Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/TrY4v3NhxFVwxgTD-Y4gD2336Kc.roa
File:                     TrY4v3NhxFVwxgTD-Y4gD2336Kc.roa (raw, json)
Hash identifier:          nCbc7sJSjISh7d4Jw47iX87H7og+ireTFEgeVDSgXYU=
Subject key identifier:   4E:B6:38:BF:73:61:C4:55:70:C6:04:C3:F9:8E:20:0F:6D:F7:E8:A7
Certificate issuer:       /CN=6cf96a7c01d62e37acecf0786f64978905121647
Certificate serial:       019424458D78FFEC7AAAA848A8B03B566A39
Authority key identifier: 6C:F9:6A:7C:01:D6:2E:37:AC:EC:F0:78:6F:64:97:89:05:12:16:47
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bPlqfAHWLjes7PB4b2SXiQUSFkc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/TrY4v3NhxFVwxgTD-Y4gD2336Kc.roa
Signing time:             Wed 01 Jan 2025 23:48:45 +0000
ROA not before:           Wed 01 Jan 2025 23:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209180
IP address blocks:        185.117.132.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/bPlqfAHWLjes7PB4b2SXiQUSFkc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/bPlqfAHWLjes7PB4b2SXiQUSFkc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bPlqfAHWLjes7PB4b2SXiQUSFkc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:8d:78:ff:ec:7a:aa:a8:48:a8:b0:3b:56:6a:39
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6cf96a7c01d62e37acecf0786f64978905121647
        Validity
            Not Before: Jan  1 23:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4eb638bf7361c45570c604c3f98e200f6df7e8a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:86:1c:25:c5:59:07:ae:0d:29:37:e3:b9:ce:
                    f8:59:86:44:88:a3:fc:1f:cb:9b:77:2b:49:ec:04:
                    ca:93:e5:dc:8c:54:64:fb:c8:21:d2:19:90:a0:a8:
                    f4:ae:6f:3d:6f:b7:f3:f1:df:95:ce:44:ad:79:38:
                    0e:46:8b:88:16:5c:a4:27:88:3a:0f:6e:d9:f6:d1:
                    19:98:9e:e3:b4:01:39:9c:0f:e0:e3:64:a6:d8:76:
                    6e:59:48:80:50:4a:c8:47:5f:c8:82:61:cb:51:41:
                    a4:fa:bb:5d:fc:a4:e6:8b:74:d5:e1:ce:60:e1:a9:
                    66:d1:6c:c1:25:40:c7:d1:2d:11:ed:ae:54:91:36:
                    b1:db:9a:7a:c8:77:ce:15:89:5d:c4:b0:72:25:cc:
                    28:9a:c7:39:e9:1c:09:c2:9c:eb:d0:aa:32:e3:85:
                    e7:c6:b6:82:1e:72:e5:af:12:99:55:32:d9:4d:af:
                    d5:b9:4c:ab:60:2c:bc:9a:2a:a3:4e:a7:49:7a:07:
                    d2:8c:46:f8:67:f1:7b:c8:23:a1:b3:f2:5b:6b:aa:
                    f1:da:f6:9e:fa:7f:39:af:10:24:2a:c2:0e:f5:1a:
                    9d:f9:a7:50:17:38:7f:d5:c8:ef:bc:df:86:fa:be:
                    45:79:da:47:f1:66:b2:37:87:59:55:50:27:82:31:
                    8c:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:B6:38:BF:73:61:C4:55:70:C6:04:C3:F9:8E:20:0F:6D:F7:E8:A7
            X509v3 Authority Key Identifier:
                keyid:6C:F9:6A:7C:01:D6:2E:37:AC:EC:F0:78:6F:64:97:89:05:12:16:47

