFQzpLRAYhGzHXbhPqs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/2dc208-6912-4a12-8dbb-dbb69f284f23/1/1-WaRefIqk9cTwAge18iSThry2Bk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c1/2dc208-6912-4a12-8dbb-dbb69f284f23/1/RT-MpoQDfFQzpLRAYhGzHXbhPqs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.154.117.0/24

    Signature Algorithm: sha256WithRSAEncryption
         92:58:cf:24:be:6b:4b:86:10:a5:ea:45:0f:5f:dd:30:51:eb:
         6f:26:d1:ea:49:29:44:45:7b:6d:4d:1b:65:ac:c5:14:21:31:
         5a:df:8d:33:1e:c1:91:2b:49:1a:24:60:1b:cb:41:ed:5b:53:
         c6:75:48:77:25:f9:3b:c0:50:91:c9:95:3c:84:24:14:fa:ff:
         1f:9f:d8:9f:56:e7:4c:88:0c:69:c6:e2:80:90:8a:be:c5:05:
         45:3a:be:a9:f2:f9:d3:11:90:ae:41:6c:97:87:5d:d5:b7:cc:
         2a:7a:f1:6b:93:fb:5b:21:ba:27:13:23:20:55:72:9e:f1:ea:
         bd:c7:cb:17:3b:0f:20:97:6b:24:8b:46:f8:5f:2b:26:fd:d3:
         d5:b3:d5:70:89:7c:f9:60:90:99:31:28:7b:e3:16:73:7f:bc:
         ef:f6:72:fa:76:3d:ca:35:6c:0b:12:18:31:7c:16:f9:ae:4a:
         f8:09:25:ba:4b:e0:1c:68:9b:25:62:e7:42:28:5a:58:73:db:
         f9:ff:4e:7e:53:1a:6e:55:65:78:a8:5b:0b:38:b0:ff:20:1c:
         2f:8e:25:f9:6c:be:ef:dc:70:50:45:75:fa:34:8d:2d:5d:8f:
         d8:30:ea:a6:69:b0:c4:c7:07:72:33:38:eb:65:1c:b6:d4:f2:
         d9:52:6d:9a
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQlj2v4/aqqQ+BnoQYzAa+2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1M2Y4Y2E2ODQwMzdjNTQzM2E0YjQ0MDYyMTFiMzFkNzZl
MTNlYWIwHhcNMjUwMTAyMDU0OTAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTY2OTE3OWYyMmE5M2Q3MTNjMDA4MWVkN2M4OTI0ZTFhZjJkODE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApHrR5yhN6TtzJ53/FqUOqvs5LFam
NSoiw2Ep8MuSGKJxWG61kwcwPs4CoCSaAxAMnngJuuPAE3VaNKn/v07Co9Jw7YfP
/Z0Z1Fiep5G5y8WW/6tdAmPQ+LzphCFqO9YoeIi2przs5l4LTb82XeZ+1HfYmaCc
y+2IhMbm2sgSDvRMBXJDeExQ/QxXM9TFgllmsNnTbtVeCvtxoHOVyNwmDWaOfmzd
TRFzfh/b1pohd64TBnqwfTMrjkS3xYZDWo+1p9DbuAr1lnPABD69I5vcwYZ7C2y3
PfgKqjcVMTOCf9XYqfiGqvqHuSvnz5NIkRoJhxzaKyM46JGaTfQYSY0/jQIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPlmkXnyKpPXE8AIHtfIkk4a8tgZMB8GA1UdIwQY
MBaAFEU/jKaEA3xUM6S0QGIRsx124T6rMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlQtTXBvUURmRlF6cExSQVloR3pIWGJoUHFzLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMS8yZGMyMDgtNjkxMi00YTEyLThkYmIt
ZGJiNjlmMjg0ZjIzLzEvMS1XYVJlZklxazljVHdBZ2UxOGlTVGhyeTJCay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzEvMmRjMjA4LTY5MTItNGExMi04ZGJiLWRiYjY5ZjI4NGYy
My8xL1JULU1wb1FEZkZRenBMUkFZaEd6SFhiaFBxcy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALmadTAN
BgkqhkiG9w0BAQsFAAOCAQEAkljPJL5rS4YQpepFD1/dMFHrbybR6kkpREV7bU0b
ZazFFCExWt+NMx7BkStJGiRgG8tB7VtTxnVIdyX5O8BQkcmVPIQkFPr/H5/Yn1bn
TIgMacbigJCKvsUFRTq+qfL50xGQrkFsl4dd1bfMKnrxa5P7WyG6JxMjIFVynvHq
vcfLFzsPIJdrJItG+F8rJv3T1bPVcIl8+WCQmTEoe+MWc3+87/Zy+nY9yjVsCxIY
MXwW+a5K+AklukvgHGibJWLnQihaWHPb+f9OflMablVleKhbCziw/yAcL44l+Wy+
79xwUEV1+jSNLV2P2DDqpmmwxMcHcjM462UcttTy2VJtmg==
-----END CERTIFICATE-----