Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/bc5034-600a-49b3-84b9-ac1edbb477c0/1/Mk6bMg9yn912dvqA2bZ2UEvYkBY.roa
File:                     Mk6bMg9yn912dvqA2bZ2UEvYkBY.roa (raw, json)
Hash identifier:          KxEzTRFfoJeG7lkUxdhEUvS8hrtrGhN9+8KxA+43syM=
Subject key identifier:   32:4E:9B:32:0F:72:9F:DD:76:76:FA:80:D9:B6:76:50:4B:D8:90:16
Certificate issuer:       /CN=68c21560b12219cf8eab55f74d98f2e9aed51746
Certificate serial:       01954BC38628F92C3A06EF3141FF0FE1CF9C
Authority key identifier: 68:C2:15:60:B1:22:19:CF:8E:AB:55:F7:4D:98:F2:E9:AE:D5:17:46
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aMIVYLEiGc-Oq1X3TZjy6a7VF0Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/70/bc5034-600a-49b3-84b9-ac1edbb477c0/1/Mk6bMg9yn912dvqA2bZ2UEvYkBY.roa
Signing time:             Fri 28 Feb 2025 08:54:19 +0000
ROA not before:           Fri 28 Feb 2025 08:54:19 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15967
IP address blocks:        185.248.212.0/22 maxlen: 22
                          185.248.212.0/24 maxlen: 24
                          185.248.213.0/24 maxlen: 24
                          185.248.214.0/24 maxlen: 24
                          185.248.215.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/70/bc5034-600a-49b3-84b9-ac1edbb477c0/1/aMIVYLEiGc-Oq1X3TZjy6a7VF0Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/70/bc5034-600a-49b3-84b9-ac1edbb477c0/1/aMIVYLEiGc-Oq1X3TZjy6a7VF0Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aMIVYLEiGc-Oq1X3TZjy6a7VF0Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:4b:c3:86:28:f9:2c:3a:06:ef:31:41:ff:0f:e1:cf:9c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=68c21560b12219cf8eab55f74d98f2e9aed51746
        Validity
            Not Before: Feb 28 08:54:19 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=324e9b320f729fdd7676fa80d9b676504bd89016
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:2a:71:67:2e:1a:83:73:9d:f1:9e:fb:90:9a:
                    ba:2d:52:d8:78:51:ff:2f:5c:4e:82:1d:52:c5:e4:
                    e3:21:e2:70:e4:25:33:9b:85:63:4a:e2:d1:d6:6b:
                    8e:70:8b:09:34:03:b1:c6:11:16:c2:80:fe:e2:d3:
                    92:af:be:23:e3:e6:b1:cd:4c:8c:25:b6:97:b8:c9:
                    91:ae:dc:cb:99:98:b9:3e:f1:68:40:91:77:37:ce:
                    d9:41:a0:4e:24:ee:5d:7c:7b:3b:08:c0:b8:3e:46:
                    30:7b:29:25:36:7e:e9:37:61:0d:e4:cb:1f:ae:54:
                    88:26:20:79:7f:06:3c:cb:68:4e:e1:07:85:cc:ef:
                    64:c1:e2:07:fc:c5:19:84:60:0b:75:64:b8:94:4b:
                    e8:66:84:08:0d:2c:7c:a8:2b:dd:0a:1b:d4:57:90:
                    0b:28:f0:43:23:12:84:fc:83:87:c7:f1:db:1c:a3:
                    1f:8b:87:17:ec:c3:b2:4f:fa:89:4b:45:53:22:d6:
                    44:f3:3e:2f:35:7e:13:92:d5:f0:c3:b1:52:d3:07:
                    13:1c:8f:b0:e6:fc:fd:9c:40:e4:ba:30:42:7f:44:
                    c7:3f:0c:70:bd:93:4a:63:83:c5:0f:0c:2e:0c:05:
                    da:5c:43:34:84:23:40:92:f7:83:d9:98:2e:8a:d8:
                    6d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:4E:9B:32:0F:72:9F:DD:76:76:FA:80:D9:B6:76:50:4B:D8:90:16
