Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/i4Q6qniu57n6lE5lTH1GH7jA788.roa
File:                     i4Q6qniu57n6lE5lTH1GH7jA788.roa (raw, json)
Hash identifier:          Chw+tbXZnV+yvl/z3dMwlQu6X24IGpKdjRf/ggw8vDI=
Subject key identifier:   8B:84:3A:AA:78:AE:E7:B9:FA:94:4E:65:4C:7D:46:1F:B8:C0:EF:CF
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019422201A959D1012085C30FC0D52B084B3
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/i4Q6qniu57n6lE5lTH1GH7jA788.roa
Signing time:             Wed 01 Jan 2025 13:48:36 +0000
ROA not before:           Wed 01 Jan 2025 13:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20860
IP address blocks:        185.214.101.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 10:07:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:1a:95:9d:10:12:08:5c:30:fc:0d:52:b0:84:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8b843aaa78aee7b9fa944e654c7d461fb8c0efcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:25:4a:32:33:8c:20:44:c4:ec:e2:56:bc:e8:
                    40:89:aa:b7:e3:97:5a:a9:18:d3:bd:77:ab:5e:8f:
                    69:f1:8e:4e:cd:3c:7f:30:0d:78:69:5b:8b:2b:9f:
                    65:10:73:89:e6:4f:de:7f:b1:c7:98:bb:5d:d7:5a:
                    b0:c9:b9:97:24:7c:07:ea:28:bc:e4:7b:da:c7:0e:
                    bc:9c:52:21:89:bb:17:45:5c:6b:95:83:03:d6:4c:
                    e6:3e:aa:73:ba:2f:d1:78:5e:b7:5b:e5:be:c1:1a:
                    1d:5f:6d:a8:ca:a0:27:7b:c8:bd:cd:e8:55:97:dd:
                    35:3f:0f:5a:07:82:b3:b0:93:25:9e:4d:57:8e:8a:
                    5a:7c:87:ec:79:75:3b:f6:e7:07:e1:b0:a7:1f:c2:
                    72:85:44:1e:28:29:87:a0:c3:fb:57:62:40:92:78:
                    05:b6:53:4d:c8:62:be:28:85:6e:d6:88:2a:39:47:
                    1c:00:f4:94:cb:90:cf:62:76:63:e0:06:a6:49:cb:
                    f8:0a:6b:90:42:7c:af:1a:b1:28:91:4e:a5:ce:2b:
                    12:5e:f5:fe:0b:db:83:ee:31:34:8a:64:bc:6b:2d:
                    82:88:43:3e:ca:13:7b:6c:93:b5:6a:04:fa:b8:8a:
                    32:ae:5b:04:88:d9:1e:42:0b:69:fd:a5:ba:3c:89:
                    a4:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:84:3A:AA:78:AE:E7:B9:FA:94:4E:65:4C:7D:46:1F:B8:C0:EF:CF
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/i4Q6qniu57n6lE5lTH1GH7jA788.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.214.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:6e:54:12:0f:71:23:8b:a9:28:3a:cd:d3:f8:e3:6c:10:d1:
         6a:6f:2c:f8:14:39:8b:57:3c:5e:c4:d7:72:e7:00:c5:35:06:
         5c:80:e1:7f:b8:5e:af:72:75:0d:7a:68:e4:f0:ba:c2:0d:ab:
         28:39:67:9d:67:ec:15:5c:e7:75:0d:ca:a3:92:7d:68:f3:20:
         8f:13:4d:cb:c7:5e:61:30:5d:73:b5:61:b9:39:2f:ee:9b:b8:
         c0:e1:1d:c6:ba:e7:93:3d:f8:13:4a:ca:8a:d2:65:ec:dc:ac:
         3d:0a:fc:32:25:80:7b:c4:92:5e:fd:ac:b1:97:09:ce:97:f9:
         7f:1e:ec:4e:83:e6:99:2a:f4:49:4a:7f:91:d0:ec:3c:8d:5c:
         2d:66:f4:5b:73:fb:88:c4:68:09:b0:77:b0:5c:6e:42:79:74:
         4d:26:d2:78:24:cf:aa:8e:c6:27:f3:9f:56:81:f9:d3:75:ad:
         fe:33:2a:5b:98:21:46:03:f5:6c:3c:77:21:8a:32:39:55:dc:
         2b:cc:6b:79:85:fe:f8:f7:45:c9:53:c9:35:99:1a:4d:d9:41:
         31:00:f9:05:57:b2:e9:78:43:f1:ce:3c:fc:b9:4f:d4:b0:b1:
         41:67:c1:1d:fe:74:26:31:5b:d7:72:03:b3:ba:8d:f2:29:f3:
         ee:d8:8f:0a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIBqVnRASCFww/A1SsISzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Yjg0M2FhYTc4YWVlN2I5ZmE5NDRlNjU0YzdkNDYxZmI4YzBlZmNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtiVKMjOMIETE7OJWvOhAiaq345da
qRjTvXerXo9p8Y5OzTx/MA14aVuLK59lEHOJ5k/ef7HHmLtd11qwybmXJHwH6ii8
5Hvaxw68nFIhibsXRVxrlYMD1kzmPqpzui/ReF63W+W+wRodX22oyqAne8i9zehV
l901Pw9aB4KzsJMlnk1XjopafIfseXU79ucH4bCnH8JyhUQeKCmHoMP7V2JAkngF
tlNNyGK+KIVu1ogqOUccAPSUy5DPYnZj4AamScv4CmuQQnyvGrEokU6lzisSXvX+
C9uD7jE0imS8ay2CiEM+yhN7bJO1agT6uIoyrlsEiNkeQgtp/aW6PImkOwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIuEOqp4rue5+pROZUx9Rh+4wO/PMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvaTRRNnFuaXU1N242bEU1bFRIMUdIN2pBNzg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudZlMA0G
CSqGSIb3DQEBCwUAA4IBAQCiblQSD3Eji6koOs3T+ONsENFqbyz4FDmLVzxexNdy
5wDFNQZcgOF/uF6vcnUNemjk8LrCDasoOWedZ+wVXOd1Dcqjkn1o8yCPE03Lx15h
MF1ztWG5OS/um7jA4R3GuueTPfgTSsqK0mXs3Kw9CvwyJYB7xJJe/ayxlwnOl/l/
HuxOg+aZKvRJSn+R0Ow8jVwtZvRbc/uIxGgJsHewXG5CeXRNJtJ4JM+qjsYn859W
gfnTda3+MypbmCFGA/VsPHchijI5VdwrzGt5hf7490XJU8k1mRpN2UExAPkFV7Lp
eEPxzjz8uU/UsLFBZ8Ed/nQmMVvXcgOzuo3yKfPu2I8K
-----END CERTIFICATE-----