Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/PXiDqudXgKmzyY9YiAzq4s46dWE.roa
File:                     PXiDqudXgKmzyY9YiAzq4s46dWE.roa (raw, json)
Hash identifier:          5TBNAVFbP2ChjbJK1BJdzLBXEkgEKjRymZk/TEDkDEM=
Subject key identifier:   3D:78:83:AA:E7:57:80:A9:B3:C9:8F:58:88:0C:EA:E2:CE:3A:75:61
Certificate issuer:       /CN=6aa6f9e3e2622a7815a259e58d552439c255a31b
Certificate serial:       01942521A164690EB9ADF7D33DBCF5BE08A9
Authority key identifier: 6A:A6:F9:E3:E2:62:2A:78:15:A2:59:E5:8D:55:24:39:C2:55:A3:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aqb54-JiKngVolnljVUkOcJVoxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/PXiDqudXgKmzyY9YiAzq4s46dWE.roa
Signing time:             Thu 02 Jan 2025 03:49:08 +0000
ROA not before:           Thu 02 Jan 2025 03:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34984
IP address blocks:        185.157.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/aqb54-JiKngVolnljVUkOcJVoxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/aqb54-JiKngVolnljVUkOcJVoxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aqb54-JiKngVolnljVUkOcJVoxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 21:50:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:a1:64:69:0e:b9:ad:f7:d3:3d:bc:f5:be:08:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6aa6f9e3e2622a7815a259e58d552439c255a31b
        Validity
            Not Before: Jan  2 03:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3d7883aae75780a9b3c98f58880ceae2ce3a7561
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:44:27:50:15:cc:90:4e:41:8e:98:5d:de:6c:
                    88:26:0e:40:27:cb:2e:4a:36:4f:b0:bd:4a:6c:ef:
                    86:99:e4:99:44:69:81:db:e0:0f:1c:83:08:e4:b9:
                    ba:43:ce:2c:7e:b5:6f:f7:2c:59:28:d9:33:e1:72:
                    d5:0a:df:31:86:84:7b:cc:54:bb:fb:52:aa:bf:10:
                    81:8b:11:33:fe:9f:7c:e5:f7:8b:d7:bd:bc:6a:a8:
                    6c:65:a7:8e:bf:a5:42:f8:53:49:e0:3c:71:bc:a4:
                    6a:18:c4:c6:4a:c4:10:e3:95:56:1a:73:06:ac:c2:
                    28:be:06:97:d6:f0:e3:a6:7a:85:03:b7:aa:43:9b:
                    99:b0:00:e3:a9:bc:e7:bd:4f:8d:80:a8:36:af:c9:
                    04:24:41:28:30:28:fa:a4:9a:ab:67:79:ae:5b:8a:
                    e8:d1:12:d9:cd:a1:c3:54:d2:dd:78:ec:d6:d0:21:
                    ab:92:42:cc:ae:0d:2d:a5:33:a6:81:9b:66:7b:10:
                    b5:57:cc:fe:64:67:e2:b1:11:e2:0d:32:d4:51:00:
                    00:c7:6f:18:5b:74:8d:2f:4c:da:be:4c:66:7e:30:
                    2c:4c:17:8f:4c:9b:07:3d:12:11:65:51:eb:ed:6f:
                    36:5b:6a:41:91:e5:8d:b6:50:18:db:83:22:11:84:
                    57:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:78:83:AA:E7:57:80:A9:B3:C9:8F:58:88:0C:EA:E2:CE:3A:75:61
            X509v3 Authority Key Identifier:
