Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6c/2f7b91-17bf-4c2a-a81e-41527961d48e/1/Q2G86FF3yJmX8igU3QYVD4ZCivo.roa
File:                     Q2G86FF3yJmX8igU3QYVD4ZCivo.roa (raw, json)
Hash identifier:          6/LUNvPV45MHYpMpmogqr8zL/TAfgvM+oAX3YS1oNRc=
Subject key identifier:   43:61:BC:E8:51:77:C8:99:97:F2:28:14:DD:06:15:0F:86:42:8A:FA
Certificate issuer:       /CN=0e3198a9827deeafab1d27b553794f44b91a6c06
Certificate serial:       01941FFA90F86294B65127EE5B46C6721673
Authority key identifier: 0E:31:98:A9:82:7D:EE:AF:AB:1D:27:B5:53:79:4F:44:B9:1A:6C:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DjGYqYJ97q-rHSe1U3lPRLkabAY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6c/2f7b91-17bf-4c2a-a81e-41527961d48e/1/Q2G86FF3yJmX8igU3QYVD4ZCivo.roa
Signing time:             Wed 01 Jan 2025 03:48:22 +0000
ROA not before:           Wed 01 Jan 2025 03:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     43436
IP address blocks:        185.6.140.0/22 maxlen: 23
                          193.58.247.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6c/2f7b91-17bf-4c2a-a81e-41527961d48e/1/DjGYqYJ97q-rHSe1U3lPRLkabAY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6c/2f7b91-17bf-4c2a-a81e-41527961d48e/1/DjGYqYJ97q-rHSe1U3lPRLkabAY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DjGYqYJ97q-rHSe1U3lPRLkabAY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Mar 2025 23:01:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:90:f8:62:94:b6:51:27:ee:5b:46:c6:72:16:73
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0e3198a9827deeafab1d27b553794f44b91a6c06
        Validity
            Not Before: Jan  1 03:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4361bce85177c89997f22814dd06150f86428afa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:10:4c:04:79:6e:d6:f9:f1:35:12:30:c7:2c:
                    da:19:66:d7:dc:9f:90:5a:3e:94:c3:85:fe:3a:60:
                    5b:4e:19:df:9b:44:6d:52:05:34:10:43:1b:64:e5:
                    b5:49:b6:93:ee:24:e1:dd:ed:a7:cf:9f:29:da:4e:
                    7c:ac:23:42:cf:3d:7d:a9:ba:38:9d:84:c6:f6:7a:
                    bf:92:9d:88:31:c4:e3:71:67:a6:09:6a:6c:6a:cc:
                    64:a9:68:af:19:b2:4a:3c:2d:69:67:f3:fe:fd:e8:
                    79:ad:7e:db:cc:f3:93:a5:2e:68:af:71:38:2c:6f:
                    28:e7:d0:d8:bf:68:ca:94:59:57:2e:48:bd:3a:85:
                    62:7e:a6:77:a3:d9:2a:fa:17:a8:26:c8:81:32:99:
                    6f:d4:f3:23:03:d9:9d:10:0f:f0:7c:c0:00:dd:47:
                    f8:e9:7f:65:67:14:26:5e:52:c2:26:6e:1e:10:85:
                    93:b9:5e:f3:62:0b:d3:ed:72:5e:c2:43:7c:c0:16:
                    28:30:a5:4e:77:5e:be:96:fe:fc:80:32:86:6d:e5:
                    f1:6a:ae:dd:cf:65:d5:28:14:60:36:ab:b0:4f:f9:
                    24:1b:cc:01:4a:f5:9f:2c:42:89:c2:08:54:02:71:
                    23:0b:2c:a2:61:a6:2c:3c:33:50:ec:c5:56:85:1b:
                    dd:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:61:BC:E8:51:77:C8:99:97:F2:28:14:DD:06:15:0F:86:42:8A:FA
            X509v3 Authority Key Identifier:
                keyid:0E:31:98:A9:82:7D:EE:AF:AB:1D:27:B5:53:79:4F:44:B9:1A:6C:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DjGYqYJ97q-rHSe1U3lPRLkabAY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/2f7b91-17bf-4c2a-a81e-41527961d48e/1/Q2G86FF3yJmX8igU3QYVD4ZCivo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6c/2f7b91-17bf-4c2a-a81e-41527961d48e/1/DjGYqYJ97q-rHSe1U3lPRLkabAY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.6.140.0/22
                  193.58.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:52:a0:15:cf:c3:62:b1:d0:29:a6:1a:7f:75:af:56:a9:f9:
         1e:52:a6:35:b2:93:f6:c3:70:2a:cb:02:a0:5e:c0:a9:21:0e:
         1b:79:5b:bf:31:f5:ff:47:d9:91:4f:1b:03:f1:3d:ec:e0:11:
         72:2b:db:c7:90:4d:ab:18:c6:59:c6:bf:c4:72:34:d5:a8:95:
         cc:9a:f5:61:bb:99:4b:c3:01:fa:3f:5c:ba:3c:75:ab:96:53:
         28:db:d9:f4:d3:b9:ad:cc:b5:09:ad:9a:30:15:ba:b5:6a:67:
         3d:5f:63:aa:b3:43:cb:a9:79:db:90:50:2f:4c:ff:a7:ab:7c:
         a9:ad:b7:12:6f:32:d4:cb:e5:02:25:f2:0a:6c:9b:d2:09:3f:
         c9:62:85:d5:ab:5a:fd:e0:52:da:19:3b:1f:fb:27:74:1f:84:
         dd:55:6d:fb:44:fe:6c:7c:95:2f:bc:7d:6d:5d:e9:1e:bf:fd:
         89:cc:80:1c:42:96:f5:e8:e7:7b:59:4d:06:68:e8:68:da:1e:
         d7:18:30:d5:94:ac:fd:69:6f:20:92:28:ef:6f:04:a5:9f:60:
         1f:43:30:68:e1:33:39:76:e1:53:f1:fd:06:53:d7:c9:1b:61:
         1b:98:0b:fb:ac:b0:ae:44:24:18:60:fa:e8:65:82:7e:45:1c:
         69:52:04:0b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+pD4YpS2USfuW0bGchZzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBlMzE5OGE5ODI3ZGVlYWZhYjFkMjdiNTUzNzk0ZjQ0Yjkx
YTZjMDYwHhcNMjUwMTAxMDM0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzYxYmNlODUxNzdjODk5OTdmMjI4MTRkZDA2MTUwZjg2NDI4YWZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwBBMBHlu1vnxNRIwxyzaGWbX3J+Q
Wj6Uw4X+OmBbThnfm0RtUgU0EEMbZOW1SbaT7iTh3e2nz58p2k58rCNCzz19qbo4
nYTG9nq/kp2IMcTjcWemCWpsasxkqWivGbJKPC1pZ/P+/eh5rX7bzPOTpS5or3E4
LG8o59DYv2jKlFlXLki9OoVifqZ3o9kq+heoJsiBMplv1PMjA9mdEA/wfMAA3Uf4
6X9lZxQmXlLCJm4eEIWTuV7zYgvT7XJewkN8wBYoMKVOd16+lv78gDKGbeXxaq7d
z2XVKBRgNquwT/kkG8wBSvWfLEKJwghUAnEjCyyiYaYsPDNQ7MVWhRvduwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFENhvOhRd8iZl/IoFN0GFQ+GQor6MB8GA1UdIwQY
MBaAFA4xmKmCfe6vqx0ntVN5T0S5GmwGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGpHWXFZSjk3cS1ySFNlMVUzbFBSTGthYkFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yy8yZjdiOTEtMTdiZi00YzJhLWE4MWUt
NDE1Mjc5NjFkNDhlLzEvUTJHODZGRjN5Sm1YOGlnVTNRWVZENFpDaXZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yy8yZjdiOTEtMTdiZi00YzJhLWE4MWUtNDE1Mjc5NjFkNDhl
LzEvRGpHWXFZSjk3cS1ySFNlMVUzbFBSTGthYkFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuQaMAwQA
wTr3MA0GCSqGSIb3DQEBCwUAA4IBAQBvUqAVz8NisdApphp/da9WqfkeUqY1spP2
w3AqywKgXsCpIQ4beVu/MfX/R9mRTxsD8T3s4BFyK9vHkE2rGMZZxr/EcjTVqJXM
mvVhu5lLwwH6P1y6PHWrllMo29n007mtzLUJrZowFbq1amc9X2Oqs0PLqXnbkFAv
TP+nq3yprbcSbzLUy+UCJfIKbJvSCT/JYoXVq1r94FLaGTsf+yd0H4TdVW37RP5s
fJUvvH1tXekev/2JzIAcQpb16Od7WU0GaOho2h7XGDDVlKz9aW8gkijvbwSln2Af
QzBo4TM5duFT8f0GU9fJG2EbmAv7rLCuRCQYYProZYJ+RRxpUgQL
-----END CERTIFICATE-----