Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/8a71dc-9356-4d3f-80a4-51c6f60d5979/1/ttiSctxtKk--_TjJLyKyxsLTH5M.roa
File:                     ttiSctxtKk--_TjJLyKyxsLTH5M.roa (raw, json)
Hash identifier:          cExQTThTOKNeo7f6JBcYKDPiMo9ejsGy+rMa2dC0A4s=
Subject key identifier:   B6:D8:92:72:DC:6D:2A:4F:BE:FD:38:C9:2F:22:B2:C6:C2:D3:1F:93
Certificate issuer:       /CN=dcc43a470976f3747f682e32d27c3ecacee0cc59
Certificate serial:       019716DEE0FB786062DFC8F358AECCFF5C36
Authority key identifier: DC:C4:3A:47:09:76:F3:74:7F:68:2E:32:D2:7C:3E:CA:CE:E0:CC:59
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3MQ6Rwl283R_aC4y0nw-ys7gzFk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/2e/8a71dc-9356-4d3f-80a4-51c6f60d5979/1/ttiSctxtKk--_TjJLyKyxsLTH5M.roa
Signing time:             Wed 28 May 2025 12:29:54 +0000
ROA not before:           Wed 28 May 2025 12:29:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42584
IP address blocks:        185.200.28.0/24 maxlen: 24
                          185.200.31.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/2e/8a71dc-9356-4d3f-80a4-51c6f60d5979/1/3MQ6Rwl283R_aC4y0nw-ys7gzFk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/2e/8a71dc-9356-4d3f-80a4-51c6f60d5979/1/3MQ6Rwl283R_aC4y0nw-ys7gzFk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3MQ6Rwl283R_aC4y0nw-ys7gzFk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:16:de:e0:fb:78:60:62:df:c8:f3:58:ae:cc:ff:5c:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dcc43a470976f3747f682e32d27c3ecacee0cc59
        Validity
            Not Before: May 28 12:29:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b6d89272dc6d2a4fbefd38c92f22b2c6c2d31f93
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:61:07:cf:c1:92:bc:f3:19:3e:8e:45:80:cb:
                    4b:75:3a:3b:a2:7d:65:e7:ae:67:c5:48:cc:9f:7f:
                    0e:11:d2:5e:87:49:35:19:3b:06:e4:ac:9a:a6:12:
                    eb:ae:d8:8f:46:b0:97:fe:bc:6a:ae:83:fa:64:a4:
                    1d:62:39:70:81:ad:b0:56:11:b7:72:d6:a3:32:86:
                    bd:c7:89:5c:2f:8f:c2:30:c6:17:55:06:1b:a2:cc:
                    0a:71:21:ab:8b:b1:74:66:d8:a0:71:f0:71:a1:3e:
                    26:b4:46:fc:e8:fc:5b:95:d6:b5:94:be:78:59:a8:
                    4e:72:80:6c:ac:a3:cd:07:ea:15:a8:c3:c8:b1:65:
                    b8:ae:37:de:20:86:eb:9a:d3:44:16:0c:f4:4a:13:
                    6f:3a:5f:bd:46:e7:86:de:e2:99:e6:1d:31:cd:bd:
                    e3:41:8e:e5:d7:d9:2d:93:55:a7:e3:f0:e3:58:d8:
                    a7:5a:ff:a2:10:f0:47:66:b8:ab:50:6e:73:b0:ae:
                    c6:e7:a1:ea:81:d6:7c:bb:41:06:cb:1f:81:87:62:
                    31:59:4c:d6:48:b7:d4:5a:c4:56:c2:7e:39:47:9c:
                    0f:f2:ad:9c:34:21:ea:34:6e:33:41:05:8b:8a:f9:
                    94:22:92:6b:c4:29:56:58:7b:64:f8:de:00:5a:93:
                    0d:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:D8:92:72:DC:6D:2A:4F:BE:FD:38:C9:2F:22:B2:C6:C2:D3:1F:93
            X509v3 Authority Key Identifier:
                keyid:DC:C4:3A:47:09:76:F3:74:7F:68:2E:32:D2:7C:3E:CA:CE:E0:CC:59

