Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/xp4wF9FNr1AeJL0B22yYt4JQtBw.roa
File:                     xp4wF9FNr1AeJL0B22yYt4JQtBw.roa (raw, json)
Hash identifier:          UIst2+k52g/T/IRO7eBW960uegi1xzmBx5jb/nsxX6U=
Subject key identifier:   C6:9E:30:17:D1:4D:AF:50:1E:24:BD:01:DB:6C:98:B7:82:50:B4:1C
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019422203D9CC6411806EED1E74937830C8F
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/xp4wF9FNr1AeJL0B22yYt4JQtBw.roa
Signing time:             Wed 01 Jan 2025 13:48:45 +0000
ROA not before:           Wed 01 Jan 2025 13:48:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205091
IP address blocks:        185.220.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 07:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:20:3d:9c:c6:41:18:06:ee:d1:e7:49:37:83:0c:8f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jan  1 13:48:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c69e3017d14daf501e24bd01db6c98b78250b41c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:40:82:27:37:8a:34:8b:d1:1f:dc:30:69:34:
                    57:46:48:ef:84:8e:62:ae:6d:ae:11:0c:e8:8b:8a:
                    49:88:c1:89:24:c7:0f:b3:3f:02:0e:b5:ab:df:58:
                    56:52:2e:5c:6b:60:84:02:c0:92:17:59:86:f6:f7:
                    7a:e0:ca:3f:4e:d1:35:d9:aa:20:78:22:73:33:99:
                    a9:4a:5d:46:c5:5f:bf:12:fb:4b:46:62:b2:66:d0:
                    be:de:cf:2e:3a:f1:09:ec:15:c1:73:0c:f2:a0:9f:
                    de:1a:c6:b3:86:ae:18:43:32:9f:06:cf:00:95:11:
                    44:dc:e1:d1:0d:8f:91:d3:29:5b:48:d5:5b:36:12:
                    a3:76:ce:ba:e2:a2:91:c0:06:f8:32:85:8b:da:35:
                    24:21:3d:7a:cf:fa:87:88:02:42:6a:36:89:b0:f5:
                    22:6a:6b:41:e6:bc:92:7a:e9:84:7f:dc:34:15:1b:
                    72:48:23:30:cd:1f:72:f5:6b:77:f2:3b:6e:88:96:
                    48:b4:6c:b6:6f:0b:1a:04:b0:d1:dd:f1:70:3a:44:
                    38:19:90:c1:d1:9f:ed:74:44:01:68:14:d9:ac:34:
                    20:ae:69:77:c1:d0:4e:65:55:e9:d4:61:76:30:c6:
                    bf:2c:c0:19:92:40:84:99:df:74:6d:07:bc:57:4a:
                    58:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:9E:30:17:D1:4D:AF:50:1E:24:BD:01:DB:6C:98:B7:82:50:B4:1C
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/xp4wF9FNr1AeJL0B22yYt4JQtBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.220.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:a7:44:cd:7a:a5:95:3a:32:20:d1:b5:20:46:c4:7c:d7:19:
         e5:1a:87:2b:d5:46:af:76:f5:18:34:d4:1f:63:ab:94:6f:54:
         d9:6d:f4:c7:0d:4e:40:a4:72:cf:fe:32:36:34:23:e8:7a:76:
         55:c1:58:36:5c:f0:3a:92:d2:ed:3c:5d:a5:2b:b0:e3:dd:18:
         72:2e:26:ac:55:a7:41:3c:af:93:42:04:76:cf:a7:ce:1d:2a:
         89:11:d4:99:8c:67:24:78:ee:be:78:87:bd:a3:78:fd:9f:16:
         95:80:06:33:22:2e:d6:9e:ae:d0:a1:24:02:c8:3f:9d:0f:35:
         9e:76:98:b1:74:e1:cf:f4:f6:1c:c7:fb:97:51:b9:86:81:05:
         c4:5c:ad:b9:8b:9b:43:2c:ba:95:c1:03:7c:37:ad:e3:70:76:
         8e:bc:c8:55:db:42:ad:26:b6:b6:aa:94:f1:22:b4:93:e0:07:
         ba:2f:46:05:8b:7c:54:b6:7f:ad:77:ca:b3:59:d7:1c:6a:79:
         9a:91:f5:9f:de:a5:90:4d:32:20:ad:8b:23:50:0b:f9:bd:d1:
         89:69:3b:b4:f7:89:41:5f:e5:20:fe:25:ce:0c:ed:81:b7:ad:
         c5:a0:45:12:4f:e7:9a:61:d8:df:71:b9:d4:e7:08:bf:1c:fc:
         50:dc:25:ab
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiID2cxkEYBu7R50k3gwyPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwMTAxMTM0ODQ1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNjllMzAxN2QxNGRhZjUwMWUyNGJkMDFkYjZjOThiNzgyNTBiNDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxUCCJzeKNIvRH9wwaTRXRkjvhI5i
rm2uEQzoi4pJiMGJJMcPsz8CDrWr31hWUi5ca2CEAsCSF1mG9vd64Mo/TtE12aog
eCJzM5mpSl1GxV+/EvtLRmKyZtC+3s8uOvEJ7BXBcwzyoJ/eGsazhq4YQzKfBs8A
lRFE3OHRDY+R0ylbSNVbNhKjds664qKRwAb4MoWL2jUkIT16z/qHiAJCajaJsPUi
amtB5rySeumEf9w0FRtySCMwzR9y9Wt38jtuiJZItGy2bwsaBLDR3fFwOkQ4GZDB
0Z/tdEQBaBTZrDQgrml3wdBOZVXp1GF2MMa/LMAZkkCEmd90bQe8V0pY4QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMaeMBfRTa9QHiS9AdtsmLeCULQcMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEveHA0d0Y5Rk5yMUFlSkwwQjIyeVl0NEpRdEJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAudz6MA0G
CSqGSIb3DQEBCwUAA4IBAQA2p0TNeqWVOjIg0bUgRsR81xnlGocr1UavdvUYNNQf
Y6uUb1TZbfTHDU5ApHLP/jI2NCPoenZVwVg2XPA6ktLtPF2lK7Dj3RhyLiasVadB
PK+TQgR2z6fOHSqJEdSZjGckeO6+eIe9o3j9nxaVgAYzIi7Wnq7QoSQCyD+dDzWe
dpixdOHP9PYcx/uXUbmGgQXEXK25i5tDLLqVwQN8N63jcHaOvMhV20KtJra2qpTx
IrST4Ae6L0YFi3xUtn+td8qzWdccanmakfWf3qWQTTIgrYsjUAv5vdGJaTu094lB
X+Ug/iXODO2Bt63FoEUST+eaYdjfcbnU5wi/HPxQ3CWr
-----END CERTIFICATE-----