Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/XjveDAoF_sPcGHFXMMXZAn0FpAw.roa
File:                     XjveDAoF_sPcGHFXMMXZAn0FpAw.roa (raw, json)
Hash identifier:          BFtyKj5Y3MBxHz5nMnviRong0neRVyIB8wAK2+LB4ks=
Subject key identifier:   5E:3B:DE:0C:0A:05:FE:C3:DC:18:71:57:30:C5:D9:02:7D:05:A4:0C
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019422205D53601340D87E20C745DCB63AF2
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/XjveDAoF_sPcGHFXMMXZAn0FpAw.roa
Signing time:             Wed 01 Jan 2025 13:48:53 +0000
ROA not before:           Wed 01 Jan 2025 13:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     269070
IP address blocks:        185.225.22.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 07:00:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:5d:53:60:13:40:d8:7e:20:c7:45:dc:b6:3a:f2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=5e3bde0c0a05fec3dc18715730c5d9027d05a40c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e1:be:f6:a7:e3:2a:b2:96:68:3b:73:06:97:
                    3a:27:2b:e7:82:be:d9:de:d1:8f:69:80:0b:ba:7b:
                    73:c9:f6:1d:4d:e7:b3:ab:5e:64:95:71:4b:62:b0:
                    31:4e:8b:fb:10:7d:11:43:e6:af:7d:fb:df:de:c2:
                    71:b3:43:95:01:4f:63:ad:3f:bd:57:2b:41:e9:ed:
                    90:9d:46:14:73:69:3d:bd:b3:37:ca:1d:76:d8:43:
                    97:f8:96:0f:0b:10:9d:80:4e:92:5c:ed:62:f2:d8:
                    1e:62:0c:21:28:60:4e:37:b3:bc:88:6e:6b:f2:ef:
                    3e:94:a7:29:5a:d2:b8:39:83:50:36:38:ff:21:58:
                    a9:9e:a8:a3:51:ba:fe:1d:2b:13:4a:57:dd:b0:ce:
                    d6:40:92:fe:dd:89:9a:ea:8d:34:0a:67:06:00:a1:
                    e4:38:d8:2e:ba:fb:58:1f:c4:51:d9:ed:0b:76:d0:
                    16:b3:03:a2:63:e7:c9:d6:62:5f:47:5f:2a:ba:21:
                    b2:e9:f0:85:ff:c5:bb:8e:cd:a9:98:d5:7c:23:36:
                    65:ad:fc:79:ae:ca:36:1d:35:90:37:07:e2:9f:9e:
                    b1:67:c4:64:d9:dd:37:e7:61:d5:d2:d3:a0:33:0e:
                    c0:a2:e5:53:53:7a:91:9d:0b:da:eb:d5:3a:14:9f:
                    f9:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:3B:DE:0C:0A:05:FE:C3:DC:18:71:57:30:C5:D9:02:7D:05:A4:0C
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/XjveDAoF_sPcGHFXMMXZAn0FpAw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:f7:b8:53:7d:f7:02:25:9c:99:75:c4:51:55:3a:5c:3e:ed:
         cd:93:71:24:e5:69:a8:e8:1e:a5:90:ef:fc:5b:e9:08:22:b0:
         d3:cf:2c:88:73:ea:1e:04:90:be:b4:67:69:99:fb:bd:3f:8d:
         ea:a8:db:ad:4e:49:3f:2d:78:2e:5e:08:8c:16:52:13:84:45:
         39:e2:1a:70:ae:f1:52:9c:53:39:9c:f2:ce:2d:85:b3:94:a6:
         d9:0e:74:c0:e3:85:30:dd:81:93:ad:9a:22:62:e8:40:dc:e9:
         1e:29:a5:f0:ba:87:8e:5e:66:c1:bb:07:0f:ec:72:70:2f:6f:
         21:12:e0:a8:ef:24:69:df:e7:53:ed:eb:c4:f4:33:4e:d7:7f:
         eb:0e:5d:98:d7:24:35:73:34:ef:fe:49:0e:e1:63:a6:d0:33:
         0d:f9:d3:fd:1c:a8:af:5c:bf:86:ee:6e:aa:b4:ad:dc:b7:54:
         8c:09:e2:d3:89:4d:ac:b8:47:87:74:2a:30:c4:ee:dc:82:be:
         90:af:1d:6f:17:b6:91:2b:90:a4:9d:5d:ba:bd:ba:21:87:2e:
         75:31:d3:bb:b8:32:93:e4:65:72:6d:fd:0e:6c:be:22:74:6d:
         93:db:63:0f:bc:d6:aa:7d:77:37:42:dc:73:4e:42:0d:eb:05:
         79:4c:d8:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIF1TYBNA2H4gx0XctjryMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTNiZGUwYzBhMDVmZWMzZGMxODcxNTczMGM1ZDkwMjdkMDVhNDBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAteG+9qfjKrKWaDtzBpc6Jyvngr7Z
3tGPaYALuntzyfYdTeezq15klXFLYrAxTov7EH0RQ+avffvf3sJxs0OVAU9jrT+9
VytB6e2QnUYUc2k9vbM3yh122EOX+JYPCxCdgE6SXO1i8tgeYgwhKGBON7O8iG5r
8u8+lKcpWtK4OYNQNjj/IVipnqijUbr+HSsTSlfdsM7WQJL+3Yma6o00CmcGAKHk
ONguuvtYH8RR2e0LdtAWswOiY+fJ1mJfR18quiGy6fCF/8W7js2pmNV8IzZlrfx5
rso2HTWQNwfin56xZ8Rk2d0352HV0tOgMw7AouVTU3qRnQva69U6FJ/57wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFF473gwKBf7D3BhxVzDF2QJ9BaQMMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvWGp2ZURBb0Zfc1BjR0hGWE1NWFpBbjBGcEF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueEWMA0G
CSqGSIb3DQEBCwUAA4IBAQCu97hTffcCJZyZdcRRVTpcPu3Nk3Ek5Wmo6B6lkO/8
W+kIIrDTzyyIc+oeBJC+tGdpmfu9P43qqNutTkk/LXguXgiMFlIThEU54hpwrvFS
nFM5nPLOLYWzlKbZDnTA44Uw3YGTrZoiYuhA3OkeKaXwuoeOXmbBuwcP7HJwL28h
EuCo7yRp3+dT7evE9DNO13/rDl2Y1yQ1czTv/kkO4WOm0DMN+dP9HKivXL+G7m6q
tK3ct1SMCeLTiU2suEeHdCowxO7cgr6Qrx1vF7aRK5CknV26vbohhy51MdO7uDKT
5GVybf0ObL4idG2T22MPvNaqfXc3QtxzTkIN6wV5TNgf
-----END CERTIFICATE-----