Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/5b7c94-a60d-4399-9829-52b8166829d7/1/K-6vxGr3EkVKtgWk3f7FXppAHWU.roa
File:                     K-6vxGr3EkVKtgWk3f7FXppAHWU.roa (raw, json)
Hash identifier:          OqJwTUOjnt783umU3SvwJ0pGKHDe69wtlF63xIDInso=
Subject key identifier:   2B:EE:AF:C4:6A:F7:12:45:4A:B6:05:A4:DD:FE:C5:5E:9A:40:1D:65
Certificate issuer:       /CN=8d8740799c91c2630a8092178db824f3a889a75f
Certificate serial:       019425FC4554175A3F1EBE5CA0EAD6D6139B
Authority key identifier: 8D:87:40:79:9C:91:C2:63:0A:80:92:17:8D:B8:24:F3:A8:89:A7:5F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYdAeZyRwmMKgJIXjbgk86iJp18.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/5b7c94-a60d-4399-9829-52b8166829d7/1/K-6vxGr3EkVKtgWk3f7FXppAHWU.roa
Signing time:             Thu 02 Jan 2025 07:47:57 +0000
ROA not before:           Thu 02 Jan 2025 07:47:57 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8666
IP address blocks:        185.121.52.0/24 maxlen: 24
                          185.121.53.0/24 maxlen: 32
                          2a06:9cc0::/29 maxlen: 128
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/5b7c94-a60d-4399-9829-52b8166829d7/1/jYdAeZyRwmMKgJIXjbgk86iJp18.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/5b7c94-a60d-4399-9829-52b8166829d7/1/jYdAeZyRwmMKgJIXjbgk86iJp18.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jYdAeZyRwmMKgJIXjbgk86iJp18.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:45:54:17:5a:3f:1e:be:5c:a0:ea:d6:d6:13:9b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d8740799c91c2630a8092178db824f3a889a75f
        Validity
            Not Before: Jan  2 07:47:57 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2beeafc46af712454ab605a4ddfec55e9a401d65
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d5:72:df:47:64:34:9e:a9:02:59:a0:16:f0:
                    99:d6:5e:15:58:e4:4c:84:48:ee:3b:d5:cd:2e:a5:
                    45:1a:75:4f:2a:cd:f6:23:08:06:4b:83:f2:f4:b0:
                    d5:be:89:68:0f:21:fd:4e:3e:55:76:7a:ff:bc:4e:
                    31:3c:73:e9:b6:00:11:ea:89:83:a3:70:11:2d:e0:
                    e1:ac:8e:e9:6f:97:74:af:01:a4:fa:05:78:c1:a6:
                    f9:1a:cd:a3:2f:70:be:ca:ad:ba:4d:40:64:62:30:
                    ae:e1:79:b4:85:1a:ef:bb:ab:fc:29:a2:23:9b:0b:
                    d2:6e:a1:c5:b8:53:32:33:8e:53:86:c2:2e:d8:ea:
                    39:25:7c:a6:41:e4:e8:c0:c8:43:91:67:d3:f3:ed:
                    b4:14:45:80:26:5c:68:7e:d2:3d:f3:c4:00:fa:3c:
                    d0:b1:1f:5f:b4:e0:5e:97:52:a3:d9:96:c9:1d:4c:
                    41:a3:e3:e8:38:75:73:74:6d:1c:bc:d6:02:14:e4:
                    5f:2f:35:e0:14:8a:07:dd:c0:66:5f:b8:de:98:07:
                    d0:e7:41:50:2c:3e:c2:8b:a7:04:06:fb:ea:23:3c:
                    04:a1:63:f7:8c:21:8e:66:ea:7d:77:d6:35:33:b6:
                    7c:3f:20:4e:d1:8d:ef:84:43:85:30:57:7c:d6:90:
                    88:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:EE:AF:C4:6A:F7:12:45:4A:B6:05:A4:DD:FE:C5:5E:9A:40:1D:65
            X509v3 Authority Key Identifier:
                keyid:8D:87:40:79:9C:91:C2:63:0A:80:92:17:8D:B8:24:F3:A8:89:A7:5F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYdAeZyRwmMKgJIXjbgk86iJp18.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/5b7c94-a60d-4399-9829-52b8166829d7/1/K-6vxGr3EkVKtgWk3f7FXppAHWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/5b7c94-a60d-4399-9829-52b8166829d7/1/jYdAeZyRwmMKgJIXjbgk86iJp18.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.121.52.0/23
                IPv6:
                  2a06:9cc0::/29

    Signature Algorithm: sha256WithRSAEncryption
         52:4d:4f:d6:6e:cd:52:1c:76:a9:a6:b5:55:8e:14:c2:54:1e:
         18:c9:ad:80:41:21:84:17:1c:58:7b:fb:e2:5f:69:1d:7d:b7:
         c8:d4:22:75:10:12:2d:8f:7f:e7:1d:23:fa:ce:4e:bc:57:db:
         13:d4:c6:4a:74:97:1f:8c:32:bd:42:a4:a7:8e:07:00:71:e5:
         03:d3:e1:35:ca:ba:34:8b:e8:11:ab:96:b4:2a:36:86:d8:7d:
         38:ee:f2:02:b4:a0:a4:6d:af:26:de:f2:d6:f0:de:a9:fd:d0:
         02:88:bf:24:fe:3f:18:52:25:e7:ab:e2:c9:fd:70:43:a3:0b:
         f2:29:2f:dd:9e:de:78:82:32:2a:2f:40:92:bb:c5:55:b3:e0:
         35:a9:22:b9:f6:4f:aa:87:4f:50:78:34:8b:da:49:87:49:69:
         2c:b4:06:b3:ea:d1:e9:84:d4:31:e1:08:d6:bc:91:38:9e:0d:
         4c:1d:20:d0:f9:c2:19:8e:cf:fb:08:23:7e:36:cb:1d:3a:dc:
         32:a3:f4:9d:24:53:ed:91:0b:00:81:a0:6b:53:37:a3:78:22:
         d6:85:bf:93:61:ea:52:50:54:03:ac:db:6d:21:46:29:9f:1b:
         dd:36:8d:c5:b3:fd:68:a6:07:16:6f:90:45:69:90:48:51:1c:
         98:ad:23:e5
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/EVUF1o/Hr5coOrW1hObMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODc0MDc5OWM5MWMyNjMwYTgwOTIxNzhkYjgyNGYzYTg4
OWE3NWYwHhcNMjUwMTAyMDc0NzU3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYmVlYWZjNDZhZjcxMjQ1NGFiNjA1YTRkZGZlYzU1ZTlhNDAxZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29Vy30dkNJ6pAlmgFvCZ1l4VWORM
hEjuO9XNLqVFGnVPKs32IwgGS4Py9LDVvoloDyH9Tj5Vdnr/vE4xPHPptgAR6omD
o3ARLeDhrI7pb5d0rwGk+gV4wab5Gs2jL3C+yq26TUBkYjCu4Xm0hRrvu6v8KaIj
mwvSbqHFuFMyM45ThsIu2Oo5JXymQeTowMhDkWfT8+20FEWAJlxoftI988QA+jzQ
sR9ftOBel1Kj2ZbJHUxBo+PoOHVzdG0cvNYCFORfLzXgFIoH3cBmX7jemAfQ50FQ
LD7Ci6cEBvvqIzwEoWP3jCGOZup9d9Y1M7Z8PyBO0Y3vhEOFMFd81pCIpQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFCvur8Rq9xJFSrYFpN3+xV6aQB1lMB8GA1UdIwQY
MBaAFI2HQHmckcJjCoCSF424JPOoiadfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallkQWVaeVJ3bU1LZ0pJWGpiZ2s4NmlKcDE4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy81YjdjOTQtYTYwZC00Mzk5LTk4Mjkt
NTJiODE2NjgyOWQ3LzEvSy02dnhHcjNFa1ZLdGdXazNmN0ZYcHBBSFdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy81YjdjOTQtYTYwZC00Mzk5LTk4MjktNTJiODE2NjgyOWQ3
LzEvallkQWVaeVJ3bU1LZ0pJWGpiZ2s4NmlKcDE4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBuXk0MA0E
AgACMAcDBQMqBpzAMA0GCSqGSIb3DQEBCwUAA4IBAQBSTU/Wbs1SHHapprVVjhTC
VB4Yya2AQSGEFxxYe/viX2kdfbfI1CJ1EBItj3/nHSP6zk68V9sT1MZKdJcfjDK9
QqSnjgcAceUD0+E1yro0i+gRq5a0KjaG2H047vICtKCkba8m3vLW8N6p/dACiL8k
/j8YUiXnq+LJ/XBDowvyKS/dnt54gjIqL0CSu8VVs+A1qSK59k+qh09QeDSL2kmH
SWkstAaz6tHphNQx4QjWvJE4ng1MHSDQ+cIZjs/7CCN+NssdOtwyo/SdJFPtkQsA
gaBrUzejeCLWhb+TYepSUFQDrNttIUYpnxvdNo3Fs/1opgcWb5BFaZBIURyYrSPl
-----END CERTIFICATE-----