Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/IEgYKG7Z6QdmhTg8jbadzlqUL0A.roa
File:                     IEgYKG7Z6QdmhTg8jbadzlqUL0A.roa (raw, json)
Hash identifier:          czHiBi7aC7gYGx6TuroDY+vPvsviuucmLi9+d2nYML8=
Subject key identifier:   20:48:18:28:6E:D9:E9:07:66:85:38:3C:8D:B6:9D:CE:5A:94:2F:40
Certificate issuer:       /CN=43af2e987d2b63addaa5adc178f31e90d876aaa7
Certificate serial:       0196586B9F7FF784190C05D2C9B24AE47A1F
Authority key identifier: 43:AF:2E:98:7D:2B:63:AD:DA:A5:AD:C1:78:F3:1E:90:D8:76:AA:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Q68umH0rY63apa3BePMekNh2qqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/IEgYKG7Z6QdmhTg8jbadzlqUL0A.roa
Signing time:             Mon 21 Apr 2025 12:56:10 +0000
ROA not before:           Mon 21 Apr 2025 12:56:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.2.244.0/22 maxlen: 22
                          185.2.246.0/24 maxlen: 24
                          185.2.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/Q68umH0rY63apa3BePMekNh2qqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/Q68umH0rY63apa3BePMekNh2qqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Q68umH0rY63apa3BePMekNh2qqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 09:00:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:58:6b:9f:7f:f7:84:19:0c:05:d2:c9:b2:4a:e4:7a:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=43af2e987d2b63addaa5adc178f31e90d876aaa7
        Validity
            Not Before: Apr 21 12:56:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=204818286ed9e9076685383c8db69dce5a942f40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:fe:62:a3:80:9d:d4:c3:5c:18:76:89:7c:9f:
                    c6:54:a7:ac:b4:15:e6:d4:e1:2d:75:05:22:cd:df:
                    7b:28:c4:3b:0f:da:fe:2f:66:8b:12:3d:4d:dd:85:
                    a7:c0:bd:a1:bf:de:3b:38:cb:00:56:5e:be:d6:94:
                    3d:3b:a3:b3:f0:4f:ee:0c:30:b1:e0:b8:2d:09:d2:
                    23:46:de:66:0a:da:38:d0:f6:0b:93:04:39:03:86:
                    e8:29:93:90:ba:df:f4:2e:27:66:90:56:19:6b:e5:
                    fd:4b:b8:d5:59:81:2a:a2:8c:14:1b:8d:22:cd:69:
                    04:b3:4b:56:a6:f6:c3:da:d4:24:e0:58:9f:73:97:
                    88:65:85:7d:be:d6:44:ba:3b:70:a8:13:9d:8e:a4:
                    d7:72:f4:27:f1:00:65:0e:c6:92:36:4f:25:f0:8b:
                    5e:32:1a:0e:84:45:57:e0:5d:0e:f8:41:36:db:d3:
                    46:54:fa:bd:e8:8a:eb:8f:ce:42:66:3f:4f:5f:ae:
                    c1:4e:0e:9c:0a:f6:08:3a:be:4d:f5:aa:08:84:7c:
                    55:99:95:ec:9a:fc:23:d9:c3:ae:5c:49:df:b7:18:
                    49:3a:98:98:da:79:52:05:01:c4:7f:f1:81:e3:22:
                    c0:63:29:47:f3:4c:e1:04:ad:86:4e:64:9f:24:46:
                    f0:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:48:18:28:6E:D9:E9:07:66:85:38:3C:8D:B6:9D:CE:5A:94:2F:40
            X509v3 Authority Key Identifier:
