Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/c987b6-ef00-4d28-a4ae-6549cd59aa4f/1/H4Dt1RaXNjrSuf7dIzKd6HI74Xw.roa
File:                     H4Dt1RaXNjrSuf7dIzKd6HI74Xw.roa (raw, json)
Hash identifier:          1FMAIN7AWHSRrarcSi8q0q/CcQ+uq+tcfRyHiGa5Hko=
Subject key identifier:   1F:80:ED:D5:16:97:36:3A:D2:B9:FE:DD:23:32:9D:E8:72:3B:E1:7C
Certificate issuer:       /CN=afe6f8cae7492d064e03071c9147392eedd45bc7
Certificate serial:       019427478F3D8B8F5AA83AD096FABA59D6BF
Authority key identifier: AF:E6:F8:CA:E7:49:2D:06:4E:03:07:1C:91:47:39:2E:ED:D4:5B:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/r-b4yudJLQZOAwcckUc5Lu3UW8c.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/c987b6-ef00-4d28-a4ae-6549cd59aa4f/1/H4Dt1RaXNjrSuf7dIzKd6HI74Xw.roa
Signing time:             Thu 02 Jan 2025 13:49:48 +0000
ROA not before:           Thu 02 Jan 2025 13:49:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213329
IP address blocks:        185.220.221.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/c987b6-ef00-4d28-a4ae-6549cd59aa4f/1/r-b4yudJLQZOAwcckUc5Lu3UW8c.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/c987b6-ef00-4d28-a4ae-6549cd59aa4f/1/r-b4yudJLQZOAwcckUc5Lu3UW8c.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/r-b4yudJLQZOAwcckUc5Lu3UW8c.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 10:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:8f:3d:8b:8f:5a:a8:3a:d0:96:fa:ba:59:d6:bf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=afe6f8cae7492d064e03071c9147392eedd45bc7
        Validity
            Not Before: Jan  2 13:49:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=1f80edd51697363ad2b9fedd23329de8723be17c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e7:5e:6d:2f:8c:ae:55:61:77:8b:e9:26:aa:
                    f7:64:6b:e3:0a:b5:d4:f1:fd:50:bf:a7:bc:90:07:
                    d5:01:6a:b9:fd:04:0a:41:b2:cb:0e:41:4f:e3:73:
                    29:2d:63:b8:33:c1:64:b9:f4:45:c4:c7:44:ea:4a:
                    3d:e0:66:68:7c:39:98:5d:18:fd:9e:4f:5e:28:c4:
                    d3:eb:a3:bc:7b:7c:b3:d4:50:d4:bd:45:c7:f4:b9:
                    f0:03:75:9f:96:c4:7e:b5:13:3f:12:c2:ea:2d:dc:
                    52:f2:d8:31:24:90:36:4d:4c:07:12:70:5c:53:13:
                    83:5b:bb:f8:ff:09:0f:20:c8:c2:16:7a:44:3a:ab:
                    65:e2:61:3b:98:13:6f:0e:18:85:ac:34:f4:a4:24:
                    ca:e9:e9:f6:2a:fe:8b:30:23:30:78:50:8d:26:cb:
                    e4:40:a6:71:a4:3c:cb:18:17:44:7c:07:39:5a:fd:
                    58:00:6b:e2:53:59:27:c1:4e:f5:85:a3:15:4f:67:
                    f8:1d:7c:4b:c7:05:6f:4e:9a:e8:6e:17:f3:fe:56:
                    8e:7e:f4:36:76:69:35:98:b3:01:37:52:ce:3a:36:
                    23:a4:cc:da:c0:96:37:ea:e3:0f:b4:a0:37:12:87:
                    c8:d2:e7:ef:b4:a4:22:b9:cc:d9:8f:1c:9a:f8:61:
                    46:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:80:ED:D5:16:97:36:3A:D2:B9:FE:DD:23:32:9D:E8:72:3B:E1:7C
            X509v3 Authority Key Identifier:
                keyid:AF:E6:F8:CA:E7:49:2D:06:4E:03:07:1C:91:47:39:2E:ED:D4:5B:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r-b4yudJLQZOAwcckUc5Lu3UW8c.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/c987b6-ef00-4d28-a4ae-6549cd59aa4f/1/H4Dt1RaXNjrSuf7dIzKd6HI74Xw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/c987b6-ef00-4d28-a4ae-6549cd59aa4f/1/r-b4yudJLQZOAwcckUc5Lu3UW8c.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.221.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:3e:34:8a:b1:79:46:18:a5:67:9f:3b:f1:e2:65:8f:12:e3:
         46:05:f0:31:4a:e7:72:2f:23:c6:81:b9:3f:ca:f4:88:2f:bb:
         7b:22:b5:a2:37:95:de:45:4a:36:ad:08:61:2d:20:55:ec:91:
         05:ae:03:97:e1:ec:a9:d2:ed:56:c2:a4:99:e6:16:b9:f2:49:
         75:7c:1d:85:fa:ef:58:24:12:25:57:ae:b2:7d:ba:44:4e:80:
         66:0e:a2:e7:66:6f:37:85:43:29:a4:e1:06:23:22:c9:86:cb:
         7d:5d:05:ca:ac:26:66:2b:cb:29:cc:25:57:1a:38:95:ce:9d:
         57:27:69:9b:ea:4f:bf:d0:8d:a7:9e:e8:62:4e:a3:44:bb:dc:
         ca:ab:cf:06:76:82:1c:e7:13:45:87:96:a5:e5:35:b9:6e:b3:
         9c:83:7a:e2:cd:09:10:d6:f7:90:2d:ba:9f:ef:d1:18:60:3d:
         3e:79:20:24:b6:ed:ea:82:d7:2b:ed:35:6f:db:8b:5e:94:77:
         a4:29:61:91:94:2b:02:4a:dd:fb:58:c0:f8:9c:46:88:77:c0:
         81:56:48:8c:b6:5d:5f:43:a0:2c:92:0b:ac:c6:55:3b:1b:aa:
         73:99:32:b8:be:ea:74:4f:5a:20:b9:cc:bc:09:0d:90:7b:48:
         f2:2e:17:e8
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR489i49aqDrQlvq6Wda/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmZTZmOGNhZTc0OTJkMDY0ZTAzMDcxYzkxNDczOTJlZWRk
NDViYzcwHhcNMjUwMTAyMTM0OTQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjgwZWRkNTE2OTczNjNhZDJiOWZlZGQyMzMyOWRlODcyM2JlMTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyudebS+MrlVhd4vpJqr3ZGvjCrXU
8f1Qv6e8kAfVAWq5/QQKQbLLDkFP43MpLWO4M8FkufRFxMdE6ko94GZofDmYXRj9
nk9eKMTT66O8e3yz1FDUvUXH9LnwA3WflsR+tRM/EsLqLdxS8tgxJJA2TUwHEnBc
UxODW7v4/wkPIMjCFnpEOqtl4mE7mBNvDhiFrDT0pCTK6en2Kv6LMCMweFCNJsvk
QKZxpDzLGBdEfAc5Wv1YAGviU1knwU71haMVT2f4HXxLxwVvTprobhfz/laOfvQ2
dmk1mLMBN1LOOjYjpMzawJY36uMPtKA3EofI0ufvtKQiuczZjxya+GFGIQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFB+A7dUWlzY60rn+3SMynehyO+F8MB8GA1UdIwQY
MBaAFK/m+MrnSS0GTgMHHJFHOS7t1FvHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvci1iNHl1ZEpMUVpPQXdjY2tVYzVMdTNVVzhjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS9jOTg3YjYtZWYwMC00ZDI4LWE0YWUt
NjU0OWNkNTlhYTRmLzEvSDREdDFSYVhOanJTdWY3ZEl6S2Q2SEk3NFh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS9jOTg3YjYtZWYwMC00ZDI4LWE0YWUtNjU0OWNkNTlhYTRm
LzEvci1iNHl1ZEpMUVpPQXdjY2tVYzVMdTNVVzhjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudzdMA0G
CSqGSIb3DQEBCwUAA4IBAQAKPjSKsXlGGKVnnzvx4mWPEuNGBfAxSudyLyPGgbk/
yvSIL7t7IrWiN5XeRUo2rQhhLSBV7JEFrgOX4eyp0u1WwqSZ5ha58kl1fB2F+u9Y
JBIlV66yfbpEToBmDqLnZm83hUMppOEGIyLJhst9XQXKrCZmK8spzCVXGjiVzp1X
J2mb6k+/0I2nnuhiTqNEu9zKq88GdoIc5xNFh5al5TW5brOcg3rizQkQ1veQLbqf
79EYYD0+eSAktu3qgtcr7TVv24telHekKWGRlCsCSt37WMD4nEaId8CBVkiMtl1f
Q6AskgusxlU7G6pzmTK4vup0T1ogucy8CQ2Qe0jyLhfo
-----END CERTIFICATE-----