Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/063fa4-17de-4595-bc86-ce4b6250bb4d/1/1QgdyuQWVblUntU5znb6VUOcImg.roa
File:                     1QgdyuQWVblUntU5znb6VUOcImg.roa (raw, json)
Hash identifier:          8ewfHwhOXDGmHEAryCOm3WfF+5LJGrecBJVM/3LIdo0=
Subject key identifier:   D5:08:1D:CA:E4:16:55:B9:54:9E:D5:39:CE:76:FA:55:43:9C:22:68
Certificate issuer:       /CN=91dd2314dd9b7c61d71d4dbeda8fa3965c424570
Certificate serial:       01941F8C203179BDEE318CFA774BFED4C581
Authority key identifier: 91:DD:23:14:DD:9B:7C:61:D7:1D:4D:BE:DA:8F:A3:96:5C:42:45:70
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kd0jFN2bfGHXHU2-2o-jllxCRXA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/063fa4-17de-4595-bc86-ce4b6250bb4d/1/1QgdyuQWVblUntU5znb6VUOcImg.roa
Signing time:             Wed 01 Jan 2025 01:47:44 +0000
ROA not before:           Wed 01 Jan 2025 01:47:44 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     39093
IP address blocks:        185.212.184.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/063fa4-17de-4595-bc86-ce4b6250bb4d/1/kd0jFN2bfGHXHU2-2o-jllxCRXA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/063fa4-17de-4595-bc86-ce4b6250bb4d/1/kd0jFN2bfGHXHU2-2o-jllxCRXA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kd0jFN2bfGHXHU2-2o-jllxCRXA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:20:31:79:bd:ee:31:8c:fa:77:4b:fe:d4:c5:81
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=91dd2314dd9b7c61d71d4dbeda8fa3965c424570
        Validity
            Not Before: Jan  1 01:47:44 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d5081dcae41655b9549ed539ce76fa55439c2268
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:31:ae:00:e4:86:a0:4e:4f:e7:36:ce:c0:b8:
                    f2:85:38:a8:f8:ff:b9:56:95:bd:a8:51:03:8f:e5:
                    c7:77:26:22:73:79:10:f9:48:43:89:82:29:bf:64:
                    39:5c:78:85:db:7d:93:e7:45:9d:00:28:05:13:cf:
                    b2:8a:9f:ca:97:2b:a6:ac:b6:bc:9f:71:21:d9:9a:
                    87:b5:5e:c1:71:15:ad:7e:78:15:b8:17:7d:8a:d3:
                    40:1c:01:bd:0f:24:f8:b9:72:c0:d0:11:20:23:bf:
                    fa:43:42:66:a5:50:8f:43:17:7b:9e:24:62:09:cc:
                    b6:82:2c:eb:66:d7:ce:d4:34:30:43:97:34:c6:cd:
                    66:ef:76:09:c3:b2:ea:ca:54:36:b0:65:df:43:a3:
                    3c:f4:3e:45:b6:27:89:bd:00:12:1b:d9:cb:b7:7b:
                    36:e3:25:42:05:68:49:ab:21:7e:87:1a:2a:70:bf:
                    53:72:55:38:64:a3:27:c0:bb:91:a2:3a:f4:fb:5c:
                    29:64:be:0b:bd:4f:2e:e7:40:1e:40:a3:64:00:15:
                    24:f7:bc:33:b4:c8:bd:28:cc:9b:65:4a:79:a4:86:
                    05:34:7a:22:89:25:16:8f:15:11:a8:a7:07:94:7e:
                    30:da:72:2e:6a:bf:84:2f:12:13:c8:2b:91:78:2f:
                    a3:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:08:1D:CA:E4:16:55:B9:54:9E:D5:39:CE:76:FA:55:43:9C:22:68
            X509v3 Authority Key Identifier:
                keyid:91:DD:23:14:DD:9B:7C:61:D7:1D:4D:BE:DA:8F:A3:96:5C:42:45:70

