Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/589a5a-6bdb-40f1-a4f3-84e11e51f134/1/p1lTEKoE5j8hz4v8NDCkph3vHZg.roa
File:                     p1lTEKoE5j8hz4v8NDCkph3vHZg.roa (raw, json)
Hash identifier:          MpUjtf+IJwp4Op1WMMfO/E6/RTTXrzH8PWzDLygUE3M=
Subject key identifier:   A7:59:53:10:AA:04:E6:3F:21:CF:8B:FC:34:30:A4:A6:1D:EF:1D:98
Certificate issuer:       /CN=2205fe638024942555683d765edf7fa93f2e8430
Certificate serial:       0194258F3E61B2EFA665D2801954B613E9CC
Authority key identifier: 22:05:FE:63:80:24:94:25:55:68:3D:76:5E:DF:7F:A9:3F:2E:84:30
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IgX-Y4AklCVVaD12Xt9_qT8uhDA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/589a5a-6bdb-40f1-a4f3-84e11e51f134/1/p1lTEKoE5j8hz4v8NDCkph3vHZg.roa
Signing time:             Thu 02 Jan 2025 05:48:52 +0000
ROA not before:           Thu 02 Jan 2025 05:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211328
IP address blocks:        185.254.122.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/589a5a-6bdb-40f1-a4f3-84e11e51f134/1/IgX-Y4AklCVVaD12Xt9_qT8uhDA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/589a5a-6bdb-40f1-a4f3-84e11e51f134/1/IgX-Y4AklCVVaD12Xt9_qT8uhDA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IgX-Y4AklCVVaD12Xt9_qT8uhDA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 11:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:3e:61:b2:ef:a6:65:d2:80:19:54:b6:13:e9:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2205fe638024942555683d765edf7fa93f2e8430
        Validity
            Not Before: Jan  2 05:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a7595310aa04e63f21cf8bfc3430a4a61def1d98
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:ae:b5:b1:bb:81:30:1b:a2:c7:13:8b:c6:2b:
                    cd:d8:53:d7:76:b7:d8:5e:44:da:ef:e7:3c:56:ad:
                    11:fd:19:48:f9:90:e9:67:50:e8:8d:98:85:b0:10:
                    12:60:b9:e7:fe:ca:bc:6f:60:72:ab:07:02:e1:d1:
                    b8:92:01:71:bd:2c:38:34:05:a5:57:e5:ba:1d:62:
                    22:ae:2c:6b:67:70:34:94:00:6c:7d:5b:19:df:fa:
                    48:5e:24:f4:d1:47:24:72:12:be:52:a8:3b:42:cb:
                    47:24:1e:bc:5b:7f:c0:f5:92:aa:47:aa:e0:bb:7e:
                    be:77:cb:5c:d8:48:b9:b8:5b:3c:45:94:23:ed:d6:
                    96:54:19:e8:e3:7b:f4:7f:6e:3e:25:90:d0:a4:d0:
                    d9:fe:53:5e:78:be:55:f4:c8:96:87:3d:56:38:2a:
                    60:73:14:43:5c:d5:b2:10:d1:00:80:d3:5c:71:f8:
                    52:85:77:3e:8a:79:77:ca:1e:e5:23:7a:17:56:d8:
                    32:48:2e:40:ed:a7:4e:64:ab:51:9b:20:cc:1a:26:
                    35:04:30:a9:b1:57:01:01:cb:96:7f:0c:6c:7d:fd:
                    8d:9b:9a:27:96:e9:a6:fe:9a:09:9c:1d:53:6a:43:
                    51:b7:f3:37:f0:ba:cd:cb:73:32:77:4a:bc:f2:7c:
                    34:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:59:53:10:AA:04:E6:3F:21:CF:8B:FC:34:30:A4:A6:1D:EF:1D:98
            X509v3 Authority Key Identifier:
                keyid:22:05:FE:63:80:24:94:25:55:68:3D:76:5E:DF:7F:A9:3F:2E:84:30

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IgX-Y4AklCVVaD12Xt9_qT8uhDA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/589a5a-6bdb-40f1-a4f3-84e11e51f134/1/p1lTEKoE5j8hz4v8NDCkph3vHZg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/589a5a-6bdb-40f1-a4f3-84e11e51f134/1/IgX-Y4AklCVVaD12Xt9_qT8uhDA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.122.0/24

    Signature Algorithm: sha256WithRSAEncryption
         05:68:c1:76:74:3e:b2:7c:81:57:62:39:2b:25:84:20:45:36:
         2e:f7:75:fe:f5:28:cf:55:24:4e:07:0e:4e:df:2f:65:e8:95:
         46:87:f9:1e:55:9d:e7:9d:37:2e:ee:e5:1e:8f:da:ce:6a:fa:
         d0:fc:a3:7d:19:6f:c0:9c:e3:e1:e8:ed:46:c9:e4:c3:78:c8:
         e0:10:32:23:26:44:c0:cf:16:b5:e0:de:5d:ad:f2:ae:26:42:
         58:b6:7f:44:1c:2a:e9:76:68:05:f8:99:2c:ed:96:22:0b:96:
         a4:04:d2:a1:cd:08:4c:b2:e7:82:0f:b2:01:ca:23:c9:e9:13:
         ea:ce:fb:25:9c:d7:12:77:61:22:11:e3:bc:a8:a2:38:07:dd:
         10:e0:79:68:2e:79:ff:d3:d3:54:a1:dc:c9:f2:df:90:f7:c8:
         94:3d:2c:f2:84:dc:35:c7:d7:e2:ba:9f:70:b0:61:fc:fb:cf:
         42:ae:35:f0:d5:8e:ce:f3:23:4c:70:7a:a1:5f:40:b5:bf:75:
         24:35:33:c5:e4:e5:5b:c9:d8:aa:0a:68:49:b1:24:7f:b3:5b:
         eb:ef:57:47:19:d0:36:8d:e1:c6:33:f4:3c:55:00:1a:3e:bd:
         3a:c7:ef:d1:32:aa:5e:d8:cd:d6:0f:d1:85:89:c0:0f:6a:10:
         18:ec:8a:4e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljz5hsu+mZdKAGVS2E+nMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyMDVmZTYzODAyNDk0MjU1NTY4M2Q3NjVlZGY3ZmE5M2Yy
ZTg0MzAwHhcNMjUwMTAyMDU0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNzU5NTMxMGFhMDRlNjNmMjFjZjhiZmMzNDMwYTRhNjFkZWYxZDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvK61sbuBMBuixxOLxivN2FPXdrfY
XkTa7+c8Vq0R/RlI+ZDpZ1DojZiFsBASYLnn/sq8b2ByqwcC4dG4kgFxvSw4NAWl
V+W6HWIirixrZ3A0lABsfVsZ3/pIXiT00UckchK+Uqg7QstHJB68W3/A9ZKqR6rg
u36+d8tc2Ei5uFs8RZQj7daWVBno43v0f24+JZDQpNDZ/lNeeL5V9MiWhz1WOCpg
cxRDXNWyENEAgNNccfhShXc+inl3yh7lI3oXVtgySC5A7adOZKtRmyDMGiY1BDCp
sVcBAcuWfwxsff2Nm5onlumm/poJnB1TakNRt/M38LrNy3Myd0q88nw0GwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKdZUxCqBOY/Ic+L/DQwpKYd7x2YMB8GA1UdIwQY
MBaAFCIF/mOAJJQlVWg9dl7ff6k/LoQwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSWdYLVk0QWtsQ1ZWYUQxMlh0OV9xVDh1aERBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi81ODlhNWEtNmJkYi00MGYxLWE0ZjMt
ODRlMTFlNTFmMTM0LzEvcDFsVEVLb0U1ajhoejR2OE5EQ2twaDN2SFpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi81ODlhNWEtNmJkYi00MGYxLWE0ZjMtODRlMTFlNTFmMTM0
LzEvSWdYLVk0QWtsQ1ZWYUQxMlh0OV9xVDh1aERBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf56MA0G
CSqGSIb3DQEBCwUAA4IBAQAFaMF2dD6yfIFXYjkrJYQgRTYu93X+9SjPVSROBw5O
3y9l6JVGh/keVZ3nnTcu7uUej9rOavrQ/KN9GW/AnOPh6O1GyeTDeMjgEDIjJkTA
zxa14N5drfKuJkJYtn9EHCrpdmgF+Jks7ZYiC5akBNKhzQhMsueCD7IByiPJ6RPq
zvslnNcSd2EiEeO8qKI4B90Q4HloLnn/09NUodzJ8t+Q98iUPSzyhNw1x9fiup9w
sGH8+89CrjXw1Y7O8yNMcHqhX0C1v3UkNTPF5OVbydiqCmhJsSR/s1vr71dHGdA2
jeHGM/Q8VQAaPr06x+/RMqpe2M3WD9GFicAPahAY7IpO
-----END CERTIFICATE-----