Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/fc1e32-0ba7-4f8d-a5aa-f38f8fe794d4/1/M0bYeyfyOrMV_gB5qblOfbWilh4.roa
File:                     M0bYeyfyOrMV_gB5qblOfbWilh4.roa (raw, json)
Hash identifier:          f9XZswY2l4oflWNgmE9zU0KMUAtHHlyk4r3L1HHO+uE=
Subject key identifier:   33:46:D8:7B:27:F2:3A:B3:15:FE:00:79:A9:B9:4E:7D:B5:A2:96:1E
Certificate issuer:       /CN=6284cfa7844340237fe59a3825b54f3f77ed8532
Certificate serial:       0194266C16062838D928DCC8EF06A3B5E6C2
Authority key identifier: 62:84:CF:A7:84:43:40:23:7F:E5:9A:38:25:B5:4F:3F:77:ED:85:32
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YoTPp4RDQCN_5Zo4JbVPP3fthTI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/fc1e32-0ba7-4f8d-a5aa-f38f8fe794d4/1/M0bYeyfyOrMV_gB5qblOfbWilh4.roa
Signing time:             Thu 02 Jan 2025 09:50:05 +0000
ROA not before:           Thu 02 Jan 2025 09:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     201905
IP address blocks:        185.60.116.0/24 maxlen: 24
                          2a02:71e0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/fc1e32-0ba7-4f8d-a5aa-f38f8fe794d4/1/YoTPp4RDQCN_5Zo4JbVPP3fthTI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/fc1e32-0ba7-4f8d-a5aa-f38f8fe794d4/1/YoTPp4RDQCN_5Zo4JbVPP3fthTI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YoTPp4RDQCN_5Zo4JbVPP3fthTI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:16:06:28:38:d9:28:dc:c8:ef:06:a3:b5:e6:c2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6284cfa7844340237fe59a3825b54f3f77ed8532
        Validity
            Not Before: Jan  2 09:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3346d87b27f23ab315fe0079a9b94e7db5a2961e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:ed:09:7f:e9:2f:98:9e:23:3b:7d:40:df:dd:
                    93:94:70:7a:74:bb:82:f4:ec:5b:fb:b1:f6:a3:d8:
                    ea:54:98:2c:47:43:1f:07:99:90:c1:e2:f0:11:c3:
                    48:ad:ca:5a:1d:ac:b6:4e:a6:6c:0b:65:57:d7:e1:
                    6f:39:b2:7e:42:25:e8:cd:83:61:6f:a4:3c:fe:9e:
                    09:dd:60:0d:53:3f:7f:77:fd:77:d4:2b:ae:53:46:
                    a1:e2:95:d3:51:1e:94:1a:c7:14:dd:bd:ca:19:a5:
                    5c:82:4d:7e:36:b3:cb:9a:68:29:ab:8d:80:5a:14:
                    4e:78:de:4c:59:c8:e2:5b:0c:29:c5:c0:28:42:05:
                    00:66:6a:b4:4e:50:2d:78:98:fd:82:6e:51:d5:4f:
                    11:0c:32:4a:e3:ac:09:47:7c:bb:e7:44:9b:4b:e4:
                    a2:b1:d9:54:a3:f9:b8:ee:65:2a:98:05:85:2a:28:
                    8b:f7:33:7e:79:3b:b1:2c:de:51:3f:3a:52:00:79:
                    82:76:b3:aa:c4:91:5c:88:ea:d8:b5:3b:61:42:43:
                    a4:11:79:95:2d:a5:61:49:be:db:be:44:f9:86:d3:
                    bb:64:5c:8b:7a:50:6d:ba:8e:9c:88:3c:c0:87:84:
                    6e:e6:d3:97:2e:e2:18:60:4d:b7:ab:44:39:b2:95:
                    dd:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:46:D8:7B:27:F2:3A:B3:15:FE:00:79:A9:B9:4E:7D:B5:A2:96:1E
            X509v3 Authority Key Identifier:
                keyid:62:84:CF:A7:84:43:40:23:7F:E5:9A:38:25:B5:4F:3F:77:ED:85:32

