Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/vkuL6lPvBwnsGG2zqXJ0dKlsd_E.roa
File:                     vkuL6lPvBwnsGG2zqXJ0dKlsd_E.roa (raw, json)
Hash identifier:          LAjlqkzhQBZUdmq+rtYjKPdKSPlnRizG/dxEUgNDRm0=
Subject key identifier:   BE:4B:8B:EA:53:EF:07:09:EC:18:6D:B3:A9:72:74:74:A9:6C:77:F1
Certificate issuer:       /CN=c616c4195152effedbf7b3afee2aa72e19090e4d
Certificate serial:       0194F18A505D085824A3F062C8950EC54552
Authority key identifier: C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/vkuL6lPvBwnsGG2zqXJ0dKlsd_E.roa
Signing time:             Mon 10 Feb 2025 20:26:01 +0000
ROA not before:           Mon 10 Feb 2025 20:26:01 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215340
IP address blocks:        185.86.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f1:8a:50:5d:08:58:24:a3:f0:62:c8:95:0e:c5:45:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c616c4195152effedbf7b3afee2aa72e19090e4d
        Validity
            Not Before: Feb 10 20:26:01 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be4b8bea53ef0709ec186db3a9727474a96c77f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:1a:3c:fb:27:eb:e0:2d:55:77:e3:61:e0:de:
                    a1:a4:bb:d6:c7:78:56:73:6e:4b:57:ac:30:3d:1a:
                    c9:29:06:f7:b5:d4:cb:b2:e1:4d:eb:af:62:8f:7f:
                    07:5c:1c:10:c7:4f:07:2f:3b:1b:e7:dd:49:32:e8:
                    23:db:53:6d:75:cb:b5:d3:f7:9d:3b:e3:41:22:1a:
                    9f:ef:1a:0e:d7:80:05:14:a1:23:7c:23:7a:92:d1:
                    8d:cb:94:84:97:29:95:68:9f:60:40:8b:64:13:28:
                    37:55:5c:61:8b:4a:b2:76:c0:9a:65:9f:91:be:cd:
                    37:61:d0:3d:3b:83:05:dd:a9:55:31:05:45:c8:8e:
                    d6:2b:16:18:ed:a5:42:ac:2c:06:74:b8:37:ea:3b:
                    c7:fa:81:84:94:7d:3d:7d:33:bc:7e:95:16:17:a8:
                    1d:87:ba:a2:70:bd:90:47:73:28:48:ab:5b:b8:b4:
                    86:61:61:aa:37:97:7a:7a:9f:1c:5b:88:98:04:aa:
                    df:33:20:40:dc:1d:85:26:8a:94:27:d5:82:92:17:
                    63:1e:fb:6f:ec:5e:74:38:c3:22:c0:a5:03:b1:21:
                    69:3f:28:73:9e:fe:a9:8b:f0:c7:a4:ec:9e:27:c0:
                    7e:99:db:7f:d0:5a:b3:ea:73:bf:31:a1:af:0f:55:
                    31:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:4B:8B:EA:53:EF:07:09:EC:18:6D:B3:A9:72:74:74:A9:6C:77:F1
            X509v3 Authority Key Identifier:
                keyid:C6:16:C4:19:51:52:EF:FE:DB:F7:B3:AF:EE:2A:A7:2E:19:09:0E:4D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xhbEGVFS7_7b97Ov7iqnLhkJDk0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/vkuL6lPvBwnsGG2zqXJ0dKlsd_E.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/47/ad6521-d3a9-4b13-be69-39fdb986f059/1/xhbEGVFS7_7b97Ov7iqnLhkJDk0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:61:bb:e5:88:2b:32:c6:5e:68:de:5e:a6:f1:45:49:3f:03:
         83:28:0f:4f:a4:bb:e4:6c:ad:79:0d:80:03:48:13:c0:71:04:
         b7:6a:ff:c4:c7:d5:e4:c1:1a:8c:b1:14:ce:ce:6d:3e:d2:74:
         88:f3:f7:9a:33:f2:8f:1a:86:0f:ea:08:92:0e:1d:e4:44:6d:
         89:39:76:e6:09:35:92:d6:ef:53:d6:c8:c9:57:e8:22:e3:7d:
         86:43:be:57:a1:c6:a3:68:3d:59:3f:ec:48:cf:b0:5d:85:f6:
         d9:69:76:00:7c:87:07:52:b1:8f:a7:f3:aa:ae:c8:dc:99:a4:
         1c:10:3d:bf:f8:01:a5:2c:34:bf:63:3d:99:b5:34:20:42:6f:
         db:8e:2a:d3:ac:67:bd:90:28:68:a5:0e:ee:9e:2a:d0:70:37:
         de:44:f7:97:81:94:9a:45:24:78:09:2f:05:c2:8a:be:77:48:
         ae:1c:0c:a5:62:8d:2d:62:29:1d:c4:f8:0a:ab:92:c1:98:76:
         92:a9:b5:34:72:5a:10:2b:a7:7b:98:cc:4c:a8:6f:a8:ac:2a:
         21:18:80:7e:6a:c9:c7:01:3d:be:e4:77:b1:7a:46:16:04:21:
         7d:88:2f:f3:31:90:96:cc:cd:34:92:df:36:ba:21:b8:ae:49:
         83:b7:23:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTxilBdCFgko/BiyJUOxUVSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MTZjNDE5NTE1MmVmZmVkYmY3YjNhZmVlMmFhNzJlMTkw
OTBlNGQwHhcNMjUwMjEwMjAyNjAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTRiOGJlYTUzZWYwNzA5ZWMxODZkYjNhOTcyNzQ3NGE5NmM3N2YxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqBo8+yfr4C1Vd+Nh4N6hpLvWx3hW
c25LV6wwPRrJKQb3tdTLsuFN669ij38HXBwQx08HLzsb591JMugj21Ntdcu10/ed
O+NBIhqf7xoO14AFFKEjfCN6ktGNy5SElymVaJ9gQItkEyg3VVxhi0qydsCaZZ+R
vs03YdA9O4MF3alVMQVFyI7WKxYY7aVCrCwGdLg36jvH+oGElH09fTO8fpUWF6gd
h7qicL2QR3MoSKtbuLSGYWGqN5d6ep8cW4iYBKrfMyBA3B2FJoqUJ9WCkhdjHvtv
7F50OMMiwKUDsSFpPyhznv6pi/DHpOyeJ8B+mdt/0Fqz6nO/MaGvD1Ux9QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL5Li+pT7wcJ7Bhts6lydHSpbHfxMB8GA1UdIwQY
MBaAFMYWxBlRUu/+2/ezr+4qpy4ZCQ5NMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjkt
MzlmZGI5ODZmMDU5LzEvdmt1TDZsUHZCd25zR0cyenFYSjBkS2xzZF9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Ny9hZDY1MjEtZDNhOS00YjEzLWJlNjktMzlmZGI5ODZmMDU5
LzEveGhiRUdWRlM3XzdiOTdPdjdpcW5MaGtKRGswLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuVYGMA0G
CSqGSIb3DQEBCwUAA4IBAQCuYbvliCsyxl5o3l6m8UVJPwODKA9PpLvkbK15DYAD
SBPAcQS3av/Ex9XkwRqMsRTOzm0+0nSI8/eaM/KPGoYP6giSDh3kRG2JOXbmCTWS
1u9T1sjJV+gi432GQ75XocajaD1ZP+xIz7BdhfbZaXYAfIcHUrGPp/OqrsjcmaQc
ED2/+AGlLDS/Yz2ZtTQgQm/bjirTrGe9kChopQ7unirQcDfeRPeXgZSaRSR4CS8F
woq+d0iuHAylYo0tYikdxPgKq5LBmHaSqbU0cloQK6d7mMxMqG+orCohGIB+asnH
AT2+5HexekYWBCF9iC/zMZCWzM00kt82uiG4rkmDtyMM
-----END CERTIFICATE-----