                keyid:43:AF:2E:98:7D:2B:63:AD:DA:A5:AD:C1:78:F3:1E:90:D8:76:AA:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Q68umH0rY63apa3BePMekNh2qqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/IEgYKG7Z6QdmhTg8jbadzlqUL0A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cf/668437-97c2-48c2-b7c8-cc7746719406/1/Q68umH0rY63apa3BePMekNh2qqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.2.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:42:f8:e5:21:b6:0c:5b:af:d2:c9:7c:aa:ab:85:da:3d:82:
         a9:39:a0:75:c8:e1:ec:29:99:71:14:b3:14:ee:85:23:d7:ff:
         6a:09:6c:0f:60:ad:ac:35:de:0b:55:39:ef:72:ab:dd:1f:87:
         12:6e:9f:30:b3:65:75:7f:0a:ac:2d:50:61:df:33:6e:55:58:
         d4:78:d0:db:17:78:cc:40:66:2e:19:d2:05:06:24:be:b2:c6:
         a6:25:92:b7:02:eb:a1:2a:0a:fe:3b:83:ab:d1:c1:80:19:84:
         bc:9f:fa:1d:25:45:63:5a:be:88:d2:a1:0c:14:76:a7:05:83:
         9d:f5:90:ac:db:f8:17:4b:93:a3:8b:70:6d:89:e6:82:ca:60:
         f3:93:d4:34:62:19:32:a0:2d:18:eb:4f:97:28:34:75:a8:2a:
         08:67:d3:03:7d:e5:b9:f6:37:5f:09:54:87:43:27:fb:d9:32:
         11:67:73:fb:f1:c2:f9:8b:f2:75:dd:41:77:76:2c:c5:f4:5d:
         18:8d:7b:d1:b0:a2:29:fc:22:06:19:56:29:a7:db:d7:a4:7f:
         ce:bf:fe:fc:5e:c3:56:c2:b1:25:a0:a3:a4:b0:3e:eb:96:4b:
         3a:50:ec:ec:f5:52:5b:9a:66:2f:97:05:c1:24:47:b4:a8:e1:
         f6:23:08:35
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZYa59/94QZDAXSybJK5HofMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQzYWYyZTk4N2QyYjYzYWRkYWE1YWRjMTc4ZjMxZTkwZDg3
NmFhYTcwHhcNMjUwNDIxMTI1NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDQ4MTgyODZlZDllOTA3NjY4NTM4M2M4ZGI2OWRjZTVhOTQyZjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlv5io4Cd1MNcGHaJfJ/GVKestBXm
1OEtdQUizd97KMQ7D9r+L2aLEj1N3YWnwL2hv947OMsAVl6+1pQ9O6Oz8E/uDDCx
4LgtCdIjRt5mCto40PYLkwQ5A4boKZOQut/0LidmkFYZa+X9S7jVWYEqoowUG40i
zWkEs0tWpvbD2tQk4Fifc5eIZYV9vtZEujtwqBOdjqTXcvQn8QBlDsaSNk8l8Ite
MhoOhEVX4F0O+EE229NGVPq96Irrj85CZj9PX67BTg6cCvYIOr5N9aoIhHxVmZXs
mvwj2cOuXEnftxhJOpiY2nlSBQHEf/GB4yLAYylH80zhBK2GTmSfJEbw3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCBIGChu2ekHZoU4PI22nc5alC9AMB8GA1UdIwQY
MBaAFEOvLph9K2Ot2qWtwXjzHpDYdqqnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUTY4dW1IMHJZNjNhcGEzQmVQTWVrTmgycXFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZi82Njg0MzctOTdjMi00OGMyLWI3Yzgt
Y2M3NzQ2NzE5NDA2LzEvSUVnWUtHN1o2UWRtaFRnOGpiYWR6bHFVTDBBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZi82Njg0MzctOTdjMi00OGMyLWI3YzgtY2M3NzQ2NzE5NDA2
LzEvUTY4dW1IMHJZNjNhcGEzQmVQTWVrTmgycXFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuQL0MA0G
CSqGSIb3DQEBCwUAA4IBAQAdQvjlIbYMW6/SyXyqq4XaPYKpOaB1yOHsKZlxFLMU
7oUj1/9qCWwPYK2sNd4LVTnvcqvdH4cSbp8ws2V1fwqsLVBh3zNuVVjUeNDbF3jM
QGYuGdIFBiS+ssamJZK3AuuhKgr+O4Or0cGAGYS8n/odJUVjWr6I0qEMFHanBYOd
9ZCs2/gXS5Oji3BtieaCymDzk9Q0YhkyoC0Y60+XKDR1qCoIZ9MDfeW59jdfCVSH
Qyf72TIRZ3P78cL5i/J13UF3dizF9F0YjXvRsKIp/CIGGVYpp9vXpH/Ov/78XsNW
wrEloKOksD7rlks6UOzs9VJbmmYvlwXBJEe0qOH2Iwg1
-----END CERTIFICATE-----