Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/a-LdFc8kFHmTn2Z0Vu6JHLUtEY4.roa
File:                     a-LdFc8kFHmTn2Z0Vu6JHLUtEY4.roa (raw, json)
Hash identifier:          zTR8ty0nmJzU13XE2BvXWY2tGZYklQKm1YYaB327LpQ=
Subject key identifier:   6B:E2:DD:15:CF:24:14:79:93:9F:66:74:56:EE:89:1C:B5:2D:11:8E
Certificate issuer:       /CN=621310302018a387c692146a35efd33a6ed6b1ef
Certificate serial:       019427B59A03459DCB5169B5EF628830AA3F
Authority key identifier: 62:13:10:30:20:18:A3:87:C6:92:14:6A:35:EF:D3:3A:6E:D6:B1:EF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/a-LdFc8kFHmTn2Z0Vu6JHLUtEY4.roa
Signing time:             Thu 02 Jan 2025 15:50:00 +0000
ROA not before:           Thu 02 Jan 2025 15:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     198100
IP address blocks:        185.151.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:9a:03:45:9d:cb:51:69:b5:ef:62:88:30:aa:3f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=621310302018a387c692146a35efd33a6ed6b1ef
        Validity
            Not Before: Jan  2 15:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6be2dd15cf241479939f667456ee891cb52d118e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:4e:c9:01:b7:03:af:e7:ee:17:ea:d7:f3:89:
                    c0:eb:1d:9e:92:15:c1:da:5a:bb:6a:7d:f1:40:03:
                    12:1f:eb:66:dd:53:cb:57:41:31:ef:18:ce:4e:b3:
                    48:07:eb:53:fa:f0:a7:0e:78:88:46:bd:a0:44:c1:
                    06:91:17:23:bb:96:94:6d:c1:24:00:29:56:0d:85:
                    8f:1f:f1:ff:a0:eb:b5:09:04:dc:06:93:3f:a4:29:
                    54:d3:7e:9f:58:b8:50:dd:05:05:60:78:0d:9f:0a:
                    e2:5d:8e:02:f5:2b:54:e4:3f:13:60:f1:39:d6:e4:
                    35:10:26:30:36:05:b8:af:40:5f:9c:f4:7f:74:46:
                    00:af:4f:db:23:56:e9:07:f9:b5:fe:b4:6b:da:cd:
                    00:70:c1:ca:8c:50:16:63:58:f5:c2:5f:1f:73:e9:
                    81:31:c9:c7:b8:75:99:15:24:0f:3d:60:a8:a9:19:
                    e9:e4:8c:4d:5a:b0:60:b8:1c:f5:15:e8:ae:c2:e0:
                    c0:68:aa:39:ec:9c:ba:28:75:02:13:ac:e2:a0:3e:
                    99:a1:4d:f5:5f:44:07:cd:7b:01:61:16:cb:ef:6d:
                    e9:46:04:08:8c:af:63:ff:6c:b2:cd:89:5f:72:04:
                    e3:76:5d:30:10:a6:4b:43:43:69:e8:1e:e4:bf:0c:
                    f9:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:E2:DD:15:CF:24:14:79:93:9F:66:74:56:EE:89:1C:B5:2D:11:8E
            X509v3 Authority Key Identifier:
                keyid:62:13:10:30:20:18:A3:87:C6:92:14:6A:35:EF:D3:3A:6E:D6:B1:EF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YhMQMCAYo4fGkhRqNe_TOm7Wse8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/a-LdFc8kFHmTn2Z0Vu6JHLUtEY4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/f58ac8-53e9-4ca6-acb2-be57d7dfa0de/1/YhMQMCAYo4fGkhRqNe_TOm7Wse8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.151.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:f4:43:f9:2f:9a:37:8b:c7:7b:f3:bb:b3:77:39:cd:ba:29:
