Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/d3df26-3db5-4539-8030-f2ce77e3191e/1/6L1wb6rk6JRmH0kdueo5VHSR6sA.roa
File:                     6L1wb6rk6JRmH0kdueo5VHSR6sA.roa (raw, json)
Hash identifier:          v/vwNDFKpqZbOrt+k+dslXb31bPIeE6v/BAFBhGcR04=
Subject key identifier:   E8:BD:70:6F:AA:E4:E8:94:66:1F:49:1D:B9:EA:39:54:74:91:EA:C0
Certificate issuer:       /CN=4e2a299f182a1fd51d4b0362997af7aaae0d6be9
Certificate serial:       019428233A2D760A4CF25282E503D102D238
Authority key identifier: 4E:2A:29:9F:18:2A:1F:D5:1D:4B:03:62:99:7A:F7:AA:AE:0D:6B:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TiopnxgqH9UdSwNimXr3qq4Na-k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/34/d3df26-3db5-4539-8030-f2ce77e3191e/1/6L1wb6rk6JRmH0kdueo5VHSR6sA.roa
Signing time:             Thu 02 Jan 2025 17:49:44 +0000
ROA not before:           Thu 02 Jan 2025 17:49:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2094
IP address blocks:        185.4.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/34/d3df26-3db5-4539-8030-f2ce77e3191e/1/TiopnxgqH9UdSwNimXr3qq4Na-k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/34/d3df26-3db5-4539-8030-f2ce77e3191e/1/TiopnxgqH9UdSwNimXr3qq4Na-k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TiopnxgqH9UdSwNimXr3qq4Na-k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:23:3a:2d:76:0a:4c:f2:52:82:e5:03:d1:02:d2:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4e2a299f182a1fd51d4b0362997af7aaae0d6be9
        Validity
            Not Before: Jan  2 17:49:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e8bd706faae4e894661f491db9ea39547491eac0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:0f:d3:d2:cd:8b:b0:e5:fb:67:4e:c8:53:d2:
                    29:62:16:e0:19:8b:f1:23:5f:88:58:7b:0a:38:6f:
                    fb:3a:bb:3b:7d:63:c4:48:71:11:fe:3b:22:cc:39:
                    9a:d2:e3:c3:db:42:3e:bd:15:34:7e:e2:d2:88:bd:
                    c0:dd:c6:90:8e:5e:65:b9:5a:82:95:db:93:d0:26:
                    f4:c0:1e:3d:6f:b5:9a:83:46:1c:61:d3:0a:74:ed:
                    28:18:ed:95:36:19:8c:a0:f1:47:93:e6:8f:72:25:
                    ad:e0:23:77:4c:47:b5:94:5a:23:bc:dd:e3:b2:e3:
                    ff:26:bb:f5:87:ab:be:9c:35:77:e4:ce:ec:80:ad:
                    ca:27:11:81:c4:8f:a4:cb:86:95:e7:ff:3a:9f:00:
                    ed:1c:df:f3:98:45:17:1d:b8:0a:f6:87:37:28:6f:
                    00:21:d5:81:0c:2b:45:e8:41:99:8c:8f:3d:3b:d7:
                    1e:21:32:eb:ce:b3:f9:a5:dd:61:51:42:ab:39:c3:
                    13:36:c2:79:0c:b9:8a:ca:b6:7d:9f:e1:0d:e9:19:
                    28:36:72:01:bd:a4:c8:a4:0f:0a:b1:9d:71:7c:95:
                    52:df:f4:8b:30:9d:d7:9c:88:2f:6f:ca:58:7d:a5:
                    d9:cd:42:36:b0:84:3e:00:c4:e1:f9:27:2d:f0:3c:
                    17:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:BD:70:6F:AA:E4:E8:94:66:1F:49:1D:B9:EA:39:54:74:91:EA:C0
            X509v3 Authority Key Identifier:
