Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/6xWVE_OuY0syHSQoKE_RSw_j9Y0.roa
File:                     6xWVE_OuY0syHSQoKE_RSw_j9Y0.roa (raw, json)
Hash identifier:          enaJUe3e9mkaFANtWZr40abqVR5PCTnazMcSIeCDvHM=
Subject key identifier:   EB:15:95:13:F3:AE:63:4B:32:1D:24:28:28:4F:D1:4B:0F:E3:F5:8D
Certificate issuer:       /CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
Certificate serial:       0194221FD2039E0D79AF616112A8E5ED47BB
Authority key identifier: 1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/6xWVE_OuY0syHSQoKE_RSw_j9Y0.roa
Signing time:             Wed 01 Jan 2025 13:48:18 +0000
ROA not before:           Wed 01 Jan 2025 13:48:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     210831
IP address blocks:        85.219.213.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:d2:03:9e:0d:79:af:61:61:12:a8:e5:ed:47:bb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1aca63df248b7adf3ddd07e8c2d3eedd02cef933
        Validity
            Not Before: Jan  1 13:48:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=eb159513f3ae634b321d2428284fd14b0fe3f58d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:6b:ed:b9:11:20:dc:56:37:ad:a6:86:94:f7:
                    9b:b1:7c:bc:64:e8:ca:f2:50:8c:5e:c9:d9:5e:d1:
                    0c:03:ae:f9:6e:5b:0e:39:d7:51:a9:32:ac:94:0e:
                    5e:01:0e:e4:04:2f:4d:98:0e:c8:27:17:4b:9a:fd:
                    76:2b:90:42:20:df:fe:de:b6:9d:3f:31:1c:2b:52:
                    9b:fb:f7:a3:d2:0d:09:f0:a2:0f:f2:b5:61:18:9a:
                    ca:f6:3b:fc:22:3a:57:5f:37:37:95:33:fa:6e:56:
                    89:38:66:0e:a2:c0:54:e9:00:25:2d:95:ec:a9:d3:
                    41:67:f0:9a:c7:3f:28:8b:c2:7d:8d:0e:79:8e:7b:
                    e6:d0:6b:27:0e:b2:06:62:04:9a:b1:36:12:26:dd:
                    40:3c:7d:e1:1c:6b:33:0c:54:24:de:22:18:f7:3b:
                    9b:d8:fc:b7:ec:37:09:56:52:74:9d:aa:b0:d3:8d:
                    f4:b7:5a:e6:4a:40:1e:0f:dc:e6:3b:4a:48:ee:a2:
                    08:5a:66:0c:37:4a:24:77:2a:e6:1a:7b:8b:73:6c:
                    a3:56:a0:89:35:6b:e7:46:95:c2:09:7a:c0:3e:1b:
                    3a:8f:de:28:68:f7:48:23:d8:41:07:a0:c3:0d:2e:
                    29:24:5f:cc:5d:ec:74:51:48:15:f4:4f:a7:7c:39:
                    c5:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:15:95:13:F3:AE:63:4B:32:1D:24:28:28:4F:D1:4B:0F:E3:F5:8D
            X509v3 Authority Key Identifier:
                keyid:1A:CA:63:DF:24:8B:7A:DF:3D:DD:07:E8:C2:D3:EE:DD:02:CE:F9:33

