Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d6/39d734-6fb1-4dc0-a128-d75f595fa7c3/1/r2K_C06ic0Dj0a3NFZhhI6ooNvs.roa
File:                     r2K_C06ic0Dj0a3NFZhhI6ooNvs.roa (raw, json)
Hash identifier:          bne8Sm5wB0CMu858I+GoE6ZpkxWpdhA80NITFW1Cun8=
Subject key identifier:   AF:62:BF:0B:4E:A2:73:40:E3:D1:AD:CD:15:98:61:23:AA:28:36:FB
Certificate issuer:       /CN=60c8d57747f729700ef2f5614f6dfdec8d119f2d
Certificate serial:       0194252165DD762671204C8D6BC73261B9BC
Authority key identifier: 60:C8:D5:77:47:F7:29:70:0E:F2:F5:61:4F:6D:FD:EC:8D:11:9F:2D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YMjVd0f3KXAO8vVhT2397I0Rny0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d6/39d734-6fb1-4dc0-a128-d75f595fa7c3/1/r2K_C06ic0Dj0a3NFZhhI6ooNvs.roa
Signing time:             Thu 02 Jan 2025 03:48:53 +0000
ROA not before:           Thu 02 Jan 2025 03:48:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35732
IP address blocks:        185.130.136.0/24 maxlen: 24
                          185.130.137.0/24 maxlen: 24
                          185.130.138.0/24 maxlen: 24
                          185.130.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d6/39d734-6fb1-4dc0-a128-d75f595fa7c3/1/YMjVd0f3KXAO8vVhT2397I0Rny0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d6/39d734-6fb1-4dc0-a128-d75f595fa7c3/1/YMjVd0f3KXAO8vVhT2397I0Rny0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YMjVd0f3KXAO8vVhT2397I0Rny0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:65:dd:76:26:71:20:4c:8d:6b:c7:32:61:b9:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60c8d57747f729700ef2f5614f6dfdec8d119f2d
        Validity
            Not Before: Jan  2 03:48:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=af62bf0b4ea27340e3d1adcd15986123aa2836fb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c4:10:a9:e8:4b:f5:82:e0:61:51:f7:4f:bc:
                    b8:a0:d2:08:c6:c8:10:12:b7:70:55:5d:ac:72:ae:
                    35:bb:95:75:17:72:71:91:c2:43:8b:1e:38:dd:59:
                    33:fa:93:42:44:4b:d0:de:20:96:82:a3:7d:7c:a3:
                    ad:f2:dc:e0:65:ab:0e:af:cf:d3:29:24:d2:78:e8:
                    2a:d0:7f:03:e7:62:8f:23:51:db:e9:e7:fe:00:22:
                    77:34:b4:05:92:3b:00:a8:8c:d3:00:ad:91:c6:aa:
                    94:22:e5:8e:86:89:10:4c:a6:dd:11:54:f3:93:f9:
                    5f:31:87:97:43:73:38:13:e1:4f:d9:c5:8f:ee:cb:
                    67:e6:77:6e:6b:d0:47:21:22:1f:10:6a:15:72:42:
                    9f:5f:af:c0:a5:34:34:ab:12:5e:91:48:1c:7f:5c:
                    fa:4d:93:7e:c1:92:1d:22:14:2f:75:dd:2e:0c:8f:
                    32:91:4a:26:91:17:10:dc:9c:ca:4c:30:22:fd:73:
                    7e:de:88:6e:68:71:25:06:53:b6:76:85:f7:e7:b6:
                    bc:dd:76:1a:c3:34:8c:93:f6:f7:4c:1a:74:db:82:
                    95:2c:e1:a1:0d:5c:9b:a1:9e:53:6d:29:71:5b:b6:
                    5a:96:f9:f8:d0:2c:79:f0:0f:36:05:da:14:0f:77:
                    36:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:62:BF:0B:4E:A2:73:40:E3:D1:AD:CD:15:98:61:23:AA:28:36:FB
            X509v3 Authority Key Identifier:
