Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/sk8U_xhSwokdV05QBWOOklHczMo.roa
File:                     sk8U_xhSwokdV05QBWOOklHczMo.roa (raw, json)
Hash identifier:          LXBr/a1RmnMOlHPoyDksluc4NYMT3qS+sQQxzMNZg9g=
Subject key identifier:   B2:4F:14:FF:18:52:C2:89:1D:57:4E:50:05:63:8E:92:51:DC:CC:CA
Certificate issuer:       /CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
Certificate serial:       0194236A3BCBC4B7E447C182FAD6B1BFFAE2
Authority key identifier: 6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/sk8U_xhSwokdV05QBWOOklHczMo.roa
Signing time:             Wed 01 Jan 2025 19:49:12 +0000
ROA not before:           Wed 01 Jan 2025 19:49:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41546
IP address blocks:        185.119.253.0/24 maxlen: 24
                          2a06:82c7::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 06:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:3b:cb:c4:b7:e4:47:c1:82:fa:d6:b1:bf:fa:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c8fd1a8ae5996c1e5692c1a8c42bfe9c3ba5745
        Validity
            Not Before: Jan  1 19:49:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b24f14ff1852c2891d574e5005638e9251dcccca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:4a:cd:b9:96:5a:d3:a5:24:58:aa:d6:aa:6b:
                    5e:1e:41:d1:4a:6a:c1:44:93:33:4e:fe:f4:31:e1:
                    86:0a:e6:6f:b5:b8:99:eb:cf:7b:fa:d8:b9:2c:0d:
                    a2:c0:1a:a3:21:88:b5:05:94:60:7f:3b:a9:2d:cc:
                    a4:95:c4:fc:74:b5:83:8e:fd:51:5e:7c:bd:38:ed:
                    98:3d:d9:fd:32:0c:0e:96:88:69:02:e9:db:72:b5:
                    fc:ac:5a:3f:5c:ee:42:16:e7:9b:40:8f:68:95:27:
                    29:7f:71:45:fc:02:fe:53:3f:f1:58:bd:0d:34:1b:
                    12:0f:e4:cb:3e:db:5c:35:85:b8:bb:11:f6:f3:27:
                    88:63:5c:be:f5:f5:a9:b4:5a:b7:4f:62:53:d9:b7:
                    a6:d0:b9:c9:11:03:c0:80:fa:74:66:34:b8:14:43:
                    fe:a4:4d:ef:a1:b6:5b:eb:59:c0:54:d0:07:40:9f:
                    f0:0d:97:ca:79:65:7a:91:39:21:1b:00:66:2b:91:
                    06:65:9f:1a:ee:53:69:b7:9e:53:e6:c5:f1:83:c1:
                    56:4e:7f:0f:b9:1e:a2:20:09:cb:f6:6f:bc:34:a1:
                    94:a0:e3:83:d4:f1:0d:de:d4:31:f9:86:f8:89:02:
                    6d:aa:d8:65:ae:b4:8f:3d:cf:4d:33:89:97:d5:01:
                    45:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:4F:14:FF:18:52:C2:89:1D:57:4E:50:05:63:8E:92:51:DC:CC:CA
            X509v3 Authority Key Identifier:
                keyid:6C:8F:D1:A8:AE:59:96:C1:E5:69:2C:1A:8C:42:BF:E9:C3:BA:57:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bI_RqK5ZlsHlaSwajEK_6cO6V0U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/sk8U_xhSwokdV05QBWOOklHczMo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/492590-a02f-443e-aaa3-feac26eaecc2/1/bI_RqK5ZlsHlaSwajEK_6cO6V0U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.119.253.0/24