                keyid:6A:A6:F9:E3:E2:62:2A:78:15:A2:59:E5:8D:55:24:39:C2:55:A3:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aqb54-JiKngVolnljVUkOcJVoxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/PXiDqudXgKmzyY9YiAzq4s46dWE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/aqb54-JiKngVolnljVUkOcJVoxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:2a:8c:0c:94:e3:35:9f:b7:56:40:96:76:e3:8e:6d:02:04:
         51:2c:78:f9:b0:19:fa:28:c3:5f:45:b0:09:dd:10:21:fe:58:
         13:0f:a6:31:a0:cc:0f:81:51:fe:58:9c:65:41:95:c9:fc:9d:
         2e:8b:26:28:41:0b:49:02:ff:79:84:ad:1a:aa:1c:47:b8:72:
         d3:50:9c:4d:6e:b1:f1:8c:c7:a6:d7:18:43:dd:f4:ba:e0:70:
         15:e2:ae:f9:e6:27:fe:28:66:c1:11:3d:e6:ba:36:5f:73:a4:
         07:59:71:b3:c4:8a:bc:25:a5:a4:3f:15:b2:8b:2c:91:6b:5a:
         bb:14:68:a9:14:48:46:56:d5:cd:fd:1b:ae:7a:65:05:bc:81:
         2e:f4:f5:2e:c1:e6:99:65:46:f7:9f:57:68:03:4a:cb:e1:63:
         72:53:01:8c:fb:d0:b1:91:07:e6:64:67:9d:19:a1:7a:7a:47:
         45:b8:60:0e:9c:c3:fd:97:a8:88:d8:67:18:a2:e5:42:42:fd:
         70:81:f9:d9:68:65:11:bd:99:20:6d:76:dd:49:99:c9:90:10:
         e6:86:02:9e:2b:4f:15:ae:32:6a:e3:c4:64:0a:8f:5f:54:2d:
         5d:3d:03:d7:d5:e9:e0:95:1b:d9:a9:4d:ff:88:09:f0:cb:5b:
         f4:6e:ea:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIaFkaQ65rffTPbz1vgipMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYTZmOWUzZTI2MjJhNzgxNWEyNTllNThkNTUyNDM5YzI1
NWEzMWIwHhcNMjUwMTAyMDM0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDc4ODNhYWU3NTc4MGE5YjNjOThmNTg4ODBjZWFlMmNlM2E3NTYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2kQnUBXMkE5Bjphd3myIJg5AJ8su
SjZPsL1KbO+GmeSZRGmB2+APHIMI5Lm6Q84sfrVv9yxZKNkz4XLVCt8xhoR7zFS7
+1KqvxCBixEz/p985feL1728aqhsZaeOv6VC+FNJ4DxxvKRqGMTGSsQQ45VWGnMG
rMIovgaX1vDjpnqFA7eqQ5uZsADjqbznvU+NgKg2r8kEJEEoMCj6pJqrZ3muW4ro
0RLZzaHDVNLdeOzW0CGrkkLMrg0tpTOmgZtmexC1V8z+ZGfisRHiDTLUUQAAx28Y
W3SNL0zavkxmfjAsTBePTJsHPRIRZVHr7W82W2pBkeWNtlAY24MiEYRXLQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFD14g6rnV4Cps8mPWIgM6uLOOnVhMB8GA1UdIwQY
MBaAFGqm+ePiYip4FaJZ5Y1VJDnCVaMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXFiNTQtSmlLbmdWb2xubGpWVWtPY0pWb3hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS85MzY4MDYtYmI2ZC00NWYzLTg4Mzct
YzUwNzM0ZDAyMGYwLzEvUFhpRHF1ZFhnS216eVk5WWlBenE0czQ2ZFdFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS85MzY4MDYtYmI2ZC00NWYzLTg4MzctYzUwNzM0ZDAyMGYw
LzEvYXFiNTQtSmlLbmdWb2xubGpWVWtPY0pWb3hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ3MMA0G
CSqGSIb3DQEBCwUAA4IBAQCxKowMlOM1n7dWQJZ2445tAgRRLHj5sBn6KMNfRbAJ
3RAh/lgTD6YxoMwPgVH+WJxlQZXJ/J0uiyYoQQtJAv95hK0aqhxHuHLTUJxNbrHx
jMem1xhD3fS64HAV4q755if+KGbBET3mujZfc6QHWXGzxIq8JaWkPxWyiyyRa1q7
FGipFEhGVtXN/RuuemUFvIEu9PUuweaZZUb3n1doA0rL4WNyUwGM+9CxkQfmZGed
GaF6ekdFuGAOnMP9l6iI2GcYouVCQv1wgfnZaGURvZkgbXbdSZnJkBDmhgKeK08V
rjJq48RkCo9fVC1dPQPX1englRvZqU3/iAnwy1v0buoM
-----END CERTIFICATE-----