Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/AHHjgnZa0i1IRCxFM77eUYSHaHE.roa
File:                     AHHjgnZa0i1IRCxFM77eUYSHaHE.roa (raw, json)
Hash identifier:          TB5Omq8yfAHKZhnfGxWKGZQXh/dVhdxgE4rk6b4/FuE=
Subject key identifier:   00:71:E3:82:76:5A:D2:2D:48:44:2C:45:33:BE:DE:51:84:87:68:71
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01967751C899B8AA081639921FFA1FD197A9
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/AHHjgnZa0i1IRCxFM77eUYSHaHE.roa
Signing time:             Sun 27 Apr 2025 12:56:10 +0000
ROA not before:           Sun 27 Apr 2025 12:56:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214024
IP address blocks:        185.206.250.0/24 maxlen: 24
                          185.226.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:77:51:c8:99:b8:aa:08:16:39:92:1f:fa:1f:d1:97:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Apr 27 12:56:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0071e382765ad22d48442c4533bede5184876871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:a0:80:27:7c:74:85:3a:49:67:1e:7c:64:cf:
                    a3:d9:6a:8d:ef:16:5d:d1:cc:e9:01:07:1e:3e:5b:
                    ac:78:f5:de:11:b1:4e:c6:dd:5b:95:b0:e7:c4:8c:
                    ae:9d:9a:8d:fb:ed:57:d2:b5:46:07:50:09:06:d4:
                    c7:97:81:ad:17:c7:a5:7a:28:82:80:62:eb:73:a4:
                    76:40:99:60:19:54:58:e0:91:c7:17:72:47:96:f6:
                    40:52:33:cf:4b:f7:66:45:28:b9:22:f6:05:c7:39:
                    75:c1:6f:54:a3:67:05:c0:b7:9b:86:2e:49:10:4a:
                    9b:c9:b6:0e:18:01:56:29:ae:51:6f:c3:ea:3e:fa:
                    9c:42:9b:5d:4c:b9:91:32:d1:24:95:86:f1:b9:fd:
                    78:17:28:7c:5d:d3:bc:f0:98:05:aa:a1:3d:37:21:
                    07:7c:6b:bb:a8:dd:8a:c9:7d:1a:9c:07:db:fc:d5:
                    19:4c:72:0d:4c:de:08:81:a5:83:0b:5f:82:21:62:
                    ff:08:66:d0:9f:af:b9:d4:be:b9:ee:67:1e:d1:c2:
                    f6:d8:38:80:92:40:44:6f:11:cf:88:b5:47:49:85:
                    7f:ce:e0:38:c0:60:5b:58:df:70:c5:f0:22:91:0b:
                    d2:5e:be:b8:e3:5c:5e:ee:e6:f2:03:f4:33:2e:22:
                    bf:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:71:E3:82:76:5A:D2:2D:48:44:2C:45:33:BE:DE:51:84:87:68:71
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/AHHjgnZa0i1IRCxFM77eUYSHaHE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.250.0/24
                  185.226.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:db:3a:93:36:09:33:a1:d9:58:b1:4c:da:7c:d8:0c:af:63:
         6c:a5:14:e1:21:6b:ab:e4:1c:8d:61:1b:12:e6:92:31:f1:d4:
         07:e9:59:b8:d1:50:b6:79:c6:91:91:0e:90:e5:c6:24:26:b2:
         c4:26:59:af:76:0a:f6:d3:75:be:a3:db:0a:59:66:6c:6e:0c:
         c5:53:71:81:57:e4:ce:7a:97:be:3c:94:12:84:a1:b8:73:5e:
         93:3a:3d:77:8b:34:98:0a:0c:4c:35:9e:01:ff:35:97:71:4f:
         2f:86:a0:1c:00:aa:06:7c:09:13:e9:58:bd:e9:0d:1e:05:c3:
         b1:4d:a9:ba:73:98:19:d0:32:b6:61:b9:70:c4:09:2f:ac:49:
         76:4e:6b:f6:4b:17:46:52:b1:b4:da:45:8c:8d:74:44:bb:f5:
         a5:21:3c:36:bc:c6:f6:73:ba:02:ed:a2:c8:0f:35:37:2f:f6:
         09:0c:22:53:4e:30:86:ae:b5:4f:67:e5:20:2d:31:61:47:db:
         9c:65:11:1b:2f:41:dd:25:16:07:fb:e4:31:08:89:ac:b2:56:
         f1:87:00:69:3f:87:82:8d:3d:3a:3b:25:b3:f7:9a:15:94:46:
         e4:44:a1:80:f0:d6:aa:11:83:03:4a:32:86:a5:21:27:89:14:
         8f:c9:7b:37
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZ3UciZuKoIFjmSH/of0ZepMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNDI3MTI1NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMDcxZTM4Mjc2NWFkMjJkNDg0NDJjNDUzM2JlZGU1MTg0ODc2ODcxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKCAJ3x0hTpJZx58ZM+j2WqN7xZd
0czpAQcePlusePXeEbFOxt1blbDnxIyunZqN++1X0rVGB1AJBtTHl4GtF8eleiiC
gGLrc6R2QJlgGVRY4JHHF3JHlvZAUjPPS/dmRSi5IvYFxzl1wW9Uo2cFwLebhi5J
EEqbybYOGAFWKa5Rb8PqPvqcQptdTLmRMtEklYbxuf14Fyh8XdO88JgFqqE9NyEH
fGu7qN2KyX0anAfb/NUZTHINTN4IgaWDC1+CIWL/CGbQn6+51L657mce0cL22DiA
kkBEbxHPiLVHSYV/zuA4wGBbWN9wxfAikQvSXr6441xe7ubyA/QzLiK/XwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFABx44J2WtItSEQsRTO+3lGEh2hxMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvQUhIamduWmEwaTFJUkN4Rk03N2VVWVNIYUhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuc76AwQA
ueJoMA0GCSqGSIb3DQEBCwUAA4IBAQB/2zqTNgkzodlYsUzafNgMr2NspRThIWur
5ByNYRsS5pIx8dQH6Vm40VC2ecaRkQ6Q5cYkJrLEJlmvdgr203W+o9sKWWZsbgzF
U3GBV+TOepe+PJQShKG4c16TOj13izSYCgxMNZ4B/zWXcU8vhqAcAKoGfAkT6Vi9
6Q0eBcOxTam6c5gZ0DK2YblwxAkvrEl2Tmv2SxdGUrG02kWMjXREu/WlITw2vMb2
c7oC7aLIDzU3L/YJDCJTTjCGrrVPZ+UgLTFhR9ucZREbL0HdJRYH++QxCImsslbx
hwBpP4eCjT06OyWz95oVlEbkRKGA8NaqEYMDSjKGpSEniRSPyXs3
-----END CERTIFICATE-----