Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/UoVm8brFC8TtFU0fGuOACP5IJ-8.roa
File:                     UoVm8brFC8TtFU0fGuOACP5IJ-8.roa (raw, json)
Hash identifier:          Z3atFvW5mWSUMqAxQnvjqpFLFTXrIsbjT+DhpXeSnFQ=
Subject key identifier:   52:85:66:F1:BA:C5:0B:C4:ED:15:4D:1F:1A:E3:80:08:FE:48:27:EF
Certificate issuer:       /CN=6b84f4a296bce14d6deed25116aa70b60bcce4a4
Certificate serial:       0194258F06D616C77B2EB616CDF594F3F340
Authority key identifier: 6B:84:F4:A2:96:BC:E1:4D:6D:EE:D2:51:16:AA:70:B6:0B:CC:E4:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a4T0opa84U1t7tJRFqpwtgvM5KQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/UoVm8brFC8TtFU0fGuOACP5IJ-8.roa
Signing time:             Thu 02 Jan 2025 05:48:37 +0000
ROA not before:           Thu 02 Jan 2025 05:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50597
IP address blocks:        185.180.60.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/a4T0opa84U1t7tJRFqpwtgvM5KQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/a4T0opa84U1t7tJRFqpwtgvM5KQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a4T0opa84U1t7tJRFqpwtgvM5KQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:06:d6:16:c7:7b:2e:b6:16:cd:f5:94:f3:f3:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b84f4a296bce14d6deed25116aa70b60bcce4a4
        Validity
            Not Before: Jan  2 05:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=528566f1bac50bc4ed154d1f1ae38008fe4827ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:57:56:3b:11:84:17:7a:72:aa:55:ba:55:00:
                    5d:84:74:6f:92:64:ec:f7:73:26:e0:a8:57:9b:80:
                    00:2d:a7:8b:23:8b:99:45:f0:ad:a8:7d:82:dc:32:
                    49:08:6f:d4:fa:56:8e:9f:42:7e:16:47:78:aa:ba:
                    c4:ec:ee:f3:db:35:7f:4f:17:c8:8d:d1:72:7f:2b:
                    ba:80:32:61:bc:a7:03:40:3c:62:2e:21:e9:79:b7:
                    7a:40:60:ee:95:eb:ba:c8:c8:aa:5a:02:b8:be:97:
                    6e:b1:2a:cc:e2:d4:72:12:4c:ca:4c:4b:51:36:8b:
                    e3:61:04:8a:cb:c3:75:35:0b:12:a8:7a:8e:6b:76:
                    ab:01:53:0c:17:91:80:35:b3:10:a6:18:4a:10:d4:
                    74:78:0c:60:f4:ef:b5:86:c3:84:41:6f:6e:05:db:
                    06:18:91:cc:00:e7:79:23:97:1a:d7:1f:77:1d:55:
                    d2:b8:fc:e4:8b:f2:7e:c5:e6:0e:ba:44:63:28:3c:
                    01:45:8e:03:8a:19:74:6e:2b:72:95:33:e8:1c:17:
                    75:82:67:1a:cc:cc:a5:f0:cd:d0:a4:28:66:93:8e:
                    79:3f:d2:66:dd:80:ae:c9:34:53:17:68:e4:a6:84:
                    99:63:9a:28:ab:3d:2b:67:04:6c:e6:f6:8d:6f:34:
                    9e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:85:66:F1:BA:C5:0B:C4:ED:15:4D:1F:1A:E3:80:08:FE:48:27:EF
            X509v3 Authority Key Identifier:
                keyid:6B:84:F4:A2:96:BC:E1:4D:6D:EE:D2:51:16:AA:70:B6:0B:CC:E4:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4T0opa84U1t7tJRFqpwtgvM5KQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/UoVm8brFC8TtFU0fGuOACP5IJ-8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/a4T0opa84U1t7tJRFqpwtgvM5KQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1a:90:6d:c2:d3:85:53:c0:b1:05:d6:70:6f:1f:ab:62:ab:1f:
         08:a9:98:e4:e4:5f:49:43:98:e5:b8:b5:2a:5b:e3:8c:74:62:
         2e:ac:4d:49:db:26:f5:03:1e:a2:ea:87:8e:b9:de:99:ba:98:
         34:72:a2:a9:58:e6:20:f8:20:b0:33:63:89:df:44:d1:6e:40:
         db:48:9b:37:be:70:92:82:2f:45:b9:d8:2e:4b:fc:b0:29:ac:
         d7:53:2b:b7:76:59:67:01:a1:16:a3:10:80:86:df:5d:22:7d:
         04:d0:8a:e0:33:00:47:65:36:86:ce:6b:d4:20:0b:bb:51:e5:
         d1:2d:b2:8f:87:a9:00:1c:fe:43:51:34:b4:43:be:9f:74:72:
         32:ae:3f:50:2d:e0:01:b2:f9:1c:a3:d3:74:4c:bb:21:cd:52:
         c0:53:7f:c6:14:c3:3e:ac:25:57:8f:c8:be:36:42:bd:b3:8d:
         4f:e4:6f:75:61:4d:3b:39:42:cf:39:9a:c6:6a:a9:fa:72:6a:
         0b:98:bf:e6:1f:90:33:6c:4f:76:86:5a:6a:79:ae:58:8d:d3:
         bf:0e:34:6b:cf:a0:89:4f:1d:b3:1c:a6:89:9a:af:cb:9f:30:
         31:59:1c:49:5b:c0:18:f8:ba:36:fd:cd:83:f4:7e:37:dc:43:
         ee:24:bd:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljwbWFsd7LrYWzfWU8/NAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiODRmNGEyOTZiY2UxNGQ2ZGVlZDI1MTE2YWE3MGI2MGJj
Y2U0YTQwHhcNMjUwMTAyMDU0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Mjg1NjZmMWJhYzUwYmM0ZWQxNTRkMWYxYWUzODAwOGZlNDgyN2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr1dWOxGEF3pyqlW6VQBdhHRvkmTs
93Mm4KhXm4AALaeLI4uZRfCtqH2C3DJJCG/U+laOn0J+Fkd4qrrE7O7z2zV/TxfI
jdFyfyu6gDJhvKcDQDxiLiHpebd6QGDuleu6yMiqWgK4vpdusSrM4tRyEkzKTEtR
NovjYQSKy8N1NQsSqHqOa3arAVMMF5GANbMQphhKENR0eAxg9O+1hsOEQW9uBdsG
GJHMAOd5I5ca1x93HVXSuPzki/J+xeYOukRjKDwBRY4Dihl0bitylTPoHBd1gmca
zMyl8M3QpChmk455P9Jm3YCuyTRTF2jkpoSZY5ooqz0rZwRs5vaNbzSeVQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFKFZvG6xQvE7RVNHxrjgAj+SCfvMB8GA1UdIwQY
MBaAFGuE9KKWvOFNbe7SURaqcLYLzOSkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTRUMG9wYTg0VTF0N3RKUkZxcHd0Z3ZNNUtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC84NDRmZDktZmVmMS00NGQ5LWE2Yzkt
MTRmYWIwMjQ0OTQ4LzEvVW9WbThickZDOFR0RlUwZkd1T0FDUDVJSi04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC84NDRmZDktZmVmMS00NGQ5LWE2YzktMTRmYWIwMjQ0OTQ4
LzEvYTRUMG9wYTg0VTF0N3RKUkZxcHd0Z3ZNNUtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubQ8MA0G
CSqGSIb3DQEBCwUAA4IBAQAakG3C04VTwLEF1nBvH6tiqx8IqZjk5F9JQ5jluLUq
W+OMdGIurE1J2yb1Ax6i6oeOud6Zupg0cqKpWOYg+CCwM2OJ30TRbkDbSJs3vnCS
gi9FudguS/ywKazXUyu3dllnAaEWoxCAht9dIn0E0IrgMwBHZTaGzmvUIAu7UeXR
LbKPh6kAHP5DUTS0Q76fdHIyrj9QLeABsvkco9N0TLshzVLAU3/GFMM+rCVXj8i+
NkK9s41P5G91YU07OULPOZrGaqn6cmoLmL/mH5AzbE92hlpqea5YjdO/DjRrz6CJ
Tx2zHKaJmq/LnzAxWRxJW8AY+Lo2/c2D9H433EPuJL20
-----END CERTIFICATE-----