Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/0yPyRbbIB-FtmUzTW2Drvd_PP08.roa
File:                     0yPyRbbIB-FtmUzTW2Drvd_PP08.roa (raw, json)
Hash identifier:          TjRPHH6xo2fNbF3QVIupZ9mzuVlxvUwx4G/e3w7NMK4=
Subject key identifier:   D3:23:F2:45:B6:C8:07:E1:6D:99:4C:D3:5B:60:EB:BD:DF:CF:3F:4F
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0194222033DB4B0BF91EB9E865F55513BBA7
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/0yPyRbbIB-FtmUzTW2Drvd_PP08.roa
Signing time:             Wed 01 Jan 2025 13:48:43 +0000
ROA not before:           Wed 01 Jan 2025 13:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     150158
IP address blocks:        185.223.154.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:33:db:4b:0b:f9:1e:b9:e8:65:f5:55:13:bb:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d323f245b6c807e16d994cd35b60ebbddfcf3f4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:b0:96:f0:b9:98:b1:05:f1:4e:c2:82:03:a5:
                    9a:ae:78:74:b9:b1:32:4b:b9:f8:52:ab:24:4c:25:
                    dc:a6:66:85:04:0e:f7:2c:06:3e:3e:e8:bc:4b:bc:
                    87:db:99:69:69:f6:48:97:ec:2d:0a:7e:b8:b4:4d:
                    11:ac:8d:18:04:8a:86:32:4d:84:3b:df:a6:61:8f:
                    1e:fe:31:87:52:6e:d5:bf:da:da:38:65:f9:04:b2:
                    00:d8:93:53:37:34:c6:7d:87:bf:0b:e0:64:94:9f:
                    02:7d:e0:f2:bb:67:86:d4:6a:a0:51:47:9d:a0:ac:
                    92:af:c8:e9:0d:fa:9f:40:31:40:e5:71:cc:71:6b:
                    50:54:b1:f2:00:21:70:bf:b1:24:58:ea:ea:95:b9:
                    4e:de:c3:e0:d8:d9:3a:e5:7c:19:21:77:5e:e2:ce:
                    ba:d7:4c:aa:8f:ec:15:0c:61:b0:4b:02:54:27:8e:
                    74:f6:a0:30:8b:05:ff:f1:e7:23:00:23:0d:49:09:
                    02:aa:96:24:0d:2f:81:51:bd:7b:9e:c9:8d:cb:08:
                    dd:c9:1a:71:06:7e:57:73:65:8d:8a:a9:fb:9b:c0:
                    b3:bf:4f:70:21:c8:70:74:0c:34:fe:b4:25:18:00:
                    35:7d:2b:ce:b2:ef:af:ce:d0:8d:e5:d3:11:da:25:
                    54:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:23:F2:45:B6:C8:07:E1:6D:99:4C:D3:5B:60:EB:BD:DF:CF:3F:4F
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/0yPyRbbIB-FtmUzTW2Drvd_PP08.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.223.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:d4:a0:77:a5:ac:b4:bf:16:23:bd:03:1e:90:85:79:e8:04:
         a0:5a:f6:29:76:1a:b6:2b:f5:50:38:c4:f8:5f:42:1e:de:92:
         f5:26:3b:99:93:74:65:b8:fe:cd:86:3a:84:92:47:63:b5:09:
         ff:02:7b:cf:0a:6c:fc:64:6f:0d:1b:b1:47:a8:a3:3e:34:49:
         8e:e2:e3:55:2e:d4:f0:6e:78:c1:3f:f4:27:bc:19:e4:e8:58:
         90:db:3f:aa:05:bd:e6:a9:03:4e:06:81:e3:0c:04:27:bc:9b:
         7d:9e:25:b1:d1:8e:e5:60:d9:4a:02:02:f9:b3:89:51:3e:d1:
         b4:19:b2:de:88:7c:02:13:ea:17:27:96:de:80:1c:ac:f8:00:
         ae:ba:9e:b1:68:af:63:02:6b:6c:5c:36:17:c4:6e:a0:d7:41:
         e4:f6:16:29:04:55:43:c9:24:65:27:80:5f:6f:40:ea:d6:eb:
         3d:ee:84:eb:8e:6b:ea:31:05:ab:50:6f:c8:fb:40:51:12:4a:
         9c:1e:bf:5e:06:b0:11:df:ea:2a:67:13:29:bb:c3:6a:c0:9a:
         ec:b4:92:e4:87:4c:32:a1:6f:32:11:a4:4d:3c:41:05:ba:41:
         79:be:79:59:6b:55:c5:4f:53:d2:46:21:5b:26:c8:2c:c0:0d:
         a6:b7:4f:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIDPbSwv5HrnoZfVVE7unMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzIzZjI0NWI2YzgwN2UxNmQ5OTRjZDM1YjYwZWJiZGRmY2YzZjRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuLCW8LmYsQXxTsKCA6Warnh0ubEy
S7n4UqskTCXcpmaFBA73LAY+Pui8S7yH25lpafZIl+wtCn64tE0RrI0YBIqGMk2E
O9+mYY8e/jGHUm7Vv9raOGX5BLIA2JNTNzTGfYe/C+BklJ8CfeDyu2eG1GqgUUed
oKySr8jpDfqfQDFA5XHMcWtQVLHyACFwv7EkWOrqlblO3sPg2Nk65XwZIXde4s66
10yqj+wVDGGwSwJUJ4509qAwiwX/8ecjACMNSQkCqpYkDS+BUb17nsmNywjdyRpx
Bn5Xc2WNiqn7m8Czv09wIchwdAw0/rQlGAA1fSvOsu+vztCN5dMR2iVUIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNMj8kW2yAfhbZlM01tg673fzz9PMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvMHlQeVJiYklCLUZ0bVV6VFcyRHJ2ZF9QUDA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAud+aMA0G
CSqGSIb3DQEBCwUAA4IBAQCx1KB3pay0vxYjvQMekIV56ASgWvYpdhq2K/VQOMT4
X0Ie3pL1JjuZk3RluP7NhjqEkkdjtQn/AnvPCmz8ZG8NG7FHqKM+NEmO4uNVLtTw
bnjBP/QnvBnk6FiQ2z+qBb3mqQNOBoHjDAQnvJt9niWx0Y7lYNlKAgL5s4lRPtG0
GbLeiHwCE+oXJ5begBys+ACuup6xaK9jAmtsXDYXxG6g10Hk9hYpBFVDySRlJ4Bf
b0Dq1us97oTrjmvqMQWrUG/I+0BREkqcHr9eBrAR3+oqZxMpu8NqwJrstJLkh0wy
oW8yEaRNPEEFukF5vnlZa1XFT1PSRiFbJsgswA2mt08r
-----END CERTIFICATE-----