Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/4de49c-aa58-44af-b02a-1e8d219f87af/1/bEf44I_katxftzRhRoOcb5k7xJw.roa
File:                     bEf44I_katxftzRhRoOcb5k7xJw.roa (raw, json)
Hash identifier:          B4D2C0R7a4GwUSt6VcyTIkYPBhevJsFHyCCfjO/vPIw=
Subject key identifier:   6C:47:F8:E0:8F:E4:6A:DC:5F:B7:34:61:46:83:9C:6F:99:3B:C4:9C
Certificate issuer:       /CN=2a8c588951260a11a3efbd6d816bd56f82f2fc34
Certificate serial:       019425FDAE786B86791DFE155E7F7FFC79E9
Authority key identifier: 2A:8C:58:89:51:26:0A:11:A3:EF:BD:6D:81:6B:D5:6F:82:F2:FC:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/KoxYiVEmChGj771tgWvVb4Ly_DQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/4de49c-aa58-44af-b02a-1e8d219f87af/1/bEf44I_katxftzRhRoOcb5k7xJw.roa
Signing time:             Thu 02 Jan 2025 07:49:29 +0000
ROA not before:           Thu 02 Jan 2025 07:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199328
IP address blocks:        185.20.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/4de49c-aa58-44af-b02a-1e8d219f87af/1/KoxYiVEmChGj771tgWvVb4Ly_DQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/4de49c-aa58-44af-b02a-1e8d219f87af/1/KoxYiVEmChGj771tgWvVb4Ly_DQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/KoxYiVEmChGj771tgWvVb4Ly_DQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:ae:78:6b:86:79:1d:fe:15:5e:7f:7f:fc:79:e9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2a8c588951260a11a3efbd6d816bd56f82f2fc34
        Validity
            Not Before: Jan  2 07:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6c47f8e08fe46adc5fb7346146839c6f993bc49c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:ac:f6:56:76:47:08:a5:39:eb:8f:af:48:e3:
                    cb:a3:2e:8f:ca:64:c7:ce:e2:d2:62:16:3c:e0:89:
                    e9:d0:e9:9e:b1:7e:9e:83:ed:2f:20:09:a4:28:b2:
                    20:b0:a7:cc:8e:98:1f:07:23:26:a5:fd:af:96:d0:
                    e9:e9:e8:ee:cc:53:11:d0:81:44:f4:b3:ed:77:2a:
                    3a:12:63:99:ae:0b:9b:3a:21:42:a9:36:d6:54:3f:
                    87:b0:7f:97:b0:f8:37:a4:95:e0:93:fe:91:03:f7:
                    66:4e:36:3d:d4:a2:f6:79:5d:b9:b0:0f:f3:89:bc:
                    ca:99:e4:43:52:fd:40:de:06:bc:56:98:5e:01:cc:
                    73:9a:2b:05:f8:66:e4:f9:a8:d7:57:f5:24:b7:56:
                    f7:2c:55:78:db:b8:7f:03:a6:40:6f:00:e1:c3:e5:
                    18:b1:b6:b3:4d:a9:cc:63:eb:eb:c3:61:73:25:da:
                    77:9f:6d:9b:5a:27:c8:93:12:29:30:d8:36:37:72:
                    36:f8:3c:20:85:1f:90:dc:d7:3b:7f:10:d2:dd:65:
                    03:61:cc:37:28:a3:e3:81:a7:ff:40:1e:65:8d:90:
                    a5:67:e4:ea:bd:cc:09:6e:0f:1d:2d:4f:6a:3f:58:
                    11:ce:e2:3a:d1:0e:a7:0b:01:4e:74:5a:82:30:64:
                    f7:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:47:F8:E0:8F:E4:6A:DC:5F:B7:34:61:46:83:9C:6F:99:3B:C4:9C
            X509v3 Authority Key Identifier:
