Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e3/8c27aa-b500-4c96-84ec-f8be495252b0/1/6EZjDJryRoANWPhlSHpMG7n7IU8.roa
File:                     6EZjDJryRoANWPhlSHpMG7n7IU8.roa (raw, json)
Hash identifier:          9isLxzfXlIyOPcXFup6Ou1baZV3mC8KRz9wBcZ1Igfs=
Subject key identifier:   E8:46:63:0C:9A:F2:46:80:0D:58:F8:65:48:7A:4C:1B:B9:FB:21:4F
Certificate issuer:       /CN=2e890193743bdf24dd22c3ed6f28b3031a2ec806
Certificate serial:       019420D5D30DBAE430D81AE4D4C12D3726AA
Authority key identifier: 2E:89:01:93:74:3B:DF:24:DD:22:C3:ED:6F:28:B3:03:1A:2E:C8:06
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/LokBk3Q73yTdIsPtbyizAxouyAY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e3/8c27aa-b500-4c96-84ec-f8be495252b0/1/6EZjDJryRoANWPhlSHpMG7n7IU8.roa
Signing time:             Wed 01 Jan 2025 07:47:51 +0000
ROA not before:           Wed 01 Jan 2025 07:47:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211735
IP address blocks:        185.242.176.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e3/8c27aa-b500-4c96-84ec-f8be495252b0/1/LokBk3Q73yTdIsPtbyizAxouyAY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e3/8c27aa-b500-4c96-84ec-f8be495252b0/1/LokBk3Q73yTdIsPtbyizAxouyAY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/LokBk3Q73yTdIsPtbyizAxouyAY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:d3:0d:ba:e4:30:d8:1a:e4:d4:c1:2d:37:26:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2e890193743bdf24dd22c3ed6f28b3031a2ec806
        Validity
            Not Before: Jan  1 07:47:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e846630c9af246800d58f865487a4c1bb9fb214f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e3:72:8c:3a:1b:3e:41:a3:aa:82:ec:25:8f:
                    53:47:f2:3b:cc:db:9f:67:6f:3f:a4:81:67:5e:53:
                    bd:d4:70:7b:3f:73:23:b0:c0:99:48:ef:00:c6:9e:
                    16:f3:a8:d3:37:51:06:76:6f:84:cf:8b:aa:51:11:
                    e7:5f:31:7f:a8:94:ca:f4:25:2e:66:73:cb:e3:7b:
                    30:16:56:88:bd:27:29:d1:13:12:72:fa:2e:49:75:
                    53:ff:74:76:36:0f:a7:66:64:3b:09:a0:5d:25:6e:
                    09:e3:63:5a:88:8b:d6:a8:89:d4:f3:bb:aa:38:ad:
                    05:2c:6b:22:63:4a:c8:f9:ec:23:fc:ae:43:13:f8:
                    2a:95:86:d5:c8:bc:9f:60:75:ee:d4:ab:56:08:15:
                    1b:1b:de:a1:ad:aa:69:76:e8:e2:9d:e0:eb:d7:fa:
                    9f:40:e6:43:19:2d:0a:92:6e:20:9f:29:f7:0f:a9:
                    cc:46:4e:0f:98:be:73:1b:8a:7d:bc:28:6d:3a:53:
                    5d:94:40:2d:39:ac:36:7d:36:6b:5a:4d:85:5c:50:
                    e8:86:02:04:27:82:13:f7:7e:da:ee:1f:17:80:a7:
                    74:9d:b1:87:d8:20:c5:a4:6c:48:70:35:73:93:90:
                    ec:d7:a2:77:1a:83:58:db:c3:51:44:7f:e2:29:05:
                    a0:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:46:63:0C:9A:F2:46:80:0D:58:F8:65:48:7A:4C:1B:B9:FB:21:4F
            X509v3 Authority Key Identifier:
                keyid:2E:89:01:93:74:3B:DF:24:DD:22:C3:ED:6F:28:B3:03:1A:2E:C8:06

