Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/970cf0-9298-4ff0-baf5-210ae0569a45/1/lput6Z6vJPdy08jemWLG6WZi0oE.roa
File:                     lput6Z6vJPdy08jemWLG6WZi0oE.roa (raw, json)
Hash identifier:          muWWXK/VbX5K0RlIXjBqeo4nzxA9w0OVj29rsOGgE/Y=
Subject key identifier:   96:9B:AD:E9:9E:AF:24:F7:72:D3:C8:DE:99:62:C6:E9:66:62:D2:81
Certificate issuer:       /CN=f83faec93d403f3713823fa39c7d27c62e921471
Certificate serial:       019423D6E41908F810D795F052508AF0F3EA
Authority key identifier: F8:3F:AE:C9:3D:40:3F:37:13:82:3F:A3:9C:7D:27:C6:2E:92:14:71
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-D-uyT1APzcTgj-jnH0nxi6SFHE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/970cf0-9298-4ff0-baf5-210ae0569a45/1/lput6Z6vJPdy08jemWLG6WZi0oE.roa
Signing time:             Wed 01 Jan 2025 21:47:53 +0000
ROA not before:           Wed 01 Jan 2025 21:47:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206468
IP address blocks:        185.174.171.0/24 maxlen: 24
                          2a0b:a907::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/970cf0-9298-4ff0-baf5-210ae0569a45/1/1-D-uyT1APzcTgj-jnH0nxi6SFHE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/970cf0-9298-4ff0-baf5-210ae0569a45/1/1-D-uyT1APzcTgj-jnH0nxi6SFHE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-D-uyT1APzcTgj-jnH0nxi6SFHE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d6:e4:19:08:f8:10:d7:95:f0:52:50:8a:f0:f3:ea
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f83faec93d403f3713823fa39c7d27c62e921471
        Validity
            Not Before: Jan  1 21:47:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=969bade99eaf24f772d3c8de9962c6e96662d281
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ad:52:e5:57:9c:cc:5a:d4:f9:fe:e4:3c:45:
                    9a:47:85:0a:3a:ac:10:5a:01:15:c0:24:88:b2:47:
                    b1:f9:8e:90:46:b4:79:d7:7d:40:92:b3:cc:dc:83:
                    55:8c:2f:1b:8c:a7:84:d1:0b:c7:bf:6a:2b:57:df:
                    ec:da:82:4a:32:0f:45:85:fc:e3:aa:2a:55:67:1e:
                    41:02:5b:2f:46:25:f4:33:cd:01:89:60:dc:c9:8c:
                    74:fa:0a:a9:d8:8f:21:0d:cc:fa:07:c7:08:89:15:
                    33:ca:2e:05:38:81:32:72:1f:d6:7b:70:34:6a:6a:
                    bf:fe:54:ca:2d:3a:52:60:2c:2c:01:bf:f4:21:a4:
                    3b:7b:0d:8b:da:0b:fa:e7:46:06:8c:84:3e:a0:b3:
                    43:c0:f5:07:7b:73:97:f8:55:ca:80:f5:c1:3e:7c:
                    61:d1:84:99:50:d2:72:8b:45:0d:9b:cd:30:aa:be:
                    fd:0c:a2:24:25:45:b2:02:48:1a:5d:e4:3e:c2:78:
                    0f:24:bf:42:78:dc:9d:5f:58:39:90:63:51:15:2f:
                    df:21:57:b9:23:c5:0c:a8:cf:67:cd:45:25:96:86:
                    02:10:7f:09:e7:08:ca:46:fe:de:4f:9d:06:56:9d:
                    5c:6f:c6:c4:ab:16:40:9a:96:b1:1c:7b:05:27:fe:
                    06:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:9B:AD:E9:9E:AF:24:F7:72:D3:C8:DE:99:62:C6:E9:66:62:D2:81
            X509v3 Authority Key Identifier:
                keyid:F8:3F:AE:C9:3D:40:3F:37:13:82:3F:A3:9C:7D:27:C6:2E:92:14:71

