Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/5be44c-a4f2-4bd0-b5a7-b468838c7fdf/1/6HQFKIaH-doszFtkd3GkDQ1Wxaw.roa
File:                     6HQFKIaH-doszFtkd3GkDQ1Wxaw.roa (raw, json)
Hash identifier:          1OXXKiYa8WQkCMkAZRnTwQi7yeY/wqvng1D/8Z8Ivmg=
Subject key identifier:   E8:74:05:28:86:87:F9:DA:2C:CC:5B:64:77:71:A4:0D:0D:56:C5:AC
Certificate issuer:       /CN=2cfaa22bd65cac82858ea091686d5b3b4be3bd39
Certificate serial:       01942220367A80128C1A61CAF5C764A73FCC
Authority key identifier: 2C:FA:A2:2B:D6:5C:AC:82:85:8E:A0:91:68:6D:5B:3B:4B:E3:BD:39
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LPqiK9ZcrIKFjqCRaG1bO0vjvTk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/5be44c-a4f2-4bd0-b5a7-b468838c7fdf/1/6HQFKIaH-doszFtkd3GkDQ1Wxaw.roa
Signing time:             Wed 01 Jan 2025 13:48:43 +0000
ROA not before:           Wed 01 Jan 2025 13:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204046
IP address blocks:        185.116.104.0/22 maxlen: 24
                          2a06:7d80::/29 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/5be44c-a4f2-4bd0-b5a7-b468838c7fdf/1/LPqiK9ZcrIKFjqCRaG1bO0vjvTk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/5be44c-a4f2-4bd0-b5a7-b468838c7fdf/1/LPqiK9ZcrIKFjqCRaG1bO0vjvTk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LPqiK9ZcrIKFjqCRaG1bO0vjvTk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:36:7a:80:12:8c:1a:61:ca:f5:c7:64:a7:3f:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2cfaa22bd65cac82858ea091686d5b3b4be3bd39
        Validity
            Not Before: Jan  1 13:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e87405288687f9da2ccc5b647771a40d0d56c5ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:6b:9d:63:cd:e4:2a:ea:3f:39:dd:c1:a3:ed:
                    b9:df:24:a5:95:ce:85:6f:42:1b:45:52:7e:20:1e:
                    8d:77:1f:86:0c:36:fd:4c:28:57:0f:f5:04:d9:fc:
                    d6:49:cd:bb:41:48:a3:6f:64:bc:92:e8:94:08:7a:
                    42:f8:99:24:f4:da:a1:56:39:06:f3:bd:34:38:df:
                    7c:e1:8a:c1:74:53:ce:05:03:fb:d4:d7:32:4f:11:
                    43:4c:79:cc:9d:5d:a2:ca:e5:60:a0:e7:48:48:91:
                    32:1f:f4:27:1d:ed:32:05:f9:73:d5:fa:05:89:5b:
                    91:8e:6d:93:91:5c:65:24:53:b5:ef:9a:f8:b3:f6:
                    3d:d4:35:94:5b:99:6c:a4:65:8f:9d:df:28:ec:e6:
                    3d:c4:08:8c:ac:3d:5f:7e:40:87:57:b8:a8:c3:50:
                    40:55:de:ff:66:98:31:c0:aa:a6:d7:5a:33:89:43:
                    7f:0d:51:ee:00:4c:fb:56:59:47:7f:6a:69:43:b2:
                    7a:57:de:9e:c6:e6:3b:4b:2b:a6:34:e3:26:77:d6:
                    49:f3:be:58:f4:8f:86:77:b0:51:ea:35:46:26:81:
                    75:6e:69:58:06:6b:5d:c0:52:f9:54:bc:aa:db:35:
                    55:7f:e0:ca:f0:48:98:43:0c:b4:89:bc:14:d0:43:
                    fe:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:74:05:28:86:87:F9:DA:2C:CC:5B:64:77:71:A4:0D:0D:56:C5:AC
            X509v3 Authority Key Identifier:
                keyid:2C:FA:A2:2B:D6:5C:AC:82:85:8E:A0:91:68:6D:5B:3B:4B:E3:BD:39

