Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/j4yMCsd2sqRrJMPk-mU5PxiYETE.roa
File:                     j4yMCsd2sqRrJMPk-mU5PxiYETE.roa (raw, json)
Hash identifier:          sLyw1MXrXUoj8UA9KC4G8Py6PSkfBG3ZG2dLZ8Rqiok=
Subject key identifier:   8F:8C:8C:0A:C7:76:B2:A4:6B:24:C3:E4:FA:65:39:3F:18:98:11:31
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019422205C5EB221546E28F970F5D183CA1F
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/j4yMCsd2sqRrJMPk-mU5PxiYETE.roa
Signing time:             Wed 01 Jan 2025 13:48:53 +0000
ROA not before:           Wed 01 Jan 2025 13:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216431
IP address blocks:        185.221.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:5c:5e:b2:21:54:6e:28:f9:70:f5:d1:83:ca:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8f8c8c0ac776b2a46b24c3e4fa65393f18981131
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:12:65:57:4a:13:42:78:e0:ca:57:21:ec:8c:
                    0d:3e:49:aa:09:d6:19:d7:f8:b6:0e:05:91:06:b1:
                    52:c8:b2:7e:ff:08:8f:d6:02:03:74:05:c7:f0:2b:
                    12:b6:1f:c3:14:0d:6d:11:45:55:cc:95:fe:bb:04:
                    5b:b9:07:80:f9:21:ff:f5:9d:c3:69:3a:71:fe:46:
                    91:55:c3:e1:65:f9:4f:79:f3:7d:62:6e:bc:7f:4f:
                    5c:24:e3:db:53:13:7a:7a:4a:20:fc:ca:e7:60:17:
                    18:af:9e:a8:33:fc:74:0f:1c:8c:3c:6a:b5:c1:62:
                    50:98:e4:98:d5:82:b6:e7:b6:3a:b1:4a:f9:16:fd:
                    16:87:ae:49:bf:31:45:02:b7:76:6b:b3:8e:99:c9:
                    f1:1e:60:7d:35:26:c2:6c:94:50:f9:90:95:83:9c:
                    9f:42:a8:28:3f:e6:88:f2:70:59:73:e0:c7:54:c7:
                    c6:b6:bb:31:d6:5d:14:8a:21:d5:46:6c:f9:a0:fb:
                    b8:52:a9:18:23:1d:78:8f:a3:42:60:77:89:69:ca:
                    32:c1:69:9d:4e:e3:00:18:c0:89:0d:d4:2e:e1:92:
                    8f:f2:d6:30:58:f7:2a:b6:4d:b7:3f:78:11:b8:17:
                    7d:57:1a:30:4b:ff:94:00:4f:10:d8:12:11:90:a3:
                    6e:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8F:8C:8C:0A:C7:76:B2:A4:6B:24:C3:E4:FA:65:39:3F:18:98:11:31
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/j4yMCsd2sqRrJMPk-mU5PxiYETE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.221.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:14:ea:fb:28:00:bc:bf:29:23:7b:7d:ff:d0:9a:2f:33:9b:
         c3:c3:54:40:31:d4:00:6d:4b:6d:80:80:4e:63:61:7c:3a:a3:
         71:3a:d6:5f:75:87:06:c5:99:28:89:2f:70:c1:98:fe:2c:d9:
         50:84:1b:dc:e7:f2:fc:7f:8e:59:5d:db:a7:ab:cf:16:aa:1f:
         aa:67:e0:cb:5e:04:c5:ae:98:30:57:97:bc:64:e2:32:68:57:
         0f:81:b5:3b:b1:1d:fb:70:fd:83:1f:44:24:58:19:4e:cb:2b:
         56:1f:8c:87:3a:e0:e6:68:1f:89:30:03:c5:1d:e2:fb:ed:de:
         6b:e0:ca:17:5d:da:2e:e7:30:57:a0:58:13:b3:81:77:f6:f6:
         f5:72:5b:2e:f6:df:b7:90:b5:24:fa:9a:99:42:84:55:07:f4:
         cf:93:36:9b:f0:96:33:86:f7:9d:03:fe:c9:00:dc:1e:fd:79:
         0f:e7:10:22:e3:dc:85:e5:61:72:66:4d:08:ca:95:e5:9e:cf:
         5f:ba:a1:cd:9e:7e:f9:3f:a2:f8:40:8e:36:88:d8:fb:2d:0f:
         a0:63:fc:0c:27:cd:4b:a1:8f:cb:ac:04:be:d4:df:3f:70:29:
         61:55:22:32:45:4f:b9:00:48:41:80:a2:c7:9c:f5:46:ea:e4:
         58:45:44:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIFxesiFUbij5cPXRg8ofMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZjhjOGMwYWM3NzZiMmE0NmIyNGMzZTRmYTY1MzkzZjE4OTgxMTMxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqhJlV0oTQnjgylch7IwNPkmqCdYZ
1/i2DgWRBrFSyLJ+/wiP1gIDdAXH8CsSth/DFA1tEUVVzJX+uwRbuQeA+SH/9Z3D
aTpx/kaRVcPhZflPefN9Ym68f09cJOPbUxN6ekog/MrnYBcYr56oM/x0DxyMPGq1
wWJQmOSY1YK257Y6sUr5Fv0Wh65JvzFFArd2a7OOmcnxHmB9NSbCbJRQ+ZCVg5yf
QqgoP+aI8nBZc+DHVMfGtrsx1l0UiiHVRmz5oPu4UqkYIx14j6NCYHeJacoywWmd
TuMAGMCJDdQu4ZKP8tYwWPcqtk23P3gRuBd9VxowS/+UAE8Q2BIRkKNuxQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFI+MjArHdrKkayTD5PplOT8YmBExMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvajR5TUNzZDJzcVJySk1Qay1tVTVQeGlZRVRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud0VMA0G
CSqGSIb3DQEBCwUAA4IBAQAhFOr7KAC8vykje33/0JovM5vDw1RAMdQAbUttgIBO
Y2F8OqNxOtZfdYcGxZkoiS9wwZj+LNlQhBvc5/L8f45ZXdunq88Wqh+qZ+DLXgTF
rpgwV5e8ZOIyaFcPgbU7sR37cP2DH0QkWBlOyytWH4yHOuDmaB+JMAPFHeL77d5r
4MoXXdou5zBXoFgTs4F39vb1clsu9t+3kLUk+pqZQoRVB/TPkzab8JYzhvedA/7J
ANwe/XkP5xAi49yF5WFyZk0IypXlns9fuqHNnn75P6L4QI42iNj7LQ+gY/wMJ81L
oY/LrAS+1N8/cClhVSIyRU+5AEhBgKLHnPVG6uRYRUS1
-----END CERTIFICATE-----