Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/fIlJ8zHWrJJ8abi4IcSjvw19U3c.roa
File:                     fIlJ8zHWrJJ8abi4IcSjvw19U3c.roa (raw, json)
Hash identifier:          yPyDwPM7TwR9n/KEVcl4OebaOVGfOhSmTfZiA/4ru9U=
Subject key identifier:   7C:89:49:F3:31:D6:AC:92:7C:69:B8:B8:21:C4:A3:BF:0D:7D:53:77
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0190031F8118F0FEE7416CAAB8874C068B29
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/fIlJ8zHWrJJ8abi4IcSjvw19U3c.roa
Signing time:             Mon 10 Jun 2024 17:08:34 +0000
ROA not before:           Mon 10 Jun 2024 17:08:34 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     63473
IP address blocks:        185.126.82.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 09:57:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:90:03:1f:81:18:f0:fe:e7:41:6c:aa:b8:87:4c:06:8b:29
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jun 10 17:08:34 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7c8949f331d6ac927c69b8b821c4a3bf0d7d5377
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:af:8c:78:5d:c3:b0:6b:e0:ad:b4:2d:d1:c4:
                    8e:f4:f8:4b:5b:e4:17:88:d7:aa:e3:5a:f3:05:ab:
                    c6:61:74:26:08:be:07:72:1d:7c:49:b7:f0:f5:af:
                    67:42:e9:b8:c9:b4:73:63:84:dd:18:60:f0:ef:c0:
                    25:24:11:84:d4:bd:ff:df:57:7a:22:dc:9a:87:04:
                    14:00:30:1e:43:c4:99:39:22:0b:ae:12:9d:5a:67:
                    9b:4b:c5:32:21:e5:fc:5a:6d:4c:99:cd:87:28:95:
                    e5:d3:90:16:fd:17:60:25:7d:70:0a:f8:ae:8a:db:
                    eb:8c:8c:7d:2b:0f:48:07:68:1f:96:c0:a4:7f:e7:
                    b2:7d:3b:9a:6f:f3:f7:48:3a:f4:8e:d4:9f:66:3c:
                    b0:2d:06:ec:db:b0:f6:e1:e1:08:c6:75:7f:9e:47:
                    9a:69:32:ae:60:9b:64:9c:ea:45:98:a4:6d:b3:7e:
                    82:d9:50:76:0b:45:10:6a:c7:b2:62:ac:fe:4d:a6:
                    75:fa:04:bd:a9:95:67:90:c2:01:21:b1:e7:f1:77:
                    89:99:a3:6b:09:87:14:6e:53:27:73:eb:9b:09:00:
                    04:61:9f:1e:a7:4d:05:71:35:07:67:96:1f:f9:a0:
                    26:57:2e:90:f6:21:3c:46:de:c4:64:c5:aa:8c:c5:
                    e4:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:89:49:F3:31:D6:AC:92:7C:69:B8:B8:21:C4:A3:BF:0D:7D:53:77
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/fIlJ8zHWrJJ8abi4IcSjvw19U3c.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.126.82.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:78:53:80:67:7c:de:93:00:4e:09:3c:ef:e9:d3:5b:56:17:
         ce:c6:6a:e3:9f:6c:33:cc:ba:ac:7e:0c:b3:dc:a1:a0:0d:10:
         3e:60:4c:a4:bc:d0:0b:0d:ab:68:62:22:d3:61:e2:ef:0d:ed:
         bf:46:96:eb:c4:e2:59:5f:59:cc:28:c3:f8:63:04:af:0e:de:
         0d:de:0c:ce:0e:1c:b3:c3:be:ea:2c:71:93:5b:c5:b5:bb:17:
         32:44:44:2a:90:6d:3b:88:25:b3:c8:b6:2d:36:3b:4f:3c:c6:
         d2:05:47:ac:d1:b0:18:42:87:44:89:78:4d:dd:68:41:0c:5e:
         32:3c:3b:e7:b1:9d:15:96:f8:88:f6:e0:68:fa:dc:9b:c4:d4:
         21:a5:42:38:8a:96:76:c3:c8:35:36:cd:bd:e7:42:29:ce:ed:
         6d:d3:04:cb:dc:68:e6:ac:32:0c:63:38:3d:c3:62:db:32:71:
         8b:66:ce:80:50:d8:b6:1e:4e:2d:26:82:37:44:74:21:0e:73:
         94:fa:30:0b:1e:78:1b:2f:57:72:46:50:de:da:95:66:53:5a:
         9b:a4:39:e1:ba:17:c7:16:c6:a9:e8:4f:c8:81:d9:0a:2e:b8:
         a4:14:b7:0a:27:cb:4d:8a:6e:8b:7e:cb:fe:fd:0e:c2:5d:ee:
         8a:3d:92:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZADH4EY8P7nQWyquIdMBospMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQwNjEwMTcwODM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Yzg5NDlmMzMxZDZhYzkyN2M2OWI4YjgyMWM0YTNiZjBkN2Q1Mzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq6+MeF3DsGvgrbQt0cSO9PhLW+QX
iNeq41rzBavGYXQmCL4Hch18Sbfw9a9nQum4ybRzY4TdGGDw78AlJBGE1L3/31d6
ItyahwQUADAeQ8SZOSILrhKdWmebS8UyIeX8Wm1Mmc2HKJXl05AW/RdgJX1wCviu
itvrjIx9Kw9IB2gflsCkf+eyfTuab/P3SDr0jtSfZjywLQbs27D24eEIxnV/nkea
aTKuYJtknOpFmKRts36C2VB2C0UQaseyYqz+TaZ1+gS9qZVnkMIBIbHn8XeJmaNr
CYcUblMnc+ubCQAEYZ8ep00FcTUHZ5Yf+aAmVy6Q9iE8Rt7EZMWqjMXkIwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFHyJSfMx1qySfGm4uCHEo78NfVN3MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvZklsSjh6SFdySko4YWJpNEljU2p2dzE5VTNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuX5SMA0G
CSqGSIb3DQEBCwUAA4IBAQBZeFOAZ3zekwBOCTzv6dNbVhfOxmrjn2wzzLqsfgyz
3KGgDRA+YEykvNALDatoYiLTYeLvDe2/RpbrxOJZX1nMKMP4YwSvDt4N3gzODhyz
w77qLHGTW8W1uxcyREQqkG07iCWzyLYtNjtPPMbSBUes0bAYQodEiXhN3WhBDF4y
PDvnsZ0VlviI9uBo+tybxNQhpUI4ipZ2w8g1Ns2950Ipzu1t0wTL3GjmrDIMYzg9
w2LbMnGLZs6AUNi2Hk4tJoI3RHQhDnOU+jALHngbL1dyRlDe2pVmU1qbpDnhuhfH
Fsap6E/IgdkKLrikFLcKJ8tNim6Lfsv+/Q7CXe6KPZKr
-----END CERTIFICATE-----