Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/a733f6-09ad-4f1a-a357-e162203296bb/1/iW3M8w8EnOfRKmq5UL0Jzk_nXrc.roa
File:                     iW3M8w8EnOfRKmq5UL0Jzk_nXrc.roa (raw, json)
Hash identifier:          vQxUQ/gQ4diOyDGNSgt4mcIRpvqTprh0PY77byZ05KY=
Subject key identifier:   89:6D:CC:F3:0F:04:9C:E7:D1:2A:6A:B9:50:BD:09:CE:4F:E7:5E:B7
Certificate issuer:       /CN=8bbd273a14536161551260d848d76fa26446cd46
Certificate serial:       0194BC19E81FA59C4B46736FCADDBC6CD729
Authority key identifier: 8B:BD:27:3A:14:53:61:61:55:12:60:D8:48:D7:6F:A2:64:46:CD:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/i70nOhRTYWFVEmDYSNdvomRGzUY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/a733f6-09ad-4f1a-a357-e162203296bb/1/iW3M8w8EnOfRKmq5UL0Jzk_nXrc.roa
Signing time:             Fri 31 Jan 2025 11:23:21 +0000
ROA not before:           Fri 31 Jan 2025 11:23:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     31390
IP address blocks:        185.100.216.0/24 maxlen: 24
                          185.100.217.0/24 maxlen: 24
                          185.100.218.0/24 maxlen: 24
                          185.100.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/a733f6-09ad-4f1a-a357-e162203296bb/1/i70nOhRTYWFVEmDYSNdvomRGzUY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/a733f6-09ad-4f1a-a357-e162203296bb/1/i70nOhRTYWFVEmDYSNdvomRGzUY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/i70nOhRTYWFVEmDYSNdvomRGzUY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Feb 2025 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:bc:19:e8:1f:a5:9c:4b:46:73:6f:ca:dd:bc:6c:d7:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8bbd273a14536161551260d848d76fa26446cd46
        Validity
            Not Before: Jan 31 11:23:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=896dccf30f049ce7d12a6ab950bd09ce4fe75eb7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e9:a2:09:1d:19:87:51:08:d4:f4:7e:62:a5:
                    69:dd:60:cd:37:01:80:c1:8f:c5:da:a8:1a:bb:ff:
                    75:ee:8a:6f:06:fc:c7:f8:f7:a6:95:61:3f:6e:19:
                    e4:d5:b8:95:6c:43:85:44:df:c8:b9:5b:85:34:7a:
                    18:55:fc:43:a8:e5:6c:68:21:26:21:8a:dd:14:85:
                    f6:c4:9f:9d:b5:8d:9d:ce:64:84:3f:06:f5:b5:19:
                    5f:7a:1e:ea:f8:38:78:f3:ee:73:b9:11:94:cc:8e:
                    6b:af:a3:4d:26:d5:79:4a:2e:0d:8a:d3:10:89:e2:
                    cd:52:6c:f6:4b:79:b5:2b:e5:91:21:9a:76:44:01:
                    fd:c5:46:90:e2:7c:bf:f4:ab:2f:d3:9c:8e:06:d6:
                    bd:c6:77:61:be:a5:c4:d9:09:b0:83:39:6e:8c:69:
                    d3:ce:d0:eb:3d:1c:c3:3d:ce:60:22:2b:9f:15:62:
                    47:77:0f:b0:93:8b:74:ec:10:fd:3e:c9:92:a6:dc:
                    01:45:7c:48:4d:6c:77:5e:fd:62:74:c2:67:57:77:
                    b5:b9:81:6c:32:6a:37:85:f7:c4:7e:24:c4:af:8b:
                    9a:2a:59:bb:83:3d:bf:fd:c6:a9:de:7f:df:f5:fa:
                    ac:b4:d4:a4:24:a1:3e:30:2b:37:3b:57:48:b5:97:
                    d0:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:6D:CC:F3:0F:04:9C:E7:D1:2A:6A:B9:50:BD:09:CE:4F:E7:5E:B7