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LPqiK9ZcrIKFjqCRaG1bO0vjvTk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/5be44c-a4f2-4bd0-b5a7-b468838c7fdf/1/6HQFKIaH-doszFtkd3GkDQ1Wxaw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/5be44c-a4f2-4bd0-b5a7-b468838c7fdf/1/LPqiK9ZcrIKFjqCRaG1bO0vjvTk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.116.104.0/22
                IPv6:
                  2a06:7d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         49:b2:ef:0e:21:60:cb:61:91:97:70:de:73:31:73:c2:8f:f5:
         37:91:db:76:9e:a3:1c:6f:2a:d0:02:4b:d3:6e:ca:b0:38:d3:
         4d:6b:e2:49:6a:b7:67:be:dc:06:0f:aa:3c:97:4f:fa:1e:2d:
         d3:54:35:2f:4d:6f:9b:fa:1f:ab:84:04:d7:18:ec:03:c0:5f:
         5d:70:fe:d8:31:70:da:3e:a6:ae:c7:c7:c5:40:99:da:84:e4:
         bc:0a:2d:65:d1:01:02:79:8f:96:b6:5c:12:1d:90:c9:01:13:
         66:c9:9b:d9:07:ba:4b:53:2e:e6:7a:d6:93:be:4e:b6:af:b2:
         3f:52:81:77:e8:13:6b:e9:13:89:0a:7c:f9:a2:9c:68:bf:2b:
         12:dc:85:0a:dc:5e:7d:f2:a2:56:79:66:35:39:a3:0a:84:32:
         27:62:39:46:f2:d2:c2:da:6b:f8:19:7b:92:26:ae:99:c6:9d:
         28:7f:47:02:d0:23:e8:13:3b:47:d6:80:7b:9c:4c:c5:e1:04:
         0f:b5:5f:90:65:b6:aa:60:16:db:d0:9e:e2:35:d8:c2:26:b2:
         fc:2c:3c:68:47:bc:6a:a4:fd:fa:b9:ff:22:71:ac:e7:8d:e7:
         9e:da:a3:a3:97:81:27:ec:af:1c:e8:8c:be:11:e7:dd:fe:cf:
         0a:f6:78:3b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQiIDZ6gBKMGmHK9cdkpz/MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjZmFhMjJiZDY1Y2FjODI4NThlYTA5MTY4NmQ1YjNiNGJl
M2JkMzkwHhcNMjUwMTAxMTM0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODc0MDUyODg2ODdmOWRhMmNjYzViNjQ3NzcxYTQwZDBkNTZjNWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArGudY83kKuo/Od3Bo+253ySllc6F
b0IbRVJ+IB6Ndx+GDDb9TChXD/UE2fzWSc27QUijb2S8kuiUCHpC+Jkk9NqhVjkG
8700ON984YrBdFPOBQP71NcyTxFDTHnMnV2iyuVgoOdISJEyH/QnHe0yBflz1foF
iVuRjm2TkVxlJFO175r4s/Y91DWUW5lspGWPnd8o7OY9xAiMrD1ffkCHV7iow1BA
Vd7/ZpgxwKqm11oziUN/DVHuAEz7VllHf2ppQ7J6V96exuY7SyumNOMmd9ZJ875Y
9I+Gd7BR6jVGJoF1bmlYBmtdwFL5VLyq2zVVf+DK8EiYQwy0ibwU0EP+rQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFOh0BSiGh/naLMxbZHdxpA0NVsWsMB8GA1UdIwQY
MBaAFCz6oivWXKyChY6gkWhtWztL4705MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTFBxaUs5WmNySUtGanFDUmFHMWJPMHZqdlRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS81YmU0NGMtYTRmMi00YmQwLWI1YTct
YjQ2ODgzOGM3ZmRmLzEvNkhRRktJYUgtZG9zekZ0a2QzR2tEUTFXeGF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS81YmU0NGMtYTRmMi00YmQwLWI1YTctYjQ2ODgzOGM3ZmRm
LzEvTFBxaUs5WmNySUtGanFDUmFHMWJPMHZqdlRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuXRoMA0E
AgACMAcDBQMqBn2AMA0GCSqGSIb3DQEBCwUAA4IBAQBJsu8OIWDLYZGXcN5zMXPC
j/U3kdt2nqMcbyrQAkvTbsqwONNNa+JJardnvtwGD6o8l0/6Hi3TVDUvTW+b+h+r
hATXGOwDwF9dcP7YMXDaPqaux8fFQJnahOS8Ci1l0QECeY+WtlwSHZDJARNmyZvZ
B7pLUy7metaTvk62r7I/UoF36BNr6ROJCnz5opxovysS3IUK3F598qJWeWY1OaMK
hDInYjlG8tLC2mv4GXuSJq6Zxp0of0cC0CPoEztH1oB7nEzF4QQPtV+QZbaqYBbb
0J7iNdjCJrL8LDxoR7xqpP36uf8icaznjeee2qOjl4En7K8c6Iy+Eefd/s8K9ng7
-----END CERTIFICATE-----