                keyid:2A:8C:58:89:51:26:0A:11:A3:EF:BD:6D:81:6B:D5:6F:82:F2:FC:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KoxYiVEmChGj771tgWvVb4Ly_DQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/4de49c-aa58-44af-b02a-1e8d219f87af/1/bEf44I_katxftzRhRoOcb5k7xJw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/4de49c-aa58-44af-b02a-1e8d219f87af/1/KoxYiVEmChGj771tgWvVb4Ly_DQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:ab:78:8e:f0:c3:7f:4f:f3:c8:8b:ed:4e:a2:13:b2:d8:a5:
         b1:b3:3a:70:74:7f:c5:96:71:b1:28:31:30:4e:c9:63:32:0c:
         a8:70:ad:d3:fd:9a:33:01:56:2d:e0:6e:62:44:46:c9:e0:eb:
         0d:4d:80:39:e3:31:38:9c:8c:d8:df:39:82:25:34:a6:83:38:
         c5:c6:21:e1:5a:77:17:ae:ae:02:8e:06:00:0b:2f:62:07:3a:
         8f:48:68:50:4b:bd:4e:71:39:4a:f3:95:11:17:eb:53:b9:16:
         84:75:35:0c:53:dd:da:2a:ef:29:ba:1d:ff:2d:b9:b3:05:f7:
         af:89:48:92:ed:83:df:93:05:5b:aa:74:39:1e:a7:a9:5b:6c:
         8e:8d:6c:f4:37:e4:7d:8e:88:be:99:93:b9:00:5a:24:11:bb:
         22:59:55:a0:c4:3b:20:83:04:01:fe:30:41:ba:21:31:be:b1:
         c8:51:e7:22:ae:f0:27:78:11:c5:3a:5b:6d:51:af:fe:3f:61:
         d0:fd:5f:e6:f7:d4:c7:18:3f:f2:78:f5:07:6f:32:4b:80:55:
         00:0f:7e:3a:13:65:c2:c4:ac:77:14:9c:05:e5:a6:18:5f:64:
         e3:ba:13:e4:cf:34:4f:ac:f1:5c:52:44:bf:4b:be:96:b5:97:
         6c:65:bd:be
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/a54a4Z5Hf4VXn9//HnpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhOGM1ODg5NTEyNjBhMTFhM2VmYmQ2ZDgxNmJkNTZmODJm
MmZjMzQwHhcNMjUwMTAyMDc0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzQ3ZjhlMDhmZTQ2YWRjNWZiNzM0NjE0NjgzOWM2Zjk5M2JjNDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA56z2VnZHCKU564+vSOPLoy6PymTH
zuLSYhY84Inp0OmesX6eg+0vIAmkKLIgsKfMjpgfByMmpf2vltDp6ejuzFMR0IFE
9LPtdyo6EmOZrgubOiFCqTbWVD+HsH+XsPg3pJXgk/6RA/dmTjY91KL2eV25sA/z
ibzKmeRDUv1A3ga8VpheAcxzmisF+Gbk+ajXV/Ukt1b3LFV427h/A6ZAbwDhw+UY
sbazTanMY+vrw2FzJdp3n22bWifIkxIpMNg2N3I2+DwghR+Q3Nc7fxDS3WUDYcw3
KKPjgaf/QB5ljZClZ+TqvcwJbg8dLU9qP1gRzuI60Q6nCwFOdFqCMGT3lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGxH+OCP5GrcX7c0YUaDnG+ZO8ScMB8GA1UdIwQY
MBaAFCqMWIlRJgoRo++9bYFr1W+C8vw0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS294WWlWRW1DaEdqNzcxdGdXdlZiNEx5X0RRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi80ZGU0OWMtYWE1OC00NGFmLWIwMmEt
MWU4ZDIxOWY4N2FmLzEvYkVmNDRJX2thdHhmdHpSaFJvT2NiNWs3eEp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi80ZGU0OWMtYWE1OC00NGFmLWIwMmEtMWU4ZDIxOWY4N2Fm
LzEvS294WWlWRW1DaEdqNzcxdGdXdlZiNEx5X0RRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRRkMA0G
CSqGSIb3DQEBCwUAA4IBAQCAq3iO8MN/T/PIi+1OohOy2KWxszpwdH/FlnGxKDEw
TsljMgyocK3T/ZozAVYt4G5iREbJ4OsNTYA54zE4nIzY3zmCJTSmgzjFxiHhWncX
rq4CjgYACy9iBzqPSGhQS71OcTlK85URF+tTuRaEdTUMU93aKu8puh3/LbmzBfev
iUiS7YPfkwVbqnQ5HqepW2yOjWz0N+R9joi+mZO5AFokEbsiWVWgxDsggwQB/jBB
uiExvrHIUecirvAneBHFOlttUa/+P2HQ/V/m99THGD/yePUHbzJLgFUAD346E2XC
xKx3FJwF5aYYX2TjuhPkzzRPrPFcUkS/S76WtZdsZb2+
-----END CERTIFICATE-----