Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/60/dff2c6-d87c-4d65-a256-1c8225d407b5/1/Ad6-aAH05MI6kkdiGCD95ctRfFo.roa
File:                     Ad6-aAH05MI6kkdiGCD95ctRfFo.roa (raw, json)
Hash identifier:          fVAs8Cty7zb84H/EMD3Y1sNjkv+r8koDIXGOWy5iQEM=
Subject key identifier:   01:DE:BE:68:01:F4:E4:C2:3A:92:47:62:18:20:FD:E5:CB:51:7C:5A
Certificate issuer:       /CN=18ca6de1a48a4e8c5b8af1eae9b5e80bfcf92c45
Certificate serial:       019460FEAFDC2432B43D5AAF73F43EE59269
Authority key identifier: 18:CA:6D:E1:A4:8A:4E:8C:5B:8A:F1:EA:E9:B5:E8:0B:FC:F9:2C:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/GMpt4aSKToxbivHq6bXoC_z5LEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/60/dff2c6-d87c-4d65-a256-1c8225d407b5/1/Ad6-aAH05MI6kkdiGCD95ctRfFo.roa
Signing time:             Mon 13 Jan 2025 18:48:11 +0000
ROA not before:           Mon 13 Jan 2025 18:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212150
IP address blocks:        185.115.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/60/dff2c6-d87c-4d65-a256-1c8225d407b5/1/GMpt4aSKToxbivHq6bXoC_z5LEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/60/dff2c6-d87c-4d65-a256-1c8225d407b5/1/GMpt4aSKToxbivHq6bXoC_z5LEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/GMpt4aSKToxbivHq6bXoC_z5LEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 21:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:60:fe:af:dc:24:32:b4:3d:5a:af:73:f4:3e:e5:92:69
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=18ca6de1a48a4e8c5b8af1eae9b5e80bfcf92c45
        Validity
            Not Before: Jan 13 18:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=01debe6801f4e4c23a9247621820fde5cb517c5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:0c:c8:51:96:e0:17:be:77:23:7b:8d:24:57:
                    65:3b:51:48:02:f5:59:64:8a:f2:63:78:16:4b:bc:
                    a0:46:31:a1:2f:11:f8:7a:3e:dd:71:7d:8f:e1:ed:
                    56:75:8b:ba:e8:b7:6d:d3:78:74:a6:95:d2:2c:c7:
                    d1:be:4e:04:a5:5e:70:b5:56:eb:7d:ce:4f:30:40:
                    90:8a:a2:5a:39:02:7c:d1:ea:f1:b9:a4:c9:f0:5b:
                    25:9a:9b:de:44:13:a1:40:cc:76:b1:db:ca:10:5e:
                    0b:29:f9:17:3d:71:fc:30:e5:a9:a5:7d:bb:37:78:
                    8a:90:60:a7:bf:d5:9b:1c:89:1a:76:52:a3:ee:af:
                    06:a5:f6:f8:82:e6:54:21:44:34:c5:27:81:84:91:
                    b7:ad:38:ca:c6:a9:2f:37:92:cb:82:ed:94:69:7a:
                    6d:7d:3c:2f:4a:52:37:39:d8:6e:52:34:e4:ed:8c:
                    51:bb:b2:d5:ff:c4:01:ef:04:ff:da:70:d3:b4:93:
                    a5:95:8b:fb:da:8e:f5:64:1f:14:48:b9:7d:7b:d7:
                    47:ef:97:0e:19:27:af:87:8c:85:ff:f0:aa:99:70:
                    66:33:d1:1d:fc:44:82:fd:b1:d5:59:56:48:ec:c1:
                    49:f2:e8:1f:d0:01:15:53:8c:77:2e:ec:f9:9e:29:
                    ca:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:DE:BE:68:01:F4:E4:C2:3A:92:47:62:18:20:FD:E5:CB:51:7C:5A
            X509v3 Authority Key Identifier:
