Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/uhJ_gu_JFexykzs-me-PrezyMb8.roa
File:                     uhJ_gu_JFexykzs-me-PrezyMb8.roa (raw, json)
Hash identifier:          60PsZl7mnbxzaPX2S0lsi7wSeqiPfIC9djd0iz9OHlA=
Subject key identifier:   BA:12:7F:82:EF:C9:15:EC:72:93:3B:3E:99:EF:8F:AD:EC:F2:31:BF
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01932BAFA041F781C7558AB9207BF750C3D3
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/uhJ_gu_JFexykzs-me-PrezyMb8.roa
Signing time:             Thu 14 Nov 2024 17:19:10 +0000
ROA not before:           Thu 14 Nov 2024 17:19:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     214364
IP address blocks:        185.218.101.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 22 Nov 2024 14:00:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:2b:af:a0:41:f7:81:c7:55:8a:b9:20:7b:f7:50:c3:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Nov 14 17:19:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ba127f82efc915ec72933b3e99ef8fadecf231bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:a2:b9:d6:c6:30:cc:5a:39:63:f5:a2:54:7a:
                    10:b6:cc:a2:f1:77:d7:b8:ef:cc:d1:6a:6d:ef:81:
                    18:5b:62:31:9f:0f:83:0c:f4:91:3a:c2:c2:29:7a:
                    b2:82:68:e1:5a:e6:f8:87:fb:42:4f:7b:00:09:a5:
                    fb:dd:cc:1b:ed:cf:10:78:68:89:85:cb:28:f5:f2:
                    4e:db:4f:6a:e8:40:db:eb:82:67:db:c4:0c:f6:97:
                    d8:a6:92:e0:0b:fb:d9:2a:7d:91:46:43:f0:c1:99:
                    11:95:95:99:a7:a0:cf:2a:08:94:e2:ce:21:e7:71:
                    33:11:89:0b:1a:94:0a:b7:6b:72:27:ed:6d:de:0e:
                    02:b6:6b:22:8f:6b:7a:4f:c1:dc:17:e4:20:1b:e2:
                    a8:e6:65:19:1f:9a:53:1c:c7:02:14:13:5e:63:f7:
                    91:96:c5:c0:85:9d:91:54:95:df:40:9c:75:ae:7a:
                    e7:c0:fc:7c:fb:29:6e:97:5e:a4:1f:0c:37:4f:e7:
                    53:80:fb:0b:24:ca:e2:fd:f0:ab:16:5a:e7:f0:06:
                    51:58:c7:f0:fd:82:6a:a6:40:da:a5:c8:29:6c:92:
                    9b:b9:2e:b7:03:98:21:c5:55:8d:cd:36:9a:19:91:
                    8e:8a:cc:65:96:ae:75:90:ac:e6:d4:d8:f6:96:6a:
                    30:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:12:7F:82:EF:C9:15:EC:72:93:3B:3E:99:EF:8F:AD:EC:F2:31:BF
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/uhJ_gu_JFexykzs-me-PrezyMb8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.218.101.0/24

    Signature Algorithm: sha256WithRSAEncryption
         81:3d:9a:10:ac:15:ff:06:00:bc:0e:41:86:80:14:75:4f:50:
         58:69:bd:5d:03:5b:32:41:a2:a8:0e:b3:5b:44:5a:10:3b:a1:
         11:7d:9c:6c:4f:a3:58:d3:43:d7:90:e1:d5:0c:d0:fe:1f:18:
         6c:28:02:a5:f7:a8:0d:6f:70:6c:b7:96:43:e9:2f:a4:01:fe:
         af:7b:5b:81:b0:02:93:5b:79:59:70:52:e6:46:04:d3:b5:c9:
         91:35:e7:47:68:74:8e:e4:29:a6:10:85:34:39:72:2e:f5:48:
         fe:e6:d3:c2:9e:8d:01:ed:95:32:7b:7e:a0:f5:fb:70:a9:2c:
         33:44:47:c5:bd:54:68:57:c9:6c:f9:c4:aa:31:02:a3:6a:5f:
         0a:9c:e6:56:26:50:30:d5:5a:65:e1:be:61:35:f3:bc:4e:8e:
         2d:56:70:3d:d6:df:b2:2b:a3:58:e1:b7:a5:40:34:b7:f7:1d:
         27:a3:99:c1:28:f4:06:0a:57:8f:34:fb:92:25:e2:86:e1:af:
         5b:d3:a0:e8:81:40:cd:cf:c1:04:56:85:ac:92:02:fc:2a:e1:
         63:b7:fb:07:52:69:40:3b:bb:01:be:65:cc:36:b1:11:3b:d1:
         4b:61:91:7d:75:75:dd:26:20:f3:8f:a0:50:b8:af:ff:48:27:
         b1:9f:fa:ba
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZMrr6BB94HHVYq5IHv3UMPTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjQxMTE0MTcxOTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTEyN2Y4MmVmYzkxNWVjNzI5MzNiM2U5OWVmOGZhZGVjZjIzMWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKK51sYwzFo5Y/WiVHoQtsyi8XfX
uO/M0Wpt74EYW2Ixnw+DDPSROsLCKXqygmjhWub4h/tCT3sACaX73cwb7c8QeGiJ
hcso9fJO209q6EDb64Jn28QM9pfYppLgC/vZKn2RRkPwwZkRlZWZp6DPKgiU4s4h
53EzEYkLGpQKt2tyJ+1t3g4Ctmsij2t6T8HcF+QgG+Ko5mUZH5pTHMcCFBNeY/eR
lsXAhZ2RVJXfQJx1rnrnwPx8+ylul16kHww3T+dTgPsLJMri/fCrFlrn8AZRWMfw
/YJqpkDapcgpbJKbuS63A5ghxVWNzTaaGZGOisxllq51kKzm1Nj2lmowtwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLoSf4LvyRXscpM7Ppnvj63s8jG/MB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvdWhKX2d1X0pGZXh5a3pzLW1lLVByZXp5TWI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudplMA0G
CSqGSIb3DQEBCwUAA4IBAQCBPZoQrBX/BgC8DkGGgBR1T1BYab1dA1syQaKoDrNb
RFoQO6ERfZxsT6NY00PXkOHVDND+HxhsKAKl96gNb3Bst5ZD6S+kAf6ve1uBsAKT
W3lZcFLmRgTTtcmRNedHaHSO5CmmEIU0OXIu9Uj+5tPCno0B7ZUye36g9ftwqSwz
REfFvVRoV8ls+cSqMQKjal8KnOZWJlAw1Vpl4b5hNfO8To4tVnA91t+yK6NY4bel
QDS39x0no5nBKPQGClePNPuSJeKG4a9b06DogUDNz8EEVoWskgL8KuFjt/sHUmlA
O7sBvmXMNrERO9FLYZF9dXXdJiDzj6BQuK//SCexn/q6
-----END CERTIFICATE-----