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gspj3ySLet893QfowtPu3QLO-TM.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/6xWVE_OuY0syHSQoKE_RSw_j9Y0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/be/1f6458-dc75-4add-ae72-91e3184bb0ab/1/Gspj3ySLet893QfowtPu3QLO-TM.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.219.213.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:e0:d8:49:2f:92:15:42:32:7f:77:e3:92:b1:ef:ea:a9:c6:
         94:6b:0a:1d:29:ed:d8:f7:fc:96:2e:2b:82:08:4f:2b:62:d1:
         33:0c:15:5c:36:7a:8f:a6:89:58:61:45:4e:b1:b0:dc:68:fb:
         68:c4:0e:8a:43:8c:2e:4f:bd:41:00:8a:7c:5b:26:00:19:a3:
         44:2b:f6:05:90:a2:1f:bd:fb:9c:2e:d5:75:a6:04:3f:1f:22:
         f8:d5:d4:16:ac:12:9f:f5:13:da:5f:2b:44:68:2d:9d:0c:91:
         a0:2d:43:1f:37:b2:dc:53:14:94:d6:ef:e9:31:58:8f:35:41:
         b4:7a:7a:cb:cd:0e:f4:4c:3b:ce:64:ed:d8:93:90:55:85:4d:
         5f:43:b1:bf:18:7b:32:1e:c9:03:56:1c:19:d0:24:90:5d:aa:
         21:45:d9:7a:73:ee:2b:91:c1:93:72:56:66:f2:d9:d8:71:54:
         6b:a4:78:bc:a5:86:5b:f2:0c:3f:4d:40:7c:6d:ed:5c:bb:41:
         1b:52:43:06:5a:54:71:39:ba:c1:30:a7:eb:d6:f4:44:a5:4c:
         63:20:e3:45:b5:9d:ea:72:91:17:0b:4c:c2:fa:48:c2:7e:d7:
         e7:7e:9c:d1:0a:9d:90:51:05:0f:0d:ac:f5:66:fb:ba:2f:39:
         55:25:6c:0f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH9IDng15r2FhEqjl7Ue7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhY2E2M2RmMjQ4YjdhZGYzZGRkMDdlOGMyZDNlZWRkMDJj
ZWY5MzMwHhcNMjUwMTAxMTM0ODE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjE1OTUxM2YzYWU2MzRiMzIxZDI0MjgyODRmZDE0YjBmZTNmNThkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1WvtuREg3FY3raaGlPebsXy8ZOjK
8lCMXsnZXtEMA675blsOOddRqTKslA5eAQ7kBC9NmA7IJxdLmv12K5BCIN/+3rad
PzEcK1Kb+/ej0g0J8KIP8rVhGJrK9jv8IjpXXzc3lTP6blaJOGYOosBU6QAlLZXs
qdNBZ/Caxz8oi8J9jQ55jnvm0GsnDrIGYgSasTYSJt1APH3hHGszDFQk3iIY9zub
2Py37DcJVlJ0naqw0430t1rmSkAeD9zmO0pI7qIIWmYMN0okdyrmGnuLc2yjVqCJ
NWvnRpXCCXrAPhs6j94oaPdII9hBB6DDDS4pJF/MXex0UUgV9E+nfDnF6wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOsVlRPzrmNLMh0kKChP0UsP4/WNMB8GA1UdIwQY
MBaAFBrKY98ki3rfPd0H6MLT7t0CzvkzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzIt
OTFlMzE4NGJiMGFiLzEvNnhXVkVfT3VZMHN5SFNRb0tFX1JTd19qOVkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS8xZjY0NTgtZGM3NS00YWRkLWFlNzItOTFlMzE4NGJiMGFi
LzEvR3NwajN5U0xldDg5M1Fmb3d0UHUzUUxPLVRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVdvVMA0G
CSqGSIb3DQEBCwUAA4IBAQCi4NhJL5IVQjJ/d+OSse/qqcaUawodKe3Y9/yWLiuC
CE8rYtEzDBVcNnqPpolYYUVOsbDcaPtoxA6KQ4wuT71BAIp8WyYAGaNEK/YFkKIf
vfucLtV1pgQ/HyL41dQWrBKf9RPaXytEaC2dDJGgLUMfN7LcUxSU1u/pMViPNUG0
enrLzQ70TDvOZO3Yk5BVhU1fQ7G/GHsyHskDVhwZ0CSQXaohRdl6c+4rkcGTclZm
8tnYcVRrpHi8pYZb8gw/TUB8be1cu0EbUkMGWlRxObrBMKfr1vREpUxjIONFtZ3q
cpEXC0zC+kjCftfnfpzRCp2QUQUPDaz1Zvu6LzlVJWwP
-----END CERTIFICATE-----