Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/1ba9a6-f616-4e74-967d-7e7190ffc4c9/1/rER2RyM9WMWv62airMbML41Jj_A.roa
File:                     rER2RyM9WMWv62airMbML41Jj_A.roa (raw, json)
Hash identifier:          Vq04pvE8uFONGjHiSeRfJcN2ONH656v/BmVYpoQ3tn8=
Subject key identifier:   AC:44:76:47:23:3D:58:C5:AF:EB:66:A2:AC:C6:CC:2F:8D:49:8F:F0
Certificate issuer:       /CN=3087d2e1cc08a95174bf794e2f2de6e3d03ef82a
Certificate serial:       0196A9E18184C58A9AADC8ED8CC36653C29F
Authority key identifier: 30:87:D2:E1:CC:08:A9:51:74:BF:79:4E:2F:2D:E6:E3:D0:3E:F8:2A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MIfS4cwIqVF0v3lOLy3m49A--Co.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/1ba9a6-f616-4e74-967d-7e7190ffc4c9/1/rER2RyM9WMWv62airMbML41Jj_A.roa
Signing time:             Wed 07 May 2025 08:34:10 +0000
ROA not before:           Wed 07 May 2025 08:34:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214790
IP address blocks:        185.223.168.0/24 maxlen: 24
                          185.223.169.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/1ba9a6-f616-4e74-967d-7e7190ffc4c9/1/MIfS4cwIqVF0v3lOLy3m49A--Co.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/1ba9a6-f616-4e74-967d-7e7190ffc4c9/1/MIfS4cwIqVF0v3lOLy3m49A--Co.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MIfS4cwIqVF0v3lOLy3m49A--Co.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:a9:e1:81:84:c5:8a:9a:ad:c8:ed:8c:c3:66:53:c2:9f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3087d2e1cc08a95174bf794e2f2de6e3d03ef82a
        Validity
            Not Before: May  7 08:34:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ac447647233d58c5afeb66a2acc6cc2f8d498ff0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:fc:23:93:77:20:20:ea:85:a5:0d:8b:1e:65:
                    aa:7f:64:61:ad:1e:aa:a2:f7:fc:85:b4:65:75:77:
                    35:34:e6:62:a5:6c:38:fd:f3:36:ac:e3:e5:a9:d2:
                    c9:1e:75:34:88:8d:7c:f3:fd:29:f1:a4:0d:82:1a:
                    dd:d6:56:bb:b1:66:1b:0e:9d:29:e9:a0:2b:26:a1:
                    78:7c:af:58:70:82:68:11:08:83:1f:db:49:e8:b9:
                    1a:26:0c:ae:32:b8:96:92:f5:d6:88:28:c9:59:70:
                    b3:a8:8b:ab:dd:e6:bd:71:cf:3b:aa:d3:a5:9d:c9:
                    f4:d6:89:db:1f:ff:96:73:1f:c6:33:2c:2a:a6:aa:
                    4f:73:e1:c0:51:b4:d1:7f:d2:e2:5f:73:14:37:f6:
                    f5:19:db:18:2c:38:5c:c0:f7:a6:7e:ae:84:03:e4:
                    94:89:c1:da:54:5b:8a:c8:4d:30:65:7b:8f:c3:37:
                    74:7a:c2:65:b1:9e:2e:c6:a8:5b:50:a6:4c:e1:65:
                    75:ec:c0:18:7c:82:67:93:39:a1:51:25:fa:bc:e4:
                    81:e7:1d:c8:53:75:3d:6b:4b:e9:b4:b0:2b:17:fd:
                    83:1a:eb:2a:a6:e8:81:26:d6:e0:37:b2:1e:5c:1e:
                    1a:3a:ed:1c:a6:e0:2c:f5:37:ab:e3:9a:ea:ed:fd:
                    b2:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:44:76:47:23:3D:58:C5:AF:EB:66:A2:AC:C6:CC:2F:8D:49:8F:F0
            X509v3 Authority Key Identifier:
