Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/bf4263-ffae-42d7-be0f-6295b854df86/1/voTBQK08ae5dJLLPC_WLTf299J4.roa
File:                     voTBQK08ae5dJLLPC_WLTf299J4.roa (raw, json)
Hash identifier:          IJFytwQyok533gq1H2eNYMHcRnLoiQur1Z7mEoU5py4=
Subject key identifier:   BE:84:C1:40:AD:3C:69:EE:5D:24:B2:CF:0B:F5:8B:4D:FD:BD:F4:9E
Certificate issuer:       /CN=01538851167b4e3d6f64d53797b08cb41371870f
Certificate serial:       019420680A8FC7629F9F05E3883483CEF3AF
Authority key identifier: 01:53:88:51:16:7B:4E:3D:6F:64:D5:37:97:B0:8C:B4:13:71:87:0F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/AVOIURZ7Tj1vZNU3l7CMtBNxhw8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9d/bf4263-ffae-42d7-be0f-6295b854df86/1/voTBQK08ae5dJLLPC_WLTf299J4.roa
Signing time:             Wed 01 Jan 2025 05:47:56 +0000
ROA not before:           Wed 01 Jan 2025 05:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60111
IP address blocks:        185.182.204.0/22 maxlen: 22
                          2a0a:f880::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9d/bf4263-ffae-42d7-be0f-6295b854df86/1/AVOIURZ7Tj1vZNU3l7CMtBNxhw8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9d/bf4263-ffae-42d7-be0f-6295b854df86/1/AVOIURZ7Tj1vZNU3l7CMtBNxhw8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/AVOIURZ7Tj1vZNU3l7CMtBNxhw8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:0a:8f:c7:62:9f:9f:05:e3:88:34:83:ce:f3:af
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=01538851167b4e3d6f64d53797b08cb41371870f
        Validity
            Not Before: Jan  1 05:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=be84c140ad3c69ee5d24b2cf0bf58b4dfdbdf49e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:71:22:a6:cf:6b:b9:2a:f8:f1:ca:39:de:99:
                    35:a3:20:85:a8:52:99:1e:12:79:0d:c3:15:52:8a:
                    29:45:25:61:46:27:11:05:10:1b:59:a4:70:23:62:
                    28:c8:6d:75:3f:ef:c7:2f:87:fb:84:85:1a:97:fe:
                    1a:27:21:5a:8d:a0:03:66:44:23:bd:61:4f:54:a2:
                    47:87:30:d7:66:38:50:2f:10:51:10:a8:4a:8e:a2:
                    dd:d1:84:c3:00:9c:16:11:78:b2:ba:c7:03:ba:d6:
                    d0:12:dd:36:42:1f:7f:77:50:7f:07:68:5d:7c:8e:
                    a9:9b:89:2e:76:ff:a2:b0:37:14:0c:c2:89:32:6e:
                    52:10:17:58:7d:51:53:75:e7:1f:70:9e:08:f9:df:
                    43:5a:e3:da:79:c3:9c:b9:1c:ee:ac:d6:86:8f:6b:
                    02:48:c2:ee:ce:fa:f2:7e:ae:7e:fe:c6:fe:2d:e1:
                    4d:e3:9a:e7:a1:54:43:b8:cb:57:8b:73:68:db:e5:
                    0a:92:b7:c9:07:7f:d8:25:00:5f:49:0a:cf:42:c4:
                    c3:ef:61:30:8d:3c:e9:a6:07:42:d4:1b:7f:80:7b:
                    c7:9c:87:da:18:7a:c8:67:6c:b2:f2:91:df:24:cb:
                    46:17:74:d5:83:9a:0e:7a:b1:11:2f:1c:59:d9:86:
                    2c:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:84:C1:40:AD:3C:69:EE:5D:24:B2:CF:0B:F5:8B:4D:FD:BD:F4:9E
            X509v3 Authority Key Identifier:
                keyid:01:53:88:51:16:7B:4E:3D:6F:64:D5:37:97:B0:8C:B4:13:71:87:0F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AVOIURZ7Tj1vZNU3l7CMtBNxhw8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/bf4263-ffae-42d7-be0f-6295b854df86/1/voTBQK08ae5dJLLPC_WLTf299J4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/bf4263-ffae-42d7-be0f-6295b854df86/1/AVOIURZ7Tj1vZNU3l7CMtBNxhw8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.182.204.0/22
                IPv6:
                  2a0a:f880::/29

    Signature Algorithm: sha256WithRSAEncryption
         06:c9:59:15:46:be:b4:06:91:c4:e7:37:5f:18:e4:20:2c:83:
         0a:eb:11:93:69:9b:56:a6:20:31:18:91:c4:eb:2b:12:44:31:
         0f:87:32:72:c6:95:06:04:44:ee:b1:ca:ae:0b:3a:52:7a:86:
         53:fd:f7:c3:f0:2f:6b:5a:e6:13:17:a7:a9:8b:33:9c:ce:ef:
         71:6c:4c:80:e2:a7:39:5b:23:fa:d2:0b:4c:d4:4c:66:34:87:
         3f:69:1f:7f:21:33:cd:54:22:01:15:d8:e8:80:da:b2:b2:64:
         a4:c3:77:bc:25:c8:16:50:7b:c7:cb:50:c0:e0:1b:26:95:62:
         07:84:44:ab:7a:73:39:74:74:fd:12:7a:50:f2:70:61:d7:b2:
         39:d6:9c:00:a8:bf:38:04:2a:76:f6:c2:42:01:da:54:ea:d7:
         f1:05:7f:f6:13:d6:af:07:45:07:4d:9c:c0:2d:88:b0:c6:79:
         32:44:53:e0:dd:a2:34:d5:bb:0b:38:f4:12:06:cc:4e:d4:35:
         5a:01:18:7f:d8:7c:6c:10:7f:61:4b:bc:61:13:cb:95:3b:d3:
         9d:76:0c:d0:fa:07:aa:9b:7a:a0:eb:91:68:84:67:51:b5:9e:
         98:25:11:c8:a3:22:48:d4:e7:82:ec:87:4d:a0:7d:02:98:5c:
         ec:51:60:9e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgaAqPx2KfnwXjiDSDzvOvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAxNTM4ODUxMTY3YjRlM2Q2ZjY0ZDUzNzk3YjA4Y2I0MTM3
MTg3MGYwHhcNMjUwMTAxMDU0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTg0YzE0MGFkM2M2OWVlNWQyNGIyY2YwYmY1OGI0ZGZkYmRmNDllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3Eips9ruSr48co53pk1oyCFqFKZ
HhJ5DcMVUoopRSVhRicRBRAbWaRwI2IoyG11P+/HL4f7hIUal/4aJyFajaADZkQj
vWFPVKJHhzDXZjhQLxBREKhKjqLd0YTDAJwWEXiyuscDutbQEt02Qh9/d1B/B2hd
fI6pm4kudv+isDcUDMKJMm5SEBdYfVFTdecfcJ4I+d9DWuPaecOcuRzurNaGj2sC
SMLuzvryfq5+/sb+LeFN45rnoVRDuMtXi3No2+UKkrfJB3/YJQBfSQrPQsTD72Ew
jTzppgdC1Bt/gHvHnIfaGHrIZ2yy8pHfJMtGF3TVg5oOerERLxxZ2YYsMQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFL6EwUCtPGnuXSSyzwv1i039vfSeMB8GA1UdIwQY
MBaAFAFTiFEWe049b2TVN5ewjLQTcYcPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQVZPSVVSWjdUajF2Wk5VM2w3Q010Qk54aHc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC9iZjQyNjMtZmZhZS00MmQ3LWJlMGYt
NjI5NWI4NTRkZjg2LzEvdm9UQlFLMDhhZTVkSkxMUENfV0xUZjI5OUo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC9iZjQyNjMtZmZhZS00MmQ3LWJlMGYtNjI5NWI4NTRkZjg2
LzEvQVZPSVVSWjdUajF2Wk5VM2w3Q010Qk54aHc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubbMMA0E
AgACMAcDBQMqCviAMA0GCSqGSIb3DQEBCwUAA4IBAQAGyVkVRr60BpHE5zdfGOQg
LIMK6xGTaZtWpiAxGJHE6ysSRDEPhzJyxpUGBETuscquCzpSeoZT/ffD8C9rWuYT
F6epizOczu9xbEyA4qc5WyP60gtM1ExmNIc/aR9/ITPNVCIBFdjogNqysmSkw3e8
JcgWUHvHy1DA4BsmlWIHhESrenM5dHT9EnpQ8nBh17I51pwAqL84BCp29sJCAdpU
6tfxBX/2E9avB0UHTZzALYiwxnkyRFPg3aI01bsLOPQSBsxO1DVaARh/2HxsEH9h
S7xhE8uVO9OddgzQ+geqm3qg65FohGdRtZ6YJRHIoyJI1OeC7IdNoH0CmFzsUWCe
-----END CERTIFICATE-----