Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/iRFLKez3p29rhRwfF7FxUSY2xRQ.roa
File:                     iRFLKez3p29rhRwfF7FxUSY2xRQ.roa (raw, json)
Hash identifier:          8w+pzA8F3pAUuP2pqUwVGTV18rYsoVREmjASX0Uhtjg=
Subject key identifier:   89:11:4B:29:EC:F7:A7:6F:6B:85:1C:1F:17:B1:71:51:26:36:C5:14
Certificate issuer:       /CN=6b84f4a296bce14d6deed25116aa70b60bcce4a4
Certificate serial:       0194258F061BE9AC39EEC170FB02575EA883
Authority key identifier: 6B:84:F4:A2:96:BC:E1:4D:6D:EE:D2:51:16:AA:70:B6:0B:CC:E4:A4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/a4T0opa84U1t7tJRFqpwtgvM5KQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/iRFLKez3p29rhRwfF7FxUSY2xRQ.roa
Signing time:             Thu 02 Jan 2025 05:48:37 +0000
ROA not before:           Thu 02 Jan 2025 05:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.180.60.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/a4T0opa84U1t7tJRFqpwtgvM5KQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/a4T0opa84U1t7tJRFqpwtgvM5KQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/a4T0opa84U1t7tJRFqpwtgvM5KQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:06:1b:e9:ac:39:ee:c1:70:fb:02:57:5e:a8:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6b84f4a296bce14d6deed25116aa70b60bcce4a4
        Validity
            Not Before: Jan  2 05:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=89114b29ecf7a76f6b851c1f17b171512636c514
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:36:3d:3c:3d:10:b0:a1:3c:d8:e0:7d:9a:61:
                    dd:7c:93:cc:fe:26:e4:5c:c8:e5:6f:1c:27:02:2b:
                    60:15:c1:bb:02:bd:bc:ce:c6:6f:53:65:8a:1a:08:
                    98:92:75:91:77:ba:11:60:c8:c8:fb:92:02:db:cc:
                    08:2f:93:4a:18:5c:d8:ec:2c:cd:79:34:43:89:01:
                    10:c1:39:57:e0:01:28:a2:d4:bf:3e:92:fb:b6:a9:
                    80:c5:1e:e2:0d:96:af:4c:73:cf:9b:e1:1c:a7:16:
                    87:df:de:25:f6:eb:b0:04:2d:4e:f2:19:a1:c1:92:
                    06:9b:fa:4c:3a:6f:6c:a2:ce:52:07:4d:8f:15:73:
                    05:11:85:6e:bb:35:4b:f7:7a:12:ef:7d:72:d5:3e:
                    3b:6f:25:22:08:d4:ca:05:b9:c8:1d:1e:7e:f6:f5:
                    d4:33:b3:71:d6:c7:d0:e5:1b:45:80:53:97:89:f3:
                    41:74:c5:7e:ca:79:bb:ce:5a:9f:63:d3:05:29:39:
                    90:28:05:e2:12:a3:f4:a5:ec:56:b8:95:09:52:79:
                    60:f3:44:8a:7e:1f:92:64:e1:30:3e:45:b4:fb:b7:
                    d1:3c:56:f4:18:43:a0:f0:be:c2:b0:cc:6d:33:1c:
                    87:c6:00:17:57:49:63:69:dd:e5:8a:08:a2:69:4c:
                    c5:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                89:11:4B:29:EC:F7:A7:6F:6B:85:1C:1F:17:B1:71:51:26:36:C5:14
            X509v3 Authority Key Identifier:
                keyid:6B:84:F4:A2:96:BC:E1:4D:6D:EE:D2:51:16:AA:70:B6:0B:CC:E4:A4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4T0opa84U1t7tJRFqpwtgvM5KQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/iRFLKez3p29rhRwfF7FxUSY2xRQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/cd/844fd9-fef1-44d9-a6c9-14fab0244948/1/a4T0opa84U1t7tJRFqpwtgvM5KQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.180.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         17:ee:46:07:8c:10:c6:bf:d0:d7:3c:26:d1:80:02:be:2f:d8:
         64:6f:bd:ff:2c:19:74:70:36:3a:b7:f4:a5:65:51:7e:42:ea:
         22:8c:a8:2e:18:be:97:cc:31:79:e1:16:9c:ad:47:07:4c:1d:
         6d:7d:53:fd:2a:49:e4:9d:88:6c:9f:e1:ce:dc:f9:30:4f:b9:
         cd:e0:ec:8b:76:4c:e1:95:56:64:90:0e:a1:06:10:53:9c:47:
         3d:0c:c8:6a:15:0e:bd:96:a2:85:9f:5c:6c:96:53:99:b7:2d:
         36:12:e4:be:1e:d5:b2:e8:14:7c:21:d6:a0:b1:84:a8:d3:8a:
         40:1f:d8:4f:ee:04:af:dd:41:84:0d:4e:e1:5e:f4:1f:d7:93:
         e6:21:9a:c9:9b:ca:73:be:96:32:41:51:c3:2e:00:97:f8:88:
         53:f5:17:4c:66:ed:6d:9e:00:db:38:a6:b3:ad:bc:f3:f8:31:
         aa:b9:5f:06:8b:d8:f1:e9:92:ca:65:70:2e:b6:d4:e3:05:83:
         b2:8f:ab:5c:cf:2f:dc:70:ad:7d:12:05:b7:ab:4d:9a:81:92:
         71:3e:f3:f3:6a:b1:f5:6c:c5:f4:9b:d0:d0:bc:60:14:31:33:
         05:e0:c2:36:7e:15:26:38:f3:29:e9:01:b1:57:46:55:e4:3a:
         5f:e1:a9:03
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljwYb6aw57sFw+wJXXqiDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiODRmNGEyOTZiY2UxNGQ2ZGVlZDI1MTE2YWE3MGI2MGJj
Y2U0YTQwHhcNMjUwMTAyMDU0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTExNGIyOWVjZjdhNzZmNmI4NTFjMWYxN2IxNzE1MTI2MzZjNTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvzY9PD0QsKE82OB9mmHdfJPM/ibk
XMjlbxwnAitgFcG7Ar28zsZvU2WKGgiYknWRd7oRYMjI+5IC28wIL5NKGFzY7CzN
eTRDiQEQwTlX4AEootS/PpL7tqmAxR7iDZavTHPPm+EcpxaH394l9uuwBC1O8hmh
wZIGm/pMOm9sos5SB02PFXMFEYVuuzVL93oS731y1T47byUiCNTKBbnIHR5+9vXU
M7Nx1sfQ5RtFgFOXifNBdMV+ynm7zlqfY9MFKTmQKAXiEqP0pexWuJUJUnlg80SK
fh+SZOEwPkW0+7fRPFb0GEOg8L7CsMxtMxyHxgAXV0ljad3ligiiaUzFwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIkRSyns96dva4UcHxexcVEmNsUUMB8GA1UdIwQY
MBaAFGuE9KKWvOFNbe7SURaqcLYLzOSkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYTRUMG9wYTg0VTF0N3RKUkZxcHd0Z3ZNNUtRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jZC84NDRmZDktZmVmMS00NGQ5LWE2Yzkt
MTRmYWIwMjQ0OTQ4LzEvaVJGTEtlejNwMjlyaFJ3ZkY3RnhVU1kyeFJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jZC84NDRmZDktZmVmMS00NGQ5LWE2YzktMTRmYWIwMjQ0OTQ4
LzEvYTRUMG9wYTg0VTF0N3RKUkZxcHd0Z3ZNNUtRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCubQ8MA0G
CSqGSIb3DQEBCwUAA4IBAQAX7kYHjBDGv9DXPCbRgAK+L9hkb73/LBl0cDY6t/Sl
ZVF+QuoijKguGL6XzDF54RacrUcHTB1tfVP9KknknYhsn+HO3PkwT7nN4OyLdkzh
lVZkkA6hBhBTnEc9DMhqFQ69lqKFn1xsllOZty02EuS+HtWy6BR8IdagsYSo04pA
H9hP7gSv3UGEDU7hXvQf15PmIZrJm8pzvpYyQVHDLgCX+IhT9RdMZu1tngDbOKaz
rbzz+DGquV8Gi9jx6ZLKZXAuttTjBYOyj6tczy/ccK19EgW3q02agZJxPvPzarH1
bMX0m9DQvGAUMTMF4MI2fhUmOPMp6QGxV0ZV5Dpf4akD
-----END CERTIFICATE-----