Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/2WkxZ6d8ewxrLWO8WH12o0AY6xw.roa
File:                     2WkxZ6d8ewxrLWO8WH12o0AY6xw.roa (raw, json)
Hash identifier:          nbEjkYORzyFd58OrYmjVC1fHN4kRwapxAIIPY/slelc=
Subject key identifier:   D9:69:31:67:A7:7C:7B:0C:6B:2D:63:BC:58:7D:76:A3:40:18:EB:1C
Certificate issuer:       /CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
Certificate serial:       019424B38DAF698850DE8D8373CF48609DDE
Authority key identifier: D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/2WkxZ6d8ewxrLWO8WH12o0AY6xw.roa
Signing time:             Thu 02 Jan 2025 01:48:54 +0000
ROA not before:           Thu 02 Jan 2025 01:48:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        185.1.172.0/24 maxlen: 24
                          2001:7f8:f5::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 14:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:b3:8d:af:69:88:50:de:8d:83:73:cf:48:60:9d:de
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d3600cbafd26fee5064fc89f301dfc8e3c1d3ca5
        Validity
            Not Before: Jan  2 01:48:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d9693167a77c7b0c6b2d63bc587d76a34018eb1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:0c:fe:41:1e:4b:1c:7e:b8:46:65:ba:95:04:
                    b2:44:d3:c4:0b:13:70:83:0b:af:c5:d9:a5:f7:97:
                    98:b4:1c:40:2a:47:fc:bd:53:22:3d:03:a4:ae:b5:
                    b7:c0:51:ec:4f:fa:41:56:63:a4:51:32:f9:39:40:
                    96:f9:91:e5:6c:8f:af:6a:67:55:fd:c3:6f:7e:b2:
                    fc:44:59:5e:b9:b0:78:48:49:fd:4b:97:97:4c:70:
                    6b:b1:04:3a:fb:62:1d:10:16:e6:c7:de:a8:4c:90:
                    d7:b1:6c:15:eb:1e:5b:6a:13:ea:0b:cc:48:93:aa:
                    bb:1a:4e:83:91:34:79:26:cb:47:00:6f:bd:ad:1c:
                    5f:93:fa:12:2a:e9:34:d3:ee:c0:f4:26:3f:44:85:
                    5f:6c:3c:b4:eb:07:cd:fb:03:1d:23:16:00:6c:5f:
                    87:69:36:d3:f1:89:fe:3c:9c:21:81:b5:9b:23:a5:
                    9b:2e:c8:b0:12:87:de:0a:ce:11:b8:ac:91:5d:66:
                    64:4c:c3:e8:54:82:b1:ba:18:dd:14:fa:ed:6f:7d:
                    1f:b0:76:8f:d8:79:f2:d6:5e:20:4a:dd:5a:ba:ad:
                    f9:ac:2b:1c:bc:28:05:e6:02:ac:eb:a3:5c:2d:bc:
                    ce:e4:76:70:ed:0a:6a:97:08:58:8b:cd:e5:2d:7f:
                    51:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:69:31:67:A7:7C:7B:0C:6B:2D:63:BC:58:7D:76:A3:40:18:EB:1C
            X509v3 Authority Key Identifier:
                keyid:D3:60:0C:BA:FD:26:FE:E5:06:4F:C8:9F:30:1D:FC:8E:3C:1D:3C:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/02AMuv0m_uUGT8ifMB38jjwdPKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/2WkxZ6d8ewxrLWO8WH12o0AY6xw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c0/b70658-e1dc-4944-a06b-1c680adf7a26/1/02AMuv0m_uUGT8ifMB38jjwdPKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.1.172.0/24
