Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/ok2coLlZfCNf012-KQnTYpk7lZE.roa
File:                     ok2coLlZfCNf012-KQnTYpk7lZE.roa (raw, json)
Hash identifier:          jPQ1+YObpchvAlB5pc4INo3tzPPIYQQgACezxT56CVQ=
Subject key identifier:   A2:4D:9C:A0:B9:59:7C:23:5F:D3:5D:BE:29:09:D3:62:99:3B:95:91
Certificate issuer:       /CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
Certificate serial:       019425FDC2DD1D60072146A6F3EA337242D6
Authority key identifier: 6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/ok2coLlZfCNf012-KQnTYpk7lZE.roa
Signing time:             Thu 02 Jan 2025 07:49:35 +0000
ROA not before:           Thu 02 Jan 2025 07:49:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8870
IP address blocks:        185.237.72.0/24 maxlen: 24
                          185.237.73.0/24 maxlen: 24
                          185.237.74.0/24 maxlen: 24
                          185.237.75.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:c2:dd:1d:60:07:21:46:a6:f3:ea:33:72:42:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ce97cf4d8d0bc17b3af1d62c4d71488661bd212
        Validity
            Not Before: Jan  2 07:49:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a24d9ca0b9597c235fd35dbe2909d362993b9591
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:bf:7b:0c:94:da:be:f4:2d:a1:9d:5c:05:62:
                    9e:d0:be:48:fd:57:92:b4:bb:70:51:7e:06:a2:7f:
                    b2:c7:6b:85:b8:4c:2d:37:51:4d:9f:a6:ef:94:89:
                    54:fc:5e:41:1f:11:7a:ba:08:5a:2e:cf:08:b1:4c:
                    64:42:4b:f6:bb:a3:dc:f1:45:02:a9:44:0b:b8:03:
                    67:80:21:19:98:dc:97:5c:06:3a:2f:2f:dd:63:5d:
                    5f:78:ef:16:d3:78:07:c9:1f:c2:97:7b:32:18:49:
                    b9:45:4a:48:c0:60:50:f5:5f:9b:b1:d5:c9:80:32:
                    87:3a:d1:d1:5c:23:fd:bf:0e:5e:23:c4:50:d7:dd:
                    cf:22:be:b5:0a:67:1c:bf:73:e1:91:f4:0e:94:8c:
                    2e:9a:cd:f0:8e:ed:55:eb:5a:52:bf:5e:10:d7:fb:
                    93:96:ad:8e:d9:57:55:98:8d:ed:d5:41:70:40:73:
                    4b:d8:6c:10:dc:ea:87:a0:ce:9a:90:86:e5:4e:31:
                    c2:9e:23:de:61:cd:3d:7c:14:11:db:95:92:65:6f:
                    7a:37:30:e6:71:89:7d:23:13:f3:b9:f4:bb:e4:c9:
                    67:42:d4:7f:8d:e4:8a:cf:8a:10:a6:c8:17:60:b5:
                    19:5d:a8:89:f6:dc:39:a3:40:75:ea:db:47:f4:1e:
                    a6:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A2:4D:9C:A0:B9:59:7C:23:5F:D3:5D:BE:29:09:D3:62:99:3B:95:91
            X509v3 Authority Key Identifier:
