Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/zcIKYF31kqLXVCzbH17EaIEDIDo.roa
File:                     zcIKYF31kqLXVCzbH17EaIEDIDo.roa (raw, json)
Hash identifier:          x3QxGFAkudwhQbhqTbfk31Fm3k1Hx9pCO8uu0NWcemE=
Subject key identifier:   CD:C2:0A:60:5D:F5:92:A2:D7:54:2C:DB:1F:5E:C4:68:81:03:20:3A
Certificate issuer:       /CN=6ba3186597742a926cd26504e1ed76f8543fdb26
Certificate serial:       01942825434F17672E7223CCDCBC8868A286
Authority key identifier: 6B:A3:18:65:97:74:2A:92:6C:D2:65:04:E1:ED:76:F8:54:3F:DB:26
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a6MYZZd0KpJs0mUE4e12-FQ_2yY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/zcIKYF31kqLXVCzbH17EaIEDIDo.roa
Signing time:             Thu 02 Jan 2025 17:51:58 +0000
ROA not before:           Thu 02 Jan 2025 17:51:58 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204175
IP address blocks:        185.219.219.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/a6MYZZd0KpJs0mUE4e12-FQ_2yY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/a6MYZZd0KpJs0mUE4e12-FQ_2yY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a6MYZZd0KpJs0mUE4e12-FQ_2yY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:43:4f:17:67:2e:72:23:cc:dc:bc:88:68:a2:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ba3186597742a926cd26504e1ed76f8543fdb26
        Validity
            Not Before: Jan  2 17:51:58 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cdc20a605df592a2d7542cdb1f5ec4688103203a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:48:d5:96:67:e1:9a:35:d3:fd:31:21:57:84:
                    ff:ee:69:9a:9d:c5:3e:98:5f:d7:8a:65:a6:e9:f5:
                    12:c7:c6:a9:c8:20:97:21:68:e8:63:bf:00:ff:59:
                    ef:e3:6b:02:69:e6:56:a2:bf:f0:26:8b:7d:b7:3c:
                    e9:e7:c6:b2:bc:4d:9e:9b:a2:3d:0d:ab:bf:c3:1d:
                    54:32:9a:82:c8:9b:83:81:d2:98:d4:91:b3:0c:56:
                    9b:0d:ec:68:64:fd:23:28:09:ee:0a:4a:46:d8:30:
                    e9:2f:d0:b9:cd:4c:18:4d:8d:88:40:b7:e5:a4:d7:
                    ba:bf:7a:3b:42:02:3f:91:cf:6b:d0:fe:9c:cc:7c:
                    51:90:4d:69:e2:a0:99:84:8c:41:46:37:7d:45:f1:
                    cb:41:b9:64:02:9b:01:ae:b6:27:25:56:84:bd:ce:
                    14:e9:9d:d9:4f:cf:68:68:8e:e9:5b:96:ea:30:20:
                    75:cc:59:bd:dd:da:76:e8:f8:8e:b1:4c:80:5c:1f:
                    fb:3d:e5:08:1a:83:c3:51:f9:7c:15:99:e4:bf:3c:
                    0e:25:7b:71:59:41:37:93:7d:14:c9:36:08:0a:7a:
                    d3:38:a6:4b:df:d4:43:2d:9d:51:14:5b:aa:9e:a5:
                    7d:b6:3a:73:f4:a9:61:f7:69:a6:c0:c1:3d:f8:62:
                    2f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:C2:0A:60:5D:F5:92:A2:D7:54:2C:DB:1F:5E:C4:68:81:03:20:3A
            X509v3 Authority Key Identifier:
                keyid:6B:A3:18:65:97:74:2A:92:6C:D2:65:04:E1:ED:76:F8:54:3F:DB:26