         23:61:45:a2:28:04:68:b0:5c:d6:c9:59:a7:f6:b5:74:64:7f:
         42:35:dd:eb:0c:0e:22:1c:77:7f:ac:0a:6b:bd:64:92:4b:aa:
         e6:53:1e:c6:fd:6d:3c:f5:39:8d:7d:ee:bb:01:0f:56:a9:b7:
         05:f4:41:fc:f8:b4:a7:ea:60:bc:34:4c:2a:08:ec:e1:1e:5d:
         22:f5:51:f6:80:a7:e0:79:9a:c2:25:64:fb:16:fb:b4:33:9b:
         23:fc:58:06:c3:22:a8:b3:63:f8:ca:2d:5c:3a:2d:81:76:e3:
         f6:9c:7e:0a:94:2c:0f:cf:11:94:04:d1:15:06:e7:89:3b:24:
         17:c8:c5:5b:59:ff:5b:e5:4f:49:8c:32:8a:ac:04:f9:04:95:
         9b:3f:1b:55:7c:0e:c4:13:90:76:40:1e:45:d4:e4:77:01:60:
         32:3f:c9:1b:40:4e:0f:81:98:9a:1e:3c:17:12:51:48:53:b1:
         c2:bd:8d:72:be:fc:d6:48:b9:fe:e6:2b:d3:e4:ec:a5:6f:91:
         d4:a4:0e:b0:47:64:e4:f0:b7:99:46:37:f1:a9:04:0b:4f:68:
         db:96:bb:f5:68:cc:96:7d:5b:2a:ec:e2:b5:8f:36:be:8c:14:
         3e:1a:dc:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntZoDRZ3LUWm172KIMKo/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyMTMxMDMwMjAxOGEzODdjNjkyMTQ2YTM1ZWZkMzNhNmVk
NmIxZWYwHhcNMjUwMTAyMTU1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YmUyZGQxNWNmMjQxNDc5OTM5ZjY2NzQ1NmVlODkxY2I1MmQxMThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsk7JAbcDr+fuF+rX84nA6x2ekhXB
2lq7an3xQAMSH+tm3VPLV0Ex7xjOTrNIB+tT+vCnDniIRr2gRMEGkRcju5aUbcEk
AClWDYWPH/H/oOu1CQTcBpM/pClU036fWLhQ3QUFYHgNnwriXY4C9StU5D8TYPE5
1uQ1ECYwNgW4r0BfnPR/dEYAr0/bI1bpB/m1/rRr2s0AcMHKjFAWY1j1wl8fc+mB
McnHuHWZFSQPPWCoqRnp5IxNWrBguBz1FeiuwuDAaKo57Jy6KHUCE6zioD6ZoU31
X0QHzXsBYRbL723pRgQIjK9j/2yyzYlfcgTjdl0wEKZLQ0Np6B7kvwz5bQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGvi3RXPJBR5k59mdFbuiRy1LRGOMB8GA1UdIwQY
MBaAFGITEDAgGKOHxpIUajXv0zpu1rHvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWWhNUU1DQVlvNGZHa2hScU5lX1RPbTdXc2U4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS9mNThhYzgtNTNlOS00Y2E2LWFjYjIt
YmU1N2Q3ZGZhMGRlLzEvYS1MZEZjOGtGSG1UbjJaMFZ1NkpITFV0RVk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS9mNThhYzgtNTNlOS00Y2E2LWFjYjItYmU1N2Q3ZGZhMGRl
LzEvWWhNUU1DQVlvNGZHa2hScU5lX1RPbTdXc2U4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZeSMA0G
CSqGSIb3DQEBCwUAA4IBAQCA9EP5L5o3i8d787uzdznNuikjYUWiKARosFzWyVmn
9rV0ZH9CNd3rDA4iHHd/rAprvWSSS6rmUx7G/W089TmNfe67AQ9WqbcF9EH8+LSn
6mC8NEwqCOzhHl0i9VH2gKfgeZrCJWT7Fvu0M5sj/FgGwyKos2P4yi1cOi2BduP2
nH4KlCwPzxGUBNEVBueJOyQXyMVbWf9b5U9JjDKKrAT5BJWbPxtVfA7EE5B2QB5F
1OR3AWAyP8kbQE4PgZiaHjwXElFIU7HCvY1yvvzWSLn+5ivT5Oylb5HUpA6wR2Tk
8LeZRjfxqQQLT2jblrv1aMyWfVsq7OK1jza+jBQ+Gtxo
-----END CERTIFICATE-----