Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/mo2dTwZFWKEjn-I3ZR_4LZP2BiI.roa
File:                     mo2dTwZFWKEjn-I3ZR_4LZP2BiI.roa (raw, json)
Hash identifier:          7/t8w3owU9CYv+cnWmlzjKmZM3GsG2RLxQ9cFFCEyjY=
Subject key identifier:   9A:8D:9D:4F:06:45:58:A1:23:9F:E2:37:65:1F:F8:2D:93:F6:06:22
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       0194236A4361BF358A1EC5F07DF077469652
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/mo2dTwZFWKEjn-I3ZR_4LZP2BiI.roa
Signing time:             Wed 01 Jan 2025 19:49:14 +0000
ROA not before:           Wed 01 Jan 2025 19:49:14 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51561
IP address blocks:        185.184.140.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 21:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:43:61:bf:35:8a:1e:c5:f0:7d:f0:77:46:96:52
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  1 19:49:14 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9a8d9d4f064558a1239fe237651ff82d93f60622
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:b8:96:f4:66:2f:79:c7:a2:77:66:bc:60:80:
                    34:29:dd:27:b7:2a:e7:41:57:01:25:23:a3:d6:b2:
                    ef:f3:50:7b:f2:93:8c:10:ef:3f:1b:bb:a7:a6:51:
                    32:66:06:c7:fd:94:91:a3:45:7b:49:12:e6:98:4e:
                    71:69:fa:4d:51:44:98:50:e6:e0:47:26:e2:15:23:
                    0b:99:25:4b:f1:64:0a:ea:a2:70:cc:47:52:09:73:
                    ae:cd:07:19:9b:61:e9:82:19:86:20:25:ab:c6:ad:
                    a3:f9:d9:38:b5:5e:ec:2a:0b:1f:41:86:29:7b:3a:
                    3b:89:99:93:74:07:04:e2:55:f0:c8:c1:9b:96:96:
                    e2:a3:08:79:68:1f:98:e7:ba:7d:59:3e:ad:93:17:
                    6c:99:41:04:0b:a6:5c:00:61:ec:16:1b:09:aa:e4:
                    62:63:3b:09:1d:39:45:01:c5:03:f9:27:2f:36:0d:
                    b0:b4:19:e7:9c:01:67:e7:f8:2c:91:3a:99:06:de:
                    ce:7e:51:29:06:ad:1c:d2:ec:0d:6b:0f:18:8b:5c:
                    5e:d1:65:53:ca:d2:9a:1c:24:9c:b9:13:1b:5e:58:
                    0f:19:23:94:d9:3e:0b:05:e4:09:d5:85:3d:3b:4a:
                    cb:f2:b0:b3:26:f2:cf:f2:53:fd:ed:32:1d:d5:f0:
                    5a:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:8D:9D:4F:06:45:58:A1:23:9F:E2:37:65:1F:F8:2D:93:F6:06:22
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/mo2dTwZFWKEjn-I3ZR_4LZP2BiI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.184.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         26:5b:d7:28:51:1b:05:d8:24:2a:1c:82:b6:0f:61:06:23:64:
         cc:dd:e1:54:37:37:39:9a:ec:09:16:93:0c:6c:fe:58:ca:ce:
         9d:73:62:66:56:f5:60:5b:01:57:43:07:d4:91:05:01:96:4f:
         17:fe:2e:d0:16:76:62:b7:19:19:1e:73:cc:a4:0a:54:61:64:
         4e:0d:7e:34:0c:fc:68:78:e9:00:2c:e0:d0:4a:bd:4f:63:ef:
         06:b3:ea:6e:74:62:5d:84:c3:6e:78:89:02:55:6c:31:b1:34:
         d1:d0:82:27:90:b7:be:30:b1:2b:2a:75:cf:f2:08:0a:cd:da:
         b7:78:12:03:c1:58:e4:09:98:a4:d6:e4:6f:fc:d9:03:03:d8:
         cc:72:0d:b4:3f:84:fc:49:d3:ad:c7:58:d9:19:65:1e:88:c3:
         82:f9:3a:0b:21:7a:ce:66:37:9b:97:9c:6d:1f:50:2f:53:c7:
         69:e3:35:ea:97:61:f2:2e:27:d5:d5:be:33:c7:c8:c6:3a:ed:
         06:cf:83:2f:43:94:8b:8e:15:ba:52:73:c6:76:6e:a7:3c:cb:
         79:39:87:7c:ea:07:7f:ba:7c:70:43:f0:37:82:83:4c:fb:1d:
         26:90:b6:14:81:f9:d1:55:11:14:f7:da:6c:6b:88:3c:bc:61:
         21:a0:ea:d4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjakNhvzWKHsXwffB3RpZSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwMTAxMTk0OTE0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YThkOWQ0ZjA2NDU1OGExMjM5ZmUyMzc2NTFmZjgyZDkzZjYwNjIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuriW9GYveceid2a8YIA0Kd0ntyrn
QVcBJSOj1rLv81B78pOMEO8/G7unplEyZgbH/ZSRo0V7SRLmmE5xafpNUUSYUObg
RybiFSMLmSVL8WQK6qJwzEdSCXOuzQcZm2HpghmGICWrxq2j+dk4tV7sKgsfQYYp
ezo7iZmTdAcE4lXwyMGblpbiowh5aB+Y57p9WT6tkxdsmUEEC6ZcAGHsFhsJquRi
YzsJHTlFAcUD+ScvNg2wtBnnnAFn5/gskTqZBt7OflEpBq0c0uwNaw8Yi1xe0WVT
ytKaHCScuRMbXlgPGSOU2T4LBeQJ1YU9O0rL8rCzJvLP8lP97TId1fBaKQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJqNnU8GRVihI5/iN2Uf+C2T9gYiMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvbW8yZFR3WkZXS0Vqbi1JM1pSXzRMWlAyQmlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubiMMA0G
CSqGSIb3DQEBCwUAA4IBAQAmW9coURsF2CQqHIK2D2EGI2TM3eFUNzc5muwJFpMM
bP5Yys6dc2JmVvVgWwFXQwfUkQUBlk8X/i7QFnZitxkZHnPMpApUYWRODX40DPxo
eOkALODQSr1PY+8Gs+pudGJdhMNueIkCVWwxsTTR0IInkLe+MLErKnXP8ggKzdq3
eBIDwVjkCZik1uRv/NkDA9jMcg20P4T8SdOtx1jZGWUeiMOC+ToLIXrOZjebl5xt
H1AvU8dp4zXql2HyLifV1b4zx8jGOu0Gz4MvQ5SLjhW6UnPGdm6nPMt5OYd86gd/
unxwQ/A3goNM+x0mkLYUgfnRVREU99psa4g8vGEhoOrU
-----END CERTIFICATE-----