Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/Ah3KLJm-LKDPU2A-ukfbltAbHHE.roa
File:                     Ah3KLJm-LKDPU2A-ukfbltAbHHE.roa (raw, json)
Hash identifier:          swE4PQqkYwr3g++5aj4+DHREVDMSOVCdaIbmuqijBx8=
Subject key identifier:   02:1D:CA:2C:99:BE:2C:A0:CF:53:60:3E:BA:47:DB:96:D0:1B:1C:71
Certificate issuer:       /CN=a2900e4655ab349a4632b140719dc97230431725
Certificate serial:       01941F8C993346A046FCD1001BE43DFFF6A6
Authority key identifier: A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/Ah3KLJm-LKDPU2A-ukfbltAbHHE.roa
Signing time:             Wed 01 Jan 2025 01:48:15 +0000
ROA not before:           Wed 01 Jan 2025 01:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205216
IP address blocks:        185.221.47.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 16:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:99:33:46:a0:46:fc:d1:00:1b:e4:3d:ff:f6:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2900e4655ab349a4632b140719dc97230431725
        Validity
            Not Before: Jan  1 01:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=021dca2c99be2ca0cf53603eba47db96d01b1c71
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:05:9e:19:83:75:57:d4:52:88:1e:7e:bb:0b:
                    1a:e5:52:23:0c:03:02:6c:8a:52:f5:2c:e5:ea:8d:
                    74:10:4b:5e:08:72:5f:51:bc:a7:08:5e:a8:ac:5e:
                    8f:12:ee:03:62:0b:15:12:31:0a:64:41:6e:fb:a0:
                    24:aa:5f:ea:a1:33:33:c6:c5:53:d4:f4:87:32:db:
                    11:35:fe:5d:40:a2:49:20:39:90:84:7e:ac:33:40:
                    ae:67:6f:3e:f1:7f:b4:b2:3a:51:2e:b5:f0:fa:21:
                    8a:8f:50:eb:a7:d9:85:0e:c0:83:4f:ea:4d:28:8d:
                    58:8d:74:5c:0d:bd:2c:5c:0f:de:a9:b8:01:d3:e4:
                    60:1e:9d:6d:00:97:a0:1d:91:28:ab:5c:e0:1f:8f:
                    48:26:22:25:ae:72:0d:18:d1:6c:b1:77:17:34:8e:
                    d8:93:92:16:ca:14:35:66:99:b5:c8:14:28:35:2a:
                    2b:df:20:2d:ff:b5:fc:82:d6:e6:11:82:7e:61:8b:
                    bb:24:75:89:ef:52:44:f7:82:00:db:52:40:d5:0b:
                    f4:d6:6c:67:b2:48:e1:10:6a:66:a4:88:84:02:dc:
                    60:bc:5b:be:85:20:93:fa:b9:ce:b8:85:58:45:2c:
                    87:a4:cc:81:cb:af:d5:f4:a2:8c:cd:9e:20:54:95:
                    a6:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:1D:CA:2C:99:BE:2C:A0:CF:53:60:3E:BA:47:DB:96:D0:1B:1C:71
            X509v3 Authority Key Identifier:
                keyid:A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/Ah3KLJm-LKDPU2A-ukfbltAbHHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.47.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:c8:79:45:b4:13:27:56:5b:b0:8d:84:fe:15:c5:10:27:e5:
         dd:ee:9b:e6:2f:ce:3b:8e:33:fe:bb:41:15:7d:85:cb:69:06:
         78:7a:31:7a:b8:20:ff:62:aa:59:e4:95:a2:8e:1b:fd:14:ad:
         2f:f5:80:f6:aa:29:f8:66:63:a1:80:0b:9f:0c:e5:d6:5f:66:
         2f:89:a4:57:eb:4a:52:2c:f4:97:56:7f:d5:45:1b:77:03:83:
         97:27:fe:a9:33:27:fe:c6:fe:3d:ca:9c:cf:f7:da:49:c5:05:
         93:c0:8b:6d:79:58:63:19:bd:dc:bf:91:f5:3b:84:48:6c:db:
         57:65:8d:63:d4:63:5e:88:c6:0f:d6:c9:94:c8:e3:b3:2b:98:
         ad:80:f3:aa:df:7a:a2:30:7f:53:92:ae:ce:cc:6e:7b:ba:45:
         e3:dc:29:b9:b8:63:cd:da:d7:59:5b:09:7b:7b:55:73:4b:81:
         6d:53:9d:88:7d:5b:19:fc:fa:64:8f:b6:f0:88:a6:e5:40:b4:
         d9:de:e3:4f:61:3b:cc:49:ab:8b:ef:d1:a1:c9:c1:6d:b2:01:
         ce:f1:78:3e:09:5a:ad:b6:1a:0e:4a:10:4d:c6:80:21:7e:30:
         ad:da:42:63:9f:fa:fe:c7:a7:e6:66:9e:8d:36:0a:a8:ca:8e:
         3b:84:42:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjJkzRqBG/NEAG+Q9//amMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyOTAwZTQ2NTVhYjM0OWE0NjMyYjE0MDcxOWRjOTcyMzA0
MzE3MjUwHhcNMjUwMTAxMDE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMjFkY2EyYzk5YmUyY2EwY2Y1MzYwM2ViYTQ3ZGI5NmQwMWIxYzcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyAWeGYN1V9RSiB5+uwsa5VIjDAMC
bIpS9Szl6o10EEteCHJfUbynCF6orF6PEu4DYgsVEjEKZEFu+6Akql/qoTMzxsVT
1PSHMtsRNf5dQKJJIDmQhH6sM0CuZ28+8X+0sjpRLrXw+iGKj1Drp9mFDsCDT+pN
KI1YjXRcDb0sXA/eqbgB0+RgHp1tAJegHZEoq1zgH49IJiIlrnINGNFssXcXNI7Y
k5IWyhQ1Zpm1yBQoNSor3yAt/7X8gtbmEYJ+YYu7JHWJ71JE94IA21JA1Qv01mxn
skjhEGpmpIiEAtxgvFu+hSCT+rnOuIVYRSyHpMyBy6/V9KKMzZ4gVJWmVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAIdyiyZviygz1NgPrpH25bQGxxxMB8GA1UdIwQY
MBaAFKKQDkZVqzSaRjKxQHGdyXIwQxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMt
ZjRjNWZjM2NhMmM0LzEvQWgzS0xKbS1MS0RQVTJBLXVrZmJsdEFiSEhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMtZjRjNWZjM2NhMmM0
LzEvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud0vMA0G
CSqGSIb3DQEBCwUAA4IBAQCZyHlFtBMnVluwjYT+FcUQJ+Xd7pvmL847jjP+u0EV
fYXLaQZ4ejF6uCD/YqpZ5JWijhv9FK0v9YD2qin4ZmOhgAufDOXWX2YviaRX60pS
LPSXVn/VRRt3A4OXJ/6pMyf+xv49ypzP99pJxQWTwItteVhjGb3cv5H1O4RIbNtX
ZY1j1GNeiMYP1smUyOOzK5itgPOq33qiMH9Tkq7OzG57ukXj3Cm5uGPN2tdZWwl7
e1VzS4FtU52IfVsZ/Ppkj7bwiKblQLTZ3uNPYTvMSauL79GhycFtsgHO8Xg+CVqt
thoOShBNxoAhfjCt2kJjn/r+x6fmZp6NNgqoyo47hEKE
-----END CERTIFICATE-----