Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/8CS42xjXeGGOprdpsU15QBUfO24.roa
File:                     8CS42xjXeGGOprdpsU15QBUfO24.roa (raw, json)
Hash identifier:          bZvx5OQbpZuwyn4mEHFxYjYPcsOBLQva/B1pahfLAHE=
Subject key identifier:   F0:24:B8:DB:18:D7:78:61:8E:A6:B7:69:B1:4D:79:40:15:1F:3B:6E
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019422202D6F056A9D9B56D9CC3BCB2CCE62
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/8CS42xjXeGGOprdpsU15QBUfO24.roa
Signing time:             Wed 01 Jan 2025 13:48:41 +0000
ROA not before:           Wed 01 Jan 2025 13:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     62240
IP address blocks:        185.199.157.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 04 Apr 2025 13:43:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:2d:6f:05:6a:9d:9b:56:d9:cc:3b:cb:2c:ce:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=f024b8db18d778618ea6b769b14d7940151f3b6e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:53:3b:16:f1:11:2b:61:64:2c:28:07:ab:71:
                    af:4b:33:72:9f:32:1d:e8:ec:bd:5e:22:37:43:41:
                    85:eb:ed:b6:57:42:77:d7:b5:ab:c1:5a:b0:c7:53:
                    5f:eb:5e:fa:cc:c4:3b:ba:1c:94:86:1b:f7:11:03:
                    45:89:3f:c8:e8:fd:0e:4e:df:af:c2:75:e6:2d:a8:
                    51:a5:c6:f0:43:72:26:0b:a9:7a:d4:3f:9c:6a:d1:
                    29:46:66:9e:41:dd:14:5c:e0:d6:90:3f:ac:ca:48:
                    4e:e3:68:7d:fd:00:a6:fc:32:73:bc:5d:29:09:ba:
                    75:34:18:b9:63:c3:46:2d:af:7c:5f:bb:7a:df:28:
                    ec:29:bf:2d:43:2b:65:83:20:7e:1d:7c:bf:a5:d9:
                    9f:8e:3b:1f:58:e9:03:30:d4:e7:d2:1b:16:e9:4f:
                    1b:c0:dc:50:ad:b8:56:90:46:27:ac:c1:b6:c0:aa:
                    1d:83:3c:64:ef:c7:6e:6c:de:12:52:e0:22:67:b2:
                    05:2b:34:b1:dc:4f:43:b9:59:d7:08:75:cc:d1:66:
                    f8:21:48:83:d6:75:f6:fd:79:90:b8:a3:de:ab:03:
                    c3:89:e3:00:5a:22:84:57:cf:3a:7d:26:e0:4d:88:
                    ea:5b:78:dc:38:8b:4f:06:c5:1f:de:47:ba:63:c8:
                    34:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:24:B8:DB:18:D7:78:61:8E:A6:B7:69:B1:4D:79:40:15:1F:3B:6E
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/8CS42xjXeGGOprdpsU15QBUfO24.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.199.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         67:1f:0f:82:47:bc:2d:82:52:e6:09:5b:f8:eb:6e:e2:c7:9f:
         65:8a:85:ff:81:e1:9c:19:6e:b8:71:cc:b5:d3:b7:ff:d4:5a:
         70:54:6c:9a:f5:1d:8c:ea:4b:88:9a:42:e1:8b:96:fd:29:99:
         b9:6e:26:05:9e:73:1d:75:b4:14:c8:a4:f4:fd:ea:a3:e1:d0:
         6f:71:fb:97:ad:1e:76:4d:f3:f7:5a:f7:40:0b:3f:4b:fa:3d:
         0f:71:36:53:8f:4d:8b:50:ef:15:00:bb:41:0f:1e:33:03:25:
         b0:5a:ac:f8:8d:6c:64:b4:5d:6f:de:34:b0:df:89:81:a2:d1:
         77:5c:08:2e:0a:09:ec:fb:56:74:61:58:fe:71:40:41:f6:cd:
         b1:3e:e6:69:2d:e0:c7:c6:23:b2:17:44:e7:cd:05:87:38:22:
         f7:63:d4:cc:68:15:44:f5:7b:c1:d4:ea:39:14:ee:cb:2a:4a:
         00:7c:55:9a:0f:68:0a:dd:e7:09:96:e6:76:d2:12:a5:f6:ee:
         3e:87:89:dc:1c:1a:49:71:da:67:a7:3a:3b:81:e8:80:aa:78:
         43:24:09:3e:59:66:33:97:e1:85:c3:80:06:a6:fa:48:d2:68:
         45:38:a3:d6:4e:c7:46:fc:16:6c:85:0f:42:6c:7d:ed:ae:e3:
         da:00:b4:29
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIC1vBWqdm1bZzDvLLM5iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDI0YjhkYjE4ZDc3ODYxOGVhNmI3NjliMTRkNzk0MDE1MWYzYjZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlM7FvERK2FkLCgHq3GvSzNynzId
6Oy9XiI3Q0GF6+22V0J317WrwVqwx1Nf6176zMQ7uhyUhhv3EQNFiT/I6P0OTt+v
wnXmLahRpcbwQ3ImC6l61D+catEpRmaeQd0UXODWkD+sykhO42h9/QCm/DJzvF0p
Cbp1NBi5Y8NGLa98X7t63yjsKb8tQytlgyB+HXy/pdmfjjsfWOkDMNTn0hsW6U8b
wNxQrbhWkEYnrMG2wKodgzxk78dubN4SUuAiZ7IFKzSx3E9DuVnXCHXM0Wb4IUiD
1nX2/XmQuKPeqwPDieMAWiKEV886fSbgTYjqW3jcOItPBsUf3ke6Y8g0IQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPAkuNsY13hhjqa3abFNeUAVHztuMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvOENTNDJ4alhlR0dPcHJkcHNVMTVRQlVmTzI0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucedMA0G
CSqGSIb3DQEBCwUAA4IBAQBnHw+CR7wtglLmCVv4627ix59lioX/geGcGW64ccy1
07f/1FpwVGya9R2M6kuImkLhi5b9KZm5biYFnnMddbQUyKT0/eqj4dBvcfuXrR52
TfP3WvdACz9L+j0PcTZTj02LUO8VALtBDx4zAyWwWqz4jWxktF1v3jSw34mBotF3
XAguCgns+1Z0YVj+cUBB9s2xPuZpLeDHxiOyF0TnzQWHOCL3Y9TMaBVE9XvB1Oo5
FO7LKkoAfFWaD2gK3ecJluZ20hKl9u4+h4ncHBpJcdpnpzo7geiAqnhDJAk+WWYz
l+GFw4AGpvpI0mhFOKPWTsdG/BZshQ9CbH3truPaALQp
-----END CERTIFICATE-----