Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/gH9l_Olu7Z11QNfATlwel8_lHng.roa
File:                     gH9l_Olu7Z11QNfATlwel8_lHng.roa (raw, json)
Hash identifier:          Qy7a8ybAWRGH/C9L4lBi8o0qao1M7eUnSgkK9WeGPzo=
Subject key identifier:   80:7F:65:FC:E9:6E:ED:9D:75:40:D7:C0:4E:5C:1E:97:CF:E5:1E:78
Certificate issuer:       /CN=a2900e4655ab349a4632b140719dc97230431725
Certificate serial:       01941F8C99D06F3E3622578689D6525C9783
Authority key identifier: A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/gH9l_Olu7Z11QNfATlwel8_lHng.roa
Signing time:             Wed 01 Jan 2025 01:48:15 +0000
ROA not before:           Wed 01 Jan 2025 01:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210135
IP address blocks:        185.221.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 16:01:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:99:d0:6f:3e:36:22:57:86:89:d6:52:5c:97:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a2900e4655ab349a4632b140719dc97230431725
        Validity
            Not Before: Jan  1 01:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=807f65fce96eed9d7540d7c04e5c1e97cfe51e78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:8b:90:3c:52:3f:28:b1:6f:11:13:bc:c0:60:
                    ff:77:c4:e8:91:dd:66:e9:ef:da:9a:bd:2b:be:39:
                    1e:cb:8f:ff:08:7f:aa:e5:7d:97:b4:f3:5d:53:a6:
                    04:09:94:f2:e9:68:4d:ca:64:e1:3b:20:d8:bd:ba:
                    5a:66:da:da:78:3b:d6:c4:54:26:db:54:8d:fc:0a:
                    32:80:34:d2:da:55:0e:06:47:55:07:82:a6:3f:cc:
                    eb:ad:30:db:10:80:58:6c:60:57:46:48:58:c2:72:
                    97:5d:2e:e4:03:3d:dc:44:c3:9f:79:de:da:1f:0a:
                    3f:62:c5:48:9f:53:82:b5:90:fd:23:cb:1d:36:54:
                    df:90:f5:5c:44:36:78:d7:55:81:a8:ce:0b:e5:cb:
                    48:d0:30:1c:9a:5c:32:ae:fd:41:ac:3c:22:f9:0c:
                    66:be:3c:70:c1:7b:8d:42:62:c6:da:49:0d:c0:9b:
                    93:05:2e:59:1b:a6:40:73:26:4d:88:3a:a7:f4:f2:
                    08:ce:7d:3b:68:57:83:55:62:44:56:60:5d:fb:03:
                    da:9e:44:a7:ba:91:08:a8:a3:8a:b1:bb:51:9b:43:
                    b5:fe:1a:c0:ee:6c:4d:5b:74:cb:ef:36:62:38:23:
                    96:fc:23:59:45:9a:d2:96:db:82:8a:68:8c:e7:e0:
                    9e:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:7F:65:FC:E9:6E:ED:9D:75:40:D7:C0:4E:5C:1E:97:CF:E5:1E:78
            X509v3 Authority Key Identifier:
                keyid:A2:90:0E:46:55:AB:34:9A:46:32:B1:40:71:9D:C9:72:30:43:17:25