                keyid:4E:2A:29:9F:18:2A:1F:D5:1D:4B:03:62:99:7A:F7:AA:AE:0D:6B:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TiopnxgqH9UdSwNimXr3qq4Na-k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d3df26-3db5-4539-8030-f2ce77e3191e/1/6L1wb6rk6JRmH0kdueo5VHSR6sA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/34/d3df26-3db5-4539-8030-f2ce77e3191e/1/TiopnxgqH9UdSwNimXr3qq4Na-k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.4.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:8d:08:73:d2:a8:1e:4b:de:9b:4d:de:d2:31:11:c0:da:15:
         57:4f:c6:c1:26:fe:0c:fb:77:09:fb:ca:37:45:c4:83:6a:a5:
         b1:04:92:db:80:b8:a3:3c:e1:98:9e:50:94:27:ed:e8:33:ab:
         c9:cf:28:9b:9c:74:f1:2e:06:21:fc:9e:58:b9:89:f7:92:9f:
         38:88:ab:5f:2b:56:1e:d7:bb:34:55:43:0e:12:13:67:10:bd:
         ff:32:13:e3:27:65:58:06:63:b7:97:47:25:73:d7:b4:95:c1:
         5b:7b:33:37:1a:19:f6:69:05:c4:0a:2f:d9:4b:6e:ae:63:6e:
         cb:77:6d:c3:86:89:3e:8a:49:39:9f:62:cf:5d:29:20:1c:ec:
         20:df:86:1f:4a:fe:6a:39:de:f1:1f:21:fe:3d:ed:17:53:a5:
         dc:ec:e6:25:be:95:7f:3b:79:c0:43:60:c0:25:a9:ba:e0:7f:
         7c:2c:b8:a2:a0:ee:f9:99:3b:b2:1b:e1:dc:3a:d6:9a:07:44:
         15:d3:2e:b0:09:b9:21:7f:a5:38:95:cd:11:77:2f:ea:28:5f:
         86:69:4e:9a:c4:21:d1:74:de:c6:5a:aa:fe:8e:ef:1b:e6:1b:
         cb:44:7f:c8:76:0e:cf:c5:e2:6d:1a:ef:81:ec:ab:6e:c3:cd:
         43:8d:8d:cd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoIzotdgpM8lKC5QPRAtI4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlMmEyOTlmMTgyYTFmZDUxZDRiMDM2Mjk5N2FmN2FhYWUw
ZDZiZTkwHhcNMjUwMTAyMTc0OTQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGJkNzA2ZmFhZTRlODk0NjYxZjQ5MWRiOWVhMzk1NDc0OTFlYWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzw/T0s2LsOX7Z07IU9IpYhbgGYvx
I1+IWHsKOG/7Ors7fWPESHER/jsizDma0uPD20I+vRU0fuLSiL3A3caQjl5luVqC
lduT0Cb0wB49b7Wag0YcYdMKdO0oGO2VNhmMoPFHk+aPciWt4CN3TEe1lFojvN3j
suP/Jrv1h6u+nDV35M7sgK3KJxGBxI+ky4aV5/86nwDtHN/zmEUXHbgK9oc3KG8A
IdWBDCtF6EGZjI89O9ceITLrzrP5pd1hUUKrOcMTNsJ5DLmKyrZ9n+EN6RkoNnIB
vaTIpA8KsZ1xfJVS3/SLMJ3XnIgvb8pYfaXZzUI2sIQ+AMTh+Sct8DwXsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOi9cG+q5OiUZh9JHbnqOVR0kerAMB8GA1UdIwQY
MBaAFE4qKZ8YKh/VHUsDYpl696quDWvpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGlvcG54Z3FIOVVkU3dOaW1YcjNxcTROYS1rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC9kM2RmMjYtM2RiNS00NTM5LTgwMzAt
ZjJjZTc3ZTMxOTFlLzEvNkwxd2I2cms2SlJtSDBrZHVlbzVWSFNSNnNBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC9kM2RmMjYtM2RiNS00NTM5LTgwMzAtZjJjZTc3ZTMxOTFl
LzEvVGlvcG54Z3FIOVVkU3dOaW1YcjNxcTROYS1rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQT6MA0G
CSqGSIb3DQEBCwUAA4IBAQAqjQhz0qgeS96bTd7SMRHA2hVXT8bBJv4M+3cJ+8o3
RcSDaqWxBJLbgLijPOGYnlCUJ+3oM6vJzyibnHTxLgYh/J5YuYn3kp84iKtfK1Ye
17s0VUMOEhNnEL3/MhPjJ2VYBmO3l0clc9e0lcFbezM3Ghn2aQXECi/ZS26uY27L
d23Dhok+ikk5n2LPXSkgHOwg34YfSv5qOd7xHyH+Pe0XU6Xc7OYlvpV/O3nAQ2DA
Jam64H98LLiioO75mTuyG+HcOtaaB0QV0y6wCbkhf6U4lc0Rdy/qKF+GaU6axCHR
dN7GWqr+ju8b5hvLRH/Idg7PxeJtGu+B7Ktuw81DjY3N
-----END CERTIFICATE-----