Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/V-_RPOZ0_cMYhX2-uMKC4k-BGT0.roa
File:                     V-_RPOZ0_cMYhX2-uMKC4k-BGT0.roa (raw, json)
Hash identifier:          u1TMF2pwiNHyZzB+e0Ai4C/0r/3dffCZXAUDmS7ng5I=
Subject key identifier:   57:EF:D1:3C:E6:74:FD:C3:18:85:7D:BE:B8:C2:82:E2:4F:81:19:3D
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0194222029860E3ED2BDD66F4F7D296598E4
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/V-_RPOZ0_cMYhX2-uMKC4k-BGT0.roa
Signing time:             Wed 01 Jan 2025 13:48:40 +0000
ROA not before:           Wed 01 Jan 2025 13:48:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     54339
IP address blocks:        185.194.29.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:29:86:0e:3e:d2:bd:d6:6f:4f:7d:29:65:98:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=57efd13ce674fdc318857dbeb8c282e24f81193d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:d5:db:4b:50:f0:b8:5e:e2:01:60:30:46:20:
                    b5:4b:4d:37:ba:bf:45:1b:a6:b0:74:e6:0e:55:08:
                    d2:95:16:26:7a:39:b2:06:1b:e9:6b:39:b4:68:34:
                    c2:09:d6:a4:b0:62:05:01:28:89:7a:2d:d7:36:6f:
                    13:e7:d3:12:1e:4d:d6:fc:ca:a5:eb:84:c1:8c:d5:
                    ad:31:0b:6f:2a:57:8d:18:d7:4d:72:29:7a:2a:66:
                    1f:3d:2e:fb:d2:e2:36:2f:b9:8f:d4:25:3e:2c:ed:
                    87:57:6a:ff:66:e2:bd:64:4a:97:52:50:0c:20:dd:
                    02:30:ac:d8:6d:b3:a2:51:00:4d:10:06:18:10:aa:
                    77:76:13:8e:a4:a9:85:e4:c2:2b:83:42:29:5c:4b:
                    bc:53:d3:09:0a:e6:7b:96:3e:02:2d:7a:18:7a:4e:
                    67:9b:10:b8:fb:ef:e9:8a:4e:96:4a:9d:c9:09:1b:
                    a3:d6:ec:f2:62:ee:25:f8:3f:cd:de:6e:00:af:3f:
                    18:a9:e3:ff:2a:c8:63:ad:f2:34:6e:88:b3:0f:d2:
                    07:47:e6:4a:ed:cd:3e:d4:91:ea:07:d6:b0:14:af:
                    0d:69:0b:a0:84:a5:c0:4e:c3:82:8a:27:3c:e2:9d:
                    6f:48:13:89:e6:98:07:97:55:78:aa:0d:d8:7f:2a:
                    c9:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:EF:D1:3C:E6:74:FD:C3:18:85:7D:BE:B8:C2:82:E2:4F:81:19:3D
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/V-_RPOZ0_cMYhX2-uMKC4k-BGT0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.194.29.0/24

    Signature Algorithm: sha256WithRSAEncryption
         80:8c:ec:0c:e6:88:b2:79:87:c5:72:64:e7:69:d4:f4:ca:d2:
         aa:e8:d4:78:90:aa:a0:56:dc:21:f2:93:30:dd:86:fd:2e:21:
         4d:bf:d7:5d:06:9c:f5:70:bc:08:13:b4:62:33:82:aa:37:3d:
         cd:56:0b:90:34:0a:69:b5:5f:0f:0c:56:33:77:95:cb:1b:97:
         54:6a:cf:74:be:43:fc:f8:93:d1:9a:e2:5b:13:62:e6:36:dd:
         bf:15:41:0d:8a:14:2b:a6:32:08:81:92:80:34:f7:7d:f3:97:
         54:15:fb:69:85:6b:3d:33:09:c1:c3:76:ab:68:ed:4c:1d:f4:
         73:e3:a2:e0:39:e4:87:06:0c:51:b0:34:0a:20:53:86:4d:91:
         9c:44:1e:63:28:d4:f3:d5:6e:53:86:88:2d:37:e6:eb:04:18:
         23:f3:2f:eb:8b:07:30:12:58:67:3d:7f:2e:ed:3d:76:98:71:
         f8:9e:13:fc:0d:be:dd:c6:92:d9:6e:f2:7c:7f:0d:49:b7:ee:
         fc:5a:7d:82:8e:e2:04:92:3d:cf:3f:bd:c7:81:91:73:37:09:
         90:8a:8b:45:d0:e2:76:84:78:a1:0c:23:4a:1a:07:67:05:3f:
         1f:5e:26:87:98:7c:ee:29:55:38:fb:dd:58:b6:33:99:04:32:
         7a:58:ba:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiICmGDj7SvdZvT30pZZjkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1N2VmZDEzY2U2NzRmZGMzMTg4NTdkYmViOGMyODJlMjRmODExOTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6NXbS1DwuF7iAWAwRiC1S003ur9F
G6awdOYOVQjSlRYmejmyBhvpazm0aDTCCdaksGIFASiJei3XNm8T59MSHk3W/Mql
64TBjNWtMQtvKleNGNdNcil6KmYfPS770uI2L7mP1CU+LO2HV2r/ZuK9ZEqXUlAM
IN0CMKzYbbOiUQBNEAYYEKp3dhOOpKmF5MIrg0IpXEu8U9MJCuZ7lj4CLXoYek5n
mxC4++/pik6WSp3JCRuj1uzyYu4l+D/N3m4Arz8YqeP/KshjrfI0boizD9IHR+ZK
7c0+1JHqB9awFK8NaQughKXATsOCiic84p1vSBOJ5pgHl1V4qg3YfyrJiQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFfv0TzmdP3DGIV9vrjCguJPgRk9MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvVi1fUlBPWjBfY01ZaFgyLXVNS0M0ay1CR1QwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAucIdMA0G
CSqGSIb3DQEBCwUAA4IBAQCAjOwM5oiyeYfFcmTnadT0ytKq6NR4kKqgVtwh8pMw
3Yb9LiFNv9ddBpz1cLwIE7RiM4KqNz3NVguQNApptV8PDFYzd5XLG5dUas90vkP8
+JPRmuJbE2LmNt2/FUENihQrpjIIgZKANPd985dUFftphWs9MwnBw3araO1MHfRz
46LgOeSHBgxRsDQKIFOGTZGcRB5jKNTz1W5ThogtN+brBBgj8y/riwcwElhnPX8u
7T12mHH4nhP8Db7dxpLZbvJ8fw1Jt+78Wn2CjuIEkj3PP73HgZFzNwmQiotF0OJ2
hHihDCNKGgdnBT8fXiaHmHzuKVU4+91YtjOZBDJ6WLpP
-----END CERTIFICATE-----