Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1-6WUWqXN5KxVvBcizVmYbw9EMlI.roa
File:                     1-6WUWqXN5KxVvBcizVmYbw9EMlI.roa (raw, json)
Hash identifier:          9ezJ81eU6/Av+w3dl4BqeG2QkDmlionj+e6ZwNfW164=
Subject key identifier:   FB:A5:94:5A:A5:CD:E4:AC:55:BC:17:22:CD:59:98:6F:0F:44:32:52
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0194222014391F92B7C57F56953C9E749F99
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1-6WUWqXN5KxVvBcizVmYbw9EMlI.roa
Signing time:             Wed 01 Jan 2025 13:48:35 +0000
ROA not before:           Wed 01 Jan 2025 13:48:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     1680
IP address blocks:        185.126.81.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:14:39:1f:92:b7:c5:7f:56:95:3c:9e:74:9f:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fba5945aa5cde4ac55bc1722cd59986f0f443252
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:d1:74:c7:d3:bf:e6:e6:38:ab:47:82:43:df:
                    8e:2c:8c:06:ed:3e:ed:89:46:10:ca:6c:03:44:51:
                    de:66:e0:71:2f:df:dc:8c:da:b1:c0:ee:44:d1:20:
                    cf:41:e7:49:6a:35:3c:52:32:23:d7:e2:5a:8c:b8:
                    3a:d7:b4:d6:16:e2:1a:7a:ae:d6:b8:6b:a8:c1:46:
                    15:00:02:5b:b0:fc:28:59:9b:e1:39:a1:a5:05:59:
                    00:39:2d:bf:68:82:77:0c:f9:1d:9a:44:92:75:a0:
                    69:6d:04:bc:ab:bb:d3:e0:a3:1b:b3:c2:15:db:c7:
                    e5:67:6a:63:35:08:88:03:c1:7d:a4:6c:3d:87:76:
                    d5:54:9b:3e:2c:04:ca:1f:42:59:b8:33:27:8f:eb:
                    c5:8e:1a:56:78:d2:95:32:0c:7e:1e:8d:eb:01:d1:
                    2e:9b:5f:1e:89:f5:46:70:3d:2d:60:24:80:dc:7d:
                    70:08:13:26:96:77:d0:48:43:77:a2:98:91:ff:63:
                    3a:1d:9e:90:fe:d0:b6:d6:8c:aa:cd:27:81:b0:c0:
                    07:d4:7c:d7:8e:a8:70:39:86:74:42:03:9a:9a:ed:
                    ad:84:07:10:96:b0:9c:bb:be:55:a9:80:6c:01:4a:
                    ef:5a:d4:a4:bd:3f:b1:ab:99:43:52:56:07:e5:c8:
                    b5:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:A5:94:5A:A5:CD:E4:AC:55:BC:17:22:CD:59:98:6F:0F:44:32:52
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/1-6WUWqXN5KxVvBcizVmYbw9EMlI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.81.0/24

    Signature Algorithm: sha256WithRSAEncryption
         74:57:f4:e4:c1:9d:66:11:fe:01:0c:6a:de:02:8d:0e:ea:54:
         95:85:6b:c8:24:7b:14:29:39:be:1a:5b:9c:0c:8b:b4:89:af:
         53:15:76:3b:d8:70:d8:da:71:a2:b2:f0:b3:65:63:9a:70:fc:
         6e:26:bc:fe:d9:38:ef:bf:60:fb:a6:7a:d5:5f:7c:6c:a3:8e:
         eb:34:58:90:3e:fe:33:67:e9:a6:1b:a6:f9:51:fd:cd:85:a9:
         62:76:35:ab:94:df:a1:76:89:1b:48:f1:a8:4e:d2:52:33:ac:
         22:2e:08:26:f3:19:2b:a5:b5:b5:38:a6:01:c3:dd:26:00:13:
         59:f2:85:0e:9b:cd:26:d9:94:d2:94:cb:c9:a0:a9:a1:70:44:
         ed:4c:16:05:7f:91:88:46:33:70:5e:0d:cf:9b:08:28:7d:bf:
         59:b0:99:9a:cd:ad:fb:ad:50:a2:6e:1a:e1:4a:df:1f:12:11:
         bc:d3:27:1c:63:b4:a7:a0:e0:76:c2:33:b6:c3:37:74:00:4e:
         81:e8:fa:91:f1:58:dc:3d:b7:83:f1:75:57:1f:7b:fc:3c:69:
         cc:e1:25:af:30:fd:20:9d:3f:10:7a:9f:9c:5f:e9:be:7a:14:
         33:da:d3:f2:5e:1e:8d:e3:f7:a2:c7:f2:e5:41:7e:59:4e:25:
         92:de:a0:e3
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQiIBQ5H5K3xX9WlTyedJ+ZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYmE1OTQ1YWE1Y2RlNGFjNTViYzE3MjJjZDU5OTg2ZjBmNDQzMjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwdF0x9O/5uY4q0eCQ9+OLIwG7T7t
iUYQymwDRFHeZuBxL9/cjNqxwO5E0SDPQedJajU8UjIj1+JajLg617TWFuIaeq7W
uGuowUYVAAJbsPwoWZvhOaGlBVkAOS2/aIJ3DPkdmkSSdaBpbQS8q7vT4KMbs8IV
28flZ2pjNQiIA8F9pGw9h3bVVJs+LATKH0JZuDMnj+vFjhpWeNKVMgx+Ho3rAdEu
m18eifVGcD0tYCSA3H1wCBMmlnfQSEN3opiR/2M6HZ6Q/tC21oyqzSeBsMAH1HzX
jqhwOYZ0QgOamu2thAcQlrCcu75VqYBsAUrvWtSkvT+xq5lDUlYH5ci1/QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPullFqlzeSsVbwXIs1ZmG8PRDJSMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvMS02V1VXcVhONUt4VnZCY2l6Vm1ZYnc5RU1sSS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZDAvMmI4MzRlLWJhZDItNDlmZi1iYTM4LWI0MzQyYmE5MWFi
Yy8xL1lHZUV3UVVJVzUxcTFmYzZBN0lObWx3UlRLOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEALl+UTAN
BgkqhkiG9w0BAQsFAAOCAQEAdFf05MGdZhH+AQxq3gKNDupUlYVryCR7FCk5vhpb
nAyLtImvUxV2O9hw2NpxorLws2VjmnD8bia8/tk4779g+6Z61V98bKOO6zRYkD7+
M2fpphum+VH9zYWpYnY1q5TfoXaJG0jxqE7SUjOsIi4IJvMZK6W1tTimAcPdJgAT
WfKFDpvNJtmU0pTLyaCpoXBE7UwWBX+RiEYzcF4Nz5sIKH2/WbCZms2t+61Qom4a
4UrfHxIRvNMnHGO0p6DgdsIztsM3dABOgej6kfFY3D23g/F1Vx97/DxpzOElrzD9
IJ0/EHqfnF/pvnoUM9rT8l4ejeP3osfy5UF+WU4lkt6g4w==
-----END CERTIFICATE-----