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kd0jFN2bfGHXHU2-2o-jllxCRXA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/063fa4-17de-4595-bc86-ce4b6250bb4d/1/1QgdyuQWVblUntU5znb6VUOcImg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/063fa4-17de-4595-bc86-ce4b6250bb4d/1/kd0jFN2bfGHXHU2-2o-jllxCRXA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.212.184.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:88:34:88:fc:17:1f:57:32:18:f0:53:46:5a:3d:5c:a7:0f:
         0c:90:26:0f:c5:f1:ae:e9:4e:f5:fe:f4:4a:1e:1f:55:2f:10:
         5a:da:5f:70:83:bf:3d:6d:6f:a4:19:a8:d5:df:94:c2:5b:76:
         2d:b4:85:57:5c:ff:89:9b:07:7b:77:9b:cf:ed:41:84:97:55:
         6c:ef:48:95:44:5d:e6:b1:36:ea:35:5e:77:41:bd:e7:81:1c:
         fd:2e:db:c4:c5:d8:e1:08:1b:b8:b7:c6:1e:d3:95:95:10:a1:
         d2:1c:8e:68:47:11:78:30:3e:a1:3b:26:27:15:86:d3:f9:a7:
         fe:eb:99:ac:76:00:55:f2:68:1e:3e:b2:d4:56:c0:4e:e1:5f:
         d1:df:e5:d6:c5:5a:27:a6:df:cb:ce:1e:9a:3a:be:26:05:d9:
         79:fa:aa:d4:94:41:dc:1c:2a:3e:93:3c:74:2e:cd:d9:84:75:
         85:80:ae:81:6e:58:8a:2b:0c:66:6f:d8:79:68:d9:6d:1b:a1:
         90:c6:b8:a8:26:d9:c3:0e:00:55:ae:ef:70:5d:0b:2c:43:dc:
         5f:a7:a9:61:ce:6f:d2:ed:63:73:5d:9c:96:31:31:2f:1d:3a:
         f1:78:e6:27:ef:d6:9d:ef:92:b6:ba:4e:1c:52:4d:95:69:ca:
         69:03:28:25
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjCAxeb3uMYz6d0v+1MWBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZGQyMzE0ZGQ5YjdjNjFkNzFkNGRiZWRhOGZhMzk2NWM0
MjQ1NzAwHhcNMjUwMTAxMDE0NzQ0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTA4MWRjYWU0MTY1NWI5NTQ5ZWQ1MzljZTc2ZmE1NTQzOWMyMjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujGuAOSGoE5P5zbOwLjyhTio+P+5
VpW9qFEDj+XHdyYic3kQ+UhDiYIpv2Q5XHiF232T50WdACgFE8+yip/KlyumrLa8
n3Eh2ZqHtV7BcRWtfngVuBd9itNAHAG9DyT4uXLA0BEgI7/6Q0JmpVCPQxd7niRi
Ccy2gizrZtfO1DQwQ5c0xs1m73YJw7LqylQ2sGXfQ6M89D5FtieJvQASG9nLt3s2
4yVCBWhJqyF+hxoqcL9TclU4ZKMnwLuRojr0+1wpZL4LvU8u50AeQKNkABUk97wz
tMi9KMybZUp5pIYFNHoiiSUWjxURqKcHlH4w2nIuar+ELxITyCuReC+j0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNUIHcrkFlW5VJ7VOc52+lVDnCJoMB8GA1UdIwQY
MBaAFJHdIxTdm3xh1x1NvtqPo5ZcQkVwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2QwakZOMmJmR0hYSFUyLTJvLWpsbHhDUlhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi8wNjNmYTQtMTdkZS00NTk1LWJjODYt
Y2U0YjYyNTBiYjRkLzEvMVFnZHl1UVdWYmxVbnRVNXpuYjZWVU9jSW1nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi8wNjNmYTQtMTdkZS00NTk1LWJjODYtY2U0YjYyNTBiYjRk
LzEva2QwakZOMmJmR0hYSFUyLTJvLWpsbHhDUlhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudS4MA0G
CSqGSIb3DQEBCwUAA4IBAQA/iDSI/BcfVzIY8FNGWj1cpw8MkCYPxfGu6U71/vRK
Hh9VLxBa2l9wg789bW+kGajV35TCW3YttIVXXP+Jmwd7d5vP7UGEl1Vs70iVRF3m
sTbqNV53Qb3ngRz9LtvExdjhCBu4t8Ye05WVEKHSHI5oRxF4MD6hOyYnFYbT+af+
65msdgBV8mgePrLUVsBO4V/R3+XWxVonpt/Lzh6aOr4mBdl5+qrUlEHcHCo+kzx0
Ls3ZhHWFgK6BbliKKwxmb9h5aNltG6GQxrioJtnDDgBVru9wXQssQ9xfp6lhzm/S
7WNzXZyWMTEvHTrxeOYn79ad75K2uk4cUk2VacppAygl
-----END CERTIFICATE-----