Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/6yNeqI6cfHc3f4rCblxx3TjO0eA.roa
File:                     6yNeqI6cfHc3f4rCblxx3TjO0eA.roa (raw, json)
Hash identifier:          gtLbnA120/ol5rBCSdNOOaWzTA+gt7YvBjty1F7J0T4=
Subject key identifier:   EB:23:5E:A8:8E:9C:7C:77:37:7F:8A:C2:6E:5C:71:DD:38:CE:D1:E0
Certificate issuer:       /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial:       019427B3C116068F886756CF7B8A4B798BD0
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/6yNeqI6cfHc3f4rCblxx3TjO0eA.roa
Signing time:             Thu 02 Jan 2025 15:47:59 +0000
ROA not before:           Thu 02 Jan 2025 15:47:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59851
IP address blocks:        185.225.237.0/24 maxlen: 24
                          2a04:f280::/40 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b3:c1:16:06:8f:88:67:56:cf:7b:8a:4b:79:8b:d0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
        Validity
            Not Before: Jan  2 15:47:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb235ea88e9c7c77377f8ac26e5c71dd38ced1e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:28:99:89:48:d7:73:df:36:33:70:be:99:31:
                    c7:2e:63:d7:47:1b:51:16:24:ec:73:19:b9:d6:7e:
                    b3:a5:73:2b:5d:c0:3c:e2:b6:fe:fa:87:cf:83:43:
                    d5:2c:fb:32:c5:ed:9b:66:86:3b:f5:4b:40:fe:7f:
                    49:17:29:90:5d:0a:95:57:77:5f:21:81:d5:78:ed:
                    d2:bb:3e:c4:ae:25:53:be:50:1c:46:9e:b1:c4:12:
                    f4:c6:a7:a8:8e:03:45:bc:f5:92:c1:ab:0e:f9:01:
                    b9:db:b9:7e:45:c9:c4:57:0e:d5:c5:3e:34:08:90:
                    e3:3b:52:6a:16:ac:38:c9:19:45:72:5f:28:2e:ec:
                    ca:ff:4a:9a:9a:3e:9d:4d:67:1f:d1:be:1f:4d:48:
                    f3:22:70:34:2b:12:dc:3f:5e:37:4c:ea:54:44:d9:
                    db:3b:47:65:11:b8:28:fe:c5:41:87:f1:55:66:fb:
                    a1:53:84:24:5f:c0:4f:e3:c7:2a:19:e8:22:4a:97:
                    42:91:70:f0:22:98:86:84:d6:c0:52:01:5e:2c:32:
                    48:28:98:64:a9:aa:42:eb:de:83:3d:c1:c9:5b:d1:
                    e1:c8:41:6b:3d:aa:70:dd:81:00:c2:91:39:3d:ef:
                    6b:32:76:23:ab:59:a1:7d:0e:44:d1:31:e5:ee:f6:
                    cd:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:23:5E:A8:8E:9C:7C:77:37:7F:8A:C2:6E:5C:71:DD:38:CE:D1:E0
            X509v3 Authority Key Identifier:
                keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/6yNeqI6cfHc3f4rCblxx3TjO0eA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.237.0/24
                IPv6:
                  2a04:f280::/40

    Signature Algorithm: sha256WithRSAEncryption
         af:e7:ef:7e:1e:7b:36:32:e9:37:77:7f:2e:4d:59:17:51:56:
         e8:81:af:5f:63:48:9c:71:e2:ec:12:10:06:58:5a:c4:0d:2f:
         11:22:ba:ff:60:e6:61:bd:7e:3a:41:d8:84:0a:e8:48:2f:b3:
         6f:77:2e:f4:f9:ef:ab:a5:97:0e:fc:5f:7d:fd:41:a1:08:33:
         52:7f:1f:e4:80:f7:86:63:73:3b:00:9f:e4:43:60:14:65:f6:
         12:10:b1:13:83:b8:cc:55:d1:d7:84:b5:5f:10:26:52:36:1b:
         f9:27:48:b4:7f:44:d1:d9:5f:42:d3:5f:da:68:1f:89:d8:0f:
         3c:71:12:8d:61:c3:fc:ed:d6:31:ff:50:08:e6:5d:32:75:05:
         21:9c:f0:8b:e9:6d:fa:f9:b3:8a:8e:04:3d:20:7b:b2:0e:35:
         6a:88:24:32:e6:94:ee:98:1a:69:da:40:ca:46:89:a7:52:29:
         5b:f4:39:9a:aa:63:83:79:03:96:53:8e:6d:f2:3c:4d:af:6e:
         d3:7f:c4:27:91:d0:fb:dd:73:98:67:4b:85:36:d9:33:8a:f7:
         ed:f9:ca:49:98:c8:24:8f:fa:8f:ce:99:a9:d9:65:2f:11:79:
         e6:43:b0:1f:f5:47:bd:78:8b:15:99:7b:f4:ec:d5:87:a3:7e:
         2f:4f:2c:02
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQns8EWBo+IZ1bPe4pLeYvQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjUwMTAyMTU0NzU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjIzNWVhODhlOWM3Yzc3Mzc3ZjhhYzI2ZTVjNzFkZDM4Y2VkMWUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiiZiUjXc982M3C+mTHHLmPXRxtR
FiTscxm51n6zpXMrXcA84rb++ofPg0PVLPsyxe2bZoY79UtA/n9JFymQXQqVV3df
IYHVeO3Suz7EriVTvlAcRp6xxBL0xqeojgNFvPWSwasO+QG527l+RcnEVw7VxT40
CJDjO1JqFqw4yRlFcl8oLuzK/0qamj6dTWcf0b4fTUjzInA0KxLcP143TOpURNnb
O0dlEbgo/sVBh/FVZvuhU4QkX8BP48cqGegiSpdCkXDwIpiGhNbAUgFeLDJIKJhk
qapC696DPcHJW9HhyEFrPapw3YEAwpE5Pe9rMnYjq1mhfQ5E0THl7vbNRQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFOsjXqiOnHx3N3+Kwm5ccd04ztHgMB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEvNnlOZXFJNmNmSGMzZjRyQ2JseHgzVGpPMGVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQAueHtMA4E
AgACMAgDBgAqBPKAADANBgkqhkiG9w0BAQsFAAOCAQEAr+fvfh57NjLpN3d/Lk1Z
F1FW6IGvX2NInHHi7BIQBlhaxA0vESK6/2DmYb1+OkHYhAroSC+zb3cu9Pnvq6WX
Dvxfff1BoQgzUn8f5ID3hmNzOwCf5ENgFGX2EhCxE4O4zFXR14S1XxAmUjYb+SdI
tH9E0dlfQtNf2mgfidgPPHESjWHD/O3WMf9QCOZdMnUFIZzwi+lt+vmzio4EPSB7
sg41aogkMuaU7pgaadpAykaJp1IpW/Q5mqpjg3kDllOObfI8Ta9u03/EJ5HQ+91z
mGdLhTbZM4r37fnKSZjIJI/6j86ZqdllLxF55kOwH/VHvXiLFZl79OzVh6N+L08s
Ag==
-----END CERTIFICATE-----