Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c2/21b36e-742c-4ae5-b735-f6141e03f3a7/1/tZnHKvR--oQspHXiMTb_7j-JYds.roa
File:                     tZnHKvR--oQspHXiMTb_7j-JYds.roa (raw, json)
Hash identifier:          /ZQxh+STzzVQTIGd7v/o5S5T+TwpT7pJx116SvjP5MU=
Subject key identifier:   B5:99:C7:2A:F4:7E:FA:84:2C:A4:75:E2:31:36:FF:EE:3F:89:61:DB
Certificate issuer:       /CN=b2f83a3eb687b41994c89f78238a991133df25f6
Certificate serial:       019428257BF6D6326D05B479AB69322FC497
Authority key identifier: B2:F8:3A:3E:B6:87:B4:19:94:C8:9F:78:23:8A:99:11:33:DF:25:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/svg6PraHtBmUyJ94I4qZETPfJfY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c2/21b36e-742c-4ae5-b735-f6141e03f3a7/1/tZnHKvR--oQspHXiMTb_7j-JYds.roa
Signing time:             Thu 02 Jan 2025 17:52:12 +0000
ROA not before:           Thu 02 Jan 2025 17:52:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        185.149.212.0/22 maxlen: 22
                          2a02:c6a0::/30 maxlen: 30
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c2/21b36e-742c-4ae5-b735-f6141e03f3a7/1/svg6PraHtBmUyJ94I4qZETPfJfY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c2/21b36e-742c-4ae5-b735-f6141e03f3a7/1/svg6PraHtBmUyJ94I4qZETPfJfY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/svg6PraHtBmUyJ94I4qZETPfJfY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:28:25:7b:f6:d6:32:6d:05:b4:79:ab:69:32:2f:c4:97
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b2f83a3eb687b41994c89f78238a991133df25f6
        Validity
            Not Before: Jan  2 17:52:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b599c72af47efa842ca475e23136ffee3f8961db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:e6:cd:86:d0:d1:d7:a8:7d:9f:4d:19:55:d9:
                    c2:9c:51:71:a3:20:3f:61:0d:a8:89:ce:5d:76:92:
                    7d:20:24:bc:0f:3a:b2:a3:a2:d6:3e:4a:36:78:25:
                    b6:c7:fd:86:da:14:1e:70:e0:88:51:78:e7:00:3d:
                    f4:b5:f0:4c:2e:d0:fa:17:7a:3f:ca:26:cc:c5:7d:
                    43:9a:d4:d9:74:84:eb:6d:25:50:14:9e:62:ef:4e:
                    a8:06:a8:57:e9:3e:a3:4a:9d:9e:51:d9:a1:52:e7:
                    b0:de:fd:29:af:6a:d3:5e:5f:57:da:a0:dd:2c:50:
                    96:af:39:2a:61:2e:39:a0:cf:50:05:02:90:b1:57:
                    6e:5b:e7:44:7b:5b:a6:b9:6a:9e:68:e0:ec:50:75:
                    c6:6c:ca:d8:69:c3:1b:0b:27:f4:ba:3e:e7:ce:3d:
                    65:82:6e:a6:6c:dc:20:e6:ed:fe:be:2a:4a:f8:b5:
                    01:3a:0c:9e:8f:e2:8c:0b:a2:11:3d:5e:dd:30:8b:
                    3e:a9:04:1f:b1:63:14:8d:84:3d:77:cc:07:65:92:
                    82:17:e0:65:e4:10:43:5f:49:ca:8e:0d:1b:dd:b6:
                    ce:90:94:24:15:5c:cc:45:64:4a:79:39:6d:38:8f:
                    a7:ff:40:a1:c7:32:bb:3d:28:d0:2f:45:1c:40:10:
                    62:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:99:C7:2A:F4:7E:FA:84:2C:A4:75:E2:31:36:FF:EE:3F:89:61:DB
            X509v3 Authority Key Identifier:
                keyid:B2:F8:3A:3E:B6:87:B4:19:94:C8:9F:78:23:8A:99:11:33:DF:25:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/svg6PraHtBmUyJ94I4qZETPfJfY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/21b36e-742c-4ae5-b735-f6141e03f3a7/1/tZnHKvR--oQspHXiMTb_7j-JYds.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c2/21b36e-742c-4ae5-b735-f6141e03f3a7/1/svg6PraHtBmUyJ94I4qZETPfJfY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.212.0/22
                IPv6:
                  2a02:c6a0::/30

    Signature Algorithm: sha256WithRSAEncryption
         4a:fa:b4:13:06:a2:3c:33:a8:a2:b1:58:c9:22:75:10:5c:33:
         ce:13:66:c0:09:3c:b9:95:82:d9:0a:34:fd:c8:07:16:ba:db:
         f1:a3:0e:a3:1d:9d:b3:a4:6a:c3:e0:c8:08:3c:a8:2b:41:98:
         7c:e7:52:8e:da:8c:ca:a0:40:42:19:bf:99:9e:9d:1b:80:85:
         20:3d:67:9b:2b:a1:b7:87:f4:0e:f9:a6:1d:57:d4:ff:bd:1e:
         2b:17:aa:27:72:66:c0:db:6f:7f:1e:b9:e8:7b:b0:8a:8e:64:
         b0:54:d6:c0:a4:b1:7f:92:41:b9:65:e5:7f:0c:0e:84:79:76:
         7b:5a:3e:e9:6a:57:fd:4b:d9:78:a3:7e:59:0c:1e:8e:df:5c:
         ef:3d:68:50:08:4a:ef:a5:ec:bc:d6:8f:af:b3:ba:75:84:41:
         93:12:75:fa:d1:93:be:7f:d3:4f:cd:1c:90:8b:06:90:a5:08:
         3e:d3:82:e8:26:f4:b9:d2:2e:b8:4d:1b:4c:65:da:a6:77:26:
         40:c0:28:68:81:4d:a3:2a:d0:0b:50:ca:41:a6:c7:dc:80:bc:
         17:f0:4d:7f:d6:6c:cf:fb:e0:82:a3:b5:81:c9:ac:fd:0d:da:
         76:fb:27:ab:25:66:10:c8:1a:d8:81:5b:e9:9a:2b:8f:aa:77:
         6a:29:8e:e8
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQoJXv21jJtBbR5q2kyL8SXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIyZjgzYTNlYjY4N2I0MTk5NGM4OWY3ODIzOGE5OTExMzNk
ZjI1ZjYwHhcNMjUwMTAyMTc1MjEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTk5YzcyYWY0N2VmYTg0MmNhNDc1ZTIzMTM2ZmZlZTNmODk2MWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoObNhtDR16h9n00ZVdnCnFFxoyA/
YQ2oic5ddpJ9ICS8Dzqyo6LWPko2eCW2x/2G2hQecOCIUXjnAD30tfBMLtD6F3o/
yibMxX1DmtTZdITrbSVQFJ5i706oBqhX6T6jSp2eUdmhUuew3v0pr2rTXl9X2qDd
LFCWrzkqYS45oM9QBQKQsVduW+dEe1umuWqeaODsUHXGbMrYacMbCyf0uj7nzj1l
gm6mbNwg5u3+vipK+LUBOgyej+KMC6IRPV7dMIs+qQQfsWMUjYQ9d8wHZZKCF+Bl
5BBDX0nKjg0b3bbOkJQkFVzMRWRKeTltOI+n/0ChxzK7PSjQL0UcQBBijwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFLWZxyr0fvqELKR14jE2/+4/iWHbMB8GA1UdIwQY
MBaAFLL4Oj62h7QZlMifeCOKmREz3yX2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3ZnNlByYUh0Qm1VeUo5NEk0cVpFVFBmSmZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMi8yMWIzNmUtNzQyYy00YWU1LWI3MzUt
ZjYxNDFlMDNmM2E3LzEvdFpuSEt2Ui0tb1FzcEhYaU1UYl83ai1KWWRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMi8yMWIzNmUtNzQyYy00YWU1LWI3MzUtZjYxNDFlMDNmM2E3
LzEvc3ZnNlByYUh0Qm1VeUo5NEk0cVpFVFBmSmZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZXUMA0E
AgACMAcDBQIqAsagMA0GCSqGSIb3DQEBCwUAA4IBAQBK+rQTBqI8M6iisVjJInUQ
XDPOE2bACTy5lYLZCjT9yAcWutvxow6jHZ2zpGrD4MgIPKgrQZh851KO2ozKoEBC
Gb+Znp0bgIUgPWebK6G3h/QO+aYdV9T/vR4rF6oncmbA229/Hrnoe7CKjmSwVNbA
pLF/kkG5ZeV/DA6EeXZ7Wj7palf9S9l4o35ZDB6O31zvPWhQCErvpey81o+vs7p1
hEGTEnX60ZO+f9NPzRyQiwaQpQg+04LoJvS50i64TRtMZdqmdyZAwChogU2jKtAL
UMpBpsfcgLwX8E1/1mzP++CCo7WByaz9Ddp2+yerJWYQyBrYgVvpmiuPqndqKY7o
-----END CERTIFICATE-----