                IPv6:
                  2a06:82c7::/48

    Signature Algorithm: sha256WithRSAEncryption
         05:f3:34:c0:45:5d:9f:6d:d6:a6:87:06:a7:5f:da:52:93:9b:
         5d:1b:af:6d:52:c8:1c:69:13:5d:2e:aa:af:80:9a:6c:d0:46:
         9f:c2:3f:be:2a:a0:70:ab:b1:c7:d8:c1:cc:48:5a:91:b9:68:
         31:40:0a:d8:7b:d5:be:df:e0:0a:14:22:2b:0e:dd:68:e8:45:
         91:bb:39:e7:73:4c:24:bd:1e:fd:c1:e3:03:bb:81:9d:dc:39:
         59:0c:c3:27:55:ef:04:9a:65:24:22:87:c4:79:1b:88:79:d9:
         d8:5c:c2:ca:b4:a6:da:c0:02:f6:2b:90:90:28:2b:52:00:88:
         2c:a0:43:0c:56:1b:c1:81:b9:71:74:0a:12:70:db:71:0d:da:
         69:56:01:0f:d6:b9:ce:57:5b:c1:73:6d:db:8c:45:4f:63:cf:
         ba:35:e5:9c:39:53:3c:37:59:b6:0f:03:2e:a2:e4:27:be:16:
         21:9f:b6:5c:58:cf:1b:46:55:9f:b5:4b:85:1b:ff:a9:65:ed:
         da:64:3f:c8:dc:5e:09:42:0e:1b:b2:f0:e3:fa:7a:56:4d:8e:
         74:df:3c:62:dd:be:76:a3:54:17:6a:2f:85:ca:fd:05:1f:d2:
         9b:55:f9:dd:c0:2b:57:f9:2c:a7:00:60:68:71:62:50:b2:ca:
         f9:8d:33:c1
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQjajvLxLfkR8GC+taxv/riMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjOGZkMWE4YWU1OTk2YzFlNTY5MmMxYThjNDJiZmU5YzNi
YTU3NDUwHhcNMjUwMTAxMTk0OTEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjRmMTRmZjE4NTJjMjg5MWQ1NzRlNTAwNTYzOGU5MjUxZGNjY2NhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00rNuZZa06UkWKrWqmteHkHRSmrB
RJMzTv70MeGGCuZvtbiZ6897+ti5LA2iwBqjIYi1BZRgfzupLcyklcT8dLWDjv1R
Xny9OO2YPdn9MgwOlohpAunbcrX8rFo/XO5CFuebQI9olScpf3FF/AL+Uz/xWL0N
NBsSD+TLPttcNYW4uxH28yeIY1y+9fWptFq3T2JT2bem0LnJEQPAgPp0ZjS4FEP+
pE3vobZb61nAVNAHQJ/wDZfKeWV6kTkhGwBmK5EGZZ8a7lNpt55T5sXxg8FWTn8P
uR6iIAnL9m+8NKGUoOOD1PEN3tQx+Yb4iQJtqthlrrSPPc9NM4mX1QFFHQIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFLJPFP8YUsKJHVdOUAVjjpJR3MzKMB8GA1UdIwQY
MBaAFGyP0aiuWZbB5WksGoxCv+nDuldFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMt
ZmVhYzI2ZWFlY2MyLzEvc2s4VV94aFN3b2tkVjA1UUJXT09rbEhjek1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC80OTI1OTAtYTAyZi00NDNlLWFhYTMtZmVhYzI2ZWFlY2My
LzEvYklfUnFLNVpsc0hsYVN3YWpFS182Y082VjBVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAuXf9MA8E
AgACMAkDBwAqBoLHAAAwDQYJKoZIhvcNAQELBQADggEBAAXzNMBFXZ9t1qaHBqdf
2lKTm10br21SyBxpE10uqq+AmmzQRp/CP74qoHCrscfYwcxIWpG5aDFACth71b7f
4AoUIisO3WjoRZG7OedzTCS9Hv3B4wO7gZ3cOVkMwydV7wSaZSQih8R5G4h52dhc
wsq0ptrAAvYrkJAoK1IAiCygQwxWG8GBuXF0ChJw23EN2mlWAQ/Wuc5XW8FzbduM
RU9jz7o15Zw5Uzw3WbYPAy6i5Ce+FiGftlxYzxtGVZ+1S4Ub/6ll7dpkP8jcXglC
Dhuy8OP6elZNjnTfPGLdvnajVBdqL4XK/QUf0ptV+d3AK1f5LKcAYGhxYlCyyvmN
M8E=
-----END CERTIFICATE-----