                keyid:6C:E9:7C:F4:D8:D0:BC:17:B3:AF:1D:62:C4:D7:14:88:66:1B:D2:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bOl89NjQvBezrx1ixNcUiGYb0hI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/ok2coLlZfCNf012-KQnTYpk7lZE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/e4ccb1-ca25-4099-8273-3993aa324e1f/1/bOl89NjQvBezrx1ixNcUiGYb0hI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.237.72.0/22

    Signature Algorithm: sha256WithRSAEncryption
         63:31:98:87:fd:32:92:15:54:20:8a:31:b0:3a:9d:d8:9a:2d:
         7d:c6:8c:ef:ca:33:19:1c:61:8e:57:4a:c0:be:76:4b:03:cc:
         e2:76:87:72:13:df:16:3f:37:72:0a:9d:68:48:dd:f0:85:f9:
         cd:b8:0a:6b:af:a3:04:0c:83:6d:85:57:48:7c:e7:59:c6:32:
         5a:12:fc:7b:ce:e7:9a:e6:59:2d:f1:77:7d:d5:ed:a6:fa:67:
         6e:6a:4b:bf:9d:8a:69:9c:8f:61:75:40:f7:7e:1f:1a:30:32:
         24:a5:88:c7:e7:8f:59:3d:cd:7f:f1:f9:46:9e:f0:68:3c:5a:
         0b:9d:86:5f:9a:e9:ce:5a:55:c6:2f:79:50:e3:1d:60:d0:47:
         95:0d:7c:93:b3:31:5c:3f:82:54:1c:f2:8a:2a:15:bc:7a:19:
         af:31:52:f0:be:17:be:c0:69:ba:f6:98:70:c9:fe:62:70:c0:
         52:34:ee:bb:82:dc:f8:d3:4f:7c:3f:9c:e0:02:f9:11:cb:de:
         4d:72:92:81:7f:4e:3a:e5:83:9e:97:2b:76:cf:86:ff:cf:64:
         0e:83:a2:77:48:8f:76:d2:e2:a3:2d:c0:70:6c:3f:7e:6d:ef:
         e1:35:73:21:55:8c:a4:47:25:62:ca:e5:89:5e:aa:f0:8b:9c:
         48:04:4d:2c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/cLdHWAHIUam8+ozckLWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjZTk3Y2Y0ZDhkMGJjMTdiM2FmMWQ2MmM0ZDcxNDg4NjYx
YmQyMTIwHhcNMjUwMTAyMDc0OTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjRkOWNhMGI5NTk3YzIzNWZkMzVkYmUyOTA5ZDM2Mjk5M2I5NTkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4797DJTavvQtoZ1cBWKe0L5I/VeS
tLtwUX4Gon+yx2uFuEwtN1FNn6bvlIlU/F5BHxF6ughaLs8IsUxkQkv2u6Pc8UUC
qUQLuANngCEZmNyXXAY6Ly/dY11feO8W03gHyR/Cl3syGEm5RUpIwGBQ9V+bsdXJ
gDKHOtHRXCP9vw5eI8RQ193PIr61Cmccv3PhkfQOlIwums3wju1V61pSv14Q1/uT
lq2O2VdVmI3t1UFwQHNL2GwQ3OqHoM6akIblTjHCniPeYc09fBQR25WSZW96NzDm
cYl9IxPzufS75MlnQtR/jeSKz4oQpsgXYLUZXaiJ9tw5o0B16ttH9B6m0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKJNnKC5WXwjX9NdvikJ02KZO5WRMB8GA1UdIwQY
MBaAFGzpfPTY0LwXs68dYsTXFIhmG9ISMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMt
Mzk5M2FhMzI0ZTFmLzEvb2syY29MbFpmQ05mMDEyLUtRblRZcGs3bFpFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9lNGNjYjEtY2EyNS00MDk5LTgyNzMtMzk5M2FhMzI0ZTFm
LzEvYk9sODlOalF2QmV6cngxaXhOY1VpR1liMGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue1IMA0G
CSqGSIb3DQEBCwUAA4IBAQBjMZiH/TKSFVQgijGwOp3Ymi19xozvyjMZHGGOV0rA
vnZLA8zidodyE98WPzdyCp1oSN3whfnNuAprr6MEDINthVdIfOdZxjJaEvx7zuea
5lkt8Xd91e2m+mduaku/nYppnI9hdUD3fh8aMDIkpYjH549ZPc1/8flGnvBoPFoL
nYZfmunOWlXGL3lQ4x1g0EeVDXyTszFcP4JUHPKKKhW8ehmvMVLwvhe+wGm69phw
yf5icMBSNO67gtz40098P5zgAvkRy95NcpKBf0465YOelyt2z4b/z2QOg6J3SI92
0uKjLcBwbD9+be/hNXMhVYykRyViyuWJXqrwi5xIBE0s
-----END CERTIFICATE-----