                keyid:30:87:D2:E1:CC:08:A9:51:74:BF:79:4E:2F:2D:E6:E3:D0:3E:F8:2A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MIfS4cwIqVF0v3lOLy3m49A--Co.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/1ba9a6-f616-4e74-967d-7e7190ffc4c9/1/rER2RyM9WMWv62airMbML41Jj_A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/1ba9a6-f616-4e74-967d-7e7190ffc4c9/1/MIfS4cwIqVF0v3lOLy3m49A--Co.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.168.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4b:c2:84:d0:84:4e:e4:78:b3:5e:f0:b5:a0:72:a6:7c:71:55:
         eb:ae:87:23:07:60:e3:b8:60:7b:52:9b:91:b3:ce:09:ba:7e:
         bf:aa:f3:6b:70:99:b9:8d:a4:81:84:d1:30:ab:9b:ba:bf:d2:
         0d:34:2b:a5:26:f3:c5:58:0a:1b:3d:10:17:ae:89:f7:5d:56:
         91:a4:00:47:4e:4a:ef:00:82:73:3c:1d:15:0d:01:ae:e0:1b:
         07:db:93:2c:d2:59:a0:70:ce:37:f0:2b:97:33:08:ca:a4:7d:
         f4:a5:16:f8:bb:4e:66:10:06:a3:a7:24:17:4b:7f:f0:ba:74:
         84:e3:69:a9:54:3a:67:c8:52:7e:69:04:c7:5a:00:15:69:33:
         35:b0:11:4c:91:90:57:a5:e3:2e:35:d4:ea:74:76:38:77:d2:
         5e:8f:95:5b:c9:ef:7b:2e:65:8f:c2:c7:8e:f3:03:c6:ba:39:
         1f:1b:15:71:d9:9b:8f:d7:25:67:2c:20:31:78:48:b7:b7:30:
         37:4e:11:f0:f2:1a:b5:96:6c:d8:46:3c:e5:70:de:fa:3b:3d:
         a5:45:4c:ef:bd:28:79:1b:41:c2:15:d8:b3:ce:cc:35:bb:22:
         c8:53:c1:f2:05:ea:d0:71:44:e8:b3:a8:99:b0:0c:a1:ca:68:
         e2:80:3e:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZap4YGExYqarcjtjMNmU8KfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMwODdkMmUxY2MwOGE5NTE3NGJmNzk0ZTJmMmRlNmUzZDAz
ZWY4MmEwHhcNMjUwNTA3MDgzNDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzQ0NzY0NzIzM2Q1OGM1YWZlYjY2YTJhY2M2Y2MyZjhkNDk4ZmYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsvwjk3cgIOqFpQ2LHmWqf2RhrR6q
ovf8hbRldXc1NOZipWw4/fM2rOPlqdLJHnU0iI188/0p8aQNghrd1la7sWYbDp0p
6aArJqF4fK9YcIJoEQiDH9tJ6LkaJgyuMriWkvXWiCjJWXCzqIur3ea9cc87qtOl
ncn01onbH/+Wcx/GMywqpqpPc+HAUbTRf9LiX3MUN/b1GdsYLDhcwPemfq6EA+SU
icHaVFuKyE0wZXuPwzd0esJlsZ4uxqhbUKZM4WV17MAYfIJnkzmhUSX6vOSB5x3I
U3U9a0vptLArF/2DGusqpuiBJtbgN7IeXB4aOu0cpuAs9Ter45rq7f2y0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKxEdkcjPVjFr+tmoqzGzC+NSY/wMB8GA1UdIwQY
MBaAFDCH0uHMCKlRdL95Ti8t5uPQPvgqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTUlmUzRjd0lxVkYwdjNsT0x5M200OUEtLUNvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy8xYmE5YTYtZjYxNi00ZTc0LTk2N2Qt
N2U3MTkwZmZjNGM5LzEvckVSMlJ5TTlXTVd2NjJhaXJNYk1MNDFKal9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy8xYmE5YTYtZjYxNi00ZTc0LTk2N2QtN2U3MTkwZmZjNGM5
LzEvTUlmUzRjd0lxVkYwdjNsT0x5M200OUEtLUNvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBud+oMA0G
CSqGSIb3DQEBCwUAA4IBAQBLwoTQhE7keLNe8LWgcqZ8cVXrrocjB2DjuGB7UpuR
s84Jun6/qvNrcJm5jaSBhNEwq5u6v9INNCulJvPFWAobPRAXron3XVaRpABHTkrv
AIJzPB0VDQGu4BsH25Ms0lmgcM438CuXMwjKpH30pRb4u05mEAajpyQXS3/wunSE
42mpVDpnyFJ+aQTHWgAVaTM1sBFMkZBXpeMuNdTqdHY4d9Jej5Vbye97LmWPwseO
8wPGujkfGxVx2ZuP1yVnLCAxeEi3tzA3ThHw8hq1lmzYRjzlcN76Oz2lRUzvvSh5
G0HCFdizzsw1uyLIU8HyBerQcUTos6iZsAyhymjigD4G
-----END CERTIFICATE-----