Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/IZeoqEY95eSVV0eYYLX8T3tHlCs.roa
File:                     IZeoqEY95eSVV0eYYLX8T3tHlCs.roa (raw, json)
Hash identifier:          LO4oh4VYMguVhAQpzzJsbYN82/uMVEn2vgRLSpasT1s=
Subject key identifier:   21:97:A8:A8:46:3D:E5:E4:95:57:47:98:60:B5:FC:4F:7B:47:94:2B
Certificate issuer:       /CN=8452b03e1b01709638940d9592983cde77ecab77
Certificate serial:       01942369B117794FE0FD684DB88B76CE68C4
Authority key identifier: 84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/IZeoqEY95eSVV0eYYLX8T3tHlCs.roa
Signing time:             Wed 01 Jan 2025 19:48:36 +0000
ROA not before:           Wed 01 Jan 2025 19:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50633
IP address blocks:        185.249.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:b1:17:79:4f:e0:fd:68:4d:b8:8b:76:ce:68:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8452b03e1b01709638940d9592983cde77ecab77
        Validity
            Not Before: Jan  1 19:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2197a8a8463de5e49557479860b5fc4f7b47942b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:bd:7f:92:06:df:23:4e:75:b9:19:74:0e:4d:
                    89:75:b7:7e:5e:ed:c6:07:f9:b8:87:b4:89:5e:f1:
                    a6:9e:44:98:19:66:b8:fa:37:74:ec:64:f9:b9:bd:
                    a7:a8:2f:a6:e4:d0:bc:15:6c:1f:09:2c:c9:b1:37:
                    c3:fc:29:d2:f2:6e:68:1c:62:e7:13:93:88:17:49:
                    66:1b:cb:af:41:83:98:a6:8c:e0:d6:e2:db:58:ca:
                    19:9e:fa:a0:a6:9f:55:dd:0d:af:c9:2f:af:e6:b3:
                    2f:18:dc:3f:73:42:59:ee:bb:0b:f4:dd:de:40:10:
                    5a:f1:56:da:fd:60:03:0c:a2:d2:b9:b6:87:ec:35:
                    2b:ee:90:7e:e1:05:10:bf:21:14:cc:e2:5d:07:96:
                    72:12:59:f7:8c:97:32:97:26:b6:cb:30:66:cf:55:
                    74:18:d6:b0:d4:51:ef:2b:29:1e:d3:09:e4:7d:80:
                    66:f8:ba:34:98:61:7c:81:e0:d4:5b:98:5f:6c:0a:
                    d1:2f:26:61:43:57:47:5f:8c:de:ae:3c:4e:df:46:
                    45:1e:c2:db:32:3f:10:d7:6c:ee:e9:06:ca:75:23:
                    76:a7:b6:a2:4e:d4:44:d9:40:1c:fd:9e:ab:e8:15:
                    48:f2:2f:04:bc:56:47:2f:0b:5e:c1:ff:48:cb:e9:
                    69:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:97:A8:A8:46:3D:E5:E4:95:57:47:98:60:B5:FC:4F:7B:47:94:2B
            X509v3 Authority Key Identifier:
                keyid:84:52:B0:3E:1B:01:70:96:38:94:0D:95:92:98:3C:DE:77:EC:AB:77

