Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/va6Yg9emjMrl3nPvIzfoLDGKKtE.roa
File:                     va6Yg9emjMrl3nPvIzfoLDGKKtE.roa (raw, json)
Hash identifier:          rt4es6vrBgDX5fjg02Y2orhziCIs32Qvo4YN1M+XcZM=
Subject key identifier:   BD:AE:98:83:D7:A6:8C:CA:E5:DE:73:EF:23:37:E8:2C:31:8A:2A:D1
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019422201CCA5817717D7CE2784A7664B30E
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/va6Yg9emjMrl3nPvIzfoLDGKKtE.roa
Signing time:             Wed 01 Jan 2025 13:48:37 +0000
ROA not before:           Wed 01 Jan 2025 13:48:37 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     26141
IP address blocks:        194.26.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:1c:ca:58:17:71:7d:7c:e2:78:4a:76:64:b3:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:37 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bdae9883d7a68ccae5de73ef2337e82c318a2ad1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:ef:1c:87:5c:53:99:ad:d8:4b:33:61:2d:8f:
                    d7:a9:f6:51:db:d4:ce:10:a7:37:de:31:1e:21:5f:
                    0f:1c:44:77:6c:53:4d:87:d8:1b:14:26:52:41:48:
                    33:7d:4f:b5:24:8f:2a:0d:af:64:c2:85:0f:75:e1:
                    9b:28:ae:1b:02:b1:e1:08:1e:dc:b2:ef:30:25:ee:
                    f1:e5:02:db:3b:bf:fd:54:ef:d1:36:ca:4d:a5:fa:
                    4f:d6:1a:f8:a9:86:68:71:85:46:7e:43:0d:8f:99:
                    c9:06:d0:28:11:5c:17:a0:03:18:a7:5e:e7:32:74:
                    b0:fd:41:04:7b:1e:65:00:64:89:e8:a2:47:62:ef:
                    3f:fa:d8:50:8e:44:c6:f5:e4:27:9e:42:03:e3:9c:
                    ca:05:5d:33:1f:29:6e:e4:20:c6:6b:53:47:3d:cb:
                    87:5d:71:01:16:40:33:ba:0c:b0:81:16:8d:5d:28:
                    51:b2:7c:5b:f1:d9:12:ec:96:4f:18:9b:2c:6a:cc:
                    5a:0e:6c:21:22:ce:87:8a:4d:64:94:c6:cb:07:d5:
                    37:85:94:3e:ad:80:38:b9:68:94:32:f4:d6:df:93:
                    28:03:7f:38:c3:36:d4:f7:79:1e:a8:af:88:25:d7:
                    e4:f9:0f:bd:ee:88:74:97:08:29:bd:f2:86:2f:71:
                    88:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:AE:98:83:D7:A6:8C:CA:E5:DE:73:EF:23:37:E8:2C:31:8A:2A:D1
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/va6Yg9emjMrl3nPvIzfoLDGKKtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.26.100.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:97:af:99:4c:80:26:eb:21:4c:7c:53:37:53:b5:06:ef:1f:
         dc:b3:41:6c:9a:a6:c4:ef:e3:37:dc:15:a6:51:82:24:96:9a:
         65:50:27:29:3d:ae:9f:e0:3d:05:4b:de:35:eb:0e:31:f2:cc:
         e6:d6:7d:fd:e9:20:8a:b3:70:90:14:52:53:86:64:0e:15:b2:
         7e:73:2c:5b:c9:ac:76:01:0a:7f:85:47:a0:fb:39:80:57:e5:
         f5:86:36:37:eb:4a:b9:f1:a1:24:cb:27:eb:6e:5e:ed:e9:81:
         47:60:10:fa:c0:c5:42:6d:c5:5a:a0:b7:4a:1f:6a:cd:4e:05:
         e2:4c:9c:93:69:a3:76:0d:a4:71:b3:81:48:2d:38:e7:b8:f5:
         28:c2:94:1c:25:09:dc:c8:38:bc:24:f3:54:ab:4f:22:1d:17:
         a9:4e:6c:bd:58:33:42:16:8c:af:d7:72:0a:65:13:97:3c:1b:
         17:ab:50:a3:15:15:43:b6:f7:d6:b1:b3:67:34:86:12:31:68:
         b6:29:be:04:66:5a:93:81:8d:9a:00:6e:4b:b2:cb:d5:d1:0b:
         41:52:ce:59:c1:8f:60:cc:41:10:05:98:72:40:fc:52:12:a9:
         1d:42:89:3a:43:49:f1:35:d3:92:de:6f:4e:1a:34:cd:81:22:
         8c:75:4e:eb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiIBzKWBdxfXzieEp2ZLMOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODM3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZGFlOTg4M2Q3YTY4Y2NhZTVkZTczZWYyMzM3ZTgyYzMxOGEyYWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwO8ch1xTma3YSzNhLY/XqfZR29TO
EKc33jEeIV8PHER3bFNNh9gbFCZSQUgzfU+1JI8qDa9kwoUPdeGbKK4bArHhCB7c
su8wJe7x5QLbO7/9VO/RNspNpfpP1hr4qYZocYVGfkMNj5nJBtAoEVwXoAMYp17n
MnSw/UEEex5lAGSJ6KJHYu8/+thQjkTG9eQnnkID45zKBV0zHylu5CDGa1NHPcuH
XXEBFkAzugywgRaNXShRsnxb8dkS7JZPGJssasxaDmwhIs6Hik1klMbLB9U3hZQ+
rYA4uWiUMvTW35MoA384wzbU93keqK+IJdfk+Q+97oh0lwgpvfKGL3GIJwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL2umIPXpozK5d5z7yM36CwxiirRMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvdmE2WWc5ZW1qTXJsM25Qdkl6Zm9MREdLS3RFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwhpkMA0G
CSqGSIb3DQEBCwUAA4IBAQACl6+ZTIAm6yFMfFM3U7UG7x/cs0FsmqbE7+M33BWm
UYIklpplUCcpPa6f4D0FS9416w4x8szm1n396SCKs3CQFFJThmQOFbJ+cyxbyax2
AQp/hUeg+zmAV+X1hjY360q58aEkyyfrbl7t6YFHYBD6wMVCbcVaoLdKH2rNTgXi
TJyTaaN2DaRxs4FILTjnuPUowpQcJQncyDi8JPNUq08iHRepTmy9WDNCFoyv13IK
ZROXPBsXq1CjFRVDtvfWsbNnNIYSMWi2Kb4EZlqTgY2aAG5LssvV0QtBUs5ZwY9g
zEEQBZhyQPxSEqkdQok6Q0nxNdOS3m9OGjTNgSKMdU7r
-----END CERTIFICATE-----