Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/ieLYYEtxw8yorIFSAMUiUnhPzxc.roa
File:                     ieLYYEtxw8yorIFSAMUiUnhPzxc.roa (raw, json)
Hash identifier:          zpEjE+0wqNe3063Xp+u8y1IQ6Fze1n5YSctd31AydZQ=
Subject key identifier:   89:E2:D8:60:4B:71:C3:CC:A8:AC:81:52:00:C5:22:52:78:4F:CF:17
Certificate issuer:       /CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
Certificate serial:       0194228DFDCB937416BEABB751624E864BA9
Authority key identifier: BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/ieLYYEtxw8yorIFSAMUiUnhPzxc.roa
Signing time:             Wed 01 Jan 2025 15:48:38 +0000
ROA not before:           Wed 01 Jan 2025 15:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199152
IP address blocks:        213.21.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:fd:cb:93:74:16:be:ab:b7:51:62:4e:86:4b:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bcfdfe6dca8ac7bfa1a9450ef99fd315ed02acd9
        Validity
            Not Before: Jan  1 15:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89e2d8604b71c3cca8ac815200c52252784fcf17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:4e:af:3f:72:ac:72:51:f3:37:a8:3b:35:c0:
                    b2:ba:50:6e:76:0c:05:19:06:b4:87:1b:5d:9e:91:
                    e1:44:f0:96:7c:99:96:bd:de:0d:af:22:87:4c:fd:
                    db:0b:3b:d7:38:dd:20:92:0e:6f:51:07:0e:bd:ba:
                    b1:bd:c4:0c:17:a0:42:66:77:d4:a3:fe:28:56:60:
                    85:4f:e8:f8:6c:b2:f3:44:70:4d:80:4d:ae:33:f8:
                    9d:af:6e:ab:0c:44:df:25:74:f3:61:b4:dc:d4:db:
                    c8:66:fc:8e:23:d1:11:66:62:e1:2d:3b:1e:22:8b:
                    2c:1b:db:29:bb:b5:db:be:30:00:26:be:2b:bd:1d:
                    0c:a9:cf:2f:7b:32:b7:81:48:dd:1e:89:b9:4e:29:
                    63:fb:d7:23:79:af:ca:33:08:1f:86:3d:f0:65:02:
                    3c:ef:87:ac:ce:d9:13:d6:d2:31:9c:c3:1c:f5:b0:
                    77:6b:e1:ab:31:30:78:45:36:6d:24:02:fe:ae:a5:
                    c7:5a:42:08:f5:ea:c5:0d:cb:b6:9b:26:79:55:86:
                    20:2c:43:88:52:92:36:a8:1a:b3:a4:ed:3d:ed:80:
                    72:d8:6c:4d:a0:e0:a3:be:b3:86:fb:85:e3:24:e5:
                    a0:f1:ff:71:36:88:1b:18:25:e2:e8:be:6b:11:40:
                    9d:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:E2:D8:60:4B:71:C3:CC:A8:AC:81:52:00:C5:22:52:78:4F:CF:17
            X509v3 Authority Key Identifier:
                keyid:BC:FD:FE:6D:CA:8A:C7:BF:A1:A9:45:0E:F9:9F:D3:15:ED:02:AC:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/ieLYYEtxw8yorIFSAMUiUnhPzxc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/c9de13-5b74-413d-b2fb-1af2465a8eec/1/vP3-bcqKx7-hqUUO-Z_TFe0CrNk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.21.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:d4:83:b1:32:9d:4a:e5:77:2b:c5:4b:df:b1:2c:3d:f3:31:
         60:50:07:4c:36:4f:fe:cb:39:01:56:af:7a:9b:8f:eb:d7:6a:
         fb:31:66:6e:96:b9:f6:24:80:2c:c4:1a:85:a3:bc:50:66:46:
         d1:6e:63:8d:f7:d8:69:60:c7:d4:de:85:78:49:db:fa:0a:4f:
         a5:aa:2f:dd:5a:4c:3a:ed:97:ed:61:42:33:b1:c2:8c:f7:95:
         ea:3d:c4:a1:5a:eb:d2:01:94:22:ce:3c:1a:eb:ad:19:1f:b3:
         19:38:fc:bc:55:8d:ea:b7:b0:fc:ff:53:7a:85:1e:e3:3a:63:
         23:71:39:b4:20:87:24:c1:5c:8b:c4:0f:37:46:1b:3d:88:5a:
         e7:d2:6d:87:73:2d:48:f1:fb:70:02:ca:e9:9b:57:58:5e:12:
         8d:84:e1:e6:8c:56:05:8b:7d:eb:fe:03:62:63:e3:37:e1:97:
         97:2b:7a:9d:17:5a:26:d9:a4:78:f0:3b:9f:b8:51:df:a8:42:
         c8:ba:92:a7:58:9b:dd:9f:23:bf:62:02:42:34:7b:5d:80:51:
         ab:c8:54:81:28:2f:24:82:cd:5d:9b:df:47:b6:4a:95:40:58:
         b4:48:fb:1d:45:b4:2c:4e:53:62:a0:e9:6b:1c:60:f6:4b:90:
         1c:66:5b:99
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijf3Lk3QWvqu3UWJOhkupMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJjZmRmZTZkY2E4YWM3YmZhMWE5NDUwZWY5OWZkMzE1ZWQw
MmFjZDkwHhcNMjUwMTAxMTU0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWUyZDg2MDRiNzFjM2NjYThhYzgxNTIwMGM1MjI1Mjc4NGZjZjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqE6vP3KsclHzN6g7NcCyulBudgwF
GQa0hxtdnpHhRPCWfJmWvd4NryKHTP3bCzvXON0gkg5vUQcOvbqxvcQMF6BCZnfU
o/4oVmCFT+j4bLLzRHBNgE2uM/idr26rDETfJXTzYbTc1NvIZvyOI9ERZmLhLTse
IossG9spu7XbvjAAJr4rvR0Mqc8vezK3gUjdHom5Tilj+9cjea/KMwgfhj3wZQI8
74esztkT1tIxnMMc9bB3a+GrMTB4RTZtJAL+rqXHWkII9erFDcu2myZ5VYYgLEOI
UpI2qBqzpO097YBy2GxNoOCjvrOG+4XjJOWg8f9xNogbGCXi6L5rEUCd7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIni2GBLccPMqKyBUgDFIlJ4T88XMB8GA1UdIwQY
MBaAFLz9/m3Kise/oalFDvmf0xXtAqzZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmIt
MWFmMjQ2NWE4ZWVjLzEvaWVMWVlFdHh3OHlvcklGU0FNVWlVbmhQenhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC9jOWRlMTMtNWI3NC00MTNkLWIyZmItMWFmMjQ2NWE4ZWVj
LzEvdlAzLWJjcUt4Ny1ocVVVTy1aX1RGZTBDck5rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1RXeMA0G
CSqGSIb3DQEBCwUAA4IBAQBB1IOxMp1K5XcrxUvfsSw98zFgUAdMNk/+yzkBVq96
m4/r12r7MWZulrn2JIAsxBqFo7xQZkbRbmON99hpYMfU3oV4Sdv6Ck+lqi/dWkw6
7ZftYUIzscKM95XqPcShWuvSAZQizjwa660ZH7MZOPy8VY3qt7D8/1N6hR7jOmMj
cTm0IIckwVyLxA83Rhs9iFrn0m2Hcy1I8ftwAsrpm1dYXhKNhOHmjFYFi33r/gNi
Y+M34ZeXK3qdF1om2aR48DufuFHfqELIupKnWJvdnyO/YgJCNHtdgFGryFSBKC8k
gs1dm99HtkqVQFi0SPsdRbQsTlNioOlrHGD2S5AcZluZ
-----END CERTIFICATE-----