Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KZ32XSSyrRC1RdO8yBtT1VrQ9vI.roa
File:                     KZ32XSSyrRC1RdO8yBtT1VrQ9vI.roa (raw, json)
Hash identifier:          ey3YMKtfvAcIHq6H4Q1tVMAXZSnrKIAYHM8O/rmrrxI=
Subject key identifier:   29:9D:F6:5D:24:B2:AD:10:B5:45:D3:BC:C8:1B:53:D5:5A:D0:F6:F2
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019422205B3E77E23160190D1D57CBCF2601
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KZ32XSSyrRC1RdO8yBtT1VrQ9vI.roa
Signing time:             Wed 01 Jan 2025 13:48:53 +0000
ROA not before:           Wed 01 Jan 2025 13:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216183
IP address blocks:        185.206.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 23:34:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:5b:3e:77:e2:31:60:19:0d:1d:57:cb:cf:26:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=299df65d24b2ad10b545d3bcc81b53d55ad0f6f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:d7:2a:b4:b2:c6:23:6d:78:fb:07:26:57:7b:
                    55:3d:fe:ca:0a:95:c8:d5:5f:a2:99:5d:ab:9c:cb:
                    6c:72:ce:59:00:14:ab:e5:70:a4:74:0f:fc:e7:0f:
                    60:7f:cd:3d:ec:bb:56:48:3c:d7:5d:6b:08:57:e2:
                    8b:06:d2:af:8b:0a:58:ec:6f:9a:37:fc:6a:a7:d6:
                    b5:88:a3:26:2b:5b:e8:6e:ad:b6:10:69:15:81:61:
                    c0:26:39:6b:86:48:af:9f:6f:28:6a:5f:51:44:ce:
                    68:7b:bd:10:f6:f8:52:b9:52:da:bf:c0:f5:8a:b0:
                    69:3e:1a:0c:3b:0d:b4:fb:72:35:30:a5:15:37:dd:
                    d7:eb:e9:7e:85:92:37:c2:60:cf:77:d6:9c:ce:50:
                    6a:6f:bf:75:5a:35:4f:75:11:61:64:09:32:da:d9:
                    60:7b:f3:b5:93:bc:8a:2c:e9:12:fe:80:ed:0e:2a:
                    70:2a:96:57:05:c2:f0:6b:63:b2:68:c5:71:90:76:
                    79:a2:66:44:ec:72:63:d7:81:4d:8c:e3:52:79:23:
                    b9:df:14:a3:1c:bd:b9:28:f5:de:d2:fe:cc:53:77:
                    0b:f1:2b:43:9e:c7:98:58:b1:15:4d:9d:f9:68:c8:
                    f7:7f:a7:94:3e:32:e0:d7:b1:6e:f4:73:c3:96:c0:
                    1b:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:9D:F6:5D:24:B2:AD:10:B5:45:D3:BC:C8:1B:53:D5:5A:D0:F6:F2
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/KZ32XSSyrRC1RdO8yBtT1VrQ9vI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8c:6f:e1:bd:05:0f:68:3f:1a:c1:58:2b:c9:fe:71:36:fc:77:
         fc:28:8b:44:d6:59:47:52:4a:14:90:90:e5:be:84:25:b0:04:
         61:12:d6:10:91:99:da:dd:65:eb:6b:9d:5b:e8:26:e2:a6:55:
         77:8b:a0:0b:0e:7c:ec:e4:11:3a:ad:41:20:4b:98:b4:4a:be:
         8c:2a:59:99:7c:c7:27:a1:39:9e:fb:72:5e:09:63:52:83:3b:
         97:84:ae:aa:35:40:3a:e0:db:37:69:50:06:74:07:0a:47:7d:
         82:ec:56:41:f4:d6:b0:f1:ed:57:36:4a:b4:3d:78:21:4a:21:
         5d:cf:77:ce:3d:de:1c:38:28:c6:44:aa:db:6d:97:74:d8:a3:
         0a:c7:b7:6f:1c:da:ac:45:52:db:c4:8c:a8:ba:77:a9:b9:df:
         d0:ed:3e:f3:80:11:a3:60:31:3e:9f:22:88:e6:56:36:8f:6c:
         80:84:77:59:0c:4c:89:54:6a:57:d5:3f:73:47:d1:e2:e0:df:
         a0:2d:81:b6:48:c7:ad:db:c0:a2:84:23:37:90:95:ab:c7:de:
         54:a3:60:0b:54:66:0c:86:9e:10:1a:14:de:ee:04:40:31:a4:
         57:d9:9e:2c:ca:49:be:5d:52:9d:c2:d9:6a:ca:0a:62:d1:9f:
         1b:0b:c0:b7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIFs+d+IxYBkNHVfLzyYBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOTlkZjY1ZDI0YjJhZDEwYjU0NWQzYmNjODFiNTNkNTVhZDBmNmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdcqtLLGI214+wcmV3tVPf7KCpXI
1V+imV2rnMtscs5ZABSr5XCkdA/85w9gf8097LtWSDzXXWsIV+KLBtKviwpY7G+a
N/xqp9a1iKMmK1vobq22EGkVgWHAJjlrhkivn28oal9RRM5oe70Q9vhSuVLav8D1
irBpPhoMOw20+3I1MKUVN93X6+l+hZI3wmDPd9aczlBqb791WjVPdRFhZAky2tlg
e/O1k7yKLOkS/oDtDipwKpZXBcLwa2OyaMVxkHZ5omZE7HJj14FNjONSeSO53xSj
HL25KPXe0v7MU3cL8StDnseYWLEVTZ35aMj3f6eUPjLg17Fu9HPDlsAbqwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCmd9l0ksq0QtUXTvMgbU9Va0PbyMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvS1ozMlhTU3lyUkMxUmRPOHlCdFQxVnJROXZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc75MA0G
CSqGSIb3DQEBCwUAA4IBAQCMb+G9BQ9oPxrBWCvJ/nE2/Hf8KItE1llHUkoUkJDl
voQlsARhEtYQkZna3WXra51b6CbiplV3i6ALDnzs5BE6rUEgS5i0Sr6MKlmZfMcn
oTme+3JeCWNSgzuXhK6qNUA64Ns3aVAGdAcKR32C7FZB9Naw8e1XNkq0PXghSiFd
z3fOPd4cOCjGRKrbbZd02KMKx7dvHNqsRVLbxIyounepud/Q7T7zgBGjYDE+nyKI
5lY2j2yAhHdZDEyJVGpX1T9zR9Hi4N+gLYG2SMet28CihCM3kJWrx95Uo2ALVGYM
hp4QGhTe7gRAMaRX2Z4sykm+XVKdwtlqygpi0Z8bC8C3
-----END CERTIFICATE-----