Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/65/84f86e-4ea7-4db3-aa30-c2c9e2393a32/1/6KI42LA3k4Z423gzE8zSlIe9RA4.roa
File:                     6KI42LA3k4Z423gzE8zSlIe9RA4.roa (raw, json)
Hash identifier:          MywiSVripv33Y3DFEx1AfwLFpUpd5icicODvhSpR2Lc=
Subject key identifier:   E8:A2:38:D8:B0:37:93:86:78:DB:78:33:13:CC:D2:94:87:BD:44:0E
Certificate issuer:       /CN=317ef55ae76d422504eae5b206724d36443311c7
Certificate serial:       019422FBDDEFC6E193FA2EF648F267A47A25
Authority key identifier: 31:7E:F5:5A:E7:6D:42:25:04:EA:E5:B2:06:72:4D:36:44:33:11:C7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/MX71WudtQiUE6uWyBnJNNkQzEcc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/65/84f86e-4ea7-4db3-aa30-c2c9e2393a32/1/6KI42LA3k4Z423gzE8zSlIe9RA4.roa
Signing time:             Wed 01 Jan 2025 17:48:39 +0000
ROA not before:           Wed 01 Jan 2025 17:48:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197480
IP address blocks:        178.21.136.0/21 maxlen: 21
                          185.3.224.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/65/84f86e-4ea7-4db3-aa30-c2c9e2393a32/1/MX71WudtQiUE6uWyBnJNNkQzEcc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/65/84f86e-4ea7-4db3-aa30-c2c9e2393a32/1/MX71WudtQiUE6uWyBnJNNkQzEcc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/MX71WudtQiUE6uWyBnJNNkQzEcc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:dd:ef:c6:e1:93:fa:2e:f6:48:f2:67:a4:7a:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=317ef55ae76d422504eae5b206724d36443311c7
        Validity
            Not Before: Jan  1 17:48:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e8a238d8b037938678db783313ccd29487bd440e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:9c:f9:41:52:8f:e3:0f:12:34:c7:62:74:37:
                    51:e3:48:05:c3:2c:c4:35:45:8a:81:8a:eb:89:66:
                    ad:52:db:f5:30:a8:45:71:d8:f8:34:6b:34:8e:2c:
                    6b:25:ea:90:5e:e3:17:14:b5:d2:5d:8d:cc:18:be:
                    51:ee:95:25:16:31:1c:d2:25:a9:e3:4e:42:5b:9d:
                    cb:f4:2e:7e:53:b3:a7:ca:3f:be:90:f7:fc:db:d4:
                    6a:80:44:be:af:26:a8:9d:f6:db:33:8f:87:0b:e7:
                    dc:b6:8d:12:d6:1e:5e:d1:1e:e3:ee:d6:86:5c:46:
                    04:8c:a9:a7:7b:39:da:93:1f:25:f2:97:d7:72:14:
                    89:a9:ec:2a:c7:b4:c0:42:f8:a7:30:c9:24:3f:18:
                    82:c7:eb:f6:99:89:f6:77:56:57:de:47:b7:62:36:
                    a2:65:c2:a5:93:18:cb:a4:fa:b6:f7:48:f6:5e:52:
                    17:82:9b:c9:47:cc:bb:29:10:57:cb:a7:1c:af:11:
                    20:85:27:5f:79:4c:1b:78:48:0d:5f:ec:38:da:89:
                    dc:c8:05:2d:74:df:64:c8:c0:af:05:b6:30:14:16:
                    4f:7f:77:1f:1c:28:50:19:51:bd:2f:16:1e:99:93:
                    ad:2d:32:b7:a7:72:43:1b:28:4d:d7:d7:86:0f:2e:
                    19:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:A2:38:D8:B0:37:93:86:78:DB:78:33:13:CC:D2:94:87:BD:44:0E
            X509v3 Authority Key Identifier:
                keyid:31:7E:F5:5A:E7:6D:42:25:04:EA:E5:B2:06:72:4D:36:44:33:11:C7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/MX71WudtQiUE6uWyBnJNNkQzEcc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/65/84f86e-4ea7-4db3-aa30-c2c9e2393a32/1/6KI42LA3k4Z423gzE8zSlIe9RA4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/65/84f86e-4ea7-4db3-aa30-c2c9e2393a32/1/MX71WudtQiUE6uWyBnJNNkQzEcc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  178.21.136.0/21
                  185.3.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         28:6e:19:1f:6c:73:b8:ca:e2:b9:9d:77:99:09:ba:b8:d4:91:
         e3:3d:5d:f6:92:c1:79:a8:ab:3b:c5:ab:52:df:2f:90:af:d9:
         99:43:20:8c:fd:18:41:94:1c:90:2b:e2:c7:87:9d:09:40:8a:
         4f:fb:35:37:80:b5:28:04:85:c1:e9:16:c7:c0:5f:4a:7a:ef:
         35:c2:79:06:8a:0c:8c:69:fb:65:ee:c9:6c:22:f7:31:9f:40:
         c4:3f:23:80:e2:49:e6:63:3a:28:65:82:9a:2f:45:e5:b0:57:
         e0:be:57:25:da:9c:86:06:3a:f6:57:a4:d1:aa:3d:5c:df:ef:
         79:e4:9c:90:92:5c:ee:0c:e0:1e:aa:e0:01:9c:5e:d8:f0:cd:
         28:42:f4:38:30:10:38:0b:bc:a2:99:95:8b:d2:17:e9:92:73:
         3a:af:ff:b0:dd:3e:e8:13:e3:4a:48:8c:4c:ee:0b:33:47:c2:
         08:a8:bd:67:00:64:ee:3c:a6:09:87:e2:c1:f3:8e:fb:37:11:
         e4:db:b2:02:48:d0:42:9c:28:47:34:4f:be:20:05:bf:5b:7b:
         e2:da:d6:fb:c2:88:53:20:1c:08:7b:bc:72:44:fe:4f:eb:11:
         de:49:d1:92:b4:56:d1:db:43:82:2e:d0:d0:9e:db:ca:2c:d0:
         26:bb:22:6e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+93vxuGT+i72SPJnpHolMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMxN2VmNTVhZTc2ZDQyMjUwNGVhZTViMjA2NzI0ZDM2NDQz
MzExYzcwHhcNMjUwMTAxMTc0ODM5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlOGEyMzhkOGIwMzc5Mzg2NzhkYjc4MzMxM2NjZDI5NDg3YmQ0NDBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtJz5QVKP4w8SNMdidDdR40gFwyzE
NUWKgYrriWatUtv1MKhFcdj4NGs0jixrJeqQXuMXFLXSXY3MGL5R7pUlFjEc0iWp
405CW53L9C5+U7Onyj++kPf829RqgES+ryaonfbbM4+HC+fcto0S1h5e0R7j7taG
XEYEjKmneznakx8l8pfXchSJqewqx7TAQvinMMkkPxiCx+v2mYn2d1ZX3ke3Yjai
ZcKlkxjLpPq290j2XlIXgpvJR8y7KRBXy6ccrxEghSdfeUwbeEgNX+w42oncyAUt
dN9kyMCvBbYwFBZPf3cfHChQGVG9LxYemZOtLTK3p3JDGyhN19eGDy4ZYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOiiONiwN5OGeNt4MxPM0pSHvUQOMB8GA1UdIwQY
MBaAFDF+9VrnbUIlBOrlsgZyTTZEMxHHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTVg3MVd1ZHRRaVVFNnVXeUJuSk5Oa1F6RWNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82NS84NGY4NmUtNGVhNy00ZGIzLWFhMzAt
YzJjOWUyMzkzYTMyLzEvNktJNDJMQTNrNFo0MjNnekU4elNsSWU5UkE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82NS84NGY4NmUtNGVhNy00ZGIzLWFhMzAtYzJjOWUyMzkzYTMy
LzEvTVg3MVd1ZHRRaVVFNnVXeUJuSk5Oa1F6RWNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDshWIAwQC
uQPgMA0GCSqGSIb3DQEBCwUAA4IBAQAobhkfbHO4yuK5nXeZCbq41JHjPV32ksF5
qKs7xatS3y+Qr9mZQyCM/RhBlByQK+LHh50JQIpP+zU3gLUoBIXB6RbHwF9Keu81
wnkGigyMaftl7slsIvcxn0DEPyOA4knmYzooZYKaL0XlsFfgvlcl2pyGBjr2V6TR
qj1c3+955JyQklzuDOAequABnF7Y8M0oQvQ4MBA4C7yimZWL0hfpknM6r/+w3T7o
E+NKSIxM7gszR8IIqL1nAGTuPKYJh+LB8477NxHk27ICSNBCnChHNE++IAW/W3vi
2tb7wohTIBwIe7xyRP5P6xHeSdGStFbR20OCLtDQntvKLNAmuyJu
-----END CERTIFICATE-----