Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/5WI-yxqTpkz1yvUShgAAxJMfIIo.roa
File:                     5WI-yxqTpkz1yvUShgAAxJMfIIo.roa (raw, json)
Hash identifier:          jgy7mHyXGmWxXef9eeTREKDMneRqSGeJUXEO0oH7+X4=
Subject key identifier:   E5:62:3E:CB:1A:93:A6:4C:F5:CA:F5:12:86:00:00:C4:93:1F:20:8A
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01902AE600D30FBD2FB5CE1796634FE97E82
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/5WI-yxqTpkz1yvUShgAAxJMfIIo.roa
Signing time:             Tue 18 Jun 2024 10:30:34 +0000
ROA not before:           Tue 18 Jun 2024 10:30:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     216183
IP address blocks:        185.206.249.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:2a:e6:00:d3:0f:bd:2f:b5:ce:17:96:63:4f:e9:7e:82
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jun 18 10:30:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=e5623ecb1a93a64cf5caf512860000c4931f208a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7d:51:e6:2d:25:0b:87:77:66:d5:62:17:85:
                    81:f9:f3:19:3d:ca:ab:59:85:ec:91:21:ea:70:9a:
                    6d:9c:11:52:35:17:41:3a:fa:6a:59:70:7f:17:48:
                    bc:45:60:41:fb:bb:f8:ab:f2:c0:c7:65:72:d3:91:
                    d9:76:4d:7c:51:ff:b9:7f:e9:e1:42:b7:47:11:0d:
                    a4:12:c4:46:e0:37:f3:fb:ec:7b:7c:60:af:86:f0:
                    1e:20:3a:67:0d:62:ff:ba:5b:35:0d:a2:00:fb:fd:
                    8b:33:63:c3:0a:7f:74:75:db:6a:ef:1f:3c:bd:91:
                    03:66:1b:f4:c3:66:09:c2:a1:bd:86:5b:cf:04:f8:
                    05:9b:7d:5d:7e:3f:d9:ba:9a:ee:db:19:8b:93:13:
                    fe:cb:bc:21:8b:31:67:7d:a8:4d:25:1b:02:8e:45:
                    25:b7:81:1a:5e:b8:85:a2:d7:63:50:4a:42:ad:fb:
                    98:b0:16:1d:f8:8d:96:2c:b7:cd:e4:10:1b:88:9f:
                    0f:7c:83:7e:cd:00:9e:be:df:ce:d1:0c:40:9f:1a:
                    29:92:67:98:2c:80:2e:54:13:8b:86:c3:87:00:da:
                    10:9c:8d:35:b2:44:17:79:00:74:b9:6d:cc:b2:8f:
                    a0:1e:fe:2b:8b:5d:77:69:dd:cb:09:2e:d7:15:1f:
                    7d:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:62:3E:CB:1A:93:A6:4C:F5:CA:F5:12:86:00:00:C4:93:1F:20:8A
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/5WI-yxqTpkz1yvUShgAAxJMfIIo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:80:bf:49:ff:1a:3a:e9:a7:63:0e:5e:ad:0d:97:4e:e0:4c:
         5e:7d:64:bf:4d:c4:71:45:2d:5a:1e:a6:06:5b:55:dd:12:d3:
         46:50:01:f1:ab:31:1a:5e:fb:9c:c3:f9:5a:2b:c5:e1:63:c1:
         28:49:99:8b:2a:8a:f7:f2:d8:e2:29:28:82:28:60:32:f8:9c:
         ee:34:54:6e:5c:0b:ce:33:20:ee:b3:e9:87:c9:aa:b6:f6:06:
         75:93:5a:47:6c:0b:0d:bd:6e:84:96:93:b1:4f:ee:8d:3d:eb:
         08:bd:c5:5f:53:8f:7e:d8:bc:94:8c:6a:d7:f5:37:fd:86:3e:
         c8:a4:21:2a:f6:7f:58:ba:a1:b0:e5:fe:a8:b0:68:ce:ab:55:
         b1:8b:15:5d:5b:88:ee:30:a7:aa:8a:a7:b6:78:32:d8:e6:82:
         eb:f3:85:62:1e:57:6f:de:51:fb:f7:f2:fb:1a:18:a2:d5:43:
         39:ed:bc:99:31:c7:e3:16:70:52:79:fc:40:16:2e:d9:88:a4:
         fa:1b:0c:dc:ad:f8:79:40:35:f5:4e:14:ce:c3:98:c6:83:c1:
         ed:d4:8e:d5:80:0d:f2:18:84:bf:1d:ce:e6:32:ff:a7:b4:7d:
         21:69:33:60:72:17:32:e7:c0:01:47:0a:22:75:4e:5b:bd:93:
         91:49:00:40
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZAq5gDTD70vtc4XlmNP6X6CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwNjE4MTAzMDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTYyM2VjYjFhOTNhNjRjZjVjYWY1MTI4NjAwMDBjNDkzMWYyMDhhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvn1R5i0lC4d3ZtViF4WB+fMZPcqr
WYXskSHqcJptnBFSNRdBOvpqWXB/F0i8RWBB+7v4q/LAx2Vy05HZdk18Uf+5f+nh
QrdHEQ2kEsRG4Dfz++x7fGCvhvAeIDpnDWL/uls1DaIA+/2LM2PDCn90ddtq7x88
vZEDZhv0w2YJwqG9hlvPBPgFm31dfj/Zupru2xmLkxP+y7whizFnfahNJRsCjkUl
t4EaXriFotdjUEpCrfuYsBYd+I2WLLfN5BAbiJ8PfIN+zQCevt/O0QxAnxopkmeY
LIAuVBOLhsOHANoQnI01skQXeQB0uW3Mso+gHv4ri113ad3LCS7XFR99GQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOViPssak6ZM9cr1EoYAAMSTHyCKMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvNVdJLXl4cVRwa3oxeXZVU2hnQUF4Sk1mSUlvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc75MA0G
CSqGSIb3DQEBCwUAA4IBAQB/gL9J/xo66adjDl6tDZdO4ExefWS/TcRxRS1aHqYG
W1XdEtNGUAHxqzEaXvucw/laK8XhY8EoSZmLKor38tjiKSiCKGAy+JzuNFRuXAvO
MyDus+mHyaq29gZ1k1pHbAsNvW6ElpOxT+6NPesIvcVfU49+2LyUjGrX9Tf9hj7I
pCEq9n9YuqGw5f6osGjOq1WxixVdW4juMKeqiqe2eDLY5oLr84ViHldv3lH79/L7
Ghii1UM57byZMcfjFnBSefxAFi7ZiKT6Gwzcrfh5QDX1ThTOw5jGg8Ht1I7VgA3y
GIS/Hc7mMv+ntH0haTNgchcy58ABRwoidU5bvZORSQBA
-----END CERTIFICATE-----