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LokBk3Q73yTdIsPtbyizAxouyAY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/8c27aa-b500-4c96-84ec-f8be495252b0/1/6EZjDJryRoANWPhlSHpMG7n7IU8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e3/8c27aa-b500-4c96-84ec-f8be495252b0/1/LokBk3Q73yTdIsPtbyizAxouyAY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.242.176.0/24

    Signature Algorithm: sha256WithRSAEncryption
         04:8c:fd:f7:17:3d:c8:09:cd:1d:c7:db:48:cd:2e:f6:e0:58:
         e4:8d:19:11:6f:ee:f0:56:2a:5b:38:b4:52:1d:05:35:14:4a:
         ae:6c:46:d9:79:46:8a:c7:ba:50:df:d0:15:52:b9:21:68:7e:
         94:c5:a2:10:d9:32:87:3e:4b:1f:b9:08:6e:e9:9f:24:da:c1:
         e4:38:db:a3:7b:e5:7d:b0:6e:0c:28:31:8e:20:d6:c9:ae:bc:
         5d:d8:e1:69:35:d7:d4:60:5b:22:8f:8e:f9:65:2a:f4:c1:5f:
         44:bf:87:18:62:53:5e:b6:2a:97:fb:56:c2:1e:92:73:04:41:
         8a:09:82:a8:fb:be:14:c8:d9:81:b3:87:78:11:2d:68:6c:a1:
         ae:e3:be:65:ac:68:51:4b:a0:a1:d6:21:0e:51:1c:58:05:74:
         66:d8:2e:8b:73:a7:26:e9:cc:9e:cd:83:e2:3a:8a:6c:01:65:
         3c:d1:0f:dd:69:a2:bf:13:dc:79:24:22:6f:aa:52:11:f5:67:
         03:a3:91:63:1f:4c:01:8d:17:d6:08:5a:0a:c7:78:4c:e9:28:
         27:48:86:b5:3e:3d:ad:4a:38:9a:cb:dc:55:8d:26:4e:1a:3d:
         d9:2d:02:65:4c:d1:13:db:9e:ea:b6:4f:e8:c3:18:63:9c:2c:
         ab:d8:17:d1
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1dMNuuQw2Brk1MEtNyaqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlODkwMTkzNzQzYmRmMjRkZDIyYzNlZDZmMjhiMzAzMWEy
ZWM4MDYwHhcNMjUwMTAxMDc0NzUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlODQ2NjMwYzlhZjI0NjgwMGQ1OGY4NjU0ODdhNGMxYmI5ZmIyMTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuNyjDobPkGjqoLsJY9TR/I7zNuf
Z28/pIFnXlO91HB7P3MjsMCZSO8Axp4W86jTN1EGdm+Ez4uqURHnXzF/qJTK9CUu
ZnPL43swFlaIvScp0RMScvouSXVT/3R2Ng+nZmQ7CaBdJW4J42NaiIvWqInU87uq
OK0FLGsiY0rI+ewj/K5DE/gqlYbVyLyfYHXu1KtWCBUbG96hrappdujineDr1/qf
QOZDGS0Kkm4gnyn3D6nMRk4PmL5zG4p9vChtOlNdlEAtOaw2fTZrWk2FXFDohgIE
J4IT937a7h8XgKd0nbGH2CDFpGxIcDVzk5Ds16J3GoNY28NRRH/iKQWgNwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOhGYwya8kaADVj4ZUh6TBu5+yFPMB8GA1UdIwQY
MBaAFC6JAZN0O98k3SLD7W8oswMaLsgGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9rQmszUTczeVRkSXNQdGJ5aXpBeG91eUFZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMy84YzI3YWEtYjUwMC00Yzk2LTg0ZWMt
ZjhiZTQ5NTI1MmIwLzEvNkVaakRKcnlSb0FOV1BobFNIcE1HN243SVU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMy84YzI3YWEtYjUwMC00Yzk2LTg0ZWMtZjhiZTQ5NTI1MmIw
LzEvTG9rQmszUTczeVRkSXNQdGJ5aXpBeG91eUFZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAufKwMA0G
CSqGSIb3DQEBCwUAA4IBAQAEjP33Fz3ICc0dx9tIzS724FjkjRkRb+7wVipbOLRS
HQU1FEqubEbZeUaKx7pQ39AVUrkhaH6UxaIQ2TKHPksfuQhu6Z8k2sHkONuje+V9
sG4MKDGOINbJrrxd2OFpNdfUYFsij475ZSr0wV9Ev4cYYlNetiqX+1bCHpJzBEGK
CYKo+74UyNmBs4d4ES1obKGu475lrGhRS6Ch1iEOURxYBXRm2C6Lc6cm6cyezYPi
OopsAWU80Q/daaK/E9x5JCJvqlIR9WcDo5FjH0wBjRfWCFoKx3hM6SgnSIa1Pj2t
Sjiay9xVjSZOGj3ZLQJlTNET257qtk/owxhjnCyr2BfR
-----END CERTIFICATE-----