Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/_DKBdNInP2YN40JykGETuanjszU.roa
File:                     _DKBdNInP2YN40JykGETuanjszU.roa (raw, json)
Hash identifier:          2R8LzwJZ6kZDQJq88SI8qp5qFpCe/46RlppvgUNdVJU=
Subject key identifier:   FC:32:81:74:D2:27:3F:66:0D:E3:42:72:90:61:13:B9:A9:E3:B3:35
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01953CC64AA84E497D14E37EE7353C344284
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/_DKBdNInP2YN40JykGETuanjszU.roa
Signing time:             Tue 25 Feb 2025 11:03:02 +0000
ROA not before:           Tue 25 Feb 2025 11:03:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     136501
IP address blocks:        185.226.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:3c:c6:4a:a8:4e:49:7d:14:e3:7e:e7:35:3c:34:42:84
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Feb 25 11:03:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fc328174d2273f660de34272906113b9a9e3b335
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:90:f2:13:c7:30:fe:6b:4d:18:f2:06:53:5e:9e:
                    86:2b:e7:ce:16:01:d0:7c:6e:79:d3:fa:52:f4:90:
                    d7:ef:d4:e4:c5:4d:1e:23:c4:32:c0:27:60:fe:ab:
                    8c:c7:94:b3:68:58:28:a0:5b:12:7e:ed:67:7f:70:
                    49:4e:8b:eb:ee:23:26:6d:0e:e5:08:a7:e7:7d:ec:
                    12:05:f3:9d:3d:6d:ac:67:93:3b:e2:0a:1f:65:e3:
                    0c:b5:e3:55:13:a7:4d:3b:6c:e8:fd:ef:69:96:d8:
                    b1:70:6c:c5:c3:83:17:c8:10:31:a0:d7:b0:d5:93:
                    80:75:4d:85:23:15:02:08:42:8b:b8:12:a1:b2:61:
                    bf:fb:a3:43:97:b4:c3:61:f2:27:63:ce:2e:f4:c1:
                    89:80:a2:39:d2:1e:f1:86:32:67:ea:43:38:24:dc:
                    b1:ec:9b:0a:13:24:86:85:f9:6f:fb:cc:7c:4b:24:
                    bf:88:08:ee:8e:c6:77:30:f9:95:d3:e5:71:7b:b3:
                    a3:20:9a:e5:45:07:37:39:0c:2f:03:34:f5:21:8c:
                    ec:49:00:db:1b:c9:95:f2:22:9b:88:45:93:2d:40:
                    a8:07:d2:85:a1:99:33:ec:84:d9:d2:8e:61:41:88:
                    45:25:e5:d5:68:92:65:19:54:4f:5d:18:9a:c8:e3:
                    39:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:32:81:74:D2:27:3F:66:0D:E3:42:72:90:61:13:B9:A9:E3:B3:35
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/_DKBdNInP2YN40JykGETuanjszU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:6e:9a:67:20:18:79:2e:95:f5:9b:a6:11:a8:21:17:e3:d6:
         ed:56:52:f0:38:83:b3:a6:d4:34:bf:6c:0c:86:f0:73:46:67:
         27:53:00:21:f2:43:22:86:d4:dc:f6:84:64:98:a2:19:13:9b:
         14:a1:f3:26:84:d2:a0:fd:c3:4e:a4:db:0d:66:d2:fe:c5:c4:
         43:ed:85:52:68:b6:7a:a1:c2:c4:eb:65:da:5b:99:a3:2b:47:
         89:7e:59:29:8a:5f:96:0a:cb:da:c6:03:83:f6:68:5c:d8:5b:
         ef:a9:be:5f:10:d7:53:db:45:f7:46:0d:b6:e9:4d:8e:ab:6d:
         f1:bd:9d:80:53:a9:ed:53:76:48:76:55:1d:b9:d5:22:af:a5:
         69:96:0e:2c:92:31:46:72:b6:1c:ae:92:63:ee:a0:74:63:55:
         82:3b:9d:05:ac:ed:c9:ff:86:3d:e7:84:76:ea:e1:5e:65:77:
         87:c6:f5:4e:32:5e:68:2f:be:5f:f6:a7:12:ad:d8:04:ca:4e:
         30:6f:fa:56:80:80:dd:88:f9:81:a1:a1:a1:62:57:b5:ec:af:
         f8:e3:29:11:e1:01:46:2d:9b:66:2b:1e:96:74:79:04:07:76:
         92:23:39:78:83:4f:ea:e5:4c:05:6b:04:91:ec:df:af:a2:88:
         60:46:e4:f2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZU8xkqoTkl9FON+5zU8NEKEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMjI1MTEwMzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzMyODE3NGQyMjczZjY2MGRlMzQyNzI5MDYxMTNiOWE5ZTNiMzM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPITxzD+a00Y8gZTXp6GK+fOFgHQ
fG550/pS9JDX79TkxU0eI8QywCdg/quMx5SzaFgooFsSfu1nf3BJTovr7iMmbQ7l
CKfnfewSBfOdPW2sZ5M74gofZeMMteNVE6dNO2zo/e9pltixcGzFw4MXyBAxoNew
1ZOAdU2FIxUCCEKLuBKhsmG/+6NDl7TDYfInY84u9MGJgKI50h7xhjJn6kM4JNyx
7JsKEySGhflv+8x8SyS/iAjujsZ3MPmV0+Vxe7OjIJrlRQc3OQwvAzT1IYzsSQDb
G8mV8iKbiEWTLUCoB9KFoZkz7ITZ0o5hQYhFJeXVaJJlGVRPXRiayOM5AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPwygXTSJz9mDeNCcpBhE7mp47M1MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvX0RLQmROSW5QMllONDBKeWtHRVR1YW5qc3pVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueJoMA0G
CSqGSIb3DQEBCwUAA4IBAQCubppnIBh5LpX1m6YRqCEX49btVlLwOIOzptQ0v2wM
hvBzRmcnUwAh8kMihtTc9oRkmKIZE5sUofMmhNKg/cNOpNsNZtL+xcRD7YVSaLZ6
ocLE62XaW5mjK0eJflkpil+WCsvaxgOD9mhc2Fvvqb5fENdT20X3Rg226U2Oq23x
vZ2AU6ntU3ZIdlUdudUir6Vplg4skjFGcrYcrpJj7qB0Y1WCO50FrO3J/4Y954R2
6uFeZXeHxvVOMl5oL75f9qcSrdgEyk4wb/pWgIDdiPmBoaGhYle17K/44ykR4QFG
LZtmKx6WdHkEB3aSIzl4g0/q5UwFawSR7N+voohgRuTy
-----END CERTIFICATE-----