            X509v3 Authority Key Identifier:
                keyid:68:C2:15:60:B1:22:19:CF:8E:AB:55:F7:4D:98:F2:E9:AE:D5:17:46

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aMIVYLEiGc-Oq1X3TZjy6a7VF0Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/bc5034-600a-49b3-84b9-ac1edbb477c0/1/Mk6bMg9yn912dvqA2bZ2UEvYkBY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/70/bc5034-600a-49b3-84b9-ac1edbb477c0/1/aMIVYLEiGc-Oq1X3TZjy6a7VF0Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.212.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2a:62:28:61:d8:f3:4d:56:69:85:53:59:79:b2:a3:eb:41:0f:
         04:87:8d:cd:6c:32:05:2d:f6:b8:d2:cc:8e:94:6d:d0:3f:36:
         dd:17:da:63:12:f0:9b:31:0e:3b:f6:c6:47:9d:f6:80:56:29:
         ad:7f:52:46:b7:5d:5a:a9:f9:20:29:a8:40:8f:4a:60:57:1d:
         70:ee:94:43:55:2d:e0:08:55:a2:e2:91:4e:89:6b:78:62:e5:
         2f:ad:08:92:99:a8:ed:1f:96:22:bf:a9:7e:d7:47:82:cc:11:
         e3:99:fa:d9:fb:9e:5d:15:6d:2c:46:54:49:3b:f3:71:33:42:
         7d:39:a2:a9:f7:16:9e:4b:16:44:3e:ae:69:b1:55:bc:b1:6f:
         c0:d3:48:d7:9d:39:41:fe:66:c9:e2:44:42:6d:4b:55:d5:7d:
         51:f8:2b:59:4d:38:9b:53:64:71:80:a6:59:fe:7f:6d:15:b9:
         d8:e2:82:7d:be:f3:76:56:00:da:21:49:4d:d2:bc:f8:7a:4e:
         8d:a0:6c:21:85:83:f9:36:44:d7:2f:bb:bf:bc:b0:45:33:8b:
         30:25:35:cf:cb:9a:a8:17:a7:a6:4a:7c:fb:25:04:2c:cb:d2:
         2e:42:cd:d6:6e:e8:9b:44:4d:3a:88:aa:53:b9:95:80:14:d6:
         b7:e7:51:7c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZVLw4Yo+Sw6Bu8xQf8P4c+cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4YzIxNTYwYjEyMjE5Y2Y4ZWFiNTVmNzRkOThmMmU5YWVk
NTE3NDYwHhcNMjUwMjI4MDg1NDE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjRlOWIzMjBmNzI5ZmRkNzY3NmZhODBkOWI2NzY1MDRiZDg5MDE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ypxZy4ag3Od8Z77kJq6LVLYeFH/
L1xOgh1SxeTjIeJw5CUzm4VjSuLR1muOcIsJNAOxxhEWwoD+4tOSr74j4+axzUyM
JbaXuMmRrtzLmZi5PvFoQJF3N87ZQaBOJO5dfHs7CMC4PkYweyklNn7pN2EN5Msf
rlSIJiB5fwY8y2hO4QeFzO9kweIH/MUZhGALdWS4lEvoZoQIDSx8qCvdChvUV5AL
KPBDIxKE/IOHx/HbHKMfi4cX7MOyT/qJS0VTItZE8z4vNX4TktXww7FS0wcTHI+w
5vz9nEDkujBCf0THPwxwvZNKY4PFDwwuDAXaXEM0hCNAkveD2ZguithtnQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDJOmzIPcp/ddnb6gNm2dlBL2JAWMB8GA1UdIwQY
MBaAFGjCFWCxIhnPjqtV902Y8umu1RdGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYU1JVllMRWlHYy1PcTFYM1Raank2YTdWRjBZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC9iYzUwMzQtNjAwYS00OWIzLTg0Yjkt
YWMxZWRiYjQ3N2MwLzEvTWs2Yk1nOXluOTEyZHZxQTJiWjJVRXZZa0JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC9iYzUwMzQtNjAwYS00OWIzLTg0YjktYWMxZWRiYjQ3N2Mw
LzEvYU1JVllMRWlHYy1PcTFYM1Raank2YTdWRjBZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCufjUMA0G
CSqGSIb3DQEBCwUAA4IBAQAqYihh2PNNVmmFU1l5sqPrQQ8Eh43NbDIFLfa40syO
lG3QPzbdF9pjEvCbMQ479sZHnfaAVimtf1JGt11aqfkgKahAj0pgVx1w7pRDVS3g
CFWi4pFOiWt4YuUvrQiSmajtH5Yiv6l+10eCzBHjmfrZ+55dFW0sRlRJO/NxM0J9
OaKp9xaeSxZEPq5psVW8sW/A00jXnTlB/mbJ4kRCbUtV1X1R+CtZTTibU2RxgKZZ
/n9tFbnY4oJ9vvN2VgDaIUlN0rz4ek6NoGwhhYP5NkTXL7u/vLBFM4swJTXPy5qo
F6emSnz7JQQsy9IuQs3WbuibRE06iKpTuZWAFNa351F8
-----END CERTIFICATE-----