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bPlqfAHWLjes7PB4b2SXiQUSFkc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/TrY4v3NhxFVwxgTD-Y4gD2336Kc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/5f0f06-56f4-41a5-889a-b15b3fbc04a6/1/bPlqfAHWLjes7PB4b2SXiQUSFkc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.117.132.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:38:b4:af:c9:09:e2:17:81:86:17:fc:03:de:9c:f0:67:3c:
         20:d9:96:d6:78:10:c7:df:2d:00:b0:56:c2:5e:59:49:5a:9e:
         1b:e8:55:cf:e6:31:fb:9b:da:4f:d3:2d:66:85:fc:55:18:e8:
         24:1d:1c:58:c5:d2:49:ae:1b:87:c0:f4:bb:5c:a5:84:c9:3f:
         68:b4:d1:4a:da:e0:9a:9f:c4:d0:06:7a:14:f0:e3:a5:e0:f0:
         54:d0:70:81:cc:6f:b4:a2:7a:9a:42:3d:7d:e3:15:36:97:a4:
         b3:50:c7:2e:0c:78:09:52:1e:2a:60:d2:d4:70:ed:be:64:ed:
         ab:59:67:dc:75:7a:e1:dc:7f:de:4f:96:81:fa:af:89:f6:b9:
         80:d8:e1:c4:ff:7d:db:95:8c:77:e9:7d:74:38:c0:7d:a5:13:
         44:91:03:ef:8d:7a:cb:57:3e:39:af:38:20:13:77:2e:5a:b0:
         6a:d4:42:bb:dc:3e:50:eb:b3:6a:7f:d6:41:f4:b7:49:c3:16:
         27:90:2c:42:d4:0a:1f:70:f2:6c:77:89:04:8a:bc:5d:9f:f0:
         1e:0b:d9:f5:ee:4e:d5:3f:83:c5:67:c3:fd:f8:4c:63:f3:d2:
         4d:57:bc:2b:99:52:48:75:d6:b4:0c:bc:13:e7:18:ee:30:cb:
         61:45:e2:48
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQkRY14/+x6qqhIqLA7Vmo5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZjk2YTdjMDFkNjJlMzdhY2VjZjA3ODZmNjQ5Nzg5MDUx
MjE2NDcwHhcNMjUwMTAxMjM0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWI2MzhiZjczNjFjNDU1NzBjNjA0YzNmOThlMjAwZjZkZjdlOGE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlYYcJcVZB64NKTfjuc74WYZEiKP8
H8ubdytJ7ATKk+XcjFRk+8gh0hmQoKj0rm89b7fz8d+VzkSteTgORouIFlykJ4g6
D27Z9tEZmJ7jtAE5nA/g42Sm2HZuWUiAUErIR1/IgmHLUUGk+rtd/KTmi3TV4c5g
4alm0WzBJUDH0S0R7a5UkTax25p6yHfOFYldxLByJcwomsc56RwJwpzr0Koy44Xn
xraCHnLlrxKZVTLZTa/VuUyrYCy8miqjTqdJegfSjEb4Z/F7yCOhs/Jba6rx2vae
+n85rxAkKsIO9Rqd+adQFzh/1cjvvN+G+r5FedpH8WayN4dZVVAngjGMZQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFE62OL9zYcRVcMYEw/mOIA9t9+inMB8GA1UdIwQY
MBaAFGz5anwB1i43rOzweG9kl4kFEhZHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlBscWZBSFdMamVzN1BCNGIyU1hpUVVTRmtjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy81ZjBmMDYtNTZmNC00MWE1LTg4OWEt
YjE1YjNmYmMwNGE2LzEvVHJZNHYzTmh4RlZ3eGdURC1ZNGdEMjMzNktjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy81ZjBmMDYtNTZmNC00MWE1LTg4OWEtYjE1YjNmYmMwNGE2
LzEvYlBscWZBSFdMamVzN1BCNGIyU1hpUVVTRmtjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXWEMA0G
CSqGSIb3DQEBCwUAA4IBAQAPOLSvyQniF4GGF/wD3pzwZzwg2ZbWeBDH3y0AsFbC
XllJWp4b6FXP5jH7m9pP0y1mhfxVGOgkHRxYxdJJrhuHwPS7XKWEyT9otNFK2uCa
n8TQBnoU8OOl4PBU0HCBzG+0onqaQj194xU2l6SzUMcuDHgJUh4qYNLUcO2+ZO2r
WWfcdXrh3H/eT5aB+q+J9rmA2OHE/33blYx36X10OMB9pRNEkQPvjXrLVz45rzgg
E3cuWrBq1EK73D5Q67Nqf9ZB9LdJwxYnkCxC1AofcPJsd4kEirxdn/AeC9n17k7V
P4PFZ8P9+Exj89JNV7wrmVJIdda0DLwT5xjuMMthReJI
-----END CERTIFICATE-----