Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ODgIb-eJKN9pg-wLnc6IZ7wMNvU.roa
File:                     ODgIb-eJKN9pg-wLnc6IZ7wMNvU.roa (raw, json)
Hash identifier:          juua2LO8WroJjBkf92pcZ/1vlGCgIhNZgthDNSAvniE=
Subject key identifier:   38:38:08:6F:E7:89:28:DF:69:83:EC:0B:9D:CE:88:67:BC:0C:36:F5
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0195A3457AEC6E7A127A0509F11CAA61A4F2
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ODgIb-eJKN9pg-wLnc6IZ7wMNvU.roa
Signing time:             Mon 17 Mar 2025 08:43:14 +0000
ROA not before:           Mon 17 Mar 2025 08:43:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60721
IP address blocks:        185.194.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a3:45:7a:ec:6e:7a:12:7a:05:09:f1:1c:aa:61:a4:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Mar 17 08:43:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3838086fe78928df6983ec0b9dce8867bc0c36f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:69:69:13:ba:45:22:59:e4:fa:41:4c:7d:91:
                    92:10:ec:ea:1b:00:7c:16:d9:2d:d7:17:33:19:92:
                    95:54:09:ea:a8:0a:0e:81:54:8f:99:85:ac:09:28:
                    34:b8:bb:47:9d:db:fc:e5:b4:77:14:72:64:4a:a3:
                    75:14:31:46:ff:ac:52:a4:ba:e4:63:78:dd:9a:02:
                    37:9e:80:cd:ee:d6:59:ae:48:68:c2:ba:f7:ec:7d:
                    5b:1e:44:ed:d5:ef:84:6c:c4:eb:cc:2a:08:cd:44:
                    12:9f:1f:e9:7c:e4:c9:a9:d0:e7:47:6d:6f:b7:35:
                    fc:3f:78:09:8c:36:94:92:63:c0:a5:b1:5b:45:b2:
                    f2:86:13:87:f6:1a:09:7a:53:84:f8:2c:59:c5:d7:
                    26:ed:cb:36:10:c6:43:47:ad:cd:44:c7:20:ec:ae:
                    e0:e4:fa:e5:43:48:b6:d1:d7:38:4f:c5:01:a9:f5:
                    ee:95:f8:9e:b2:68:6a:9c:45:b6:fe:d4:3e:55:d7:
                    34:17:34:46:e3:49:b6:4f:95:03:d5:b1:24:b7:fc:
                    1c:d0:f2:e5:67:6c:54:80:62:ef:2b:50:2c:8a:08:
                    d6:47:33:4c:49:c9:3b:ac:da:61:e7:ca:ef:45:e2:
                    93:c9:d7:05:57:f0:df:5a:e5:71:12:dc:01:2e:0f:
                    5e:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:38:08:6F:E7:89:28:DF:69:83:EC:0B:9D:CE:88:67:BC:0C:36:F5
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/ODgIb-eJKN9pg-wLnc6IZ7wMNvU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:65:57:48:15:4b:04:1d:e7:98:4d:87:fd:15:d2:50:5e:db:
         89:9a:87:5d:d5:49:dd:f7:7d:0a:be:65:fb:76:56:b9:af:b9:
         ff:5b:68:ed:b1:06:9a:6f:54:00:0a:a5:66:46:88:e0:09:02:
         dd:41:8b:f4:a5:91:d4:e6:8c:aa:9e:09:a9:fd:9c:31:d1:27:
         03:04:58:61:77:f6:7a:4d:00:79:dc:2d:28:6b:14:d7:73:b3:
         57:49:36:dc:8b:d9:39:81:5f:d8:a8:6c:e5:72:f9:ab:a1:68:
         86:da:ec:82:e4:8c:e0:39:91:32:d3:27:28:3d:c0:96:03:7b:
         5c:84:ab:67:9b:46:a9:fd:8a:fb:d4:3b:3e:f8:86:62:7e:1c:
         4b:9c:27:04:ff:8f:32:67:10:24:cb:1e:95:e1:8c:1b:da:87:
         c4:f7:25:ef:e6:8f:4e:0a:1e:30:4d:6b:9f:43:f3:62:4e:6d:
         19:fe:0a:49:6f:1e:0f:0e:fc:b2:30:b0:db:82:bd:25:bc:b0:
         04:d6:50:ba:ef:d3:3a:6f:8f:b4:c4:95:5b:c1:7c:e3:69:5c:
         97:bb:94:79:28:48:cf:60:3a:89:c0:c3:fb:e7:6f:b8:b0:52:
         a6:11:c4:51:51:aa:dc:91:dd:8d:82:38:77:a1:d7:ee:06:51:
         4b:79:70:8c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZWjRXrsbnoSegUJ8RyqYaTyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMzE3MDg0MzE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODM4MDg2ZmU3ODkyOGRmNjk4M2VjMGI5ZGNlODg2N2JjMGMzNmY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGlpE7pFIlnk+kFMfZGSEOzqGwB8
Ftkt1xczGZKVVAnqqAoOgVSPmYWsCSg0uLtHndv85bR3FHJkSqN1FDFG/6xSpLrk
Y3jdmgI3noDN7tZZrkhowrr37H1bHkTt1e+EbMTrzCoIzUQSnx/pfOTJqdDnR21v
tzX8P3gJjDaUkmPApbFbRbLyhhOH9hoJelOE+CxZxdcm7cs2EMZDR63NRMcg7K7g
5PrlQ0i20dc4T8UBqfXulfiesmhqnEW2/tQ+Vdc0FzRG40m2T5UD1bEkt/wc0PLl
Z2xUgGLvK1AsigjWRzNMSck7rNph58rvReKTydcFV/DfWuVxEtwBLg9eeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDg4CG/niSjfaYPsC53OiGe8DDb1MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvT0RnSWItZUpLTjlwZy13TG5jNklaN3dNTnZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucIcMA0G
CSqGSIb3DQEBCwUAA4IBAQBHZVdIFUsEHeeYTYf9FdJQXtuJmodd1Und930KvmX7
dla5r7n/W2jtsQaab1QACqVmRojgCQLdQYv0pZHU5oyqngmp/Zwx0ScDBFhhd/Z6
TQB53C0oaxTXc7NXSTbci9k5gV/YqGzlcvmroWiG2uyC5IzgOZEy0ycoPcCWA3tc
hKtnm0ap/Yr71Ds++IZifhxLnCcE/48yZxAkyx6V4Ywb2ofE9yXv5o9OCh4wTWuf
Q/NiTm0Z/gpJbx4PDvyyMLDbgr0lvLAE1lC679M6b4+0xJVbwXzjaVyXu5R5KEjP
YDqJwMP752+4sFKmEcRRUarckd2Ngjh3odfuBlFLeXCM
-----END CERTIFICATE-----