Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/VEIX-zqORG8ND2XsGWalC3h9MK0.roa
File:                     VEIX-zqORG8ND2XsGWalC3h9MK0.roa (raw, json)
Hash identifier:          lNgwlPReWDJ8HDQcGxGXT6tZ1p2+nks5dzsVB/REEdM=
Subject key identifier:   54:42:17:FB:3A:8E:44:6F:0D:0F:65:EC:19:66:A5:0B:78:7D:30:AD
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01942220139E41B76479E4E513A6F22054F3
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/VEIX-zqORG8ND2XsGWalC3h9MK0.roa
Signing time:             Wed 01 Jan 2025 13:48:34 +0000
ROA not before:           Wed 01 Jan 2025 13:48:34 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     174
IP address blocks:        185.220.249.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:13:9e:41:b7:64:79:e4:e5:13:a6:f2:20:54:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:34 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=544217fb3a8e446f0d0f65ec1966a50b787d30ad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ff:51:4c:2d:ae:cd:89:a8:a3:5f:ef:cc:d2:
                    60:1d:da:0b:76:a5:b9:fb:d0:8b:3b:93:6a:f6:d2:
                    d0:62:a6:b2:35:99:34:70:f4:ef:c1:9e:6a:40:bc:
                    5d:c8:98:cc:29:10:f5:ff:8a:a8:38:1d:ca:8b:65:
                    b1:f9:b2:56:17:61:96:93:c5:f1:20:58:5f:c7:be:
                    b6:ff:ab:e1:13:29:6d:9f:17:00:97:99:95:f1:45:
                    82:b8:7f:d3:67:b3:1c:0a:6b:1a:45:e3:5e:9b:23:
                    f7:79:3c:a4:6f:f1:bc:39:ac:21:bf:ac:3d:60:55:
                    44:e9:b4:45:de:49:58:12:58:2a:48:f0:cb:c2:a2:
                    d5:64:93:2f:4c:1b:ff:dc:3c:fb:cb:6c:93:74:90:
                    e3:96:56:46:90:59:71:f8:c5:88:07:f1:fc:33:fd:
                    5f:8a:30:79:1c:09:d3:f2:3a:5b:fb:3f:17:f5:07:
                    21:e5:e4:b7:7b:a8:bf:7e:ec:df:6c:22:ad:ab:79:
                    f6:0b:5a:1c:0a:6b:3d:e9:49:df:29:11:60:26:73:
                    c6:1b:2b:cc:ff:a8:13:84:84:1f:79:7b:f8:17:ea:
                    88:47:60:f5:8b:a6:f9:57:2f:6d:70:8f:15:56:e6:
                    ab:a3:b5:a9:84:a1:9a:d6:ba:f4:58:9f:89:a7:3c:
                    4d:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:42:17:FB:3A:8E:44:6F:0D:0F:65:EC:19:66:A5:0B:78:7D:30:AD
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/VEIX-zqORG8ND2XsGWalC3h9MK0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.249.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:cf:7d:98:cf:ee:88:8c:49:90:27:91:76:26:76:bc:12:1d:
         71:c3:5a:95:43:dd:87:0d:bc:2c:d2:0a:97:86:b8:50:53:3e:
         a1:5f:70:37:88:5e:4c:b6:4b:ee:e7:5a:5b:7e:45:e7:58:4c:
         49:1e:7c:0d:4d:70:9b:ec:aa:31:c7:cb:32:39:38:b5:cd:e3:
         0c:9f:a8:bb:b4:59:a7:0e:e0:2d:44:f2:63:03:be:36:9a:77:
         28:e3:90:37:0b:77:8f:f2:6a:62:94:f2:21:04:63:ff:32:d9:
         3c:78:3b:71:8e:30:89:08:95:6c:58:4a:7b:5e:33:6c:9f:89:
         d5:16:91:9f:cb:4e:65:fc:41:4f:f9:8a:c3:a1:97:9e:7b:11:
         1d:36:ce:b1:49:88:f8:fb:3d:db:9d:13:e5:aa:0f:0c:63:a3:
         87:4d:ef:bd:8f:6a:31:3d:72:56:49:6e:7a:55:f0:68:36:52:
         e2:c7:41:11:60:8c:89:80:49:7a:2f:ed:16:e8:43:eb:22:91:
         67:e0:8c:61:b8:a2:9d:8a:7e:9c:e9:8b:49:f0:da:b6:cc:92:
         aa:c6:ff:8c:e6:fe:a3:75:18:58:a7:99:e2:13:40:2e:24:91:
         03:09:18:fd:04:c6:1c:9a:62:ce:76:d1:81:e1:f4:92:03:d9:
         41:83:2c:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIBOeQbdkeeTlE6byIFTzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODM0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDQyMTdmYjNhOGU0NDZmMGQwZjY1ZWMxOTY2YTUwYjc4N2QzMGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu/9RTC2uzYmoo1/vzNJgHdoLdqW5
+9CLO5Nq9tLQYqayNZk0cPTvwZ5qQLxdyJjMKRD1/4qoOB3Ki2Wx+bJWF2GWk8Xx
IFhfx762/6vhEyltnxcAl5mV8UWCuH/TZ7McCmsaReNemyP3eTykb/G8Oawhv6w9
YFVE6bRF3klYElgqSPDLwqLVZJMvTBv/3Dz7y2yTdJDjllZGkFlx+MWIB/H8M/1f
ijB5HAnT8jpb+z8X9Qch5eS3e6i/fuzfbCKtq3n2C1ocCms96UnfKRFgJnPGGyvM
/6gThIQfeXv4F+qIR2D1i6b5Vy9tcI8VVuaro7WphKGa1rr0WJ+JpzxNvwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFRCF/s6jkRvDQ9l7BlmpQt4fTCtMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvVkVJWC16cU9SRzhORDJYc0dXYWxDM2g5TUswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudz5MA0G
CSqGSIb3DQEBCwUAA4IBAQBlz32Yz+6IjEmQJ5F2Jna8Eh1xw1qVQ92HDbws0gqX
hrhQUz6hX3A3iF5Mtkvu51pbfkXnWExJHnwNTXCb7Koxx8syOTi1zeMMn6i7tFmn
DuAtRPJjA742mnco45A3C3eP8mpilPIhBGP/Mtk8eDtxjjCJCJVsWEp7XjNsn4nV
FpGfy05l/EFP+YrDoZeeexEdNs6xSYj4+z3bnRPlqg8MY6OHTe+9j2oxPXJWSW56
VfBoNlLix0ERYIyJgEl6L+0W6EPrIpFn4IxhuKKdin6c6YtJ8Nq2zJKqxv+M5v6j
dRhYp5niE0AuJJEDCRj9BMYcmmLOdtGB4fSSA9lBgyxK
-----END CERTIFICATE-----