Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/5e753d-c33d-47a3-8e82-a52862b44563/1/b-Ey_OS_HXWojxgowNhsjzhqy0g.roa
File:                     b-Ey_OS_HXWojxgowNhsjzhqy0g.roa (raw, json)
Hash identifier:          IYNzeBFLK7crpI5DxHVXy2f+PctN4mHIKes13g+bMzc=
Subject key identifier:   6F:E1:32:FC:E4:BF:1D:75:A8:8F:18:28:C0:D8:6C:8F:38:6A:CB:48
Certificate issuer:       /CN=fc55e0533efaa5624f538b92ed1a973feff89751
Certificate serial:       019619726F4BC510E1CC924FCEA1CBEC3C2F
Authority key identifier: FC:55:E0:53:3E:FA:A5:62:4F:53:8B:92:ED:1A:97:3F:EF:F8:97:51
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/_FXgUz76pWJPU4uS7RqXP-_4l1E.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/5e753d-c33d-47a3-8e82-a52862b44563/1/b-Ey_OS_HXWojxgowNhsjzhqy0g.roa
Signing time:             Wed 09 Apr 2025 07:27:31 +0000
ROA not before:           Wed 09 Apr 2025 07:27:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        185.84.118.0/24 maxlen: 24
                          185.84.119.0/24 maxlen: 24
                          185.132.188.0/24 maxlen: 24
                          185.132.189.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/5e753d-c33d-47a3-8e82-a52862b44563/1/_FXgUz76pWJPU4uS7RqXP-_4l1E.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/5e753d-c33d-47a3-8e82-a52862b44563/1/_FXgUz76pWJPU4uS7RqXP-_4l1E.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/_FXgUz76pWJPU4uS7RqXP-_4l1E.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 04:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:19:72:6f:4b:c5:10:e1:cc:92:4f:ce:a1:cb:ec:3c:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fc55e0533efaa5624f538b92ed1a973feff89751
        Validity
            Not Before: Apr  9 07:27:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6fe132fce4bf1d75a88f1828c0d86c8f386acb48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:8c:e0:af:63:47:08:81:b8:1e:40:a3:11:af:
                    f1:24:9a:96:77:bf:1a:4c:eb:c8:ec:c1:fb:49:89:
                    77:8d:34:41:17:67:db:12:80:59:75:08:bc:d9:9e:
                    aa:68:db:e7:cc:13:71:75:40:c7:e6:b3:1b:60:48:
                    c1:31:85:f1:c2:42:9d:e9:5e:07:97:60:05:6f:04:
                    8a:9f:40:70:36:0c:1f:3d:aa:9e:5b:f8:9c:c1:9a:
                    a9:2b:07:e6:37:d8:1b:21:4e:e3:a2:7f:b4:ee:ba:
                    5e:cd:14:d5:27:a0:93:5a:3b:e1:d6:d7:9a:c4:f0:
                    f3:95:12:c8:ff:3b:ba:b0:b9:aa:61:be:bf:4a:a8:
                    bf:a2:b0:dc:c3:7c:51:79:0a:d3:9b:2e:02:45:83:
                    99:9a:f5:78:3f:e2:7b:9b:8a:20:72:d5:c1:c9:46:
                    e4:63:06:d9:ff:b8:06:8c:d8:bd:89:d4:a3:24:3e:
                    58:0d:68:7f:20:d6:a7:be:63:e6:86:e9:b9:15:ed:
                    0b:1f:ea:18:70:44:03:01:ed:ee:39:a1:ad:35:fe:
                    ec:39:42:21:b2:3c:af:4d:81:10:b9:c2:61:02:80:
                    74:75:7f:b7:af:b4:70:3d:df:e6:26:2f:78:f1:67:
                    37:35:27:06:06:5c:71:40:db:d1:5a:62:5d:51:71:
                    43:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:E1:32:FC:E4:BF:1D:75:A8:8F:18:28:C0:D8:6C:8F:38:6A:CB:48
            X509v3 Authority Key Identifier:
                keyid:FC:55:E0:53:3E:FA:A5:62:4F:53:8B:92:ED:1A:97:3F:EF:F8:97:51

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/_FXgUz76pWJPU4uS7RqXP-_4l1E.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/5e753d-c33d-47a3-8e82-a52862b44563/1/b-Ey_OS_HXWojxgowNhsjzhqy0g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/5e753d-c33d-47a3-8e82-a52862b44563/1/_FXgUz76pWJPU4uS7RqXP-_4l1E.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.84.118.0/23
                  185.132.188.0/23

    Signature Algorithm: sha256WithRSAEncryption
         40:4e:9a:36:2e:c4:36:fa:ea:27:97:ed:c0:83:18:ba:88:3b:
         8e:73:85:a6:02:27:a6:c8:48:e3:7c:4e:96:ff:1d:3e:db:32:
         fb:ab:ba:f8:4c:a1:de:06:54:49:19:03:a9:2c:d0:c3:ac:0b:
         1b:9a:20:88:c5:38:1e:b0:6f:63:df:e7:e4:fe:14:28:ac:e4:
         31:65:cd:2a:24:26:5d:af:d5:b7:12:b8:61:92:36:7a:57:c6:
         42:3e:df:76:e6:f0:8a:e6:eb:4f:04:d3:58:bd:89:6f:41:e9:
         91:ea:44:a4:18:83:6e:7a:37:6a:12:9a:6d:86:3d:cd:f0:aa:
         52:21:15:32:ee:de:bc:2d:4c:81:93:58:40:07:69:1e:78:3f:
         1c:d6:b1:8a:e7:1a:19:7c:c5:3c:ac:33:57:ae:80:95:5c:13:
         7d:c1:43:84:d8:59:7f:d9:3a:27:d2:05:b8:f0:3e:01:89:0a:
         dc:82:97:82:5b:58:de:68:b7:18:c6:e1:4a:3b:23:f3:5e:ca:
         0a:8d:aa:dd:e4:cf:51:31:e6:50:8f:71:01:17:7c:d8:6e:75:
         51:2a:69:e5:7c:a0:c1:7d:d0:cc:54:c1:10:4b:e3:70:48:c3:
         c1:f8:7c:b8:2c:bb:d1:8a:db:ad:49:aa:0b:8e:ba:9e:d0:40:
         7f:7f:41:b3
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZYZcm9LxRDhzJJPzqHL7DwvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZjNTVlMDUzM2VmYWE1NjI0ZjUzOGI5MmVkMWE5NzNmZWZm
ODk3NTEwHhcNMjUwNDA5MDcyNzMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZmUxMzJmY2U0YmYxZDc1YTg4ZjE4MjhjMGQ4NmM4ZjM4NmFjYjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIzgr2NHCIG4HkCjEa/xJJqWd78a
TOvI7MH7SYl3jTRBF2fbEoBZdQi82Z6qaNvnzBNxdUDH5rMbYEjBMYXxwkKd6V4H
l2AFbwSKn0BwNgwfPaqeW/icwZqpKwfmN9gbIU7jon+07rpezRTVJ6CTWjvh1tea
xPDzlRLI/zu6sLmqYb6/Sqi/orDcw3xReQrTmy4CRYOZmvV4P+J7m4ogctXByUbk
YwbZ/7gGjNi9idSjJD5YDWh/INanvmPmhum5Fe0LH+oYcEQDAe3uOaGtNf7sOUIh
sjyvTYEQucJhAoB0dX+3r7RwPd/mJi948Wc3NScGBlxxQNvRWmJdUXFDxwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFG/hMvzkvx11qI8YKMDYbI84astIMB8GA1UdIwQY
MBaAFPxV4FM++qViT1OLku0alz/v+JdRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvX0ZYZ1V6NzZwV0pQVTR1UzdScVhQLV80bDFFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC81ZTc1M2QtYzMzZC00N2EzLThlODIt
YTUyODYyYjQ0NTYzLzEvYi1FeV9PU19IWFdvanhnb3dOaHNqemhxeTBnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC81ZTc1M2QtYzMzZC00N2EzLThlODItYTUyODYyYjQ0NTYz
LzEvX0ZYZ1V6NzZwV0pQVTR1UzdScVhQLV80bDFFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBuVR2AwQB
uYS8MA0GCSqGSIb3DQEBCwUAA4IBAQBATpo2LsQ2+uonl+3Agxi6iDuOc4WmAiem
yEjjfE6W/x0+2zL7q7r4TKHeBlRJGQOpLNDDrAsbmiCIxTgesG9j3+fk/hQorOQx
Zc0qJCZdr9W3ErhhkjZ6V8ZCPt925vCK5utPBNNYvYlvQemR6kSkGINuejdqEppt
hj3N8KpSIRUy7t68LUyBk1hAB2keeD8c1rGK5xoZfMU8rDNXroCVXBN9wUOE2Fl/
2Ton0gW48D4BiQrcgpeCW1jeaLcYxuFKOyPzXsoKjard5M9RMeZQj3EBF3zYbnVR
KmnlfKDBfdDMVMEQS+NwSMPB+Hy4LLvRitutSaoLjrqe0EB/f0Gz
-----END CERTIFICATE-----