Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/QEiVnJvlGUm6Ln6WlUgiOeRvbj4.roa
File:                     QEiVnJvlGUm6Ln6WlUgiOeRvbj4.roa (raw, json)
Hash identifier:          JDGle7/wWNkIYyvrGI66oJFR9pIIth1lSHxzeIim0fg=
Subject key identifier:   40:48:95:9C:9B:E5:19:49:BA:2E:7E:96:95:48:22:39:E4:6F:6E:3E
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019422206306006DE4FDC008C298AA504CEC
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/QEiVnJvlGUm6Ln6WlUgiOeRvbj4.roa
Signing time:             Wed 01 Jan 2025 13:48:55 +0000
ROA not before:           Wed 01 Jan 2025 13:48:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400040
IP address blocks:        45.8.20.0/24 maxlen: 24
                          185.194.28.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:63:06:00:6d:e4:fd:c0:08:c2:98:aa:50:4c:ec
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=4048959c9be51949ba2e7e9695482239e46f6e3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:bd:c3:f5:bc:f0:dc:19:7d:61:1d:70:c6:89:
                    c4:32:86:73:15:5c:8a:06:14:bf:06:83:03:c4:f7:
                    11:21:cc:68:58:f6:b9:fc:37:11:54:f3:ed:ff:9d:
                    c5:dc:31:72:94:2a:95:b1:d2:25:54:79:59:d7:3d:
                    53:81:e5:3f:2e:7a:ca:c6:10:a8:6b:2c:76:bd:c8:
                    b5:e2:81:2d:a4:bb:36:60:73:73:0c:c3:38:38:78:
                    82:e7:b9:78:de:9c:0c:53:c1:ca:42:99:86:b7:78:
                    20:b1:fa:5a:e4:64:fe:68:35:b8:c3:e8:84:fa:e7:
                    3a:84:10:97:70:a9:0b:54:2a:2b:14:56:5e:72:12:
                    a3:b0:c4:a4:b3:ac:8b:85:ac:eb:25:e3:ae:38:90:
                    39:08:2b:af:84:ef:50:58:5a:cd:b6:32:0e:32:8e:
                    91:50:2c:50:f3:ec:96:03:d4:9b:d0:70:7e:90:c6:
                    e3:6c:53:f4:0e:84:18:d6:df:df:91:65:e9:d7:dc:
                    45:da:b9:c3:0d:eb:33:aa:ac:8e:38:41:d0:47:1f:
                    06:1c:97:c5:70:9e:67:18:0f:b9:63:7c:b5:73:01:
                    76:da:5a:07:dd:50:91:2c:06:14:68:9a:11:2c:65:
                    75:bd:cf:79:c6:3d:81:e2:87:3c:e6:a0:65:3b:3f:
                    38:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:48:95:9C:9B:E5:19:49:BA:2E:7E:96:95:48:22:39:E4:6F:6E:3E
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/QEiVnJvlGUm6Ln6WlUgiOeRvbj4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.8.20.0/24
                  185.194.28.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:b7:b9:2a:1c:b1:b7:81:9b:05:cd:50:12:6b:f6:fa:2d:5e:
         09:fc:f0:3c:59:09:2c:bf:14:ef:2c:0e:e3:f2:84:1b:33:34:
         36:6b:64:ac:0e:8c:19:ae:ba:ed:ee:7e:23:a5:17:57:7d:44:
         6d:da:0f:6a:ec:1e:c3:59:de:27:d9:52:4d:08:10:a8:44:14:
         e3:97:4a:f8:dd:7d:a6:1e:ea:81:87:03:71:b7:33:47:e6:14:
         7f:24:f0:96:4f:90:d5:7c:5f:a1:75:03:85:1a:41:6d:c5:32:
         13:df:1e:91:74:e0:54:ce:62:4e:fd:a9:19:47:76:08:86:b4:
         03:f1:28:6e:17:70:e0:50:71:ba:b6:1a:6d:6d:e5:3f:85:55:
         61:33:ad:e8:63:c0:87:fb:a8:25:d9:aa:67:33:96:6e:54:fb:
         18:50:6d:f6:13:1d:75:ea:0a:40:d2:aa:cb:b0:99:31:ec:74:
         f5:7c:3a:b7:84:f2:a7:84:b8:ed:ad:11:de:1b:f1:d6:d2:ef:
         fb:0a:46:35:cf:1b:af:42:d8:43:22:9b:09:e6:86:35:b3:21:
         bd:74:9b:1d:22:6e:e5:dd:f6:2a:56:0a:90:ff:e3:f1:ff:8c:
         08:3b:51:88:fb:ff:3d:09:7d:e0:0a:08:fc:51:06:46:60:a7:
         86:e1:08:7b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQiIGMGAG3k/cAIwpiqUEzsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MDQ4OTU5YzliZTUxOTQ5YmEyZTdlOTY5NTQ4MjIzOWU0NmY2ZTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtr3D9bzw3Bl9YR1wxonEMoZzFVyK
BhS/BoMDxPcRIcxoWPa5/DcRVPPt/53F3DFylCqVsdIlVHlZ1z1TgeU/LnrKxhCo
ayx2vci14oEtpLs2YHNzDMM4OHiC57l43pwMU8HKQpmGt3ggsfpa5GT+aDW4w+iE
+uc6hBCXcKkLVCorFFZechKjsMSks6yLhazrJeOuOJA5CCuvhO9QWFrNtjIOMo6R
UCxQ8+yWA9Sb0HB+kMbjbFP0DoQY1t/fkWXp19xF2rnDDeszqqyOOEHQRx8GHJfF
cJ5nGA+5Y3y1cwF22loH3VCRLAYUaJoRLGV1vc95xj2B4oc85qBlOz840QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFEBIlZyb5RlJui5+lpVIIjnkb24+MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvUUVpVm5KdmxHVW02TG42V2xVZ2lPZVJ2Ymo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALQgUAwQA
ucIcMA0GCSqGSIb3DQEBCwUAA4IBAQBst7kqHLG3gZsFzVASa/b6LV4J/PA8WQks
vxTvLA7j8oQbMzQ2a2SsDowZrrrt7n4jpRdXfURt2g9q7B7DWd4n2VJNCBCoRBTj
l0r43X2mHuqBhwNxtzNH5hR/JPCWT5DVfF+hdQOFGkFtxTIT3x6RdOBUzmJO/akZ
R3YIhrQD8ShuF3DgUHG6thptbeU/hVVhM63oY8CH+6gl2apnM5ZuVPsYUG32Ex11
6gpA0qrLsJkx7HT1fDq3hPKnhLjtrRHeG/HW0u/7CkY1zxuvQthDIpsJ5oY1syG9
dJsdIm7l3fYqVgqQ/+Px/4wIO1GI+/89CX3gCgj8UQZGYKeG4Qh7
-----END CERTIFICATE-----