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6MYZZd0KpJs0mUE4e12-FQ_2yY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/zcIKYF31kqLXVCzbH17EaIEDIDo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a6/9d5910-9f5e-446c-8d3c-bc007f2dac24/1/a6MYZZd0KpJs0mUE4e12-FQ_2yY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.219.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:15:be:f9:40:53:a6:ea:27:14:8e:59:d5:22:88:b3:65:55:
         74:d1:45:18:47:af:4b:f5:f2:c0:3d:9a:d4:d7:db:c6:57:43:
         c6:e3:0e:35:23:b0:00:c5:10:c7:5b:66:e7:c2:41:b0:5a:49:
         82:72:b5:2d:e5:b4:fe:cf:73:86:88:4f:74:c4:af:cd:45:0a:
         7c:58:62:cd:59:a6:22:ed:18:9e:68:00:d6:82:0f:6b:7f:97:
         be:75:2a:8c:5a:df:eb:b8:f9:5c:f2:0c:c0:f1:8a:a9:51:b6:
         e8:cf:2a:a1:87:c4:e0:b2:11:7e:69:48:e5:dd:93:31:cb:e9:
         34:3a:59:cf:87:47:f2:8f:24:52:db:1b:04:c9:2d:0e:cd:d8:
         25:0f:2b:95:25:e7:1f:63:fa:74:72:83:27:3d:d9:d6:f5:a5:
         72:44:c3:8a:29:8b:b3:a6:01:18:f2:11:2e:ea:09:33:73:52:
         1d:08:f3:50:8f:cf:ed:ea:46:4d:80:1e:97:9b:6c:66:cc:31:
         a6:b3:4e:91:a4:b5:7f:b3:95:b8:3f:0a:a8:1c:23:e5:81:b5:
         35:c6:97:f1:06:23:45:72:ac:df:11:be:08:f1:c6:cb:0d:c8:
         44:c2:d0:4b:88:fa:74:ca:c2:39:d1:9e:51:8b:1d:13:18:89:
         2f:40:ba:a3
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQoJUNPF2cuciPM3LyIaKKGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYTMxODY1OTc3NDJhOTI2Y2QyNjUwNGUxZWQ3NmY4NTQz
ZmRiMjYwHhcNMjUwMTAyMTc1MTU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGMyMGE2MDVkZjU5MmEyZDc1NDJjZGIxZjVlYzQ2ODgxMDMyMDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5EjVlmfhmjXT/TEhV4T/7mmancU+
mF/XimWm6fUSx8apyCCXIWjoY78A/1nv42sCaeZWor/wJot9tzzp58ayvE2em6I9
Dau/wx1UMpqCyJuDgdKY1JGzDFabDexoZP0jKAnuCkpG2DDpL9C5zUwYTY2IQLfl
pNe6v3o7QgI/kc9r0P6czHxRkE1p4qCZhIxBRjd9RfHLQblkApsBrrYnJVaEvc4U
6Z3ZT89oaI7pW5bqMCB1zFm93dp26PiOsUyAXB/7PeUIGoPDUfl8FZnkvzwOJXtx
WUE3k30UyTYICnrTOKZL39RDLZ1RFFuqnqV9tjpz9Klh92mmwME9+GIv0wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFM3CCmBd9ZKi11Qs2x9exGiBAyA6MB8GA1UdIwQY
MBaAFGujGGWXdCqSbNJlBOHtdvhUP9smMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTZNWVpaZDBLcEpzMG1VRTRlMTItRlFfMnlZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNi85ZDU5MTAtOWY1ZS00NDZjLThkM2Mt
YmMwMDdmMmRhYzI0LzEvemNJS1lGMzFrcUxYVkN6YkgxN0VhSUVESURvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNi85ZDU5MTAtOWY1ZS00NDZjLThkM2MtYmMwMDdmMmRhYzI0
LzEvYTZNWVpaZDBLcEpzMG1VRTRlMTItRlFfMnlZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudvbMA0G
CSqGSIb3DQEBCwUAA4IBAQC3Fb75QFOm6icUjlnVIoizZVV00UUYR69L9fLAPZrU
19vGV0PG4w41I7AAxRDHW2bnwkGwWkmCcrUt5bT+z3OGiE90xK/NRQp8WGLNWaYi
7RieaADWgg9rf5e+dSqMWt/ruPlc8gzA8YqpUbbozyqhh8TgshF+aUjl3ZMxy+k0
OlnPh0fyjyRS2xsEyS0OzdglDyuVJecfY/p0coMnPdnW9aVyRMOKKYuzpgEY8hEu
6gkzc1IdCPNQj8/t6kZNgB6Xm2xmzDGms06RpLV/s5W4PwqoHCPlgbU1xpfxBiNF
cqzfEb4I8cbLDchEwtBLiPp0ysI50Z5Rix0TGIkvQLqj
-----END CERTIFICATE-----