Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/29ac84-4365-4eba-9873-391bce71fea1/1/ifTKeL7Q3yOfbgGQD-O0V2FKxJg.roa
File:                     ifTKeL7Q3yOfbgGQD-O0V2FKxJg.roa (raw, json)
Hash identifier:          JhNUlPYthTeXHHV7LF1Jgo8sCxuBA07GISDC2g5jYXI=
Subject key identifier:   89:F4:CA:78:BE:D0:DF:23:9F:6E:01:90:0F:E3:B4:57:61:4A:C4:98
Certificate issuer:       /CN=267d9ecb9964825d44dd266bbd32aa0804bc10f7
Certificate serial:       019427B5C86A67A051AD99FD0E975A4F3BF4
Authority key identifier: 26:7D:9E:CB:99:64:82:5D:44:DD:26:6B:BD:32:AA:08:04:BC:10:F7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Jn2ey5lkgl1E3SZrvTKqCAS8EPc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/29ac84-4365-4eba-9873-391bce71fea1/1/ifTKeL7Q3yOfbgGQD-O0V2FKxJg.roa
Signing time:             Thu 02 Jan 2025 15:50:12 +0000
ROA not before:           Thu 02 Jan 2025 15:50:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205996
IP address blocks:        185.199.164.0/22 maxlen: 24
                          2a0d:4900::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/29ac84-4365-4eba-9873-391bce71fea1/1/Jn2ey5lkgl1E3SZrvTKqCAS8EPc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/29ac84-4365-4eba-9873-391bce71fea1/1/Jn2ey5lkgl1E3SZrvTKqCAS8EPc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Jn2ey5lkgl1E3SZrvTKqCAS8EPc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 03:00:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:c8:6a:67:a0:51:ad:99:fd:0e:97:5a:4f:3b:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=267d9ecb9964825d44dd266bbd32aa0804bc10f7
        Validity
            Not Before: Jan  2 15:50:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89f4ca78bed0df239f6e01900fe3b457614ac498
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8c:5c:e4:7f:2f:81:a1:03:eb:94:04:8e:a7:08:
                    6b:49:cb:55:5f:55:5d:8a:e5:1b:9c:7d:83:5f:5a:
                    e6:f2:3f:9d:c0:d8:ec:4d:78:70:70:79:b3:e8:e5:
                    61:67:c6:c9:8d:46:ca:b1:77:08:91:41:1b:7f:8b:
                    4f:df:f6:52:10:fd:45:09:25:2b:07:bc:0a:5b:a7:
                    c1:33:b7:54:1f:a0:71:27:ad:15:d5:2b:18:c6:51:
                    e3:76:2e:c1:ce:31:b6:85:3c:dc:9d:3b:a8:bf:83:
                    11:b5:29:c2:6a:1d:61:6e:a0:b4:72:72:e9:f8:8a:
                    8f:76:3f:d1:34:75:3f:bc:e1:8b:86:9a:a2:2a:9a:
                    9a:50:cd:6e:4d:a3:aa:98:39:43:9f:14:76:13:0a:
                    2d:9f:c0:03:29:99:86:31:1b:bc:48:44:34:61:69:
                    d1:fb:43:e6:8c:24:43:a7:d8:59:88:b2:9a:6c:ae:
                    95:91:77:db:73:b9:cf:f3:f5:bd:b3:e1:be:a4:f6:
                    03:15:db:e1:eb:26:db:40:07:86:bc:17:6f:74:b9:
                    8f:f1:bf:0a:a0:f9:4c:b8:96:84:d4:c1:22:29:14:
                    26:0d:3c:bb:9b:b0:0e:29:8e:fa:1b:7e:70:87:2c:
                    06:c6:a5:ed:59:f5:77:42:96:9f:c0:74:19:42:49:
                    07:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:F4:CA:78:BE:D0:DF:23:9F:6E:01:90:0F:E3:B4:57:61:4A:C4:98
            X509v3 Authority Key Identifier:
                keyid:26:7D:9E:CB:99:64:82:5D:44:DD:26:6B:BD:32:AA:08:04:BC:10:F7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Jn2ey5lkgl1E3SZrvTKqCAS8EPc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/29ac84-4365-4eba-9873-391bce71fea1/1/ifTKeL7Q3yOfbgGQD-O0V2FKxJg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/29ac84-4365-4eba-9873-391bce71fea1/1/Jn2ey5lkgl1E3SZrvTKqCAS8EPc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.164.0/22
                IPv6:
                  2a0d:4900::/32

    Signature Algorithm: sha256WithRSAEncryption
         99:57:15:86:0b:87:e3:85:0e:2d:58:a4:21:e0:86:79:0e:04:
         81:0e:a2:b7:f9:e5:bb:80:75:0d:14:2f:63:12:01:77:c5:8c:
         75:aa:54:f4:77:d2:94:b5:42:70:71:4d:2a:09:b4:37:59:a5:
         20:9b:42:d8:10:46:37:53:99:5b:f7:aa:ea:13:7f:dc:94:0c:
         a5:28:49:08:18:04:c7:d1:95:13:a2:eb:7e:79:f4:90:33:c2:
         04:38:be:15:d5:11:29:01:34:87:cc:fd:41:b5:c6:eb:58:7a:
         29:b2:71:84:92:0b:25:57:6b:60:ea:15:eb:d8:48:f3:58:50:
         a4:e4:be:2f:c8:93:19:c4:34:0a:76:02:4a:18:c5:63:e4:0e:
         21:74:04:cf:9f:14:e0:de:c3:30:43:c9:e4:99:39:e1:11:60:
         7f:a3:a3:c5:a4:20:d9:9b:33:b9:c5:3f:46:b7:e1:66:e2:0e:
         81:c4:be:91:70:e2:fe:07:86:10:c3:12:18:e6:ed:0f:0b:f7:
         17:76:39:2e:b2:ce:f1:ff:7b:24:02:87:f5:42:52:53:a2:7b:
         fa:f8:fe:0a:29:f1:96:78:34:9a:05:4c:76:f3:94:d1:8e:0a:
         9f:b4:8b:93:54:73:2c:7a:ee:a0:ec:7e:25:a9:40:b7:2e:fc:
         28:69:8f:c6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntchqZ6BRrZn9DpdaTzv0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI2N2Q5ZWNiOTk2NDgyNWQ0NGRkMjY2YmJkMzJhYTA4MDRi
YzEwZjcwHhcNMjUwMTAyMTU1MDEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OWY0Y2E3OGJlZDBkZjIzOWY2ZTAxOTAwZmUzYjQ1NzYxNGFjNDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjFzkfy+BoQPrlASOpwhrSctVX1Vd
iuUbnH2DX1rm8j+dwNjsTXhwcHmz6OVhZ8bJjUbKsXcIkUEbf4tP3/ZSEP1FCSUr
B7wKW6fBM7dUH6BxJ60V1SsYxlHjdi7BzjG2hTzcnTuov4MRtSnCah1hbqC0cnLp
+IqPdj/RNHU/vOGLhpqiKpqaUM1uTaOqmDlDnxR2Ewotn8ADKZmGMRu8SEQ0YWnR
+0PmjCRDp9hZiLKabK6VkXfbc7nP8/W9s+G+pPYDFdvh6ybbQAeGvBdvdLmP8b8K
oPlMuJaE1MEiKRQmDTy7m7AOKY76G35whywGxqXtWfV3QpafwHQZQkkHCQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFIn0yni+0N8jn24BkA/jtFdhSsSYMB8GA1UdIwQY
MBaAFCZ9nsuZZIJdRN0ma70yqggEvBD3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSm4yZXk1bGtnbDFFM1NacnZUS3FDQVM4RVBjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8yOWFjODQtNDM2NS00ZWJhLTk4NzMt
MzkxYmNlNzFmZWExLzEvaWZUS2VMN1EzeU9mYmdHUUQtTzBWMkZLeEpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8yOWFjODQtNDM2NS00ZWJhLTk4NzMtMzkxYmNlNzFmZWEx
LzEvSm4yZXk1bGtnbDFFM1NacnZUS3FDQVM4RVBjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCucekMA0E
AgACMAcDBQAqDUkAMA0GCSqGSIb3DQEBCwUAA4IBAQCZVxWGC4fjhQ4tWKQh4IZ5
DgSBDqK3+eW7gHUNFC9jEgF3xYx1qlT0d9KUtUJwcU0qCbQ3WaUgm0LYEEY3U5lb
96rqE3/clAylKEkIGATH0ZUTout+efSQM8IEOL4V1REpATSHzP1BtcbrWHopsnGE
kgslV2tg6hXr2EjzWFCk5L4vyJMZxDQKdgJKGMVj5A4hdATPnxTg3sMwQ8nkmTnh
EWB/o6PFpCDZmzO5xT9Gt+Fm4g6BxL6RcOL+B4YQwxIY5u0PC/cXdjkuss7x/3sk
Aof1QlJTonv6+P4KKfGWeDSaBUx285TRjgqftIuTVHMseu6g7H4lqUC3LvwoaY/G
-----END CERTIFICATE-----