Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/aKA36KWigMJgHP7RpQAe04vcRfY.roa
File:                     aKA36KWigMJgHP7RpQAe04vcRfY.roa (raw, json)
Hash identifier:          l42YYfgHbW8K+Ifu8bizd+boP9l0lNk/pQ0Yf9PZIpw=
Subject key identifier:   68:A0:37:E8:A5:A2:80:C2:60:1C:FE:D1:A5:00:1E:D3:8B:DC:45:F6
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0194222046EF73BEB3AAF4E20EDA0F4E67DD
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/aKA36KWigMJgHP7RpQAe04vcRfY.roa
Signing time:             Wed 01 Jan 2025 13:48:47 +0000
ROA not before:           Wed 01 Jan 2025 13:48:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209336
IP address blocks:        185.246.114.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:46:ef:73:be:b3:aa:f4:e2:0e:da:0f:4e:67:dd
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68a037e8a5a280c2601cfed1a5001ed38bdc45f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:34:93:cc:cc:b8:28:69:67:61:02:a2:b1:42:
                    93:d4:4e:74:92:39:f2:00:bc:d8:02:dc:87:25:de:
                    cd:c7:f7:e1:c8:80:14:dd:44:ea:29:fb:00:1f:4f:
                    ab:95:47:c5:93:80:7a:c3:b3:28:b5:dd:67:f1:a5:
                    bf:34:66:59:cd:a0:45:a6:97:df:60:dd:c1:a1:d7:
                    fb:32:78:2c:73:0c:70:f7:78:a5:8e:00:8f:4e:c4:
                    17:27:a2:5d:93:ad:33:fc:bb:da:42:80:c2:38:65:
                    8d:61:0c:1f:39:c2:a5:41:9d:dd:5a:23:5d:a2:a5:
                    c0:36:de:24:c0:87:13:e1:a4:51:a1:fb:44:19:93:
                    93:e6:2a:8b:3d:27:85:80:d6:3d:41:6a:5d:d4:c6:
                    22:67:de:67:3d:c8:62:26:7a:e0:a8:14:bd:e5:be:
                    d0:de:86:aa:bb:bc:c8:3f:be:8c:3a:ff:c4:9a:2c:
                    ef:bd:55:20:ea:8a:cc:73:c5:de:94:0f:a5:71:ac:
                    75:ad:68:1f:8e:33:a5:c6:6f:b0:41:a7:90:85:1d:
                    41:f0:90:fb:66:72:4d:f4:51:91:72:39:e5:9c:38:
                    65:0e:da:69:70:a7:2b:67:c3:7c:87:6a:a0:5c:d5:
                    49:ea:a2:d4:b0:e6:54:0e:e1:8a:53:3f:a1:05:fd:
                    5a:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                68:A0:37:E8:A5:A2:80:C2:60:1C:FE:D1:A5:00:1E:D3:8B:DC:45:F6
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/aKA36KWigMJgHP7RpQAe04vcRfY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.246.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a3:43:4d:67:a4:d9:b1:61:5c:af:df:eb:0a:78:dd:b3:01:1d:
         96:00:94:00:c8:75:80:10:be:e7:20:86:1c:86:71:b0:fe:c8:
         02:24:d6:44:31:37:c4:a2:0d:d1:75:fc:f0:47:6c:19:bb:dd:
         13:1b:6d:3d:bf:54:21:5d:b4:83:da:45:0e:d7:0a:e8:b1:54:
         2a:b5:61:46:6d:ce:32:5f:15:4e:97:08:f2:4b:6f:07:dd:50:
         0c:11:32:9c:95:34:af:99:07:28:8b:22:a0:28:9d:15:bb:af:
         06:12:4b:77:54:00:6b:72:99:a8:fa:8b:4a:f1:51:5f:14:48:
         40:28:4a:c2:93:a1:0b:d8:1b:8e:50:29:2b:3e:35:91:03:db:
         b2:ef:1c:4c:da:d8:64:48:0f:56:01:dc:e8:e0:6f:42:52:8c:
         8d:e3:54:d9:d7:55:72:e9:76:00:21:d8:e8:90:65:e7:1f:a0:
         46:bf:b5:d4:b6:2a:51:8a:a4:3b:27:6d:de:84:07:90:e0:aa:
         23:b9:f9:5a:fb:f0:84:b2:a4:c5:f5:f2:81:5d:21:1c:fd:1e:
         5d:13:d1:44:d2:89:5e:68:a6:93:b5:28:3b:cb:0f:0a:f4:ba:
         d0:9e:2b:8c:d8:99:d6:50:41:d5:c4:e4:19:f0:b2:fe:50:67:
         d6:de:07:02
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIEbvc76zqvTiDtoPTmfdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGEwMzdlOGE1YTI4MGMyNjAxY2ZlZDFhNTAwMWVkMzhiZGM0NWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjTSTzMy4KGlnYQKisUKT1E50kjny
ALzYAtyHJd7Nx/fhyIAU3UTqKfsAH0+rlUfFk4B6w7Motd1n8aW/NGZZzaBFppff
YN3Bodf7Mngscwxw93iljgCPTsQXJ6Jdk60z/LvaQoDCOGWNYQwfOcKlQZ3dWiNd
oqXANt4kwIcT4aRRoftEGZOT5iqLPSeFgNY9QWpd1MYiZ95nPchiJnrgqBS95b7Q
3oaqu7zIP76MOv/EmizvvVUg6orMc8XelA+lcax1rWgfjjOlxm+wQaeQhR1B8JD7
ZnJN9FGRcjnlnDhlDtppcKcrZ8N8h2qgXNVJ6qLUsOZUDuGKUz+hBf1aDQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGigN+ilooDCYBz+0aUAHtOL3EX2MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvYUtBMzZLV2lnTUpnSFA3UnBRQWUwNHZjUmZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufZyMA0G
CSqGSIb3DQEBCwUAA4IBAQCjQ01npNmxYVyv3+sKeN2zAR2WAJQAyHWAEL7nIIYc
hnGw/sgCJNZEMTfEog3RdfzwR2wZu90TG209v1QhXbSD2kUO1wrosVQqtWFGbc4y
XxVOlwjyS28H3VAMETKclTSvmQcoiyKgKJ0Vu68GEkt3VABrcpmo+otK8VFfFEhA
KErCk6EL2BuOUCkrPjWRA9uy7xxM2thkSA9WAdzo4G9CUoyN41TZ11Vy6XYAIdjo
kGXnH6BGv7XUtipRiqQ7J23ehAeQ4Kojufla+/CEsqTF9fKBXSEc/R5dE9FE0ole
aKaTtSg7yw8K9LrQniuM2JnWUEHVxOQZ8LL+UGfW3gcC
-----END CERTIFICATE-----