Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/x05sEmd5AR05hUz-Epkzs2Pz158.roa
File:                     x05sEmd5AR05hUz-Epkzs2Pz158.roa (raw, json)
Hash identifier:          ri6+VgKANn7fX2CPPOzz+zK8LGfRhgFIOuVwW5kGUaQ=
Subject key identifier:   C7:4E:6C:12:67:79:01:1D:39:85:4C:FE:12:99:33:B3:63:F3:D7:9F
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019422202B1FE74DE330CCC9F24E8F36076A
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/x05sEmd5AR05hUz-Epkzs2Pz158.roa
Signing time:             Wed 01 Jan 2025 13:48:41 +0000
ROA not before:           Wed 01 Jan 2025 13:48:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60458
IP address blocks:        185.248.200.0/22 maxlen: 22
                          185.254.159.0/24 maxlen: 24
                          193.17.181.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 14:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:2b:1f:e7:4d:e3:30:cc:c9:f2:4e:8f:36:07:6a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c74e6c126779011d39854cfe129933b363f3d79f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:fc:dd:c1:70:53:f7:ac:5b:39:83:46:42:44:
                    b2:de:e0:ad:8c:6d:95:71:7f:7b:aa:95:e7:49:3d:
                    5a:ad:75:1b:8d:9b:4c:24:35:6b:d6:b0:60:86:66:
                    3b:f2:b8:ae:67:e6:1f:ab:5a:79:d8:0e:ff:34:dc:
                    73:f5:f4:12:93:60:cd:7d:02:14:af:e3:36:88:21:
                    f5:6a:00:dd:1c:a5:e7:b3:0b:39:cc:9b:15:05:c5:
                    77:03:e6:84:bd:8e:4b:06:1e:69:c2:03:65:bc:3c:
                    7b:90:23:56:a4:80:c0:c8:7e:2e:ab:3f:db:98:94:
                    57:ef:b7:d4:21:c0:5e:94:2f:76:cf:d2:0d:a4:0d:
                    e2:77:6c:bf:39:d5:dc:bd:1f:7c:b5:1e:61:ee:f0:
                    dc:18:f8:3b:e5:f0:15:54:ae:88:0d:67:4e:81:52:
                    36:dd:80:ff:6b:74:a3:30:05:7f:0f:f1:f1:7f:4d:
                    9a:32:a3:a8:fd:40:76:53:24:f3:f9:03:e7:01:8f:
                    33:86:7a:f2:ac:35:ea:a7:50:47:54:45:97:e9:f7:
                    68:76:65:8a:ef:85:04:e6:99:35:c5:9a:0e:99:8a:
                    0c:49:a0:ef:ae:1f:ef:84:d7:44:8c:ac:d6:93:85:
                    d9:27:a5:d1:0d:70:8b:5d:f9:5a:2b:41:06:ff:9d:
                    eb:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:4E:6C:12:67:79:01:1D:39:85:4C:FE:12:99:33:B3:63:F3:D7:9F
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/x05sEmd5AR05hUz-Epkzs2Pz158.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.248.200.0/22
                  185.254.159.0/24
                  193.17.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:90:c6:6b:af:57:63:be:81:61:32:d8:c1:14:c5:3d:73:3d:
         e8:6d:83:87:6d:c0:fa:a2:f1:27:a3:ff:a5:a7:22:ad:54:47:
         58:2e:32:cc:ab:63:f8:94:52:da:d4:51:03:80:55:10:5d:72:
         97:8a:f7:04:82:8e:69:86:a1:d2:ba:97:86:b7:a8:75:11:ea:
         8b:79:fd:56:74:b3:9b:11:f4:39:c0:ad:59:ec:9b:e7:97:36:
         4a:1b:46:dc:3b:c0:ff:4f:3d:50:e3:28:37:a5:c1:1b:e5:34:
         7b:e3:e4:5d:0b:62:cc:ad:ef:8d:df:8b:26:3f:f3:39:0d:92:
         e1:12:5b:fb:ba:d4:44:35:d4:c0:81:f8:59:f9:ad:9f:2d:75:
         ba:c8:8d:57:10:de:54:4e:15:22:58:25:1c:b9:63:de:5b:a6:
         5e:42:b8:9e:15:02:7c:54:98:6b:29:ee:fb:85:58:ea:de:c8:
         ca:14:4e:97:29:79:e6:df:85:1f:35:d7:4e:a8:2d:e8:ce:c2:
         94:56:16:d4:46:40:d4:64:a9:e1:9a:15:8d:7e:39:14:5e:a4:
         8b:04:01:2b:28:4f:3c:cc:5d:d7:4e:38:1f:ab:18:d2:2b:7a:
         22:49:90:2f:28:41:e9:96:93:0e:6f:25:3e:90:69:50:48:f3:
         98:df:ff:b4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQiICsf503jMMzJ8k6PNgdqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzRlNmMxMjY3NzkwMTFkMzk4NTRjZmUxMjk5MzNiMzYzZjNkNzlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxPzdwXBT96xbOYNGQkSy3uCtjG2V
cX97qpXnST1arXUbjZtMJDVr1rBghmY78riuZ+Yfq1p52A7/NNxz9fQSk2DNfQIU
r+M2iCH1agDdHKXnsws5zJsVBcV3A+aEvY5LBh5pwgNlvDx7kCNWpIDAyH4uqz/b
mJRX77fUIcBelC92z9INpA3id2y/OdXcvR98tR5h7vDcGPg75fAVVK6IDWdOgVI2
3YD/a3SjMAV/D/Hxf02aMqOo/UB2UyTz+QPnAY8zhnryrDXqp1BHVEWX6fdodmWK
74UE5pk1xZoOmYoMSaDvrh/vhNdEjKzWk4XZJ6XRDXCLXflaK0EG/53raQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMdObBJneQEdOYVM/hKZM7Nj89efMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEveDA1c0VtZDVBUjA1aFV6LUVwa3pzMlB6MTU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCufjIAwQA
uf6fAwQAwRG1MA0GCSqGSIb3DQEBCwUAA4IBAQBBkMZrr1djvoFhMtjBFMU9cz3o
bYOHbcD6ovEno/+lpyKtVEdYLjLMq2P4lFLa1FEDgFUQXXKXivcEgo5phqHSupeG
t6h1EeqLef1WdLObEfQ5wK1Z7JvnlzZKG0bcO8D/Tz1Q4yg3pcEb5TR74+RdC2LM
re+N34smP/M5DZLhElv7utRENdTAgfhZ+a2fLXW6yI1XEN5UThUiWCUcuWPeW6Ze
QrieFQJ8VJhrKe77hVjq3sjKFE6XKXnm34UfNddOqC3ozsKUVhbURkDUZKnhmhWN
fjkUXqSLBAErKE88zF3XTjgfqxjSK3oiSZAvKEHplpMObyU+kGlQSPOY3/+0
-----END CERTIFICATE-----