                keyid:18:CA:6D:E1:A4:8A:4E:8C:5B:8A:F1:EA:E9:B5:E8:0B:FC:F9:2C:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GMpt4aSKToxbivHq6bXoC_z5LEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/60/dff2c6-d87c-4d65-a256-1c8225d407b5/1/Ad6-aAH05MI6kkdiGCD95ctRfFo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/60/dff2c6-d87c-4d65-a256-1c8225d407b5/1/GMpt4aSKToxbivHq6bXoC_z5LEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:fc:05:96:14:f0:f4:1c:3f:de:12:74:ae:84:e8:41:cc:dc:
         b6:75:53:c0:b0:a0:05:7d:dd:2e:94:3d:03:ef:1e:e1:72:7c:
         22:b9:9b:54:e8:a5:6b:be:32:cf:9d:4c:a3:de:f7:63:15:12:
         a5:ad:83:f5:0b:57:77:ce:b5:2a:c6:cf:3e:31:cd:6b:7a:af:
         22:4b:42:8a:b6:05:4b:64:a5:ae:d4:89:e8:c8:1a:fc:8c:ba:
         1f:9e:e5:2e:6c:83:89:83:54:5f:ab:73:41:30:59:a2:70:5c:
         8a:b0:29:99:a6:56:00:15:51:6b:0a:3e:25:33:b0:a0:12:55:
         d2:45:f1:57:71:fa:c5:6a:7b:19:95:ff:68:06:34:24:3a:20:
         24:69:ed:1b:d2:d2:b7:4e:53:d6:17:8c:5e:f4:2a:66:c0:4e:
         a9:cc:43:e2:bc:ca:26:bf:46:5d:86:a2:fe:b5:3a:8e:60:f4:
         2d:4b:b4:74:15:96:bd:e2:d6:36:ec:51:57:61:bd:5c:28:b9:
         a7:a8:66:1b:f8:1a:cf:88:1c:0d:e0:d5:e5:ab:b6:57:94:b3:
         e3:b2:19:be:10:f5:59:88:27:a7:1f:c4:1c:ca:49:64:8d:43:
         87:e8:f3:ca:e3:ff:d3:a6:d2:15:8a:55:33:62:c9:32:29:e2:
         fa:2a:6c:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZRg/q/cJDK0PVqvc/Q+5ZJpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE4Y2E2ZGUxYTQ4YTRlOGM1YjhhZjFlYWU5YjVlODBiZmNm
OTJjNDUwHhcNMjUwMTEzMTg0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMWRlYmU2ODAxZjRlNGMyM2E5MjQ3NjIxODIwZmRlNWNiNTE3YzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3QzIUZbgF753I3uNJFdlO1FIAvVZ
ZIryY3gWS7ygRjGhLxH4ej7dcX2P4e1WdYu66Ldt03h0ppXSLMfRvk4EpV5wtVbr
fc5PMECQiqJaOQJ80erxuaTJ8FslmpveRBOhQMx2sdvKEF4LKfkXPXH8MOWppX27
N3iKkGCnv9WbHIkadlKj7q8Gpfb4guZUIUQ0xSeBhJG3rTjKxqkvN5LLgu2UaXpt
fTwvSlI3OdhuUjTk7YxRu7LV/8QB7wT/2nDTtJOllYv72o71ZB8USLl9e9dH75cO
GSevh4yF//CqmXBmM9Ed/ESC/bHVWVZI7MFJ8ugf0AEVU4x3Luz5ninKpQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAHevmgB9OTCOpJHYhgg/eXLUXxaMB8GA1UdIwQY
MBaAFBjKbeGkik6MW4rx6um16Av8+SxFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR01wdDRhU0tUb3hiaXZIcTZiWG9DX3o1TEVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82MC9kZmYyYzYtZDg3Yy00ZDY1LWEyNTYt
MWM4MjI1ZDQwN2I1LzEvQWQ2LWFBSDA1TUk2a2tkaUdDRDk1Y3RSZkZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82MC9kZmYyYzYtZDg3Yy00ZDY1LWEyNTYtMWM4MjI1ZDQwN2I1
LzEvR01wdDRhU0tUb3hiaXZIcTZiWG9DX3o1TEVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuXOjMA0G
CSqGSIb3DQEBCwUAA4IBAQAq/AWWFPD0HD/eEnSuhOhBzNy2dVPAsKAFfd0ulD0D
7x7hcnwiuZtU6KVrvjLPnUyj3vdjFRKlrYP1C1d3zrUqxs8+Mc1req8iS0KKtgVL
ZKWu1InoyBr8jLofnuUubIOJg1Rfq3NBMFmicFyKsCmZplYAFVFrCj4lM7CgElXS
RfFXcfrFansZlf9oBjQkOiAkae0b0tK3TlPWF4xe9CpmwE6pzEPivMomv0ZdhqL+
tTqOYPQtS7R0FZa94tY27FFXYb1cKLmnqGYb+BrPiBwN4NXlq7ZXlLPjshm+EPVZ
iCenH8QcyklkjUOH6PPK4//TptIVilUzYskyKeL6Kmyj
-----END CERTIFICATE-----