Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/a4bdf7-2579-4bd0-8a93-224fd78ef827/1/IIaW89ZzFdGKWt-qkretRuZFhUw.roa
File:                     IIaW89ZzFdGKWt-qkretRuZFhUw.roa (raw, json)
Hash identifier:          +wV4CyXS7FosexYu6VMQZY2Kh9jsLDP8nTTtEBowsxI=
Subject key identifier:   20:86:96:F3:D6:73:15:D1:8A:5A:DF:AA:92:B7:AD:46:E6:45:85:4C
Certificate issuer:       /CN=c115b327e84761685022f47328d6f4cbd6d3041e
Certificate serial:       019424455FD24ACB0D51269EA9FB5549519F
Authority key identifier: C1:15:B3:27:E8:47:61:68:50:22:F4:73:28:D6:F4:CB:D6:D3:04:1E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wRWzJ-hHYWhQIvRzKNb0y9bTBB4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cb/a4bdf7-2579-4bd0-8a93-224fd78ef827/1/IIaW89ZzFdGKWt-qkretRuZFhUw.roa
Signing time:             Wed 01 Jan 2025 23:48:33 +0000
ROA not before:           Wed 01 Jan 2025 23:48:33 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     29119
IP address blocks:        185.152.172.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cb/a4bdf7-2579-4bd0-8a93-224fd78ef827/1/wRWzJ-hHYWhQIvRzKNb0y9bTBB4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cb/a4bdf7-2579-4bd0-8a93-224fd78ef827/1/wRWzJ-hHYWhQIvRzKNb0y9bTBB4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wRWzJ-hHYWhQIvRzKNb0y9bTBB4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:5f:d2:4a:cb:0d:51:26:9e:a9:fb:55:49:51:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c115b327e84761685022f47328d6f4cbd6d3041e
        Validity
            Not Before: Jan  1 23:48:33 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=208696f3d67315d18a5adfaa92b7ad46e645854c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:7f:15:08:f4:52:0d:07:51:e6:20:88:cc:9f:
                    d6:97:29:95:bd:c5:de:1d:6e:81:87:c4:b0:c4:c5:
                    b8:14:40:23:08:bb:c2:67:29:16:b1:15:b7:eb:6d:
                    1c:ac:92:8e:0f:b2:1b:10:00:ab:d5:af:3f:aa:81:
                    78:d2:c3:74:8e:1b:8d:cd:91:d5:44:2c:9a:04:6f:
                    62:d6:25:32:3c:a5:aa:ef:87:6d:38:12:cf:d1:07:
                    ac:0d:68:0f:bc:ff:04:2f:cd:d9:41:7e:de:32:c9:
                    eb:11:0e:41:54:a2:51:6b:fb:f2:03:17:a8:13:49:
                    d6:25:a4:a0:43:95:78:e4:85:f3:9e:d3:6b:f4:52:
                    2f:22:05:ab:0e:37:69:48:1b:57:90:43:a1:36:64:
                    9d:3b:72:51:39:dc:2e:5e:5a:fc:75:78:a1:24:fa:
                    8f:d2:57:25:a8:db:ac:94:3e:8d:76:5d:f0:d0:2d:
                    42:bd:91:5e:3d:74:7c:b2:a1:8e:a9:a3:84:68:4e:
                    45:0c:b4:85:e3:d2:e5:18:41:24:fe:63:6f:63:8f:
                    bd:a0:0b:d0:bc:9d:d4:f6:5f:08:25:17:07:50:bd:
                    c9:ce:33:72:7f:08:7c:83:e4:c4:3a:de:b5:43:da:
                    27:e4:51:bb:29:1f:6f:56:1f:7c:ff:02:c8:ee:8c:
                    a4:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:86:96:F3:D6:73:15:D1:8A:5A:DF:AA:92:B7:AD:46:E6:45:85:4C
            X509v3 Authority Key Identifier:
                keyid:C1:15:B3:27:E8:47:61:68:50:22:F4:73:28:D6:F4:CB:D6:D3:04:1E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wRWzJ-hHYWhQIvRzKNb0y9bTBB4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/a4bdf7-2579-4bd0-8a93-224fd78ef827/1/IIaW89ZzFdGKWt-qkretRuZFhUw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/a4bdf7-2579-4bd0-8a93-224fd78ef827/1/wRWzJ-hHYWhQIvRzKNb0y9bTBB4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.152.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:44:92:39:b9:85:66:37:21:ee:6f:7e:0c:4f:d9:57:7f:00:
         bd:ce:b0:85:97:54:c7:81:56:cf:14:c4:cd:b3:ae:15:a5:df:
         cc:0d:17:87:28:65:81:ca:8e:05:a8:3c:c9:d1:fc:39:ee:60:
         83:53:29:30:6b:94:79:b3:df:e5:40:10:6d:2d:bc:2e:0c:4e:
         8d:1e:e9:05:2a:9b:05:84:6f:e7:73:4a:7c:ee:e0:cd:ad:37:
         f2:2d:42:66:ec:f1:eb:af:de:d8:74:9b:2b:cd:f7:e6:71:37:
         e4:ad:ca:be:65:97:28:6a:28:9d:cf:08:eb:19:df:06:ce:90:
         e2:6a:2d:fb:b1:40:66:2a:a9:0a:34:c5:93:e2:f4:24:d0:97:
         bf:3f:49:a2:6a:a1:58:82:03:a0:6c:35:7b:ec:fa:27:fe:ce:
         2f:1a:46:bd:7d:0f:e6:6e:1e:0e:1b:18:a0:4f:c0:37:db:5e:
         e0:2f:e3:39:3c:45:34:b8:46:29:a8:15:5f:d4:cc:6b:df:18:
         c1:0a:53:c7:8b:85:f5:7a:19:9c:3a:da:cf:4a:4c:be:1e:22:
         a0:20:9d:96:07:a3:03:a0:ce:73:e0:c7:d1:60:b6:35:fd:24:
         8e:d1:74:eb:3b:c8:32:67:d6:25:7b:9c:0b:08:89:21:26:9d:
         6e:7a:14:9b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRV/SSssNUSaeqftVSVGfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMTViMzI3ZTg0NzYxNjg1MDIyZjQ3MzI4ZDZmNGNiZDZk
MzA0MWUwHhcNMjUwMTAxMjM0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDg2OTZmM2Q2NzMxNWQxOGE1YWRmYWE5MmI3YWQ0NmU2NDU4NTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj38VCPRSDQdR5iCIzJ/WlymVvcXe
HW6Bh8SwxMW4FEAjCLvCZykWsRW3620crJKOD7IbEACr1a8/qoF40sN0jhuNzZHV
RCyaBG9i1iUyPKWq74dtOBLP0QesDWgPvP8EL83ZQX7eMsnrEQ5BVKJRa/vyAxeo
E0nWJaSgQ5V45IXzntNr9FIvIgWrDjdpSBtXkEOhNmSdO3JROdwuXlr8dXihJPqP
0lclqNuslD6Ndl3w0C1CvZFePXR8sqGOqaOEaE5FDLSF49LlGEEk/mNvY4+9oAvQ
vJ3U9l8IJRcHUL3JzjNyfwh8g+TEOt61Q9on5FG7KR9vVh98/wLI7oykKwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCCGlvPWcxXRilrfqpK3rUbmRYVMMB8GA1UdIwQY
MBaAFMEVsyfoR2FoUCL0cyjW9MvW0wQeMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1JXekotaEhZV2hRSXZSektOYjB5OWJUQkI0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9hNGJkZjctMjU3OS00YmQwLThhOTMt
MjI0ZmQ3OGVmODI3LzEvSUlhVzg5WnpGZEdLV3QtcWtyZXRSdVpGaFV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9hNGJkZjctMjU3OS00YmQwLThhOTMtMjI0ZmQ3OGVmODI3
LzEvd1JXekotaEhZV2hRSXZSektOYjB5OWJUQkI0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuZisMA0G
CSqGSIb3DQEBCwUAA4IBAQCDRJI5uYVmNyHub34MT9lXfwC9zrCFl1THgVbPFMTN
s64Vpd/MDReHKGWByo4FqDzJ0fw57mCDUykwa5R5s9/lQBBtLbwuDE6NHukFKpsF
hG/nc0p87uDNrTfyLUJm7PHrr97YdJsrzffmcTfkrcq+ZZcoaiidzwjrGd8GzpDi
ai37sUBmKqkKNMWT4vQk0Je/P0miaqFYggOgbDV77Pon/s4vGka9fQ/mbh4OGxig
T8A3217gL+M5PEU0uEYpqBVf1Mxr3xjBClPHi4X1ehmcOtrPSky+HiKgIJ2WB6MD
oM5z4MfRYLY1/SSO0XTrO8gyZ9Yle5wLCIkhJp1uehSb
-----END CERTIFICATE-----