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/opAORlWrNJpGMrFAcZ3JcjBDFyU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/gH9l_Olu7Z11QNfATlwel8_lHng.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/4f701a-ed6f-47c8-bf73-f4c5fc3ca2c4/1/opAORlWrNJpGMrFAcZ3JcjBDFyU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:e6:b9:55:de:dd:5a:bb:53:4a:c0:0f:ed:ea:b7:b7:b2:fa:
         08:63:9f:91:61:b1:fd:bb:3f:fe:87:82:59:90:db:b5:79:d7:
         56:ed:29:4b:55:df:ec:18:ae:d3:29:56:2e:83:47:da:64:21:
         8c:13:09:e9:0e:ec:d7:14:23:0b:7d:59:a5:2a:23:e3:de:43:
         ba:90:3f:db:6d:6f:70:61:ee:26:c1:a5:99:63:39:89:d1:c1:
         78:93:c9:d2:a6:ff:c6:63:89:00:84:81:b5:eb:cd:95:08:66:
         bf:f6:09:f9:07:48:df:91:22:25:43:76:82:37:f4:77:83:df:
         f1:10:fc:5a:43:4a:9b:d6:23:0f:81:cf:81:26:28:05:af:2e:
         42:a9:de:43:82:3c:f5:3d:1c:5e:39:53:7f:4a:d5:c4:c7:3d:
         fd:33:d1:af:a4:08:50:a0:74:62:ae:8b:fa:75:f6:41:00:57:
         39:6a:cc:89:75:5b:e3:aa:10:25:a2:4f:56:a0:b7:a0:dd:79:
         68:cc:3a:ba:b3:1e:3e:f5:b8:b8:b2:96:30:ec:cf:38:de:74:
         22:4a:4d:58:86:e5:d2:62:75:89:54:83:04:12:e1:a9:17:cf:
         3a:37:a1:c1:a0:a3:ae:3c:d6:80:7a:b6:37:c4:cc:c8:aa:70:
         0f:16:d1:a2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjJnQbz42IleGidZSXJeDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEyOTAwZTQ2NTVhYjM0OWE0NjMyYjE0MDcxOWRjOTcyMzA0
MzE3MjUwHhcNMjUwMTAxMDE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MDdmNjVmY2U5NmVlZDlkNzU0MGQ3YzA0ZTVjMWU5N2NmZTUxZTc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo4uQPFI/KLFvERO8wGD/d8Tokd1m
6e/amr0rvjkey4//CH+q5X2XtPNdU6YECZTy6WhNymThOyDYvbpaZtraeDvWxFQm
21SN/AoygDTS2lUOBkdVB4KmP8zrrTDbEIBYbGBXRkhYwnKXXS7kAz3cRMOfed7a
Hwo/YsVIn1OCtZD9I8sdNlTfkPVcRDZ411WBqM4L5ctI0DAcmlwyrv1BrDwi+Qxm
vjxwwXuNQmLG2kkNwJuTBS5ZG6ZAcyZNiDqn9PIIzn07aFeDVWJEVmBd+wPankSn
upEIqKOKsbtRm0O1/hrA7mxNW3TL7zZiOCOW/CNZRZrSltuCimiM5+Ce6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIB/Zfzpbu2ddUDXwE5cHpfP5R54MB8GA1UdIwQY
MBaAFKKQDkZVqzSaRjKxQHGdyXIwQxclMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMt
ZjRjNWZjM2NhMmM0LzEvZ0g5bF9PbHU3WjExUU5mQVRsd2VsOF9sSG5nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC80ZjcwMWEtZWQ2Zi00N2M4LWJmNzMtZjRjNWZjM2NhMmM0
LzEvb3BBT1JsV3JOSnBHTXJGQWNaM0pjakJERnlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud0sMA0G
CSqGSIb3DQEBCwUAA4IBAQBo5rlV3t1au1NKwA/t6re3svoIY5+RYbH9uz/+h4JZ
kNu1eddW7SlLVd/sGK7TKVYug0faZCGMEwnpDuzXFCMLfVmlKiPj3kO6kD/bbW9w
Ye4mwaWZYzmJ0cF4k8nSpv/GY4kAhIG1682VCGa/9gn5B0jfkSIlQ3aCN/R3g9/x
EPxaQ0qb1iMPgc+BJigFry5Cqd5Dgjz1PRxeOVN/StXExz39M9GvpAhQoHRirov6
dfZBAFc5asyJdVvjqhAlok9WoLeg3XlozDq6sx4+9bi4spYw7M843nQiSk1YhuXS
YnWJVIMEEuGpF886N6HBoKOuPNaAerY3xMzIqnAPFtGi
-----END CERTIFICATE-----