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YoTPp4RDQCN_5Zo4JbVPP3fthTI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/fc1e32-0ba7-4f8d-a5aa-f38f8fe794d4/1/M0bYeyfyOrMV_gB5qblOfbWilh4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/fc1e32-0ba7-4f8d-a5aa-f38f8fe794d4/1/YoTPp4RDQCN_5Zo4JbVPP3fthTI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.60.116.0/24
                IPv6:
                  2a02:71e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:b2:b1:67:dd:74:7b:81:17:5a:b6:91:a2:12:d2:fd:53:e0:
         75:3f:9b:b0:47:5a:bd:cc:9f:eb:4f:05:5d:58:d7:ad:dd:0a:
         72:c1:dc:5e:c7:8f:9b:22:7a:75:cd:49:1f:47:6e:0a:68:6c:
         87:8a:c7:bb:ac:6a:fb:46:32:1b:3f:64:37:f7:4b:62:26:29:
         a2:8a:b4:4e:43:c6:c3:c0:51:91:ca:a7:08:b5:d7:4a:f4:b6:
         cb:96:dd:d1:7d:85:03:89:a2:29:39:dc:28:ce:ca:04:89:f5:
         a7:42:0a:dd:13:65:f4:46:98:df:bf:2d:6d:f8:33:23:ba:d4:
         bb:b7:73:d0:91:ee:42:15:d4:8f:c3:bf:22:9e:9e:34:6c:d8:
         85:5f:74:3b:6a:0c:51:72:70:38:d4:2c:4a:31:69:52:d5:5d:
         ff:ec:be:d6:bc:75:83:30:32:24:22:c3:5c:69:b1:32:1d:91:
         88:92:be:53:47:14:1f:16:e2:2b:98:a8:40:64:cc:cf:f7:ca:
         2f:3f:5b:61:55:58:8e:b6:06:15:8a:b6:45:a9:26:61:0e:86:
         01:1c:dd:2e:f8:57:35:f0:37:25:46:50:4e:78:3f:a0:dd:1a:
         69:26:df:94:fe:be:1c:f9:1b:fb:25:82:aa:fd:20:07:3f:0e:
         5e:81:37:f9
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQmbBYGKDjZKNzI7wajtebCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyODRjZmE3ODQ0MzQwMjM3ZmU1OWEzODI1YjU0ZjNmNzdl
ZDg1MzIwHhcNMjUwMTAyMDk1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzQ2ZDg3YjI3ZjIzYWIzMTVmZTAwNzlhOWI5NGU3ZGI1YTI5NjFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+0Jf+kvmJ4jO31A392TlHB6dLuC
9Oxb+7H2o9jqVJgsR0MfB5mQweLwEcNIrcpaHay2TqZsC2VX1+FvObJ+QiXozYNh
b6Q8/p4J3WANUz9/d/131CuuU0ah4pXTUR6UGscU3b3KGaVcgk1+NrPLmmgpq42A
WhROeN5MWcjiWwwpxcAoQgUAZmq0TlAteJj9gm5R1U8RDDJK46wJR3y750SbS+Si
sdlUo/m47mUqmAWFKiiL9zN+eTuxLN5RPzpSAHmCdrOqxJFciOrYtTthQkOkEXmV
LaVhSb7bvkT5htO7ZFyLelBtuo6ciDzAh4Ru5tOXLuIYYE23q0Q5spXdYwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFDNG2Hsn8jqzFf4Aeam5Tn21opYeMB8GA1UdIwQY
MBaAFGKEz6eEQ0Ajf+WaOCW1Tz937YUyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWW9UUHA0UkRRQ05fNVpvNEpiVlBQM2Z0aFRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC9mYzFlMzItMGJhNy00ZjhkLWE1YWEt
ZjM4ZjhmZTc5NGQ0LzEvTTBiWWV5ZnlPck1WX2dCNXFibE9mYldpbGg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC9mYzFlMzItMGJhNy00ZjhkLWE1YWEtZjM4ZjhmZTc5NGQ0
LzEvWW9UUHA0UkRRQ05fNVpvNEpiVlBQM2Z0aFRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuTx0MA8E
AgACMAkDBwAqAnHgAAAwDQYJKoZIhvcNAQELBQADggEBAG2ysWfddHuBF1q2kaIS
0v1T4HU/m7BHWr3Mn+tPBV1Y163dCnLB3F7Hj5sienXNSR9HbgpobIeKx7usavtG
Mhs/ZDf3S2ImKaKKtE5DxsPAUZHKpwi110r0tsuW3dF9hQOJoik53CjOygSJ9adC
Ct0TZfRGmN+/LW34MyO61Lu3c9CR7kIV1I/DvyKenjRs2IVfdDtqDFFycDjULEox
aVLVXf/svta8dYMwMiQiw1xpsTIdkYiSvlNHFB8W4iuYqEBkzM/3yi8/W2FVWI62
BhWKtkWpJmEOhgEc3S74VzXwNyVGUE54P6DdGmkm35T+vhz5G/slgqr9IAc/Dl6B
N/k=
-----END CERTIFICATE-----