                keyid:60:C8:D5:77:47:F7:29:70:0E:F2:F5:61:4F:6D:FD:EC:8D:11:9F:2D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YMjVd0f3KXAO8vVhT2397I0Rny0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/39d734-6fb1-4dc0-a128-d75f595fa7c3/1/r2K_C06ic0Dj0a3NFZhhI6ooNvs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d6/39d734-6fb1-4dc0-a128-d75f595fa7c3/1/YMjVd0f3KXAO8vVhT2397I0Rny0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.130.136.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a6:68:ac:ac:bf:9d:7c:32:30:85:a9:6b:db:38:21:fd:bc:6e:
         89:f9:16:85:9f:a8:ff:1f:46:5f:cb:f6:06:80:00:05:7c:20:
         dc:b5:74:cf:21:6a:60:76:00:64:3d:6d:19:fe:c2:5c:f2:23:
         99:57:2b:99:40:03:7a:5b:72:a9:d9:39:d7:82:a0:78:64:6f:
         e0:29:43:69:c9:74:47:6b:00:2e:b2:66:c6:40:4d:99:d1:7d:
         ca:66:66:b9:cc:ef:d1:35:ef:1f:8f:07:db:2a:34:6f:bb:bb:
         3f:92:61:40:5b:ce:11:89:d1:c3:b0:21:4b:5e:a1:c2:fb:30:
         fb:49:a4:f1:66:ef:b1:7d:49:2c:60:ec:92:15:dd:28:b7:4d:
         88:1e:b6:29:00:20:99:d1:16:bb:0a:07:ef:a6:65:31:e9:3c:
         77:2a:bf:c0:03:fa:b6:a3:dc:db:9c:3a:da:48:01:41:9d:b1:
         d0:26:4f:3a:96:ac:12:b3:9e:cf:2e:50:d3:bf:c3:0e:79:26:
         f6:13:a9:e0:3d:dd:f3:4c:2c:a2:b5:b7:a5:2e:78:3b:cf:6d:
         f5:b9:e6:f7:6b:f0:9f:32:b6:ae:03:78:28:0f:c7:b4:fd:9d:
         77:2a:c8:e6:c4:5b:6b:89:1c:2b:11:ba:64:fd:28:d0:8a:56:
         42:86:74:77
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIWXddiZxIEyNa8cyYbm8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYzhkNTc3NDdmNzI5NzAwZWYyZjU2MTRmNmRmZGVjOGQx
MTlmMmQwHhcNMjUwMTAyMDM0ODUzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZjYyYmYwYjRlYTI3MzQwZTNkMWFkY2QxNTk4NjEyM2FhMjgzNmZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMQQqehL9YLgYVH3T7y4oNIIxsgQ
ErdwVV2scq41u5V1F3JxkcJDix443Vkz+pNCREvQ3iCWgqN9fKOt8tzgZasOr8/T
KSTSeOgq0H8D52KPI1Hb6ef+ACJ3NLQFkjsAqIzTAK2RxqqUIuWOhokQTKbdEVTz
k/lfMYeXQ3M4E+FP2cWP7stn5ndua9BHISIfEGoVckKfX6/ApTQ0qxJekUgcf1z6
TZN+wZIdIhQvdd0uDI8ykUomkRcQ3JzKTDAi/XN+3ohuaHElBlO2doX357a83XYa
wzSMk/b3TBp024KVLOGhDVyboZ5TbSlxW7Zalvn40Cx58A82BdoUD3c2QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFK9ivwtOonNA49GtzRWYYSOqKDb7MB8GA1UdIwQY
MBaAFGDI1XdH9ylwDvL1YU9t/eyNEZ8tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU1qVmQwZjNLWEFPOHZWaFQyMzk3STBSbnkwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNi8zOWQ3MzQtNmZiMS00ZGMwLWExMjgt
ZDc1ZjU5NWZhN2MzLzEvcjJLX0MwNmljMERqMGEzTkZaaGhJNm9vTnZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNi8zOWQ3MzQtNmZiMS00ZGMwLWExMjgtZDc1ZjU5NWZhN2Mz
LzEvWU1qVmQwZjNLWEFPOHZWaFQyMzk3STBSbnkwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYKIMA0G
CSqGSIb3DQEBCwUAA4IBAQCmaKysv518MjCFqWvbOCH9vG6J+RaFn6j/H0Zfy/YG
gAAFfCDctXTPIWpgdgBkPW0Z/sJc8iOZVyuZQAN6W3Kp2TnXgqB4ZG/gKUNpyXRH
awAusmbGQE2Z0X3KZma5zO/RNe8fjwfbKjRvu7s/kmFAW84RidHDsCFLXqHC+zD7
SaTxZu+xfUksYOySFd0ot02IHrYpACCZ0Ra7CgfvpmUx6Tx3Kr/AA/q2o9zbnDra
SAFBnbHQJk86lqwSs57PLlDTv8MOeSb2E6ngPd3zTCyitbelLng7z231ueb3a/Cf
MrauA3goD8e0/Z13KsjmxFtriRwrEbpk/SjQilZChnR3
-----END CERTIFICATE-----