Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/Io8_rALEkRmJyvwQSYZoU_nTQg0.roa
File:                     Io8_rALEkRmJyvwQSYZoU_nTQg0.roa (raw, json)
Hash identifier:          IdvBLL1znSmthNlumpub/fXZwL7C6UNAlVvYWPg9Tzc=
Subject key identifier:   22:8F:3F:AC:02:C4:91:19:89:CA:FC:10:49:86:68:53:F9:D3:42:0D
Certificate issuer:       /CN=89554780db25b243c0a2d361979b130a7f13c60d
Certificate serial:       0194221F821D6AA66B82F58A063772A1489F
Authority key identifier: 89:55:47:80:DB:25:B2:43:C0:A2:D3:61:97:9B:13:0A:7F:13:C6:0D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iVVHgNslskPAotNhl5sTCn8Txg0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/Io8_rALEkRmJyvwQSYZoU_nTQg0.roa
Signing time:             Wed 01 Jan 2025 13:47:57 +0000
ROA not before:           Wed 01 Jan 2025 13:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39700
IP address blocks:        185.75.156.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/iVVHgNslskPAotNhl5sTCn8Txg0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/iVVHgNslskPAotNhl5sTCn8Txg0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iVVHgNslskPAotNhl5sTCn8Txg0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 13:01:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:82:1d:6a:a6:6b:82:f5:8a:06:37:72:a1:48:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=89554780db25b243c0a2d361979b130a7f13c60d
        Validity
            Not Before: Jan  1 13:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=228f3fac02c4911989cafc1049866853f9d3420d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:be:ff:8b:50:16:85:71:67:56:6d:8c:9e:ed:
                    2d:17:67:76:28:3b:a6:85:72:e3:1d:1d:7d:d3:b3:
                    20:4a:8c:8a:5f:dc:85:a6:5e:8f:e7:92:56:d8:90:
                    8e:75:18:ed:a7:7a:e1:72:12:47:53:c1:fd:af:93:
                    68:e5:e1:32:14:d4:18:58:a9:46:c4:60:8a:7f:69:
                    69:da:e4:9d:4b:f0:4c:2b:7d:05:35:b7:de:5a:4b:
                    8b:5f:80:db:cc:7c:83:f5:5b:51:a5:57:22:d6:fc:
                    52:cc:36:c2:7a:34:61:e6:6a:5b:81:bb:ed:b0:1b:
                    e5:22:11:11:67:f7:b5:b8:3a:19:69:65:6e:7e:25:
                    e2:ef:c1:2a:ba:95:8d:65:1b:ae:6b:eb:b8:47:a5:
                    e6:80:7b:9f:be:e3:77:0b:12:05:ac:ef:ba:ae:d5:
                    ee:e3:1b:a4:c9:cb:97:a0:80:b7:fb:52:ef:57:b9:
                    59:c1:71:0a:21:b0:0c:ae:e2:74:63:74:8f:14:42:
                    fb:36:8e:ac:e6:7a:5c:5b:b9:30:74:7b:73:6e:ca:
                    de:18:99:b2:0e:72:33:c6:7b:8c:29:79:db:3f:e9:
                    48:21:40:55:fb:de:a1:6e:20:00:da:be:27:76:be:
                    39:5f:f4:6c:94:4c:23:a1:88:c2:c9:fc:5b:5c:29:
                    bb:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:8F:3F:AC:02:C4:91:19:89:CA:FC:10:49:86:68:53:F9:D3:42:0D
            X509v3 Authority Key Identifier:
