Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/WNHZgFhlqTlabRUFNiXPhX-gkMk.roa
File:                     WNHZgFhlqTlabRUFNiXPhX-gkMk.roa (raw, json)
Hash identifier:          IlxSdSW6n4Dnu8nihTHfoihHJLYGRQMbzISYliQHb7Y=
Subject key identifier:   58:D1:D9:80:58:65:A9:39:5A:6D:15:05:36:25:CF:85:7F:A0:90:C9
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0196F3D2B346CB77F762D319826E7E3B65B8
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/WNHZgFhlqTlabRUFNiXPhX-gkMk.roa
Signing time:             Wed 21 May 2025 17:09:54 +0000
ROA not before:           Wed 21 May 2025 17:09:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213660
IP address blocks:        185.218.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 05 Jun 2025 21:31:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f3:d2:b3:46:cb:77:f7:62:d3:19:82:6e:7e:3b:65:b8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: May 21 17:09:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=58d1d9805865a9395a6d15053625cf857fa090c9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:d6:68:9d:ea:d7:5f:01:2d:f3:b4:e2:13:24:
                    d2:35:09:96:72:c4:cd:80:74:33:19:8e:8a:4d:17:
                    9d:6d:ab:64:05:43:b7:b2:9e:39:de:ff:9b:7f:03:
                    e3:c2:a8:e0:a1:d2:71:b1:5f:aa:73:e8:51:c0:aa:
                    1a:b9:44:63:77:73:79:62:63:d9:f1:b3:1d:93:9c:
                    64:d2:bb:9b:4c:00:2f:48:55:86:b7:f8:fa:a7:8b:
                    db:5c:be:3a:58:80:82:78:e5:c4:fa:3a:24:f0:e7:
                    d4:94:45:f7:42:51:62:c6:b9:b8:c4:47:73:89:ff:
                    5b:19:91:19:b2:62:6f:2f:bf:5e:cf:f7:44:dc:98:
                    3d:a6:58:fa:05:70:81:27:45:30:f6:11:2a:70:81:
                    16:26:00:cb:50:06:91:9f:6b:52:91:e1:66:4c:28:
                    59:1f:e8:d2:f1:4a:b1:d3:6a:74:f7:02:32:14:d7:
                    ec:54:f9:16:47:7b:70:71:41:22:12:a6:be:cb:50:
                    0f:86:3c:90:27:74:83:42:c5:53:5c:47:b6:31:44:
                    de:1b:26:d5:f6:18:63:ab:9d:b6:79:94:38:99:5d:
                    d1:69:06:4f:aa:ff:48:ea:a0:df:fb:df:76:94:07:
                    80:05:41:e7:e1:89:35:f7:0b:d1:c2:36:68:73:cc:
                    ae:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:D1:D9:80:58:65:A9:39:5A:6D:15:05:36:25:CF:85:7F:A0:90:C9
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/WNHZgFhlqTlabRUFNiXPhX-gkMk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:80:5b:df:ba:af:6e:3a:94:45:27:59:d6:e4:29:12:1c:a7:
         8b:42:2d:8d:e1:2e:33:44:4f:df:b5:86:f3:53:b5:2c:9b:51:
         47:82:85:60:97:d9:8e:ad:5a:e9:0e:b5:28:2d:f3:85:ce:f3:
         bf:88:ff:2a:c7:04:89:95:21:70:0a:c1:d4:9b:35:b0:af:6a:
         fc:a6:e8:23:ff:a8:13:a4:ee:c3:2e:f8:22:11:59:6a:71:67:
         b1:75:72:18:ac:a0:9a:60:ed:23:20:74:42:58:4d:6a:cd:38:
         3e:81:d8:28:6d:33:3f:45:6c:5a:46:43:94:24:f3:4e:5f:c0:
         d0:62:d5:24:f1:82:b1:76:a1:9d:23:bc:38:61:43:26:73:6d:
         52:8f:5a:b6:30:d4:d1:d4:be:eb:a1:75:71:02:47:db:a4:94:
         2e:46:e3:71:f5:97:97:ad:a8:32:53:8b:c0:de:5c:f4:ff:70:
         42:c1:9a:bb:e2:6a:15:53:bf:b5:75:06:4d:3d:5c:c9:12:c7:
         e3:7d:2e:22:b7:2d:70:9a:cc:2e:1f:1c:00:d3:5f:c7:e9:03:
         df:8e:0f:f9:e7:98:43:6a:51:e7:5f:e2:49:fa:9e:a6:0a:01:
         ac:a5:8a:e8:c6:13:f3:09:07:7b:6a:a5:71:80:fc:77:ba:72:
         0d:95:15:5d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbz0rNGy3f3YtMZgm5+O2W4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNTIxMTcwOTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGQxZDk4MDU4NjVhOTM5NWE2ZDE1MDUzNjI1Y2Y4NTdmYTA5MGM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA79ZonerXXwEt87TiEyTSNQmWcsTN
gHQzGY6KTRedbatkBUO3sp453v+bfwPjwqjgodJxsV+qc+hRwKoauURjd3N5YmPZ
8bMdk5xk0rubTAAvSFWGt/j6p4vbXL46WICCeOXE+jok8OfUlEX3QlFixrm4xEdz
if9bGZEZsmJvL79ez/dE3Jg9plj6BXCBJ0Uw9hEqcIEWJgDLUAaRn2tSkeFmTChZ
H+jS8Uqx02p09wIyFNfsVPkWR3twcUEiEqa+y1APhjyQJ3SDQsVTXEe2MUTeGybV
9hhjq522eZQ4mV3RaQZPqv9I6qDf+992lAeABUHn4Yk19wvRwjZoc8yuMQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFjR2YBYZak5Wm0VBTYlz4V/oJDJMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvV05IWmdGaGxxVGxhYlJVRk5pWFBoWC1na01rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudplMA0G
CSqGSIb3DQEBCwUAA4IBAQAegFvfuq9uOpRFJ1nW5CkSHKeLQi2N4S4zRE/ftYbz
U7Usm1FHgoVgl9mOrVrpDrUoLfOFzvO/iP8qxwSJlSFwCsHUmzWwr2r8pugj/6gT
pO7DLvgiEVlqcWexdXIYrKCaYO0jIHRCWE1qzTg+gdgobTM/RWxaRkOUJPNOX8DQ
YtUk8YKxdqGdI7w4YUMmc21Sj1q2MNTR1L7roXVxAkfbpJQuRuNx9ZeXragyU4vA
3lz0/3BCwZq74moVU7+1dQZNPVzJEsfjfS4ity1wmswuHxwA01/H6QPfjg/555hD
alHnX+JJ+p6mCgGspYroxhPzCQd7aqVxgPx3unINlRVd
-----END CERTIFICATE-----