Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/e2ee51-1523-436e-ac75-ef6bd26a0305/1/6awQ5vvLp2COkdyExVIfOWpcf0U.roa
File:                     6awQ5vvLp2COkdyExVIfOWpcf0U.roa (raw, json)
Hash identifier:          x8eRoJ1IMK9tcKhwbrAHFnXzsVa+tGQZBHOMDWjY4g4=
Subject key identifier:   E9:AC:10:E6:FB:CB:A7:60:8E:91:DC:84:C5:52:1F:39:6A:5C:7F:45
Certificate issuer:       /CN=655aef3cef3d9afa027db33579f4a1fe8ad91c6f
Certificate serial:       019421444E4D732E1147C20544A1C77F1B53
Authority key identifier: 65:5A:EF:3C:EF:3D:9A:FA:02:7D:B3:35:79:F4:A1:FE:8A:D9:1C:6F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZVrvPO89mvoCfbM1efSh_orZHG8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/e2ee51-1523-436e-ac75-ef6bd26a0305/1/6awQ5vvLp2COkdyExVIfOWpcf0U.roa
Signing time:             Wed 01 Jan 2025 09:48:31 +0000
ROA not before:           Wed 01 Jan 2025 09:48:31 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200654
IP address blocks:        185.100.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/e2ee51-1523-436e-ac75-ef6bd26a0305/1/ZVrvPO89mvoCfbM1efSh_orZHG8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/e2ee51-1523-436e-ac75-ef6bd26a0305/1/ZVrvPO89mvoCfbM1efSh_orZHG8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZVrvPO89mvoCfbM1efSh_orZHG8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 21:01:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:44:4e:4d:73:2e:11:47:c2:05:44:a1:c7:7f:1b:53
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=655aef3cef3d9afa027db33579f4a1fe8ad91c6f
        Validity
            Not Before: Jan  1 09:48:31 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e9ac10e6fbcba7608e91dc84c5521f396a5c7f45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:fd:77:b5:04:46:1e:aa:d8:0f:79:f3:18:0d:
                    69:2f:6d:00:b1:7c:84:2b:5e:a6:40:90:6b:0a:1b:
                    34:8f:37:9c:30:1a:4b:75:db:6f:d0:7a:73:97:09:
                    c9:f4:4b:86:5c:29:a6:6c:dd:21:18:2b:a2:e6:51:
                    76:a0:cc:66:50:38:c6:f0:aa:0a:bb:78:c4:7b:f8:
                    8a:f3:a1:2f:4a:b9:59:68:17:28:d6:6a:12:70:2b:
                    09:d9:dc:7c:4e:a7:d9:6b:e0:38:3c:aa:be:f4:a8:
                    f8:81:1a:f0:60:45:17:82:3a:5f:3c:96:43:f8:a5:
                    0c:0d:13:b2:4a:9a:16:88:67:bc:9e:70:17:9d:c6:
                    77:a1:87:b3:81:6f:ca:c9:e0:7f:11:32:8b:98:7a:
                    de:17:29:1b:b7:c7:5f:7c:21:76:31:33:a4:0f:72:
                    89:df:e9:81:98:bc:15:8b:ac:54:83:f3:dc:85:89:
                    4a:4e:c3:e4:9f:3e:a4:c8:b4:0c:48:a0:4a:53:5d:
                    22:45:f0:f1:f8:ce:7a:47:c7:e0:d2:ec:ed:63:20:
                    ad:fd:60:1f:c6:57:00:c5:46:d3:dd:91:fa:16:45:
                    6d:3e:86:4f:8b:c5:31:ec:93:e9:06:f0:cc:cc:a9:
                    71:16:3d:dd:63:03:84:9d:e5:86:cd:09:b7:56:e1:
                    53:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:AC:10:E6:FB:CB:A7:60:8E:91:DC:84:C5:52:1F:39:6A:5C:7F:45
            X509v3 Authority Key Identifier:
                keyid:65:5A:EF:3C:EF:3D:9A:FA:02:7D:B3:35:79:F4:A1:FE:8A:D9:1C:6F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZVrvPO89mvoCfbM1efSh_orZHG8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/e2ee51-1523-436e-ac75-ef6bd26a0305/1/6awQ5vvLp2COkdyExVIfOWpcf0U.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/e2ee51-1523-436e-ac75-ef6bd26a0305/1/ZVrvPO89mvoCfbM1efSh_orZHG8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.100.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:8d:ed:9b:49:be:b9:47:6d:2a:c4:96:af:72:a1:bf:d4:fb:
         72:13:0d:1d:62:21:04:98:6b:71:70:d3:ca:f4:8d:f7:86:36:
         31:70:a6:9d:11:68:6b:89:36:49:4c:81:cd:a9:09:45:44:97:
         e9:54:e8:d4:ce:96:86:a8:68:91:b2:79:6b:42:43:f7:9c:9f:
         b7:99:12:d7:97:ec:00:81:4d:5e:1c:86:c1:0e:48:12:78:fd:
         92:2f:f8:87:4b:ad:49:ac:d7:1b:55:09:3f:d2:16:ac:0d:29:
         2f:7b:07:36:34:5f:3e:e4:bb:63:a3:c8:ab:4f:d1:5f:10:7b:
         e0:08:f9:fc:3b:a7:0d:0e:ec:7f:1b:d3:f3:65:0a:56:b6:d1:
         6d:02:d1:e2:51:29:dc:c3:d4:7d:fa:be:58:91:6c:10:59:33:
         81:43:fb:74:ab:07:ab:d5:52:33:4b:47:ab:99:cf:a1:42:61:
         8a:cf:69:7b:ab:f5:42:bd:56:37:01:21:8c:fd:61:23:d7:87:
         56:cf:6c:d4:ab:8a:fd:38:d6:32:60:34:c1:53:35:1b:a3:bd:
         1e:43:50:91:da:78:34:df:63:6d:f6:dd:6a:dd:c8:59:2c:5b:
         85:f3:d0:e2:f6:e5:7f:ad:05:25:fa:dc:14:88:68:a6:7c:dc:
         dc:ef:92:20
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhRE5Ncy4RR8IFRKHHfxtTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY1NWFlZjNjZWYzZDlhZmEwMjdkYjMzNTc5ZjRhMWZlOGFk
OTFjNmYwHhcNMjUwMTAxMDk0ODMxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOWFjMTBlNmZiY2JhNzYwOGU5MWRjODRjNTUyMWYzOTZhNWM3ZjQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3/13tQRGHqrYD3nzGA1pL20AsXyE
K16mQJBrChs0jzecMBpLddtv0HpzlwnJ9EuGXCmmbN0hGCui5lF2oMxmUDjG8KoK
u3jEe/iK86EvSrlZaBco1moScCsJ2dx8TqfZa+A4PKq+9Kj4gRrwYEUXgjpfPJZD
+KUMDROySpoWiGe8nnAXncZ3oYezgW/KyeB/ETKLmHreFykbt8dffCF2MTOkD3KJ
3+mBmLwVi6xUg/PchYlKTsPknz6kyLQMSKBKU10iRfDx+M56R8fg0uztYyCt/WAf
xlcAxUbT3ZH6FkVtPoZPi8Ux7JPpBvDMzKlxFj3dYwOEneWGzQm3VuFTOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOmsEOb7y6dgjpHchMVSHzlqXH9FMB8GA1UdIwQY
MBaAFGVa7zzvPZr6An2zNXn0of6K2RxvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWlZydlBPODltdm9DZmJNMWVmU2hfb3JaSEc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS9lMmVlNTEtMTUyMy00MzZlLWFjNzUt
ZWY2YmQyNmEwMzA1LzEvNmF3UTV2dkxwMkNPa2R5RXhWSWZPV3BjZjBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS9lMmVlNTEtMTUyMy00MzZlLWFjNzUtZWY2YmQyNmEwMzA1
LzEvWlZydlBPODltdm9DZmJNMWVmU2hfb3JaSEc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWQUMA0G
CSqGSIb3DQEBCwUAA4IBAQA9je2bSb65R20qxJavcqG/1PtyEw0dYiEEmGtxcNPK
9I33hjYxcKadEWhriTZJTIHNqQlFRJfpVOjUzpaGqGiRsnlrQkP3nJ+3mRLXl+wA
gU1eHIbBDkgSeP2SL/iHS61JrNcbVQk/0hasDSkvewc2NF8+5Ltjo8irT9FfEHvg
CPn8O6cNDux/G9PzZQpWttFtAtHiUSncw9R9+r5YkWwQWTOBQ/t0qwer1VIzS0er
mc+hQmGKz2l7q/VCvVY3ASGM/WEj14dWz2zUq4r9ONYyYDTBUzUbo70eQ1CR2ng0
32Nt9t1q3chZLFuF89Di9uV/rQUl+twUiGimfNzc75Ig
-----END CERTIFICATE-----