Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/a564e9-3a4e-4d4a-807d-7055c2e0476f/1/e9Z_8CtChGt4iClYaH_YgcqeT1k.roa
File:                     e9Z_8CtChGt4iClYaH_YgcqeT1k.roa (raw, json)
Hash identifier:          2K2jsaRk3MeR/R/Hwsml8Lc+ehwc8rBqNjGIvU2lgG0=
Subject key identifier:   7B:D6:7F:F0:2B:42:84:6B:78:88:29:58:68:7F:D8:81:CA:9E:4F:59
Certificate issuer:       /CN=63636c3bef55d12a64536b70130a74f53f44d6d0
Certificate serial:       019422FC1B7E2C1EB1EA2B3EFBA9003B3B4A
Authority key identifier: 63:63:6C:3B:EF:55:D1:2A:64:53:6B:70:13:0A:74:F5:3F:44:D6:D0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y2NsO-9V0SpkU2twEwp09T9E1tA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/a564e9-3a4e-4d4a-807d-7055c2e0476f/1/e9Z_8CtChGt4iClYaH_YgcqeT1k.roa
Signing time:             Wed 01 Jan 2025 17:48:55 +0000
ROA not before:           Wed 01 Jan 2025 17:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212248
IP address blocks:        185.105.237.0/24 maxlen: 24
                          185.231.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/a564e9-3a4e-4d4a-807d-7055c2e0476f/1/Y2NsO-9V0SpkU2twEwp09T9E1tA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/a564e9-3a4e-4d4a-807d-7055c2e0476f/1/Y2NsO-9V0SpkU2twEwp09T9E1tA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Y2NsO-9V0SpkU2twEwp09T9E1tA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 14:46:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:1b:7e:2c:1e:b1:ea:2b:3e:fb:a9:00:3b:3b:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63636c3bef55d12a64536b70130a74f53f44d6d0
        Validity
            Not Before: Jan  1 17:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7bd67ff02b42846b78882958687fd881ca9e4f59
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:33:3a:2e:e9:d4:3f:08:8a:48:e7:08:c7:8e:
                    b3:00:13:03:39:af:35:40:8f:71:d4:cb:2c:d7:8c:
                    74:64:a0:27:bd:88:a3:f1:99:f2:03:6b:cc:7f:ce:
                    46:74:b0:c8:01:95:a3:cb:44:e8:5b:0f:ec:87:bf:
                    df:81:5d:6f:54:dc:d4:d4:4a:08:db:d1:fb:3d:38:
                    38:d9:ed:fb:e0:e5:b1:65:1e:f9:bf:76:1b:3f:45:
                    a5:b5:30:4a:79:3a:e3:fa:7f:8a:3b:45:1a:f0:03:
                    b7:12:cf:5e:21:09:35:62:44:5b:a0:6b:ca:c5:d2:
                    3a:2f:bb:9b:b9:f0:e6:28:24:0c:e7:04:5d:a3:01:
                    aa:ee:86:9d:13:86:45:06:84:ab:e3:93:0b:a0:c9:
                    b0:bd:c1:6b:55:06:31:62:8f:e2:bd:1f:1f:2b:90:
                    33:dc:8f:18:74:91:bb:43:97:06:8c:21:1f:e9:1a:
                    a7:f4:25:fa:ac:3f:59:aa:18:8c:39:48:be:1e:08:
                    df:25:36:4a:fa:62:de:0a:ac:6f:07:1d:8f:f7:9e:
                    30:df:a6:ec:31:6c:be:8e:a3:5d:41:82:a8:93:45:
                    2d:9c:83:14:8e:5f:1d:8b:fa:6b:b6:d9:6e:9e:e1:
                    9b:34:98:4e:c3:f6:46:5e:56:36:29:72:bf:9e:74:
                    cb:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:D6:7F:F0:2B:42:84:6B:78:88:29:58:68:7F:D8:81:CA:9E:4F:59
            X509v3 Authority Key Identifier:
                keyid:63:63:6C:3B:EF:55:D1:2A:64:53:6B:70:13:0A:74:F5:3F:44:D6:D0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y2NsO-9V0SpkU2twEwp09T9E1tA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/a564e9-3a4e-4d4a-807d-7055c2e0476f/1/e9Z_8CtChGt4iClYaH_YgcqeT1k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/a564e9-3a4e-4d4a-807d-7055c2e0476f/1/Y2NsO-9V0SpkU2twEwp09T9E1tA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.105.237.0/24
                  185.231.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:df:9f:ff:71:cf:e5:c2:9f:ab:0b:73:37:74:e7:fb:c3:71:
         c1:1e:4b:cf:95:23:08:04:55:bc:09:56:0f:f4:54:e1:dc:9f:
         fd:97:b5:69:16:ff:99:bb:0b:28:34:c9:9b:3b:a2:90:87:aa:
         d1:c3:c7:82:d5:e4:17:23:c5:d4:b4:d7:d3:6e:19:fa:bd:d0:
         a3:4d:db:69:fc:25:9c:d9:0b:27:99:ca:f6:ef:b4:ff:42:c6:
         ae:cb:4f:83:b3:22:ab:42:97:b8:98:db:28:fd:62:9a:7c:03:
         2d:71:23:ee:b2:59:20:e6:3f:cd:ac:8c:39:db:a4:e9:ac:ad:
         33:25:4c:11:c0:55:8f:45:c9:66:66:66:f0:74:71:22:b6:bb:
         0c:8b:90:fc:b3:70:b8:4b:76:34:90:90:7c:ed:76:99:a2:d9:
         68:96:4d:b1:c1:ba:f8:5a:36:c8:0a:56:93:4e:1f:48:7e:44:
         dc:b6:a1:af:e3:4e:59:ac:fa:1e:5f:ed:69:7b:13:45:f0:9d:
         97:24:ec:a0:7b:d2:3b:6b:22:e0:d6:77:34:81:8d:5d:f3:15:
         73:ee:db:92:f8:56:a1:0a:a6:49:56:5a:09:7e:b8:5b:f4:57:
         14:bb:4f:29:ae:14:63:74:25:de:4d:6f:bd:ca:43:85:2e:9a:
         18:89:ed:9b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi/Bt+LB6x6is++6kAOztKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzNjM2YzNiZWY1NWQxMmE2NDUzNmI3MDEzMGE3NGY1M2Y0
NGQ2ZDAwHhcNMjUwMTAxMTc0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmQ2N2ZmMDJiNDI4NDZiNzg4ODI5NTg2ODdmZDg4MWNhOWU0ZjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTM6LunUPwiKSOcIx46zABMDOa81
QI9x1Mss14x0ZKAnvYij8ZnyA2vMf85GdLDIAZWjy0ToWw/sh7/fgV1vVNzU1EoI
29H7PTg42e374OWxZR75v3YbP0WltTBKeTrj+n+KO0Ua8AO3Es9eIQk1YkRboGvK
xdI6L7ubufDmKCQM5wRdowGq7oadE4ZFBoSr45MLoMmwvcFrVQYxYo/ivR8fK5Az
3I8YdJG7Q5cGjCEf6Rqn9CX6rD9ZqhiMOUi+HgjfJTZK+mLeCqxvBx2P954w36bs
MWy+jqNdQYKok0UtnIMUjl8di/prttlunuGbNJhOw/ZGXlY2KXK/nnTLJQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHvWf/ArQoRreIgpWGh/2IHKnk9ZMB8GA1UdIwQY
MBaAFGNjbDvvVdEqZFNrcBMKdPU/RNbQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWTJOc08tOVYwU3BrVTJ0d0V3cDA5VDlFMXRBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9hNTY0ZTktM2E0ZS00ZDRhLTgwN2Qt
NzA1NWMyZTA0NzZmLzEvZTlaXzhDdENoR3Q0aUNsWWFIX1lnY3FlVDFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9hNTY0ZTktM2E0ZS00ZDRhLTgwN2QtNzA1NWMyZTA0NzZm
LzEvWTJOc08tOVYwU3BrVTJ0d0V3cDA5VDlFMXRBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuWntAwQA
uedyMA0GCSqGSIb3DQEBCwUAA4IBAQB135//cc/lwp+rC3M3dOf7w3HBHkvPlSMI
BFW8CVYP9FTh3J/9l7VpFv+ZuwsoNMmbO6KQh6rRw8eC1eQXI8XUtNfTbhn6vdCj
Tdtp/CWc2Qsnmcr277T/Qsauy0+DsyKrQpe4mNso/WKafAMtcSPuslkg5j/NrIw5
26TprK0zJUwRwFWPRclmZmbwdHEitrsMi5D8s3C4S3Y0kJB87XaZotlolk2xwbr4
WjbIClaTTh9IfkTctqGv405ZrPoeX+1pexNF8J2XJOyge9I7ayLg1nc0gY1d8xVz
7tuS+FahCqZJVloJfrhb9FcUu08prhRjdCXeTW+9ykOFLpoYie2b
-----END CERTIFICATE-----