Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/06/8b4d32-0365-4daa-9d5b-29920e5167d9/1/FfIlEvStYRtAHT_4tgisj2sboIA.roa
File:                     FfIlEvStYRtAHT_4tgisj2sboIA.roa (raw, json)
Hash identifier:          u8VtTRQomqZri4fvKgtiux4C4c/ZHFagnd78Z59URa8=
Subject key identifier:   15:F2:25:12:F4:AD:61:1B:40:1D:3F:F8:B6:08:AC:8F:6B:1B:A0:80
Certificate issuer:       /CN=a09fda047b3a0b1c820435e699388660da32c63f
Certificate serial:       019421B1DB5E1F19EF1D5B3C33DA8CCBFDC4
Authority key identifier: A0:9F:DA:04:7B:3A:0B:1C:82:04:35:E6:99:38:86:60:DA:32:C6:3F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oJ_aBHs6CxyCBDXmmTiGYNoyxj8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/06/8b4d32-0365-4daa-9d5b-29920e5167d9/1/FfIlEvStYRtAHT_4tgisj2sboIA.roa
Signing time:             Wed 01 Jan 2025 11:48:11 +0000
ROA not before:           Wed 01 Jan 2025 11:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     396356
IP address blocks:        185.18.222.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/06/8b4d32-0365-4daa-9d5b-29920e5167d9/1/oJ_aBHs6CxyCBDXmmTiGYNoyxj8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/06/8b4d32-0365-4daa-9d5b-29920e5167d9/1/oJ_aBHs6CxyCBDXmmTiGYNoyxj8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oJ_aBHs6CxyCBDXmmTiGYNoyxj8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 05:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:db:5e:1f:19:ef:1d:5b:3c:33:da:8c:cb:fd:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a09fda047b3a0b1c820435e699388660da32c63f
        Validity
            Not Before: Jan  1 11:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=15f22512f4ad611b401d3ff8b608ac8f6b1ba080
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:f8:42:2b:ad:53:96:20:06:06:50:8b:9b:fd:
                    b7:3e:26:9e:8c:f4:34:0f:61:9b:fb:e0:ba:b1:e1:
                    90:17:3e:ce:6c:6d:75:69:e7:97:e7:8c:ad:0e:05:
                    f0:a3:06:22:92:c7:71:11:f0:b6:31:01:73:10:3f:
                    42:dd:8c:01:58:54:c8:9a:54:2d:93:9b:19:fe:9a:
                    72:9d:bb:81:8b:21:be:b0:02:84:d4:b4:58:9b:b1:
                    53:3e:24:c0:f1:66:5f:42:ac:48:1f:ae:c6:80:3c:
                    89:53:60:42:f7:51:fc:ac:34:86:4a:00:74:46:a2:
                    9e:7b:d0:0b:62:0a:35:c0:e0:98:d8:56:31:5c:df:
                    66:01:41:2a:ad:e4:52:38:e0:be:f9:05:62:e5:7f:
                    90:b5:dc:06:82:eb:8b:2b:33:92:2c:63:c7:87:d6:
                    7e:10:c5:b4:cd:72:6b:cf:cb:8b:9b:32:06:6f:fa:
                    91:be:4e:92:88:11:71:5d:9a:4f:0a:dc:d0:63:37:
                    be:5a:a5:b8:c7:e0:f1:aa:2d:d3:d2:43:ba:77:9a:
                    f9:6b:89:f5:52:ea:90:9d:2d:66:53:85:1a:32:12:
                    ff:10:a2:50:ef:5f:6a:c8:ce:36:7f:44:d0:a5:0f:
                    ca:73:2c:c8:ab:aa:ef:55:28:5e:bc:2a:2c:df:e1:
                    56:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:F2:25:12:F4:AD:61:1B:40:1D:3F:F8:B6:08:AC:8F:6B:1B:A0:80
            X509v3 Authority Key Identifier:
                keyid:A0:9F:DA:04:7B:3A:0B:1C:82:04:35:E6:99:38:86:60:DA:32:C6:3F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oJ_aBHs6CxyCBDXmmTiGYNoyxj8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/06/8b4d32-0365-4daa-9d5b-29920e5167d9/1/FfIlEvStYRtAHT_4tgisj2sboIA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/06/8b4d32-0365-4daa-9d5b-29920e5167d9/1/oJ_aBHs6CxyCBDXmmTiGYNoyxj8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.18.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:ec:30:74:50:2e:e2:a6:e0:8a:22:23:06:6a:56:0d:ac:90:
         2e:2b:f7:54:ae:15:38:f6:93:b5:e5:b4:16:63:65:a2:a1:18:
         d8:ce:92:c4:92:8f:e6:e9:17:b8:6a:e6:75:7e:35:c6:06:31:
         82:e5:28:e7:57:92:59:f2:b3:a7:6c:e4:11:37:13:f7:68:3c:
         ec:b7:b9:1b:11:68:3a:e5:45:e1:bb:37:7a:5a:d8:11:b4:fc:
         0e:f8:87:f8:86:26:35:43:af:45:09:aa:40:12:70:6a:f4:89:
         30:91:53:4a:a5:a1:d9:90:9e:08:b3:cd:68:28:cd:f0:0b:7d:
         2d:36:f2:48:5e:38:f3:49:ff:b9:08:5a:56:7e:64:2e:d2:aa:
         0c:67:a9:de:a7:36:f5:e7:00:76:c2:3d:d7:2d:fa:92:d2:06:
         07:3f:97:29:45:8a:5d:57:89:32:4f:c4:6b:c6:d6:09:07:d8:
         26:52:03:1e:15:32:94:07:94:48:97:ac:34:08:35:dc:6c:84:
         59:f5:07:75:b7:87:80:88:ae:6b:d7:a8:af:62:7d:06:71:98:
         63:5d:51:1b:1c:12:75:e0:ad:1b:23:6d:ab:9e:19:9d:54:e7:
         69:7e:b2:e0:02:ff:eb:3d:ff:36:5f:a2:a2:26:0c:44:8d:11:
         7e:c2:ed:14
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsdteHxnvHVs8M9qMy/3EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwOWZkYTA0N2IzYTBiMWM4MjA0MzVlNjk5Mzg4NjYwZGEz
MmM2M2YwHhcNMjUwMTAxMTE0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNWYyMjUxMmY0YWQ2MTFiNDAxZDNmZjhiNjA4YWM4ZjZiMWJhMDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfhCK61TliAGBlCLm/23PiaejPQ0
D2Gb++C6seGQFz7ObG11aeeX54ytDgXwowYiksdxEfC2MQFzED9C3YwBWFTImlQt
k5sZ/ppynbuBiyG+sAKE1LRYm7FTPiTA8WZfQqxIH67GgDyJU2BC91H8rDSGSgB0
RqKee9ALYgo1wOCY2FYxXN9mAUEqreRSOOC++QVi5X+QtdwGguuLKzOSLGPHh9Z+
EMW0zXJrz8uLmzIGb/qRvk6SiBFxXZpPCtzQYze+WqW4x+Dxqi3T0kO6d5r5a4n1
UuqQnS1mU4UaMhL/EKJQ719qyM42f0TQpQ/KcyzIq6rvVShevCos3+FWtQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBXyJRL0rWEbQB0/+LYIrI9rG6CAMB8GA1UdIwQY
MBaAFKCf2gR7OgscggQ15pk4hmDaMsY/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb0pfYUJIczZDeHlDQkRYbW1UaUdZTm95eGo4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNi84YjRkMzItMDM2NS00ZGFhLTlkNWIt
Mjk5MjBlNTE2N2Q5LzEvRmZJbEV2U3RZUnRBSFRfNHRnaXNqMnNib0lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNi84YjRkMzItMDM2NS00ZGFhLTlkNWItMjk5MjBlNTE2N2Q5
LzEvb0pfYUJIczZDeHlDQkRYbW1UaUdZTm95eGo4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRLeMA0G
CSqGSIb3DQEBCwUAA4IBAQAP7DB0UC7ipuCKIiMGalYNrJAuK/dUrhU49pO15bQW
Y2WioRjYzpLEko/m6Re4auZ1fjXGBjGC5SjnV5JZ8rOnbOQRNxP3aDzst7kbEWg6
5UXhuzd6WtgRtPwO+If4hiY1Q69FCapAEnBq9IkwkVNKpaHZkJ4Is81oKM3wC30t
NvJIXjjzSf+5CFpWfmQu0qoMZ6nepzb15wB2wj3XLfqS0gYHP5cpRYpdV4kyT8Rr
xtYJB9gmUgMeFTKUB5RIl6w0CDXcbIRZ9Qd1t4eAiK5r16ivYn0GcZhjXVEbHBJ1
4K0bI22rnhmdVOdpfrLgAv/rPf82X6KiJgxEjRF+wu0U
-----END CERTIFICATE-----