                keyid:89:55:47:80:DB:25:B2:43:C0:A2:D3:61:97:9B:13:0A:7F:13:C6:0D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iVVHgNslskPAotNhl5sTCn8Txg0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/Io8_rALEkRmJyvwQSYZoU_nTQg0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/3e2077-bc10-4621-ab0b-dba4c9b8706b/1/iVVHgNslskPAotNhl5sTCn8Txg0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.75.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         10:1e:fc:54:b7:3d:fe:01:02:a1:be:ca:21:ad:90:8a:48:46:
         6f:64:7c:f7:54:79:20:22:77:e4:33:02:d2:95:1a:bf:1b:d7:
         70:68:1c:d6:39:47:28:5a:64:6a:ce:bc:86:24:8c:0d:fa:d2:
         d7:e2:27:50:fd:9f:ea:9b:3c:01:7f:de:b4:b5:c0:2e:87:f2:
         fa:53:14:a8:d7:35:ed:bb:46:52:da:94:8e:92:ed:0c:20:4a:
         88:3f:da:35:33:cc:6d:fe:7a:43:c5:26:8d:2a:41:3f:88:88:
         8d:e7:50:64:cd:a7:ed:24:c8:57:16:dc:ff:0c:81:96:bb:ef:
         fa:31:6a:87:34:29:c4:f9:01:22:3c:43:31:3c:7a:cd:cd:c0:
         97:21:45:fe:df:30:a0:89:74:3a:b4:cd:6e:df:20:cd:15:bf:
         cc:73:fc:34:f7:4f:e8:db:e1:20:a3:06:a5:7b:bb:f7:b9:5a:
         02:02:4b:7e:b7:49:76:d9:6f:ca:a6:7e:e1:20:cf:a8:a4:d4:
         eb:13:00:a5:9d:ab:01:5a:3d:c6:a2:31:b7:6f:7b:57:40:69:
         5e:7e:a3:32:b5:ae:18:c0:da:9e:fc:a0:67:a9:00:9c:c5:b4:
         bd:e7:ee:18:60:25:57:8b:bd:6b:23:b0:9a:60:4b:2f:80:47:
         ac:45:fc:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH4IdaqZrgvWKBjdyoUifMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NTU0NzgwZGIyNWIyNDNjMGEyZDM2MTk3OWIxMzBhN2Yx
M2M2MGQwHhcNMjUwMTAxMTM0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjhmM2ZhYzAyYzQ5MTE5ODljYWZjMTA0OTg2Njg1M2Y5ZDM0MjBkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArL7/i1AWhXFnVm2Mnu0tF2d2KDum
hXLjHR1907MgSoyKX9yFpl6P55JW2JCOdRjtp3rhchJHU8H9r5No5eEyFNQYWKlG
xGCKf2lp2uSdS/BMK30FNbfeWkuLX4DbzHyD9VtRpVci1vxSzDbCejRh5mpbgbvt
sBvlIhERZ/e1uDoZaWVufiXi78EqupWNZRuua+u4R6XmgHufvuN3CxIFrO+6rtXu
4xukycuXoIC3+1LvV7lZwXEKIbAMruJ0Y3SPFEL7No6s5npcW7kwdHtzbsreGJmy
DnIzxnuMKXnbP+lIIUBV+96hbiAA2r4ndr45X/RslEwjoYjCyfxbXCm7vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCKPP6wCxJEZicr8EEmGaFP500INMB8GA1UdIwQY
MBaAFIlVR4DbJbJDwKLTYZebEwp/E8YNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVZWSGdOc2xza1BBb3ROaGw1c1RDbjhUeGcwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8zZTIwNzctYmMxMC00NjIxLWFiMGIt
ZGJhNGM5Yjg3MDZiLzEvSW84X3JBTEVrUm1KeXZ3UVNZWm9VX25UUWcwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8zZTIwNzctYmMxMC00NjIxLWFiMGItZGJhNGM5Yjg3MDZi
LzEvaVZWSGdOc2xza1BBb3ROaGw1c1RDbjhUeGcwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuUucMA0G
CSqGSIb3DQEBCwUAA4IBAQAQHvxUtz3+AQKhvsohrZCKSEZvZHz3VHkgInfkMwLS
lRq/G9dwaBzWOUcoWmRqzryGJIwN+tLX4idQ/Z/qmzwBf960tcAuh/L6UxSo1zXt
u0ZS2pSOku0MIEqIP9o1M8xt/npDxSaNKkE/iIiN51BkzaftJMhXFtz/DIGWu+/6
MWqHNCnE+QEiPEMxPHrNzcCXIUX+3zCgiXQ6tM1u3yDNFb/Mc/w090/o2+Egowal
e7v3uVoCAkt+t0l22W/Kpn7hIM+opNTrEwClnasBWj3GojG3b3tXQGlefqMyta4Y
wNqe/KBnqQCcxbS95+4YYCVXi71rI7CaYEsvgEesRfwp
-----END CERTIFICATE-----