Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/4a0949-df58-4005-9768-fc5393c57887/1/RIso09h5--_F82YqfcCEAd3EpSw.roa
File:                     RIso09h5--_F82YqfcCEAd3EpSw.roa (raw, json)
Hash identifier:          dWlymz3qci5T5aLh2Je4Ec71LNxokFg1VFDedEjsW+8=
Subject key identifier:   44:8B:28:D3:D8:79:FB:EF:C5:F3:66:2A:7D:C0:84:01:DD:C4:A5:2C
Certificate issuer:       /CN=2c754ae473d9c154b804b70ed31881e025d926aa
Certificate serial:       0194228DFB01886D2FF0C9409EC479949C4C
Authority key identifier: 2C:75:4A:E4:73:D9:C1:54:B8:04:B7:0E:D3:18:81:E0:25:D9:26:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LHVK5HPZwVS4BLcO0xiB4CXZJqo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f8/4a0949-df58-4005-9768-fc5393c57887/1/RIso09h5--_F82YqfcCEAd3EpSw.roa
Signing time:             Wed 01 Jan 2025 15:48:37 +0000
ROA not before:           Wed 01 Jan 2025 15:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8312
IP address blocks:        185.213.0.0/24 maxlen: 24
                          185.213.1.0/24 maxlen: 24
                          185.213.2.0/24 maxlen: 24
                          185.213.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f8/4a0949-df58-4005-9768-fc5393c57887/1/LHVK5HPZwVS4BLcO0xiB4CXZJqo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f8/4a0949-df58-4005-9768-fc5393c57887/1/LHVK5HPZwVS4BLcO0xiB4CXZJqo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LHVK5HPZwVS4BLcO0xiB4CXZJqo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:fb:01:88:6d:2f:f0:c9:40:9e:c4:79:94:9c:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2c754ae473d9c154b804b70ed31881e025d926aa
        Validity
            Not Before: Jan  1 15:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=448b28d3d879fbefc5f3662a7dc08401ddc4a52c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:5e:d3:a0:2f:a6:70:dc:b0:5a:fe:a8:f1:23:
                    c8:2f:38:0e:44:4f:0f:62:9d:0a:1f:2e:0b:32:67:
                    d5:dd:17:28:f1:54:cb:6c:b2:7b:c3:e1:9d:dc:04:
                    87:83:4b:29:83:57:b1:ed:49:22:00:ad:39:bc:7e:
                    46:ba:d0:db:4a:ab:d2:0f:07:3d:ee:c8:2e:71:6e:
                    7b:43:72:6e:47:10:28:be:a0:ee:fa:56:d7:94:d3:
                    86:9e:fd:8d:46:e3:78:cb:a8:ea:2b:e3:09:68:6d:
                    1b:3a:e8:b5:2f:24:0b:ce:f5:b3:4f:61:97:8d:7d:
                    85:51:50:dc:e9:f5:71:cc:42:7b:ad:89:99:79:0a:
                    3a:0f:61:12:80:35:84:d7:1b:25:8f:08:ea:2a:31:
                    34:c3:f5:fc:ed:36:56:28:e6:db:45:cc:87:7f:72:
                    65:27:91:88:bd:e8:09:b0:77:d5:4b:39:a7:42:91:
                    fb:10:1c:30:e2:d5:c6:a8:cf:ca:28:c0:2a:83:eb:
                    72:a4:ee:bf:ec:21:18:2b:b0:1f:7f:a7:5a:31:27:
                    64:4f:cf:a9:9e:3c:99:1f:00:60:b8:0a:4d:19:6e:
                    0c:e3:cd:e8:6f:8a:48:aa:5d:84:81:79:c9:06:ba:
                    67:dd:56:b5:5c:9d:69:50:45:57:2d:19:c7:cc:3a:
                    6c:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:8B:28:D3:D8:79:FB:EF:C5:F3:66:2A:7D:C0:84:01:DD:C4:A5:2C
