Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/f0aef3-263d-4f41-8853-18b7eb923a99/1/2WHBj7nv7xMvbv08rHniyjR0Fos.roa
File:                     2WHBj7nv7xMvbv08rHniyjR0Fos.roa (raw, json)
Hash identifier:          NBxIqPQUMGuLMFXfKzH7d1UwTfg7bcWtx2M9b2UcFWM=
Subject key identifier:   D9:61:C1:8F:B9:EF:EF:13:2F:6E:FD:3C:AC:79:E2:CA:34:74:16:8B
Certificate issuer:       /CN=6e37a10a4a0273f41facf7440d59f39ad5eaf64b
Certificate serial:       0197DEF49D748A15D31A9EF0ECC95C5E8543
Authority key identifier: 6E:37:A1:0A:4A:02:73:F4:1F:AC:F7:44:0D:59:F3:9A:D5:EA:F6:4B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bjehCkoCc_QfrPdEDVnzmtXq9ks.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/f0aef3-263d-4f41-8853-18b7eb923a99/1/2WHBj7nv7xMvbv08rHniyjR0Fos.roa
Signing time:             Sun 06 Jul 2025 08:57:42 +0000
ROA not before:           Sun 06 Jul 2025 08:57:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     11042
IP address blocks:        185.157.150.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/f0aef3-263d-4f41-8853-18b7eb923a99/1/bjehCkoCc_QfrPdEDVnzmtXq9ks.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/f0aef3-263d-4f41-8853-18b7eb923a99/1/bjehCkoCc_QfrPdEDVnzmtXq9ks.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bjehCkoCc_QfrPdEDVnzmtXq9ks.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 24 Jul 2025 14:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:de:f4:9d:74:8a:15:d3:1a:9e:f0:ec:c9:5c:5e:85:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6e37a10a4a0273f41facf7440d59f39ad5eaf64b
        Validity
            Not Before: Jul  6 08:57:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d961c18fb9efef132f6efd3cac79e2ca3474168b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:fc:f0:25:82:7d:c8:57:7f:9d:9c:f8:db:31:
                    b1:5f:da:36:a4:4e:81:59:c0:83:cf:1c:59:77:b4:
                    e8:ee:ff:bd:4b:16:c2:39:95:cf:60:d3:41:e3:fb:
                    f4:d7:e1:f8:7b:31:d9:11:30:e5:ec:a6:fc:48:6f:
                    7e:2d:ff:7b:97:f0:7c:c0:5b:50:83:1e:9b:63:78:
                    1d:ed:93:92:30:a7:92:c9:4a:ce:d2:32:d1:82:2c:
                    92:73:d1:98:97:ea:f6:ea:3b:9b:4b:ed:c8:41:e8:
                    11:28:ff:6b:6c:51:32:fd:7d:8e:ab:d3:fd:d9:72:
                    51:0d:0f:d1:ff:51:07:fa:76:84:16:c8:19:b2:82:
                    7b:ca:1f:a1:53:d2:4d:9f:b6:9f:9b:63:12:e9:65:
                    b8:53:88:a0:17:17:95:d0:8e:10:39:bd:92:9d:5e:
                    db:ab:d6:78:67:d6:6c:50:4f:dc:db:d0:25:a5:f2:
                    4f:b7:9a:ec:a4:11:c8:33:5a:3c:54:0e:68:92:63:
                    74:59:c5:c5:07:ba:f0:25:52:1b:35:a8:c8:35:88:
                    e7:b6:5b:8b:5e:75:ae:27:c6:86:95:f3:3b:03:d7:
                    0f:f1:c5:92:50:39:d4:c9:ab:23:c4:48:af:ab:28:
                    2b:02:03:a8:39:22:1c:bf:1e:dd:2a:ce:cf:2e:6c:
                    2e:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:61:C1:8F:B9:EF:EF:13:2F:6E:FD:3C:AC:79:E2:CA:34:74:16:8B
            X509v3 Authority Key Identifier:
                keyid:6E:37:A1:0A:4A:02:73:F4:1F:AC:F7:44:0D:59:F3:9A:D5:EA:F6:4B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bjehCkoCc_QfrPdEDVnzmtXq9ks.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/f0aef3-263d-4f41-8853-18b7eb923a99/1/2WHBj7nv7xMvbv08rHniyjR0Fos.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/f0aef3-263d-4f41-8853-18b7eb923a99/1/bjehCkoCc_QfrPdEDVnzmtXq9ks.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.150.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:ae:34:97:6b:08:04:3c:be:84:c2:d7:2a:f6:6e:59:4d:8d:
         5e:16:cc:b9:47:5d:85:6f:41:1b:a4:20:7c:ca:e8:81:3d:c0:
         57:04:4a:ff:27:ed:98:05:73:af:14:5c:c2:83:6e:2a:4a:55:
         d1:12:47:e6:c0:eb:7b:67:76:7f:9e:02:8f:ac:d0:8a:73:3a:
         17:7f:1f:49:32:e5:04:91:c0:01:dc:d6:f3:79:10:23:15:d4:
         07:f8:1a:2e:7b:7d:bc:90:bf:79:1e:3d:09:5e:50:5e:d1:85:
         7f:3b:2a:60:b0:1f:14:00:f1:14:fb:ca:bf:4f:b0:cd:9b:99:
         67:0d:11:cf:c2:da:bd:5a:9d:83:27:6c:10:0b:09:fe:8d:48:
         68:e0:f1:d2:64:f2:16:ac:9b:50:a2:38:a7:cc:ef:13:62:5f:
         5c:e4:b5:67:59:fb:4c:28:fb:83:9c:81:b3:6a:32:0a:26:35:
         d1:1c:f1:a9:0b:6b:df:e2:cf:c9:eb:96:4d:cf:bf:b4:dc:7b:
         b3:61:21:13:9f:ac:06:f2:f7:f4:a4:69:02:f9:c1:82:ac:b8:
         56:c7:5f:48:35:98:61:91:9f:53:77:b8:85:3b:bb:4d:e7:d4:
         73:88:5c:56:6a:f2:87:0a:0c:20:08:53:13:57:4f:dc:e2:3c:
         f6:98:3e:93
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfe9J10ihXTGp7w7MlcXoVDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZlMzdhMTBhNGEwMjczZjQxZmFjZjc0NDBkNTlmMzlhZDVl
YWY2NGIwHhcNMjUwNzA2MDg1NzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTYxYzE4ZmI5ZWZlZjEzMmY2ZWZkM2NhYzc5ZTJjYTM0NzQxNjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnfzwJYJ9yFd/nZz42zGxX9o2pE6B
WcCDzxxZd7To7v+9SxbCOZXPYNNB4/v01+H4ezHZETDl7Kb8SG9+Lf97l/B8wFtQ
gx6bY3gd7ZOSMKeSyUrO0jLRgiySc9GYl+r26jubS+3IQegRKP9rbFEy/X2Oq9P9
2XJRDQ/R/1EH+naEFsgZsoJ7yh+hU9JNn7afm2MS6WW4U4igFxeV0I4QOb2SnV7b
q9Z4Z9ZsUE/c29AlpfJPt5rspBHIM1o8VA5okmN0WcXFB7rwJVIbNajINYjntluL
XnWuJ8aGlfM7A9cP8cWSUDnUyasjxEivqygrAgOoOSIcvx7dKs7PLmwupQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNlhwY+57+8TL279PKx54so0dBaLMB8GA1UdIwQY
MBaAFG43oQpKAnP0H6z3RA1Z85rV6vZLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYmplaENrb0NjX1FmclBkRURWbnptdFhxOWtzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9mMGFlZjMtMjYzZC00ZjQxLTg4NTMt
MThiN2ViOTIzYTk5LzEvMldIQmo3bnY3eE12YnYwOHJIbml5alIwRm9zLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9mMGFlZjMtMjYzZC00ZjQxLTg4NTMtMThiN2ViOTIzYTk5
LzEvYmplaENrb0NjX1FmclBkRURWbnptdFhxOWtzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ2WMA0G
CSqGSIb3DQEBCwUAA4IBAQDHrjSXawgEPL6Ewtcq9m5ZTY1eFsy5R12Fb0EbpCB8
yuiBPcBXBEr/J+2YBXOvFFzCg24qSlXREkfmwOt7Z3Z/ngKPrNCKczoXfx9JMuUE
kcAB3NbzeRAjFdQH+Boue328kL95Hj0JXlBe0YV/OypgsB8UAPEU+8q/T7DNm5ln
DRHPwtq9Wp2DJ2wQCwn+jUho4PHSZPIWrJtQojinzO8TYl9c5LVnWftMKPuDnIGz
ajIKJjXRHPGpC2vf4s/J65ZNz7+03HuzYSETn6wG8vf0pGkC+cGCrLhWx19INZhh
kZ9Td7iFO7tN59RziFxWavKHCgwgCFMTV0/c4jz2mD6T
-----END CERTIFICATE-----