Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4iUJDPcXXaHqmviz2ExR-nIzHBc.roa
File:                     4iUJDPcXXaHqmviz2ExR-nIzHBc.roa (raw, json)
Hash identifier:          IVu0kbRCua2eqcZcOWP7IvDDTpfFBf+43+wZW6EoPrI=
Subject key identifier:   E2:25:09:0C:F7:17:5D:A1:EA:9A:F8:B3:D8:4C:51:FA:72:33:1C:17
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01942220565CBCED076BB2F5C628B05B3438
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4iUJDPcXXaHqmviz2ExR-nIzHBc.roa
Signing time:             Wed 01 Jan 2025 13:48:52 +0000
ROA not before:           Wed 01 Jan 2025 13:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215235
IP address blocks:        185.254.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 23:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:56:5c:bc:ed:07:6b:b2:f5:c6:28:b0:5b:34:38
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e225090cf7175da1ea9af8b3d84c51fa72331c17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:a1:93:ed:42:98:6b:5f:0f:58:26:f9:4d:33:
                    d7:a5:06:c7:0a:87:56:80:3e:89:05:3f:72:1a:77:
                    aa:60:46:8a:6a:c2:12:8f:32:3e:e0:13:74:ca:26:
                    3c:16:40:7e:78:3d:fc:84:b3:49:fa:09:5b:d3:dd:
                    27:40:2f:12:57:d6:7f:ac:be:7d:24:aa:45:60:04:
                    15:e8:f1:ba:a8:fa:ad:29:a7:db:36:2e:8b:90:62:
                    8b:b9:14:5c:19:bd:ec:4d:5a:eb:56:59:76:6c:f0:
                    b4:d0:81:24:cf:93:70:0d:2d:e0:d9:f6:1b:f9:23:
                    05:87:a5:1a:49:3a:df:2b:fe:2e:d1:c5:1a:7d:d4:
                    a5:43:88:77:70:f5:f0:20:58:4e:8b:d9:e1:a0:df:
                    ba:59:83:cb:bb:bf:b0:7b:1c:f6:2f:99:27:c5:39:
                    13:f8:f8:92:8e:e6:fa:85:f5:d5:00:7a:99:a9:c2:
                    cf:91:3d:fe:b1:08:58:12:dc:30:2f:d8:9d:0f:ed:
                    d1:fc:b0:53:d8:c2:a4:b0:9c:80:64:40:7c:21:b7:
                    36:39:ec:5c:aa:a1:28:b1:4e:c8:6f:6e:53:fb:bc:
                    56:92:10:03:6e:de:83:3d:92:2b:e6:ee:53:5f:31:
                    53:4e:5f:d5:0b:b0:2f:02:84:c4:97:62:d8:09:bb:
                    9e:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:25:09:0C:F7:17:5D:A1:EA:9A:F8:B3:D8:4C:51:FA:72:33:1C:17
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/4iUJDPcXXaHqmviz2ExR-nIzHBc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.254.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4f:79:60:c7:c1:94:8e:58:7c:5f:8d:f0:13:32:50:c8:06:10:
         a6:22:d6:dc:d3:b0:de:8f:24:9d:22:96:05:64:6f:8f:ff:18:
         44:61:72:3b:0e:d2:79:3f:93:4e:4c:58:1c:8a:b7:4c:93:0c:
         2c:63:2f:74:49:d1:6c:5c:9c:83:c7:2a:94:c8:0a:6d:dc:f5:
         a9:d1:54:6b:bb:ad:7a:12:d0:1e:04:ee:72:44:31:8e:98:02:
         50:1e:e1:87:d4:c7:37:34:0e:84:92:2a:be:0e:db:4a:05:cc:
         2f:55:ab:f1:cd:93:25:6a:a9:31:e2:fb:75:fa:01:ae:d6:ed:
         43:7c:36:24:10:3f:19:69:23:0f:7d:d7:78:1e:1d:64:85:df:
         4c:8d:6f:40:5f:6e:ec:44:33:86:5c:ac:72:10:58:39:59:fd:
         ca:ae:6f:ce:cd:c5:a1:a5:db:1e:19:c0:24:2a:5f:0b:60:c8:
         02:21:82:6c:5b:6d:fc:08:08:b5:f7:c2:e9:34:be:20:c3:70:
         ff:62:e0:ff:dd:8c:0e:c3:6d:28:a5:3d:3a:b5:91:07:89:fb:
         81:b8:ac:fa:55:a3:f9:dc:ac:17:8c:c4:35:59:82:69:60:fa:
         e4:16:d7:0a:1a:04:25:e8:a9:fd:da:b1:3a:5b:e1:04:9f:2b:
         ad:23:34:f5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIFZcvO0Ha7L1xiiwWzQ4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjI1MDkwY2Y3MTc1ZGExZWE5YWY4YjNkODRjNTFmYTcyMzMxYzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzqGT7UKYa18PWCb5TTPXpQbHCodW
gD6JBT9yGneqYEaKasISjzI+4BN0yiY8FkB+eD38hLNJ+glb090nQC8SV9Z/rL59
JKpFYAQV6PG6qPqtKafbNi6LkGKLuRRcGb3sTVrrVll2bPC00IEkz5NwDS3g2fYb
+SMFh6UaSTrfK/4u0cUafdSlQ4h3cPXwIFhOi9nhoN+6WYPLu7+wexz2L5knxTkT
+PiSjub6hfXVAHqZqcLPkT3+sQhYEtwwL9idD+3R/LBT2MKksJyAZEB8Ibc2Oexc
qqEosU7Ib25T+7xWkhADbt6DPZIr5u5TXzFTTl/VC7AvAoTEl2LYCbue0QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOIlCQz3F12h6pr4s9hMUfpyMxwXMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvNGlVSkRQY1hYYUhxbXZpejJFeFItbkl6SEJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuf6dMA0G
CSqGSIb3DQEBCwUAA4IBAQBPeWDHwZSOWHxfjfATMlDIBhCmItbc07DejySdIpYF
ZG+P/xhEYXI7DtJ5P5NOTFgcirdMkwwsYy90SdFsXJyDxyqUyApt3PWp0VRru616
EtAeBO5yRDGOmAJQHuGH1Mc3NA6Ekiq+DttKBcwvVavxzZMlaqkx4vt1+gGu1u1D
fDYkED8ZaSMPfdd4Hh1khd9MjW9AX27sRDOGXKxyEFg5Wf3Krm/OzcWhpdseGcAk
Kl8LYMgCIYJsW238CAi198LpNL4gw3D/YuD/3YwOw20opT06tZEHifuBuKz6VaP5
3KwXjMQ1WYJpYPrkFtcKGgQl6Kn92rE6W+EEnyutIzT1
-----END CERTIFICATE-----