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-D-uyT1APzcTgj-jnH0nxi6SFHE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/970cf0-9298-4ff0-baf5-210ae0569a45/1/lput6Z6vJPdy08jemWLG6WZi0oE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/970cf0-9298-4ff0-baf5-210ae0569a45/1/1-D-uyT1APzcTgj-jnH0nxi6SFHE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.174.171.0/24
                IPv6:
                  2a0b:a907::/32

    Signature Algorithm: sha256WithRSAEncryption
         85:e0:bf:ad:13:f1:e8:f9:88:e8:b8:33:16:20:83:2c:2e:05:
         bd:4a:6e:21:49:a3:6f:2b:65:50:a7:a2:26:e3:b7:c2:0a:b0:
         7f:f5:d7:f4:d4:4b:40:60:73:89:9a:37:8a:b5:eb:6d:94:da:
         ab:72:7b:dd:8d:d8:2d:bf:05:10:05:f4:ce:a9:a2:22:a8:c8:
         39:b2:0f:c4:d1:a7:80:82:27:4b:9d:a2:15:73:ca:f0:51:ee:
         6e:29:6b:b7:89:3c:f5:a9:6d:93:06:73:ec:91:f2:d1:0c:dc:
         c6:80:59:4c:83:b6:c7:cf:17:9b:72:00:cb:12:7c:6a:93:c3:
         d0:5a:d0:97:02:fe:8e:77:81:89:ba:74:2d:29:24:e4:8f:cf:
         81:9a:b4:37:d3:23:69:2f:e8:f8:58:96:fd:46:41:f0:12:30:
         f2:5b:08:bd:e2:98:41:6e:f0:08:3f:d0:a3:8c:b0:94:b6:63:
         80:a2:e0:f2:f7:17:90:b8:af:54:33:7b:62:48:a1:1e:8f:00:
         f2:84:63:11:cd:3e:4f:11:9c:1a:26:b7:f9:e4:72:bc:93:ac:
         4e:5f:7e:30:29:78:60:7a:77:64:aa:df:ed:1e:5e:7a:15:b2:
         2d:86:f9:d1:b6:d2:ca:a9:55:00:71:41:f6:b8:c4:e3:77:c7:
         c3:66:e8:61
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQj1uQZCPgQ15XwUlCK8PPqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4M2ZhZWM5M2Q0MDNmMzcxMzgyM2ZhMzljN2QyN2M2MmU5
MjE0NzEwHhcNMjUwMTAxMjE0NzUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjliYWRlOTllYWYyNGY3NzJkM2M4ZGU5OTYyYzZlOTY2NjJkMjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuK1S5VeczFrU+f7kPEWaR4UKOqwQ
WgEVwCSIskex+Y6QRrR5131AkrPM3INVjC8bjKeE0QvHv2orV9/s2oJKMg9Fhfzj
qipVZx5BAlsvRiX0M80BiWDcyYx0+gqp2I8hDcz6B8cIiRUzyi4FOIEych/We3A0
amq//lTKLTpSYCwsAb/0IaQ7ew2L2gv650YGjIQ+oLNDwPUHe3OX+FXKgPXBPnxh
0YSZUNJyi0UNm80wqr79DKIkJUWyAkgaXeQ+wngPJL9CeNydX1g5kGNRFS/fIVe5
I8UMqM9nzUUlloYCEH8J5wjKRv7eT50GVp1cb8bEqxZAmpaxHHsFJ/4GxwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFJabremeryT3ctPI3plixulmYtKBMB8GA1UdIwQY
MBaAFPg/rsk9QD83E4I/o5x9J8YukhRxMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1ELXV5VDFBUHpjVGdqLWpuSDBueGk2U0ZIRS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjkvOTcwY2YwLTkyOTgtNGZmMC1iYWY1
LTIxMGFlMDU2OWE0NS8xL2xwdXQ2WjZ2SlBkeTA4amVtV0xHNldaaTBvRS5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYjkvOTcwY2YwLTkyOTgtNGZmMC1iYWY1LTIxMGFlMDU2OWE0
NS8xLzEtRC11eVQxQVB6Y1Rnai1qbkgwbnhpNlNGSEUuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLgYIKwYBBQUHAQcBAf8EHzAdMAwEAgABMAYDBAC5rqsw
DQQCAAIwBwMFACoLqQcwDQYJKoZIhvcNAQELBQADggEBAIXgv60T8ej5iOi4MxYg
gywuBb1KbiFJo28rZVCnoibjt8IKsH/11/TUS0Bgc4maN4q1622U2qtye92N2C2/
BRAF9M6poiKoyDmyD8TRp4CCJ0udohVzyvBR7m4pa7eJPPWpbZMGc+yR8tEM3MaA
WUyDtsfPF5tyAMsSfGqTw9Ba0JcC/o53gYm6dC0pJOSPz4GatDfTI2kv6PhYlv1G
QfASMPJbCL3imEFu8Ag/0KOMsJS2Y4Ci4PL3F5C4r1Qze2JIoR6PAPKEYxHNPk8R
nBomt/nkcryTrE5ffjApeGB6d2Sq3+0eXnoVsi2G+dG20sqpVQBxQfa4xON3x8Nm
6GE=
-----END CERTIFICATE-----