Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/qVGPZ76bLpcWX9H41GPUkdKfurU.roa
File:                     qVGPZ76bLpcWX9H41GPUkdKfurU.roa (raw, json)
Hash identifier:          dnrPEgICsbtvqKSDDXO/hMK5g6w0EWxu/8thcKCk7qw=
Subject key identifier:   A9:51:8F:67:BE:9B:2E:97:16:5F:D1:F8:D4:63:D4:91:D2:9F:BA:B5
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01932BB1747CE04C1631E483855CFC82D06C
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/qVGPZ76bLpcWX9H41GPUkdKfurU.roa
Signing time:             Thu 14 Nov 2024 17:21:10 +0000
ROA not before:           Thu 14 Nov 2024 17:21:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214654
IP address blocks:        185.206.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2b:b1:74:7c:e0:4c:16:31:e4:83:85:5c:fc:82:d0:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov 14 17:21:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=a9518f67be9b2e97165fd1f8d463d491d29fbab5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:c8:f9:32:f7:c9:15:be:d9:77:0f:49:79:fa:
                    0d:2b:67:bb:8f:af:b4:68:73:b3:29:4b:fc:b8:74:
                    3b:fb:ef:3d:6d:33:18:23:0e:aa:9d:46:24:31:37:
                    aa:6d:dc:f4:d4:80:01:0e:42:d1:b9:43:9b:3c:4f:
                    e5:0f:e9:55:e3:dd:ad:2c:28:85:de:71:00:a8:e3:
                    b7:29:2a:31:5e:8a:20:92:a5:49:41:d6:6f:f9:7f:
                    8e:dc:2b:3a:9b:ea:97:7a:e7:9d:94:33:7f:f1:01:
                    fd:12:72:9c:77:65:c1:1a:2a:e4:a9:81:64:8e:7b:
                    a5:9a:0b:23:dd:f4:bc:61:4a:c6:fd:ba:42:70:9e:
                    d6:f2:33:a0:33:37:10:f7:2e:97:2a:f1:65:1e:55:
                    42:2e:b1:33:f4:ee:28:af:bd:3d:9a:9d:91:7e:c9:
                    d2:dc:5b:05:2d:fc:f2:d5:be:e4:c7:89:74:26:2f:
                    cb:ba:6f:c8:3e:4a:bd:ce:79:58:76:8b:be:97:5b:
                    6f:6d:b1:81:3c:7b:83:e5:c5:29:de:c1:a0:06:be:
                    cf:f6:ee:06:5b:59:2e:61:12:7b:df:13:bc:10:f9:
                    6a:aa:7c:cb:3e:f5:79:17:6e:92:9f:16:9c:c3:5c:
                    0d:b3:d7:1a:14:6b:65:c1:72:57:85:3a:9b:6f:19:
                    57:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:51:8F:67:BE:9B:2E:97:16:5F:D1:F8:D4:63:D4:91:D2:9F:BA:B5
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/qVGPZ76bLpcWX9H41GPUkdKfurU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b1:f1:aa:46:24:b7:b2:99:d9:30:3c:1e:c0:cb:ab:6b:67:bc:
         1d:8d:05:48:6b:63:88:95:35:20:ca:3b:c0:21:45:c1:34:b1:
         fe:0f:ab:ea:19:e9:8f:96:05:3d:a7:9b:6d:a5:f9:7b:21:4b:
         f1:23:2d:af:b6:ca:be:cc:97:6d:0f:d9:f5:b9:33:95:7b:ab:
         cb:4a:83:ad:80:99:8b:bc:e1:03:fa:b1:d9:9e:42:64:7b:6f:
         fd:48:ec:9a:ac:97:40:1b:05:cd:c8:85:79:c7:05:36:c2:0d:
         62:b8:b5:16:7a:4b:ac:a5:47:6f:8c:d6:7a:1c:04:5d:dc:be:
         86:f6:b0:32:73:58:83:b8:fe:79:4c:39:57:70:c3:19:17:67:
         8a:a2:e3:d5:f5:61:d5:1f:e1:58:20:4d:8b:4a:5a:92:39:c4:
         71:7f:5f:0e:fc:69:1f:c9:fb:55:99:71:40:e1:38:ed:d0:43:
         a1:be:c7:df:9f:af:21:97:d9:4e:9c:60:08:4e:4b:ff:b3:9b:
         ea:a0:c3:cd:6b:5d:b4:a4:b4:46:8c:09:94:b9:b7:23:f4:49:
         5f:7d:9a:19:36:48:58:2f:ee:6c:c0:40:92:97:40:0d:a7:ad:
         51:58:e7:2c:ce:16:00:98:ff:da:23:d2:96:a8:e8:00:14:68:
         68:ae:90:ad
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMrsXR84EwWMeSDhVz8gtBsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMTE0MTcyMTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhOTUxOGY2N2JlOWIyZTk3MTY1ZmQxZjhkNDYzZDQ5MWQyOWZiYWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAssj5MvfJFb7Zdw9JefoNK2e7j6+0
aHOzKUv8uHQ7++89bTMYIw6qnUYkMTeqbdz01IABDkLRuUObPE/lD+lV492tLCiF
3nEAqOO3KSoxXoogkqVJQdZv+X+O3Cs6m+qXeuedlDN/8QH9EnKcd2XBGirkqYFk
jnulmgsj3fS8YUrG/bpCcJ7W8jOgMzcQ9y6XKvFlHlVCLrEz9O4or709mp2RfsnS
3FsFLfzy1b7kx4l0Ji/Lum/IPkq9znlYdou+l1tvbbGBPHuD5cUp3sGgBr7P9u4G
W1kuYRJ73xO8EPlqqnzLPvV5F26Snxacw1wNs9caFGtlwXJXhTqbbxlXOQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKlRj2e+my6XFl/R+NRj1JHSn7q1MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvcVZHUFo3NmJMcGNXWDlINDFHUFVrZEtmdXJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc76MA0G
CSqGSIb3DQEBCwUAA4IBAQCx8apGJLeymdkwPB7Ay6trZ7wdjQVIa2OIlTUgyjvA
IUXBNLH+D6vqGemPlgU9p5ttpfl7IUvxIy2vtsq+zJdtD9n1uTOVe6vLSoOtgJmL
vOED+rHZnkJke2/9SOyarJdAGwXNyIV5xwU2wg1iuLUWekuspUdvjNZ6HARd3L6G
9rAyc1iDuP55TDlXcMMZF2eKouPV9WHVH+FYIE2LSlqSOcRxf18O/GkfyftVmXFA
4Tjt0EOhvsffn68hl9lOnGAITkv/s5vqoMPNa120pLRGjAmUubcj9ElffZoZNkhY
L+5swECSl0ANp61RWOcszhYAmP/aI9KWqOgAFGhorpCt
-----END CERTIFICATE-----