Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LGsE5jMfk1_kVCct08ai4eoNtyA.roa
File:                     LGsE5jMfk1_kVCct08ai4eoNtyA.roa (raw, json)
Hash identifier:          aGS16x4XDe4nW/Qn2RfX+evk5gc/pfmG4fRJEB05OIk=
Subject key identifier:   2C:6B:04:E6:33:1F:93:5F:E4:54:27:2D:D3:C6:A2:E1:EA:0D:B7:20
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01967750DE71B02685DFFCBC20D35FFBC728
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LGsE5jMfk1_kVCct08ai4eoNtyA.roa
Signing time:             Sun 27 Apr 2025 12:55:10 +0000
ROA not before:           Sun 27 Apr 2025 12:55:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        185.232.206.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 18:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:77:50:de:71:b0:26:85:df:fc:bc:20:d3:5f:fb:c7:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Apr 27 12:55:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2c6b04e6331f935fe454272dd3c6a2e1ea0db720
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:24:16:70:c1:04:77:7c:b0:75:52:5f:64:4d:
                    9a:05:9d:94:55:ee:16:7d:ab:ea:37:11:22:ca:72:
                    5e:bf:3f:41:68:4e:7e:21:38:72:f9:8d:a5:d1:92:
                    8a:73:d4:84:85:54:a8:61:f5:ae:49:84:0a:de:8d:
                    f6:ef:84:03:cd:f0:73:68:8a:30:6d:db:2d:bd:cf:
                    ad:7f:89:8c:b7:60:df:e4:48:77:bc:d9:53:76:32:
                    cd:e4:0b:0f:12:82:3f:ff:a2:09:5d:eb:fd:65:75:
                    d5:fc:7d:7f:f5:24:a5:b6:1f:42:ca:99:ed:50:3b:
                    4b:01:d2:02:ba:99:07:fc:1c:dc:aa:0c:f5:46:78:
                    20:71:65:9b:50:78:9d:9e:77:b6:ea:98:e6:0c:f3:
                    9c:10:2f:f7:fc:22:1a:4c:af:2a:ed:de:ac:05:a8:
                    09:43:0e:de:0e:aa:36:1a:d0:96:69:a4:49:be:bd:
                    ff:fe:7e:23:98:fd:bd:b0:48:38:80:ab:5e:b9:d4:
                    59:ae:e4:09:90:f8:b5:61:67:64:e9:2e:a4:fb:ca:
                    2f:34:6d:c2:63:0d:dd:4c:4e:c4:5e:32:e2:41:d6:
                    4a:f9:db:01:93:a4:a8:69:e0:d4:fa:dc:b7:c8:a6:
                    57:24:b8:d1:16:c9:62:1b:2e:40:26:fe:6c:40:78:
                    92:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:6B:04:E6:33:1F:93:5F:E4:54:27:2D:D3:C6:A2:E1:EA:0D:B7:20
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/LGsE5jMfk1_kVCct08ai4eoNtyA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.232.206.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:01:6e:3e:6c:d7:71:18:63:74:77:58:bd:09:4c:e2:a3:c7:
         67:b3:8c:41:2c:21:16:80:19:d8:54:17:36:0a:22:a6:be:cb:
         b4:27:bf:6d:5e:42:bf:a6:a2:b7:0a:0a:07:9a:ca:4c:a0:77:
         b9:cb:e5:c3:ff:31:e2:b3:d1:c4:41:c1:04:41:81:45:75:aa:
         d7:27:db:ab:cf:f1:0c:de:e9:78:18:5f:12:e4:03:93:9a:10:
         a9:eb:67:df:7d:f7:50:d1:b2:d4:bd:d8:1b:92:e4:bb:07:d4:
         9e:c0:c4:3b:f6:be:2d:16:20:50:10:27:de:ce:63:2a:85:ed:
         d2:50:bf:11:7d:7d:f1:fe:26:9f:b4:3f:37:15:c5:b6:26:31:
         2f:79:1e:dd:e3:0b:f2:49:66:9c:3d:c3:07:38:08:ce:31:3a:
         27:a7:c5:a7:8a:14:1f:d4:05:35:92:01:d5:33:59:e8:13:f6:
         1b:ba:00:a2:27:ec:08:01:e4:21:4a:1f:d9:f2:56:80:6d:f4:
         17:6b:48:cf:ce:f4:2b:bf:3b:1e:17:5b:c2:5b:20:5a:8d:99:
         06:da:c1:cf:7f:c3:d5:72:5b:7e:18:fe:98:37:90:8a:63:2f:
         78:2c:95:87:3d:10:f4:d2:7c:45:1e:52:d7:b8:88:54:9e:6c:
         9d:13:70:d9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZ3UN5xsCaF3/y8INNf+8coMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNDI3MTI1NTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzZiMDRlNjMzMWY5MzVmZTQ1NDI3MmRkM2M2YTJlMWVhMGRiNzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyiQWcMEEd3ywdVJfZE2aBZ2UVe4W
favqNxEiynJevz9BaE5+IThy+Y2l0ZKKc9SEhVSoYfWuSYQK3o3274QDzfBzaIow
bdstvc+tf4mMt2Df5Eh3vNlTdjLN5AsPEoI//6IJXev9ZXXV/H1/9SSlth9Cypnt
UDtLAdICupkH/Bzcqgz1RnggcWWbUHidnne26pjmDPOcEC/3/CIaTK8q7d6sBagJ
Qw7eDqo2GtCWaaRJvr3//n4jmP29sEg4gKteudRZruQJkPi1YWdk6S6k+8ovNG3C
Yw3dTE7EXjLiQdZK+dsBk6SoaeDU+ty3yKZXJLjRFsliGy5AJv5sQHiSDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCxrBOYzH5Nf5FQnLdPGouHqDbcgMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvTEdzRTVqTWZrMV9rVkNjdDA4YWk0ZW9OdHlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuejOMA0G
CSqGSIb3DQEBCwUAA4IBAQCbAW4+bNdxGGN0d1i9CUzio8dns4xBLCEWgBnYVBc2
CiKmvsu0J79tXkK/pqK3CgoHmspMoHe5y+XD/zHis9HEQcEEQYFFdarXJ9urz/EM
3ul4GF8S5AOTmhCp62ffffdQ0bLUvdgbkuS7B9SewMQ79r4tFiBQECfezmMqhe3S
UL8RfX3x/iaftD83FcW2JjEveR7d4wvySWacPcMHOAjOMTonp8WnihQf1AU1kgHV
M1noE/YbugCiJ+wIAeQhSh/Z8laAbfQXa0jPzvQrvzseF1vCWyBajZkG2sHPf8PV
clt+GP6YN5CKYy94LJWHPRD00nxFHlLXuIhUnmydE3DZ
-----END CERTIFICATE-----