Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/fm8g2L4czRqJTFGCGvZo-zoTFvI.roa
File:                     fm8g2L4czRqJTFGCGvZo-zoTFvI.roa (raw, json)
Hash identifier:          G+QywnoouypPUJBEptiX8RWVxWo1G767Jo4yXWj4tbk=
Subject key identifier:   7E:6F:20:D8:BE:1C:CD:1A:89:4C:51:82:1A:F6:68:FB:3A:13:16:F2
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01931AF872C9F81FC4B8E1C2173C4074431F
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/fm8g2L4czRqJTFGCGvZo-zoTFvI.roa
Signing time:             Mon 11 Nov 2024 11:25:10 +0000
ROA not before:           Mon 11 Nov 2024 11:25:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     50053
IP address blocks:        185.121.13.0/24 maxlen: 24
                          185.121.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:1a:f8:72:c9:f8:1f:c4:b8:e1:c2:17:3c:40:74:43:1f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov 11 11:25:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=7e6f20d8be1ccd1a894c51821af668fb3a1316f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:45:f7:83:95:0a:17:30:99:80:ca:c0:4f:79:
                    e5:13:10:2b:9d:d6:1b:e7:a3:17:24:8c:34:1f:02:
                    7f:3e:33:0f:04:5e:29:7b:3a:50:17:30:c1:a2:e4:
                    5f:69:87:84:49:a8:a1:81:56:de:a4:b9:8e:f3:dd:
                    65:91:e2:f5:de:7b:cc:ae:eb:da:1d:3d:47:71:8a:
                    c8:43:5b:71:29:90:41:c5:35:08:bc:7a:dc:af:ff:
                    f3:e1:62:7b:03:1c:6e:e2:f4:1e:40:5f:18:81:51:
                    cb:d4:28:09:56:28:a3:f7:8a:26:af:91:79:ac:93:
                    e9:e1:33:f6:d7:45:7c:c3:78:c3:7e:6b:83:1e:42:
                    51:dd:3b:b0:0b:11:0e:b5:0c:a3:4c:4e:f2:14:92:
                    30:dc:77:7c:91:f2:5e:b9:8b:1a:e4:c9:50:dd:76:
                    bb:46:a4:ce:be:d6:fa:3f:27:63:18:61:41:81:2b:
                    90:84:21:97:d2:b2:94:16:5b:59:6a:2c:9d:d4:99:
                    08:05:35:22:d7:6a:a0:78:fc:70:bb:85:49:61:a0:
                    ab:0b:8f:47:50:22:dc:43:67:68:2c:b7:e6:bc:93:
                    a4:1e:0e:aa:7b:61:1d:5f:7f:82:76:b7:c2:b4:29:
                    7f:b2:4c:71:39:10:7e:83:89:90:6e:27:58:7e:f8:
                    f8:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:6F:20:D8:BE:1C:CD:1A:89:4C:51:82:1A:F6:68:FB:3A:13:16:F2
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/fm8g2L4czRqJTFGCGvZo-zoTFvI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.13.0-185.121.14.255

    Signature Algorithm: sha256WithRSAEncryption
         1c:7b:a2:cf:e7:7f:bc:f4:c2:08:2b:0e:e9:74:4c:11:43:11:
         8f:bf:eb:e5:55:4a:8d:98:f4:05:ac:d1:2d:ca:af:18:4f:00:
         37:8a:ba:e3:c6:c2:d5:e4:b2:da:cc:eb:82:f2:bf:e5:f2:6d:
         18:47:36:e2:97:d3:48:aa:20:4a:1f:c0:b9:ad:67:02:22:27:
         4f:b9:86:76:03:43:dc:9b:ca:ab:75:0b:b5:2d:c7:7f:d2:5f:
         d9:07:ba:68:cc:ad:30:3d:c3:3a:a1:67:78:a4:eb:32:ce:c7:
         68:96:7d:01:87:d0:5f:2a:84:54:10:e1:48:61:90:b8:8a:ab:
         f6:fc:34:c1:9a:8e:45:14:ec:28:bf:60:ec:3d:d7:d8:a3:f2:
         ef:de:08:ed:66:99:47:e1:2e:1d:d0:68:72:36:b0:9d:8f:34:
         de:99:72:e5:8a:de:cb:9e:3f:b2:fc:d2:fe:f1:44:b5:1d:b0:
         27:6b:22:c2:25:aa:04:f3:0a:0f:22:e9:42:be:8e:e9:c6:28:
         c9:bf:2e:9e:68:03:af:12:d3:88:b0:7c:7e:d4:e7:c1:4a:26:
         00:61:3e:df:78:a4:43:ec:c7:0f:ee:0e:bc:b4:ef:93:b3:5b:
         a4:d0:4c:b7:0f:c6:df:82:e3:7f:96:5a:1e:23:e4:8d:f4:55:
         2c:31:7c:09
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZMa+HLJ+B/EuOHCFzxAdEMfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMTExMTEyNTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTZmMjBkOGJlMWNjZDFhODk0YzUxODIxYWY2NjhmYjNhMTMxNmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3kX3g5UKFzCZgMrAT3nlExArndYb
56MXJIw0HwJ/PjMPBF4pezpQFzDBouRfaYeESaihgVbepLmO891lkeL13nvMruva
HT1HcYrIQ1txKZBBxTUIvHrcr//z4WJ7Axxu4vQeQF8YgVHL1CgJViij94omr5F5
rJPp4TP210V8w3jDfmuDHkJR3TuwCxEOtQyjTE7yFJIw3Hd8kfJeuYsa5MlQ3Xa7
RqTOvtb6PydjGGFBgSuQhCGX0rKUFltZaiyd1JkIBTUi12qgePxwu4VJYaCrC49H
UCLcQ2doLLfmvJOkHg6qe2EdX3+CdrfCtCl/skxxORB+g4mQbidYfvj4KwIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFH5vINi+HM0aiUxRghr2aPs6ExbyMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvZm04ZzJMNGN6UnFKVEZHQ0d2Wm8tem9URnZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5eQ0D
BAC5eQ4wDQYJKoZIhvcNAQELBQADggEBABx7os/nf7z0wggrDul0TBFDEY+/6+VV
So2Y9AWs0S3KrxhPADeKuuPGwtXkstrM64Lyv+XybRhHNuKX00iqIEofwLmtZwIi
J0+5hnYDQ9ybyqt1C7Utx3/SX9kHumjMrTA9wzqhZ3ik6zLOx2iWfQGH0F8qhFQQ
4UhhkLiKq/b8NMGajkUU7Ci/YOw919ij8u/eCO1mmUfhLh3QaHI2sJ2PNN6ZcuWK
3sueP7L80v7xRLUdsCdrIsIlqgTzCg8i6UK+junGKMm/Lp5oA68S04iwfH7U58FK
JgBhPt94pEPsxw/uDry075OzW6TQTLcPxt+C43+WWh4j5I30VSwxfAk=
-----END CERTIFICATE-----