            X509v3 Authority Key Identifier:
                keyid:8B:BD:27:3A:14:53:61:61:55:12:60:D8:48:D7:6F:A2:64:46:CD:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i70nOhRTYWFVEmDYSNdvomRGzUY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/a733f6-09ad-4f1a-a357-e162203296bb/1/iW3M8w8EnOfRKmq5UL0Jzk_nXrc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/a733f6-09ad-4f1a-a357-e162203296bb/1/i70nOhRTYWFVEmDYSNdvomRGzUY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.216.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2e:e3:fc:15:a9:eb:40:0f:b8:44:38:06:51:b7:62:cf:15:8b:
         b4:cc:28:d7:91:a8:47:6c:b4:7c:e9:60:c2:8d:60:84:89:79:
         38:ea:85:df:a5:04:7a:73:d6:f3:f2:9e:c4:d3:bd:30:dc:17:
         18:24:e5:32:c5:ef:61:e0:7a:a6:08:95:28:54:a7:e2:70:a5:
         3b:10:18:02:df:0a:f0:d9:2a:36:2a:57:84:2e:72:2a:f6:ea:
         f3:44:d4:43:4a:8e:14:15:3a:8a:b0:90:aa:6b:34:04:6f:69:
         4f:9c:5e:e7:dc:d3:f7:dc:08:58:68:25:c9:60:de:24:98:6e:
         3b:b7:c6:a5:b8:bf:53:70:9b:e3:35:f3:ab:e6:21:db:78:e0:
         4c:ba:34:ae:0c:ba:f5:9e:e8:bf:a3:1a:1b:28:6b:9e:81:ce:
         d8:06:05:78:2c:23:79:e0:18:31:eb:f2:7b:38:60:39:bc:da:
         9c:73:2d:c6:29:b4:9d:43:dd:0a:ce:45:cb:c7:d0:d6:78:00:
         50:77:ac:f1:d0:3f:92:f3:c8:11:0a:fc:3b:d3:06:ef:e6:ca:
         20:10:fd:3b:25:f9:e7:b3:c9:a5:70:ee:22:28:4b:d6:89:8f:
         68:82:14:9f:fb:99:2e:6a:ae:10:84:bf:a0:e8:99:a6:58:48:
         51:d7:03:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZS8GegfpZxLRnNvyt28bNcpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYmQyNzNhMTQ1MzYxNjE1NTEyNjBkODQ4ZDc2ZmEyNjQ0
NmNkNDYwHhcNMjUwMTMxMTEyMzIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTZkY2NmMzBmMDQ5Y2U3ZDEyYTZhYjk1MGJkMDljZTRmZTc1ZWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo+miCR0Zh1EI1PR+YqVp3WDNNwGA
wY/F2qgau/917opvBvzH+PemlWE/bhnk1biVbEOFRN/IuVuFNHoYVfxDqOVsaCEm
IYrdFIX2xJ+dtY2dzmSEPwb1tRlfeh7q+Dh48+5zuRGUzI5rr6NNJtV5Si4NitMQ
ieLNUmz2S3m1K+WRIZp2RAH9xUaQ4ny/9Ksv05yOBta9xndhvqXE2QmwgzlujGnT
ztDrPRzDPc5gIiufFWJHdw+wk4t07BD9PsmSptwBRXxITWx3Xv1idMJnV3e1uYFs
Mmo3hffEfiTEr4uaKlm7gz2//cap3n/f9fqstNSkJKE+MCs3O1dItZfQXwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIltzPMPBJzn0SpquVC9Cc5P5163MB8GA1UdIwQY
MBaAFIu9JzoUU2FhVRJg2EjXb6JkRs1GMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTcwbk9oUlRZV0ZWRW1EWVNOZHZvbVJHelVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC9hNzMzZjYtMDlhZC00ZjFhLWEzNTct
ZTE2MjIwMzI5NmJiLzEvaVczTTh3OEVuT2ZSS21xNVVMMEp6a19uWHJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC9hNzMzZjYtMDlhZC00ZjFhLWEzNTctZTE2MjIwMzI5NmJi
LzEvaTcwbk9oUlRZV0ZWRW1EWVNOZHZvbVJHelVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuWTYMA0G
CSqGSIb3DQEBCwUAA4IBAQAu4/wVqetAD7hEOAZRt2LPFYu0zCjXkahHbLR86WDC
jWCEiXk46oXfpQR6c9bz8p7E070w3BcYJOUyxe9h4HqmCJUoVKficKU7EBgC3wrw
2So2KleELnIq9urzRNRDSo4UFTqKsJCqazQEb2lPnF7n3NP33AhYaCXJYN4kmG47
t8aluL9TcJvjNfOr5iHbeOBMujSuDLr1nui/oxobKGuegc7YBgV4LCN54Bgx6/J7
OGA5vNqccy3GKbSdQ90KzkXLx9DWeABQd6zx0D+S88gRCvw70wbv5sogEP07Jfnn
s8mlcO4iKEvWiY9oghSf+5kuaq4QhL+g6JmmWEhR1wO0
-----END CERTIFICATE-----