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3MQ6Rwl283R_aC4y0nw-ys7gzFk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/8a71dc-9356-4d3f-80a4-51c6f60d5979/1/ttiSctxtKk--_TjJLyKyxsLTH5M.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/8a71dc-9356-4d3f-80a4-51c6f60d5979/1/3MQ6Rwl283R_aC4y0nw-ys7gzFk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.200.28.0/24
                  185.200.31.0/24

    Signature Algorithm: sha256WithRSAEncryption
         53:72:14:32:ae:17:50:81:1d:46:7e:8b:59:b2:88:1e:8a:2e:
         3d:bf:49:c2:5c:3b:ba:d8:48:b1:76:d1:ad:83:10:e4:b6:b6:
         47:97:c6:27:a8:9e:03:6b:f2:a3:10:d7:0c:21:f2:0b:1c:83:
         91:d4:3b:69:be:c5:f0:34:b5:5d:a6:bd:83:c2:f9:7a:f2:0c:
         8f:15:44:f6:c2:35:1a:1e:f6:53:5b:89:c3:8c:70:31:f5:6e:
         56:ac:df:07:90:47:40:ed:97:d8:1e:85:83:22:d6:2e:24:58:
         0a:73:24:3e:10:11:b8:fc:43:9d:0a:c3:54:fe:21:8e:ac:04:
         f1:84:00:a6:d0:8b:9d:e5:42:e4:91:b7:aa:9a:d5:01:3f:5a:
         02:a5:8c:e1:a9:5b:12:9b:e2:ab:6e:05:80:a0:17:ec:23:55:
         8f:17:0a:5d:f9:0b:ab:82:11:14:e0:63:39:52:33:9b:b7:16:
         31:7e:a1:51:b6:13:cb:a5:f2:ae:bc:1b:ec:03:b6:9a:56:35:
         1f:21:20:44:e1:db:ec:1f:92:9d:a4:d5:b8:bd:39:49:96:cc:
         9a:52:67:7d:12:7a:bc:76:28:41:5d:8a:6c:28:5a:96:d7:38:
         39:cd:07:b2:5a:9e:87:35:e1:fe:a0:8e:1d:38:80:12:78:35:
         bb:56:7f:61
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcW3uD7eGBi38jzWK7M/1w2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjYzQzYTQ3MDk3NmYzNzQ3ZjY4MmUzMmQyN2MzZWNhY2Vl
MGNjNTkwHhcNMjUwNTI4MTIyOTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNmQ4OTI3MmRjNmQyYTRmYmVmZDM4YzkyZjIyYjJjNmMyZDMxZjkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGEHz8GSvPMZPo5FgMtLdTo7on1l
565nxUjMn38OEdJeh0k1GTsG5KyaphLrrtiPRrCX/rxqroP6ZKQdYjlwga2wVhG3
ctajMoa9x4lcL4/CMMYXVQYboswKcSGri7F0ZtigcfBxoT4mtEb86Pxblda1lL54
WahOcoBsrKPNB+oVqMPIsWW4rjfeIIbrmtNEFgz0ShNvOl+9RueG3uKZ5h0xzb3j
QY7l19ktk1Wn4/DjWNinWv+iEPBHZrirUG5zsK7G56HqgdZ8u0EGyx+Bh2IxWUzW
SLfUWsRWwn45R5wP8q2cNCHqNG4zQQWLivmUIpJrxClWWHtk+N4AWpMNQQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLbYknLcbSpPvv04yS8issbC0x+TMB8GA1UdIwQY
MBaAFNzEOkcJdvN0f2guMtJ8PsrO4MxZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM01RNlJ3bDI4M1JfYUM0eTBudy15czdnekZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS84YTcxZGMtOTM1Ni00ZDNmLTgwYTQt
NTFjNmY2MGQ1OTc5LzEvdHRpU2N0eHRLay0tX1RqSkx5S3l4c0xUSDVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS84YTcxZGMtOTM1Ni00ZDNmLTgwYTQtNTFjNmY2MGQ1OTc5
LzEvM01RNlJ3bDI4M1JfYUM0eTBudy15czdnekZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAucgcAwQA
ucgfMA0GCSqGSIb3DQEBCwUAA4IBAQBTchQyrhdQgR1GfotZsogeii49v0nCXDu6
2EixdtGtgxDktrZHl8YnqJ4Da/KjENcMIfILHIOR1DtpvsXwNLVdpr2Dwvl68gyP
FUT2wjUaHvZTW4nDjHAx9W5WrN8HkEdA7ZfYHoWDItYuJFgKcyQ+EBG4/EOdCsNU
/iGOrATxhACm0Iud5ULkkbeqmtUBP1oCpYzhqVsSm+KrbgWAoBfsI1WPFwpd+Qur
ghEU4GM5UjObtxYxfqFRthPLpfKuvBvsA7aaVjUfISBE4dvsH5KdpNW4vTlJlsya
Umd9Enq8dihBXYpsKFqW1zg5zQeyWp6HNeH+oI4dOIASeDW7Vn9h
-----END CERTIFICATE-----