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hFKwPhsBcJY4lA2Vkpg83nfsq3c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/IZeoqEY95eSVV0eYYLX8T3tHlCs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e4/011f6e-e928-4f2b-aa24-200fc274cb01/1/hFKwPhsBcJY4lA2Vkpg83nfsq3c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.249.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:d9:04:f7:57:38:77:84:82:19:f9:7b:70:b8:ab:d8:dc:c3:
         1a:f9:fe:11:5a:f0:90:60:a0:81:72:7c:0c:cd:a8:9c:4c:d0:
         58:e4:5e:03:25:cd:a2:15:f6:45:99:b3:9b:d6:96:e3:ef:43:
         86:df:1a:b0:48:60:62:d5:54:61:c2:08:25:6d:07:83:21:3a:
         0d:b3:e1:6c:bf:2e:f0:71:a4:5e:33:11:ab:70:7a:77:c1:6b:
         5a:5f:83:66:4a:b2:16:9f:fd:d6:77:8c:93:45:a0:09:e7:85:
         24:42:38:da:04:ef:ad:84:2c:66:6d:c4:66:fa:c6:a8:98:73:
         e2:53:f6:a8:a5:9f:d1:27:56:0a:ee:de:0b:4d:fc:a1:67:61:
         b1:d3:07:58:0b:46:df:d6:aa:a3:75:da:14:64:52:d3:e1:e6:
         b7:68:42:ec:61:30:13:f7:22:02:57:25:f0:76:91:96:ec:4b:
         6d:1f:37:11:de:36:f9:7c:b7:28:8b:03:b7:7a:97:26:7d:1e:
         5e:ef:8b:7d:2d:e8:41:e6:fa:c0:4a:95:70:dd:36:2f:46:af:
         61:3b:5b:a3:df:96:b0:fe:a2:39:d9:d1:c2:4a:67:a2:ed:e3:
         f6:c1:08:a4:d2:08:05:a5:23:bc:51:5a:7f:cf:b4:2e:49:c2:
         62:1d:5f:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjabEXeU/g/WhNuIt2zmjEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0NTJiMDNlMWIwMTcwOTYzODk0MGQ5NTkyOTgzY2RlNzdl
Y2FiNzcwHhcNMjUwMTAxMTk0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMTk3YThhODQ2M2RlNWU0OTU1NzQ3OTg2MGI1ZmM0ZjdiNDc5NDJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5r1/kgbfI051uRl0Dk2Jdbd+Xu3G
B/m4h7SJXvGmnkSYGWa4+jd07GT5ub2nqC+m5NC8FWwfCSzJsTfD/CnS8m5oHGLn
E5OIF0lmG8uvQYOYpozg1uLbWMoZnvqgpp9V3Q2vyS+v5rMvGNw/c0JZ7rsL9N3e
QBBa8Vba/WADDKLSubaH7DUr7pB+4QUQvyEUzOJdB5ZyEln3jJcylya2yzBmz1V0
GNaw1FHvKyke0wnkfYBm+Lo0mGF8geDUW5hfbArRLyZhQ1dHX4zerjxO30ZFHsLb
Mj8Q12zu6QbKdSN2p7aiTtRE2UAc/Z6r6BVI8i8EvFZHLwtewf9Iy+lpxwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCGXqKhGPeXklVdHmGC1/E97R5QrMB8GA1UdIwQY
MBaAFIRSsD4bAXCWOJQNlZKYPN537Kt3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQt
MjAwZmMyNzRjYjAxLzEvSVplb3FFWTk1ZVNWVjBlWVlMWDhUM3RIbENzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNC8wMTFmNmUtZTkyOC00ZjJiLWFhMjQtMjAwZmMyNzRjYjAx
LzEvaEZLd1Boc0JjSlk0bEEyVmtwZzgzbmZzcTNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufmhMA0G
CSqGSIb3DQEBCwUAA4IBAQCy2QT3Vzh3hIIZ+XtwuKvY3MMa+f4RWvCQYKCBcnwM
zaicTNBY5F4DJc2iFfZFmbOb1pbj70OG3xqwSGBi1VRhwgglbQeDIToNs+Fsvy7w
caReMxGrcHp3wWtaX4NmSrIWn/3Wd4yTRaAJ54UkQjjaBO+thCxmbcRm+saomHPi
U/aopZ/RJ1YK7t4LTfyhZ2Gx0wdYC0bf1qqjddoUZFLT4ea3aELsYTAT9yICVyXw
dpGW7EttHzcR3jb5fLcoiwO3epcmfR5e74t9LehB5vrASpVw3TYvRq9hO1uj35aw
/qI52dHCSmei7eP2wQik0ggFpSO8UVp/z7QuScJiHV9A
-----END CERTIFICATE-----