Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/b1e012-12d0-44a3-a6af-b25a67b2eb4a/1/cnQVrWDhW0BxCfHysaIfdn7x84A.roa
File:                     cnQVrWDhW0BxCfHysaIfdn7x84A.roa (raw, json)
Hash identifier:          QGeaUhczDONIP6VJTksO3RkYcdOxpExDTeoK1S4rtLA=
Subject key identifier:   72:74:15:AD:60:E1:5B:40:71:09:F1:F2:B1:A2:1F:76:7E:F1:F3:80
Certificate issuer:       /CN=06a757442e47f82608bef423dac344c25358dbf9
Certificate serial:       019420686E3A6B6D48AB2DF13FD6AD8F135D
Authority key identifier: 06:A7:57:44:2E:47:F8:26:08:BE:F4:23:DA:C3:44:C2:53:58:DB:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BqdXRC5H-CYIvvQj2sNEwlNY2_k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/b1e012-12d0-44a3-a6af-b25a67b2eb4a/1/cnQVrWDhW0BxCfHysaIfdn7x84A.roa
Signing time:             Wed 01 Jan 2025 05:48:22 +0000
ROA not before:           Wed 01 Jan 2025 05:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     56694
IP address blocks:        185.217.128.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/b1e012-12d0-44a3-a6af-b25a67b2eb4a/1/BqdXRC5H-CYIvvQj2sNEwlNY2_k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/b1e012-12d0-44a3-a6af-b25a67b2eb4a/1/BqdXRC5H-CYIvvQj2sNEwlNY2_k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BqdXRC5H-CYIvvQj2sNEwlNY2_k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Mar 2025 03:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:6e:3a:6b:6d:48:ab:2d:f1:3f:d6:ad:8f:13:5d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=06a757442e47f82608bef423dac344c25358dbf9
        Validity
            Not Before: Jan  1 05:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=727415ad60e15b407109f1f2b1a21f767ef1f380
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:8e:8f:b5:0b:3e:84:23:fc:dd:7b:06:fd:7f:
                    0e:cc:c4:3e:ef:55:d7:36:6e:96:0a:ec:31:10:89:
                    02:69:0e:d3:02:0f:bc:ad:64:8a:3f:2c:3a:4d:bc:
                    3b:bd:e7:d7:fb:3f:7f:db:fb:c5:32:bd:d9:00:dc:
                    e5:ab:5b:ec:09:28:1b:10:3a:ef:fa:e1:8c:be:c4:
                    0e:72:f8:03:a9:a2:87:b1:80:a5:ea:61:a4:b7:3a:
                    a4:65:e1:d3:3d:a9:a6:5b:4e:0c:4b:1d:df:63:41:
                    5b:22:48:a0:f4:bd:3f:3b:02:4d:ad:96:a6:6c:2f:
                    24:11:31:ed:10:fd:a4:0b:3f:b9:12:b5:e9:60:4f:
                    40:ad:c3:0c:cc:08:c1:3a:47:ae:ed:26:da:aa:de:
                    e9:24:81:92:ca:20:5f:1f:95:6e:66:6b:ca:26:40:
                    dc:31:bc:cf:ed:32:2f:48:8c:68:4b:50:1b:78:fd:
                    4b:ab:4e:3a:77:4e:4d:86:ad:16:db:54:a0:c9:cb:
                    9e:a6:f0:f5:bd:20:a9:81:dd:2d:7f:f6:84:b0:19:
                    ef:81:f6:1e:4a:a7:87:9e:e4:da:c0:76:26:5c:81:
                    a2:82:96:52:5a:dc:35:8d:8c:09:2f:bc:b7:ed:95:
                    a3:02:f9:d3:01:71:f2:ac:09:11:25:24:e0:c5:fa:
                    f9:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:74:15:AD:60:E1:5B:40:71:09:F1:F2:B1:A2:1F:76:7E:F1:F3:80
            X509v3 Authority Key Identifier:
                keyid:06:A7:57:44:2E:47:F8:26:08:BE:F4:23:DA:C3:44:C2:53:58:DB:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BqdXRC5H-CYIvvQj2sNEwlNY2_k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/b1e012-12d0-44a3-a6af-b25a67b2eb4a/1/cnQVrWDhW0BxCfHysaIfdn7x84A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/b1e012-12d0-44a3-a6af-b25a67b2eb4a/1/BqdXRC5H-CYIvvQj2sNEwlNY2_k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.217.128.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:2c:15:ff:e1:f9:4b:f4:c7:cf:b9:4d:3a:7b:4e:65:10:48:
         b9:34:1b:21:61:9f:d8:b1:62:09:48:cf:8b:b4:fa:89:bc:13:
         0b:18:ea:44:9f:33:25:01:b5:78:60:04:8a:f8:4a:2b:f7:95:
         54:77:53:6b:c6:0a:f4:a4:1a:68:c5:c9:28:a2:fa:3c:26:f9:
         a2:a4:62:62:4d:52:1e:cb:aa:ba:6f:6f:01:ba:b0:b4:7b:3f:
         54:4a:32:a1:64:d8:89:39:97:ad:22:6c:50:f0:74:d9:91:a5:
         e0:eb:c6:81:7a:ee:4d:a6:22:86:49:c7:71:8f:40:6c:d6:7d:
         0b:4c:df:c9:49:d1:5d:7a:2a:35:ea:0d:7a:11:d1:8f:11:32:
         0f:08:f5:b6:43:cb:4b:6b:02:e8:f0:97:ed:1f:5b:bb:3a:5b:
         f8:38:f9:ed:51:09:1f:76:3b:b8:d7:be:6e:82:a5:1d:aa:62:
         71:09:ec:0d:1b:81:f7:26:82:3a:fb:1a:5f:b8:a6:54:86:88:
         55:63:59:01:c3:a2:ab:ef:01:96:49:c2:41:9b:ab:a6:da:54:
         37:cb:ed:39:5d:7b:82:2f:23:f9:1e:fd:c9:d8:ac:94:57:b6:
         68:80:a9:d8:34:41:e3:ed:f7:80:60:10:4a:ae:f8:28:41:98:
         1d:2c:11:ef
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaG46a21Iqy3xP9atjxNdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2YTc1NzQ0MmU0N2Y4MjYwOGJlZjQyM2RhYzM0NGMyNTM1
OGRiZjkwHhcNMjUwMTAxMDU0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Mjc0MTVhZDYwZTE1YjQwNzEwOWYxZjJiMWEyMWY3NjdlZjFmMzgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0o6PtQs+hCP83XsG/X8OzMQ+71XX
Nm6WCuwxEIkCaQ7TAg+8rWSKPyw6Tbw7vefX+z9/2/vFMr3ZANzlq1vsCSgbEDrv
+uGMvsQOcvgDqaKHsYCl6mGktzqkZeHTPammW04MSx3fY0FbIkig9L0/OwJNrZam
bC8kETHtEP2kCz+5ErXpYE9ArcMMzAjBOkeu7Sbaqt7pJIGSyiBfH5VuZmvKJkDc
MbzP7TIvSIxoS1AbeP1Lq046d05Nhq0W21SgycuepvD1vSCpgd0tf/aEsBnvgfYe
SqeHnuTawHYmXIGigpZSWtw1jYwJL7y37ZWjAvnTAXHyrAkRJSTgxfr5lwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHJ0Fa1g4VtAcQnx8rGiH3Z+8fOAMB8GA1UdIwQY
MBaAFAanV0QuR/gmCL70I9rDRMJTWNv5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQnFkWFJDNUgtQ1lJdnZRajJzTkV3bE5ZMl9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9iMWUwMTItMTJkMC00NGEzLWE2YWYt
YjI1YTY3YjJlYjRhLzEvY25RVnJXRGhXMEJ4Q2ZIeXNhSWZkbjd4ODRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9iMWUwMTItMTJkMC00NGEzLWE2YWYtYjI1YTY3YjJlYjRh
LzEvQnFkWFJDNUgtQ1lJdnZRajJzTkV3bE5ZMl9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudmAMA0G
CSqGSIb3DQEBCwUAA4IBAQATLBX/4flL9MfPuU06e05lEEi5NBshYZ/YsWIJSM+L
tPqJvBMLGOpEnzMlAbV4YASK+Eor95VUd1Nrxgr0pBpoxckoovo8JvmipGJiTVIe
y6q6b28BurC0ez9USjKhZNiJOZetImxQ8HTZkaXg68aBeu5NpiKGScdxj0Bs1n0L
TN/JSdFdeio16g16EdGPETIPCPW2Q8tLawLo8JftH1u7Olv4OPntUQkfdju4175u
gqUdqmJxCewNG4H3JoI6+xpfuKZUhohVY1kBw6Kr7wGWScJBm6um2lQ3y+05XXuC
LyP5Hv3J2KyUV7ZogKnYNEHj7feAYBBKrvgoQZgdLBHv
-----END CERTIFICATE-----