Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/_sdko8P65d1e5YEcAbQQQlmhOQE.roa
File:                     _sdko8P65d1e5YEcAbQQQlmhOQE.roa (raw, json)
Hash identifier:          uWMIS5Fr7ZfsTeT1yXof9yUeb9fOZdGgTt1Yg0mPXAY=
Subject key identifier:   FE:C7:64:A3:C3:FA:E5:DD:5E:E5:81:1C:01:B4:10:42:59:A1:39:01
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0197A66CD95DE055D09EE5B24A860D7CBD46
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/_sdko8P65d1e5YEcAbQQQlmhOQE.roa
Signing time:             Wed 25 Jun 2025 09:30:40 +0000
ROA not before:           Wed 25 Jun 2025 09:30:40 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208769
IP address blocks:        92.60.32.0/23 maxlen: 24
                          193.17.180.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 30 Jun 2025 00:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:a6:6c:d9:5d:e0:55:d0:9e:e5:b2:4a:86:0d:7c:bd:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jun 25 09:30:40 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fec764a3c3fae5dd5ee5811c01b4104259a13901
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:7a:50:b0:33:17:42:6a:ee:bc:bd:01:e0:e5:
                    a5:81:08:48:de:a8:9f:8e:03:c0:5a:29:e9:10:50:
                    ca:1b:36:db:77:91:c7:b8:31:31:97:65:24:be:c3:
                    23:a6:ad:51:51:9a:b3:89:b2:9a:d5:44:57:c1:74:
                    3d:c8:6d:c0:f3:8d:95:ee:da:40:c2:b6:c6:c8:aa:
                    44:19:e9:6d:b0:c9:9c:bc:b5:1c:96:9c:8e:fc:74:
                    37:ec:6d:6b:e7:2b:64:2b:b1:0a:1d:a5:3e:2e:52:
                    37:6c:eb:cc:2b:b0:c9:11:94:de:33:b2:68:b9:37:
                    bb:3e:1d:1e:6a:51:95:f3:3c:17:4a:f8:93:ed:b8:
                    4f:db:5d:21:b2:0a:73:1f:1d:83:15:56:08:c4:65:
                    e6:65:78:eb:fb:b8:e9:f6:da:ad:ff:19:b1:0e:df:
                    39:8f:59:28:3e:e9:c2:5c:56:08:24:79:1f:47:fa:
                    a2:25:91:bc:ec:2c:d9:ec:45:c5:34:85:48:26:a7:
                    ef:0a:9a:26:aa:90:58:28:94:26:99:b0:48:d1:66:
                    75:a0:f3:ab:b8:7d:d0:8a:c8:1d:28:f7:28:ad:6d:
                    57:9d:d6:b4:80:2f:e9:51:0f:27:0c:8e:c9:b2:47:
                    0b:51:4a:01:b9:a4:91:78:f5:85:1d:83:28:2a:bd:
                    58:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:C7:64:A3:C3:FA:E5:DD:5E:E5:81:1C:01:B4:10:42:59:A1:39:01
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/_sdko8P65d1e5YEcAbQQQlmhOQE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  92.60.32.0/23
                  193.17.180.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:40:2f:f4:d9:6d:e2:db:0e:bf:7c:d4:19:8d:7b:5f:de:51:
         1d:77:fd:3b:a8:b0:f7:7b:da:b6:a2:fc:ff:88:1b:05:b0:0f:
         58:85:2f:26:fb:d9:23:ff:54:9e:51:d6:38:94:e5:1d:26:6c:
         95:3d:43:b0:c6:32:5a:00:66:14:51:29:49:28:29:98:87:4e:
         b8:e3:05:03:0e:a8:35:f5:1f:0d:aa:3e:a7:91:df:32:c4:19:
         bd:24:14:bb:3a:4e:d0:f0:e6:08:7f:82:6c:c1:72:c4:66:ab:
         79:0c:c3:ee:7c:46:fd:8b:6a:b3:be:c8:d4:8b:7a:b8:89:9c:
         ef:7b:d5:e4:75:68:66:28:35:6d:1c:63:b2:7c:04:22:9b:b5:
         63:3e:08:43:d5:ed:00:f7:a0:63:57:62:c9:4b:26:9f:3e:97:
         3e:05:00:e8:cd:7a:cd:bd:a1:29:35:23:e8:66:1c:6b:e4:19:
         a0:89:f6:30:90:3e:ab:a2:a3:b3:95:3e:d3:ad:72:90:e9:61:
         53:52:8d:bf:5e:3b:8c:9b:62:31:d9:12:85:70:c6:9a:be:a8:
         47:41:dc:77:66:03:67:34:2d:25:15:52:97:2f:11:75:fc:9b:
         c7:8f:e1:69:21:12:4c:c0:a9:02:a3:5b:42:89:38:37:d5:ae:
         20:bb:38:dd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZembNld4FXQnuWySoYNfL1GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNjI1MDkzMDQwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZWM3NjRhM2MzZmFlNWRkNWVlNTgxMWMwMWI0MTA0MjU5YTEzOTAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvXpQsDMXQmruvL0B4OWlgQhI3qif
jgPAWinpEFDKGzbbd5HHuDExl2UkvsMjpq1RUZqzibKa1URXwXQ9yG3A842V7tpA
wrbGyKpEGeltsMmcvLUclpyO/HQ37G1r5ytkK7EKHaU+LlI3bOvMK7DJEZTeM7Jo
uTe7Ph0ealGV8zwXSviT7bhP210hsgpzHx2DFVYIxGXmZXjr+7jp9tqt/xmxDt85
j1koPunCXFYIJHkfR/qiJZG87CzZ7EXFNIVIJqfvCpomqpBYKJQmmbBI0WZ1oPOr
uH3QisgdKPcorW1Xnda0gC/pUQ8nDI7JskcLUUoBuaSRePWFHYMoKr1Y4QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFP7HZKPD+uXdXuWBHAG0EEJZoTkBMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvX3Nka284UDY1ZDFlNVlFY0FiUVFRbG1oT1FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBXDwgAwQA
wRG0MA0GCSqGSIb3DQEBCwUAA4IBAQB5QC/02W3i2w6/fNQZjXtf3lEdd/07qLD3
e9q2ovz/iBsFsA9YhS8m+9kj/1SeUdY4lOUdJmyVPUOwxjJaAGYUUSlJKCmYh064
4wUDDqg19R8Nqj6nkd8yxBm9JBS7Ok7Q8OYIf4JswXLEZqt5DMPufEb9i2qzvsjU
i3q4iZzve9XkdWhmKDVtHGOyfAQim7VjPghD1e0A96BjV2LJSyafPpc+BQDozXrN
vaEpNSPoZhxr5BmgifYwkD6roqOzlT7TrXKQ6WFTUo2/XjuMm2Ix2RKFcMaavqhH
Qdx3ZgNnNC0lFVKXLxF1/JvHj+FpIRJMwKkCo1tCiTg31a4guzjd
-----END CERTIFICATE-----