Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4S2Voa5r7-9Ge_Jj53NBCElLbk4.roa
File:                     4S2Voa5r7-9Ge_Jj53NBCElLbk4.roa (raw, json)
Hash identifier:          UQTn4ObMA4Vmg+R9hFFyRQHA3kBxa2zUU7bZE78TW0g=
Subject key identifier:   E1:2D:95:A1:AE:6B:EF:EF:46:7B:F2:63:E7:73:41:08:49:4B:6E:4E
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019422204F1EF3A20451BEA367E615E1E5B0
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4S2Voa5r7-9Ge_Jj53NBCElLbk4.roa
Signing time:             Wed 01 Jan 2025 13:48:50 +0000
ROA not before:           Wed 01 Jan 2025 13:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212504
IP address blocks:        185.218.21.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 21:50:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:4f:1e:f3:a2:04:51:be:a3:67:e6:15:e1:e5:b0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e12d95a1ae6befef467bf263e7734108494b6e4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:93:79:d9:56:63:44:92:30:3f:c0:77:c7:f8:
                    98:12:04:2e:32:71:77:af:fa:39:95:a1:5b:90:46:
                    35:59:c2:a8:fc:e5:fc:3a:de:b5:6e:55:88:a8:0f:
                    1d:da:d9:ce:3d:3d:de:55:c1:e5:12:22:29:8c:ee:
                    80:a7:ea:f7:31:93:5b:b4:42:29:d8:78:af:b8:cb:
                    72:b0:c4:03:5f:36:b6:52:a3:ac:78:39:9f:6e:09:
                    7b:62:7d:31:eb:4b:ba:72:56:c5:68:af:b3:83:e0:
                    62:47:ea:57:28:d5:7b:f3:40:32:24:dd:55:f7:25:
                    07:f6:87:9b:b1:58:de:25:68:1b:c0:1e:70:f2:dd:
                    61:e6:c2:80:6d:e4:3e:f2:cc:65:18:02:68:61:4e:
                    a2:3c:2b:56:3a:5a:21:98:3d:90:e6:5f:1e:9d:7d:
                    3c:3c:32:4d:c2:1f:8d:60:62:92:a5:bb:57:31:79:
                    6a:d6:b2:0d:b5:da:2b:2a:56:af:49:1a:49:6e:35:
                    0a:06:2d:2f:a4:8e:fd:15:64:43:54:4e:d0:69:56:
                    ea:a7:ff:88:cd:b2:ff:cc:bd:86:48:7f:1b:dd:1c:
                    32:62:9f:c7:9f:51:f4:49:1b:0d:e8:98:2b:76:b5:
                    e8:6b:ac:bf:88:d6:0e:47:e8:1e:54:1b:01:9c:6e:
                    d4:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:2D:95:A1:AE:6B:EF:EF:46:7B:F2:63:E7:73:41:08:49:4B:6E:4E
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4S2Voa5r7-9Ge_Jj53NBCElLbk4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.21.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:8b:2b:20:5d:31:24:fc:63:b7:dd:9d:4f:69:17:b9:1a:b5:
         79:6e:6a:bb:4f:d7:9e:53:e9:78:d6:7d:52:4f:72:c4:75:e0:
         f3:67:75:77:e9:64:ef:0f:4d:ad:91:e6:f7:47:c9:90:6c:fb:
         16:49:40:65:7a:e3:e8:ea:36:52:41:04:92:b5:5f:7f:3e:c0:
         06:65:d2:88:71:f0:43:0c:e1:54:f8:2f:25:c0:a8:78:12:06:
         a9:99:fe:40:d7:15:fe:9f:73:1e:6a:f9:7e:78:c7:1a:86:20:
         bd:05:02:9f:fb:0d:7b:b0:1b:10:1e:0b:6e:82:09:2b:97:10:
         95:89:5a:5d:a3:68:32:eb:19:0a:05:29:dd:44:40:1a:7a:8c:
         5f:10:de:5f:77:e6:b0:c3:3f:ca:66:0c:38:57:ca:fe:3b:a4:
         cd:71:5a:c9:8e:be:d0:19:49:ce:cf:f5:00:ae:7f:70:07:68:
         c0:38:61:68:46:d1:3a:e7:a0:4f:3a:ca:7d:51:9b:1c:db:90:
         45:d8:3d:6c:93:86:d7:3b:0c:7b:2f:e6:ed:72:d1:5e:a1:46:
         8d:8b:5c:53:3a:4b:9c:25:0a:19:c5:a9:5d:75:c4:f3:ca:c8:
         9d:7c:a8:9a:ee:df:f1:4f:20:8c:0e:d1:3e:ff:d8:91:bb:39:
         dc:80:9a:4b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIE8e86IEUb6jZ+YV4eWwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTJkOTVhMWFlNmJlZmVmNDY3YmYyNjNlNzczNDEwODQ5NGI2ZTRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnpN52VZjRJIwP8B3x/iYEgQuMnF3
r/o5laFbkEY1WcKo/OX8Ot61blWIqA8d2tnOPT3eVcHlEiIpjO6Ap+r3MZNbtEIp
2HivuMtysMQDXza2UqOseDmfbgl7Yn0x60u6clbFaK+zg+BiR+pXKNV780AyJN1V
9yUH9oebsVjeJWgbwB5w8t1h5sKAbeQ+8sxlGAJoYU6iPCtWOlohmD2Q5l8enX08
PDJNwh+NYGKSpbtXMXlq1rINtdorKlavSRpJbjUKBi0vpI79FWRDVE7QaVbqp/+I
zbL/zL2GSH8b3RwyYp/Hn1H0SRsN6JgrdrXoa6y/iNYOR+geVBsBnG7UUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOEtlaGua+/vRnvyY+dzQQhJS25OMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvNFMyVm9hNXI3LTlHZV9KajUzTkJDRWxMYms0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudoVMA0G
CSqGSIb3DQEBCwUAA4IBAQBAiysgXTEk/GO33Z1PaRe5GrV5bmq7T9eeU+l41n1S
T3LEdeDzZ3V36WTvD02tkeb3R8mQbPsWSUBleuPo6jZSQQSStV9/PsAGZdKIcfBD
DOFU+C8lwKh4Egapmf5A1xX+n3Meavl+eMcahiC9BQKf+w17sBsQHgtuggkrlxCV
iVpdo2gy6xkKBSndREAaeoxfEN5fd+awwz/KZgw4V8r+O6TNcVrJjr7QGUnOz/UA
rn9wB2jAOGFoRtE656BPOsp9UZsc25BF2D1sk4bXOwx7L+btctFeoUaNi1xTOkuc
JQoZxalddcTzysidfKia7t/xTyCMDtE+/9iRuzncgJpL
-----END CERTIFICATE-----