Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/K2rYub26JxKS7Aknr33LjaNJyw4.roa
File:                     K2rYub26JxKS7Aknr33LjaNJyw4.roa (raw, json)
Hash identifier:          e8wh56/dPXw1I8axVngx2Oi8PoTu00WfAYw2P4TUzBY=
Subject key identifier:   2B:6A:D8:B9:BD:BA:27:12:92:EC:09:27:AF:7D:CB:8D:A3:49:CB:0E
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       0194236A46A2605A3F9E7E03C5ADB50F76A1
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/K2rYub26JxKS7Aknr33LjaNJyw4.roa
Signing time:             Wed 01 Jan 2025 19:49:14 +0000
ROA not before:           Wed 01 Jan 2025 19:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61049
IP address blocks:        185.177.83.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:46:a2:60:5a:3f:9e:7e:03:c5:ad:b5:0f:76:a1
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  1 19:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2b6ad8b9bdba271292ec0927af7dcb8da349cb0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8a:4c:9e:16:af:ea:a6:66:2f:01:aa:7c:de:58:
                    a4:50:9a:2f:1a:33:23:1a:5c:6e:41:cd:52:a5:b4:
                    2d:f8:00:87:27:a1:4f:e4:94:72:43:03:e6:e3:04:
                    94:04:a3:6f:56:c5:ba:62:57:8a:e5:8e:da:03:36:
                    83:83:89:f3:92:2f:66:d2:f7:12:8e:4a:15:c1:34:
                    7a:85:df:3f:e9:c9:22:38:48:5d:71:77:64:6f:35:
                    3c:a3:45:2d:a8:34:c2:8d:35:cf:35:b6:d4:c1:d1:
                    32:08:90:65:15:03:49:81:d2:ca:f3:e1:df:08:c7:
                    83:ed:89:94:5d:8b:3a:4e:3d:d6:1f:3b:6a:f4:c0:
                    14:12:b6:a8:21:be:f1:34:27:a1:b4:47:ce:fa:2f:
                    3b:5c:06:9c:25:b8:43:f8:79:04:25:90:9d:65:13:
                    87:b6:0c:4b:b1:cd:d3:b4:c6:2a:91:08:2f:c8:42:
                    fa:7f:28:79:a6:14:7a:0c:ca:fb:db:ea:6d:ba:37:
                    64:ae:3b:cd:45:ac:34:c6:5c:e3:d9:d6:25:de:eb:
                    5b:b2:60:43:8d:11:8b:ae:9b:72:3d:31:c5:b7:8d:
                    6e:0e:0e:b3:8d:4a:0b:2a:01:15:00:b4:aa:6d:fc:
                    6f:45:51:66:ad:31:b5:ba:ae:8d:ed:2c:d9:4d:ca:
                    cb:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:6A:D8:B9:BD:BA:27:12:92:EC:09:27:AF:7D:CB:8D:A3:49:CB:0E
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/K2rYub26JxKS7Aknr33LjaNJyw4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.177.83.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:f6:9b:c5:3c:e4:e3:95:3c:a5:fa:ac:12:ff:5e:bc:82:4a:
         de:5b:28:11:ba:6b:e9:ae:f8:cb:66:9f:de:90:f1:b1:47:dc:
         a3:f7:53:8e:95:d6:71:b8:80:b2:4f:13:24:71:74:db:13:1c:
         f8:d0:af:a2:05:57:d8:7e:44:48:4c:52:5a:3f:0b:33:4e:71:
         84:12:77:fb:1f:b4:99:31:0c:77:8e:a1:5b:10:13:62:5e:f3:
         bf:31:62:ad:c1:3a:5c:29:ff:56:53:e7:37:bf:4b:e0:50:d7:
         09:9a:06:2d:20:01:fb:7f:e8:c7:c4:03:38:17:47:95:06:77:
         8c:89:7b:a3:b0:a8:9d:59:cb:05:e8:e7:48:be:c1:1a:19:73:
         c0:12:45:56:ee:51:23:40:0c:87:05:88:0b:19:d1:4a:a6:19:
         f3:64:10:2b:9e:df:77:fa:39:65:39:62:7e:46:44:db:d1:6c:
         0e:e6:cf:01:6e:7d:c0:b9:63:ac:a4:40:b6:c1:89:46:50:13:
         94:40:b5:d8:6d:c3:d0:71:ba:8e:66:34:51:82:b4:0f:68:fd:
         9b:cb:e0:4b:1d:33:77:07:84:c7:21:ea:fd:08:a3:73:8d:41:
         69:5f:66:7e:30:d0:ab:5c:77:fa:0f:03:51:66:2c:dc:1d:0b:
         5f:b4:6f:d2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjakaiYFo/nn4Dxa21D3ahMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwMTAxMTk0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjZhZDhiOWJkYmEyNzEyOTJlYzA5MjdhZjdkY2I4ZGEzNDljYjBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAikyeFq/qpmYvAap83likUJovGjMj
GlxuQc1SpbQt+ACHJ6FP5JRyQwPm4wSUBKNvVsW6YleK5Y7aAzaDg4nzki9m0vcS
jkoVwTR6hd8/6ckiOEhdcXdkbzU8o0UtqDTCjTXPNbbUwdEyCJBlFQNJgdLK8+Hf
CMeD7YmUXYs6Tj3WHztq9MAUEraoIb7xNCehtEfO+i87XAacJbhD+HkEJZCdZROH
tgxLsc3TtMYqkQgvyEL6fyh5phR6DMr72+ptujdkrjvNRaw0xlzj2dYl3utbsmBD
jRGLrptyPTHFt41uDg6zjUoLKgEVALSqbfxvRVFmrTG1uq6N7SzZTcrLUwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCtq2Lm9uicSkuwJJ699y42jScsOMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvSzJyWXViMjZKeEtTN0FrbnIzM0xqYU5KeXc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubFTMA0G
CSqGSIb3DQEBCwUAA4IBAQDQ9pvFPOTjlTyl+qwS/168gkreWygRumvprvjLZp/e
kPGxR9yj91OOldZxuICyTxMkcXTbExz40K+iBVfYfkRITFJaPwszTnGEEnf7H7SZ
MQx3jqFbEBNiXvO/MWKtwTpcKf9WU+c3v0vgUNcJmgYtIAH7f+jHxAM4F0eVBneM
iXujsKidWcsF6OdIvsEaGXPAEkVW7lEjQAyHBYgLGdFKphnzZBArnt93+jllOWJ+
RkTb0WwO5s8Bbn3AuWOspEC2wYlGUBOUQLXYbcPQcbqOZjRRgrQPaP2by+BLHTN3
B4THIer9CKNzjUFpX2Z+MNCrXHf6DwNRZizcHQtftG/S
-----END CERTIFICATE-----