                IPv6:
                  2001:7f8:f5::/48

    Signature Algorithm: sha256WithRSAEncryption
         60:19:f9:e6:d9:a2:50:e5:a5:e3:7d:1e:fe:94:99:98:d0:29:
         b3:a8:f6:80:50:d2:5c:24:b5:2d:76:99:82:04:63:77:af:a2:
         e6:d5:ac:45:b0:f8:af:a8:9c:bc:2e:1e:10:b6:53:35:ce:67:
         85:e7:2a:15:c3:ff:4e:69:4e:1e:04:85:2f:57:2e:3d:e6:3e:
         de:09:b9:bb:27:19:1d:95:f7:a7:39:83:00:54:40:fc:de:d3:
         2e:67:b5:cb:49:ad:69:8a:b3:e9:ce:c9:b1:61:86:61:f1:f0:
         4f:10:9c:dd:16:60:b1:e1:5b:28:0f:b9:bc:0f:66:de:04:3c:
         b7:3e:31:6c:7a:d1:ec:96:30:b6:bd:17:9b:94:e3:ea:a8:13:
         b6:97:4e:79:ba:d7:47:8c:ac:00:b5:7f:e9:d1:45:14:7e:05:
         85:48:23:00:7d:50:53:64:a1:46:8b:43:ef:6c:3a:c0:62:f4:
         eb:84:bb:40:6e:c2:85:4d:f0:af:1c:bf:8a:d2:ad:b8:34:5c:
         34:60:51:3b:87:1a:ba:87:ba:ac:c4:bf:29:b2:fa:34:af:3f:
         3e:b4:74:de:5a:14:76:0c:ee:78:2c:f6:c6:73:f5:a7:66:e0:
         4b:62:b6:73:c9:5e:c0:2d:b5:36:5e:1b:80:d6:50:27:f7:1b:
         72:79:0b:74
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQks42vaYhQ3o2Dc89IYJ3eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNjAwY2JhZmQyNmZlZTUwNjRmYzg5ZjMwMWRmYzhlM2Mx
ZDNjYTUwHhcNMjUwMTAyMDE0ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTY5MzE2N2E3N2M3YjBjNmIyZDYzYmM1ODdkNzZhMzQwMThlYjFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuAz+QR5LHH64RmW6lQSyRNPECxNw
gwuvxdml95eYtBxAKkf8vVMiPQOkrrW3wFHsT/pBVmOkUTL5OUCW+ZHlbI+vamdV
/cNvfrL8RFleubB4SEn9S5eXTHBrsQQ6+2IdEBbmx96oTJDXsWwV6x5bahPqC8xI
k6q7Gk6DkTR5JstHAG+9rRxfk/oSKuk00+7A9CY/RIVfbDy06wfN+wMdIxYAbF+H
aTbT8Yn+PJwhgbWbI6WbLsiwEofeCs4RuKyRXWZkTMPoVIKxuhjdFPrtb30fsHaP
2Hny1l4gSt1auq35rCscvCgF5gKs66NcLbzO5HZw7QpqlwhYi83lLX9RxwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFNlpMWenfHsMay1jvFh9dqNAGOscMB8GA1UdIwQY
MBaAFNNgDLr9Jv7lBk/InzAd/I48HTylMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmIt
MWM2ODBhZGY3YTI2LzEvMldreFo2ZDhld3hyTFdPOFdIMTJvMEFZNnh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMC9iNzA2NTgtZTFkYy00OTQ0LWEwNmItMWM2ODBhZGY3YTI2
LzEvMDJBTXV2MG1fdVVHVDhpZk1CMzhqandkUEtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuQGsMA8E
AgACMAkDBwAgAQf4APUwDQYJKoZIhvcNAQELBQADggEBAGAZ+ebZolDlpeN9Hv6U
mZjQKbOo9oBQ0lwktS12mYIEY3evoubVrEWw+K+onLwuHhC2UzXOZ4XnKhXD/05p
Th4EhS9XLj3mPt4JubsnGR2V96c5gwBUQPze0y5ntctJrWmKs+nOybFhhmHx8E8Q
nN0WYLHhWygPubwPZt4EPLc+MWx60eyWMLa9F5uU4+qoE7aXTnm610eMrAC1f+nR
RRR+BYVIIwB9UFNkoUaLQ+9sOsBi9OuEu0BuwoVN8K8cv4rSrbg0XDRgUTuHGrqH
uqzEvymy+jSvPz60dN5aFHYM7ngs9sZz9adm4EtitnPJXsAttTZeG4DWUCf3G3J5
C3Q=
-----END CERTIFICATE-----