            X509v3 Authority Key Identifier:
                keyid:2C:75:4A:E4:73:D9:C1:54:B8:04:B7:0E:D3:18:81:E0:25:D9:26:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LHVK5HPZwVS4BLcO0xiB4CXZJqo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/4a0949-df58-4005-9768-fc5393c57887/1/RIso09h5--_F82YqfcCEAd3EpSw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/4a0949-df58-4005-9768-fc5393c57887/1/LHVK5HPZwVS4BLcO0xiB4CXZJqo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8f:dc:d8:84:7d:3a:d6:c8:07:4d:82:aa:b7:db:9d:56:0f:69:
         88:85:b8:19:dc:90:0e:2b:ed:10:bd:1e:f5:38:95:c9:7a:27:
         a2:fb:07:b4:55:a3:b0:3e:45:e6:c3:b8:a3:45:e0:b7:2b:8d:
         d6:9a:6c:4b:8b:64:96:4f:e8:ad:de:78:86:bb:d1:b2:41:b7:
         5b:0f:c8:ff:2f:a3:1e:5a:5f:5b:6e:96:75:f5:a4:96:93:c8:
         d1:f0:e7:28:c8:48:76:85:d8:73:8f:56:b7:71:22:9a:61:ae:
         a1:1b:b1:9c:99:cc:b3:b9:d4:d1:d6:a2:ff:26:87:4e:1a:f6:
         de:43:0b:f8:57:52:57:f7:9b:d2:68:78:ff:90:1f:d7:7c:d0:
         f6:a6:54:fd:ad:6b:32:61:95:09:b3:92:b6:d5:06:8c:81:92:
         85:e5:82:7b:f1:64:4e:f0:88:64:a4:5c:2c:52:81:cc:43:57:
         e9:9c:26:33:35:1b:32:35:aa:9d:39:9e:39:ba:0f:a7:5f:3b:
         1c:8f:94:98:ea:eb:f3:43:69:b8:30:1b:c0:34:ff:28:88:95:
         7f:7d:09:2c:b8:fe:79:ca:48:ed:5f:43:a9:e4:78:10:91:29:
         c2:28:8b:6f:85:0d:06:45:58:e7:35:de:2c:72:cb:bd:dc:97:
         e2:9b:4c:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQijfsBiG0v8MlAnsR5lJxMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjNzU0YWU0NzNkOWMxNTRiODA0YjcwZWQzMTg4MWUwMjVk
OTI2YWEwHhcNMjUwMTAxMTU0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDhiMjhkM2Q4NzlmYmVmYzVmMzY2MmE3ZGMwODQwMWRkYzRhNTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk17ToC+mcNywWv6o8SPILzgORE8P
Yp0KHy4LMmfV3Rco8VTLbLJ7w+Gd3ASHg0spg1ex7UkiAK05vH5GutDbSqvSDwc9
7sgucW57Q3JuRxAovqDu+lbXlNOGnv2NRuN4y6jqK+MJaG0bOui1LyQLzvWzT2GX
jX2FUVDc6fVxzEJ7rYmZeQo6D2ESgDWE1xsljwjqKjE0w/X87TZWKObbRcyHf3Jl
J5GIvegJsHfVSzmnQpH7EBww4tXGqM/KKMAqg+typO6/7CEYK7Aff6daMSdkT8+p
njyZHwBguApNGW4M483ob4pIql2EgXnJBrpn3Va1XJ1pUEVXLRnHzDpsdwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFESLKNPYefvvxfNmKn3AhAHdxKUsMB8GA1UdIwQY
MBaAFCx1SuRz2cFUuAS3DtMYgeAl2SaqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEhWSzVIUFp3VlM0QkxjTzB4aUI0Q1haSnFvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC80YTA5NDktZGY1OC00MDA1LTk3Njgt
ZmM1MzkzYzU3ODg3LzEvUklzbzA5aDUtLV9GODJZcWZjQ0VBZDNFcFN3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC80YTA5NDktZGY1OC00MDA1LTk3NjgtZmM1MzkzYzU3ODg3
LzEvTEhWSzVIUFp3VlM0QkxjTzB4aUI0Q1haSnFvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCudUAMA0G
CSqGSIb3DQEBCwUAA4IBAQCP3NiEfTrWyAdNgqq3251WD2mIhbgZ3JAOK+0QvR71
OJXJeiei+we0VaOwPkXmw7ijReC3K43WmmxLi2SWT+it3niGu9GyQbdbD8j/L6Me
Wl9bbpZ19aSWk8jR8OcoyEh2hdhzj1a3cSKaYa6hG7GcmcyzudTR1qL/JodOGvbe
Qwv4V1JX95vSaHj/kB/XfND2plT9rWsyYZUJs5K21QaMgZKF5YJ78WRO8IhkpFws
UoHMQ1fpnCYzNRsyNaqdOZ45ug+nXzscj5SY6uvzQ2m4MBvANP8oiJV/fQksuP55
ykjtX0Op5HgQkSnCKItvhQ0GRVjnNd4scsu93Jfim0x0
-----END CERTIFICATE-----