Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/qCQWCYlzdLj-n_wf4I4fH7EjNM4.roa
File:                     qCQWCYlzdLj-n_wf4I4fH7EjNM4.roa (raw, json)
Hash identifier:          RgElcWFofqkXfdHwPKIUN9wOWeBBKam7rzFOo24GIfc=
Subject key identifier:   A8:24:16:09:89:73:74:B8:FE:9F:FC:1F:E0:8E:1F:1F:B1:23:34:CE
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01967751C912183804DBE76D20703ED822A2
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/qCQWCYlzdLj-n_wf4I4fH7EjNM4.roa
Signing time:             Sun 27 Apr 2025 12:56:10 +0000
ROA not before:           Sun 27 Apr 2025 12:56:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215304
IP address blocks:        185.206.250.0/24 maxlen: 24
                          185.226.104.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 07 May 2025 00:00:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:77:51:c9:12:18:38:04:db:e7:6d:20:70:3e:d8:22:a2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Apr 27 12:56:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a8241609897374b8fe9ffc1fe08e1f1fb12334ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:3e:22:4e:26:97:c2:13:0d:6d:61:f5:f1:26:
                    59:98:fa:50:47:12:2a:cd:37:bd:54:be:87:10:c7:
                    73:d6:c5:5a:fe:0d:08:c7:35:ee:96:47:5c:54:07:
                    35:84:22:0f:75:75:53:98:1d:d9:98:3b:59:92:70:
                    60:bd:ba:37:c2:87:c7:2a:02:f3:03:ed:bf:e3:fe:
                    6f:46:2d:50:56:10:cb:f6:5c:72:da:14:83:77:18:
                    c0:e8:57:07:09:b8:d6:fc:93:08:51:d1:b0:e2:3b:
                    ef:58:e9:a5:eb:86:74:51:78:f9:57:da:a3:0e:d7:
                    96:3b:00:bd:07:0c:b3:3a:09:35:b6:cd:76:52:dc:
                    d6:a2:47:f6:be:f2:9b:3a:61:28:50:68:4c:5a:21:
                    7b:8d:97:94:45:39:80:fa:4a:b6:be:4e:55:52:5a:
                    65:61:da:cf:d1:d9:aa:b9:9c:3c:7b:ac:34:13:0e:
                    68:6d:8a:c2:27:32:e2:81:38:6a:53:aa:94:ca:d3:
                    8b:85:c2:de:c0:a6:be:c0:aa:2a:90:7f:ac:f2:02:
                    ca:18:ef:b5:54:04:39:48:30:e3:53:c3:9f:35:9b:
                    c5:b5:48:cc:ea:2b:cc:01:56:bc:5d:7b:6d:c7:99:
                    37:16:24:ad:1c:f6:ef:a6:0d:81:02:23:d0:99:bf:
                    70:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:24:16:09:89:73:74:B8:FE:9F:FC:1F:E0:8E:1F:1F:B1:23:34:CE
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/qCQWCYlzdLj-n_wf4I4fH7EjNM4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.250.0/24
                  185.226.104.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:5f:d0:96:ff:1d:a9:98:aa:68:58:95:b8:69:52:5d:5d:48:
         04:55:4b:1d:e9:1e:b5:b2:1f:f3:66:18:98:6a:e2:8d:f1:cf:
         46:d1:b7:26:98:9c:3a:e7:c0:c2:cc:cf:28:da:f8:00:d6:f7:
         ad:96:fd:1e:76:8c:cc:3b:51:63:a3:0b:6b:79:82:8e:6b:c0:
         e9:ad:79:ec:fd:7c:af:a2:32:89:72:b9:e8:c3:6c:ac:4b:3e:
         96:f7:47:0f:93:67:21:b9:72:46:2e:70:e4:c3:dc:ac:21:fa:
         ec:03:6f:82:67:67:f3:54:22:8c:32:23:6c:de:cb:26:47:d4:
         63:06:9e:89:9f:7d:98:c6:78:fa:1b:ee:8f:f9:07:64:3d:fc:
         59:e9:df:17:2c:d5:44:d5:62:92:a3:e1:b7:45:e6:bb:13:48:
         bd:56:bd:b3:c2:26:14:ee:be:c8:33:ff:f8:62:21:a9:ad:03:
         20:e7:61:c6:88:90:02:16:2d:51:13:0a:b0:99:d5:cd:41:09:
         10:c5:e1:6e:83:13:00:7a:98:37:db:3b:a3:c4:02:cc:d1:dc:
         0b:91:cc:d8:da:1e:a4:34:19:51:55:ca:aa:c3:6c:1f:78:a8:
         74:ff:f2:4c:22:75:f9:49:4d:87:62:56:1b:69:57:23:cc:7c:
         e0:b1:65:ef
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZ3UckSGDgE2+dtIHA+2CKiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNDI3MTI1NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODI0MTYwOTg5NzM3NGI4ZmU5ZmZjMWZlMDhlMWYxZmIxMjMzNGNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyj4iTiaXwhMNbWH18SZZmPpQRxIq
zTe9VL6HEMdz1sVa/g0IxzXulkdcVAc1hCIPdXVTmB3ZmDtZknBgvbo3wofHKgLz
A+2/4/5vRi1QVhDL9lxy2hSDdxjA6FcHCbjW/JMIUdGw4jvvWOml64Z0UXj5V9qj
DteWOwC9BwyzOgk1ts12UtzWokf2vvKbOmEoUGhMWiF7jZeURTmA+kq2vk5VUlpl
YdrP0dmquZw8e6w0Ew5obYrCJzLigThqU6qUytOLhcLewKa+wKoqkH+s8gLKGO+1
VAQ5SDDjU8OfNZvFtUjM6ivMAVa8XXttx5k3FiStHPbvpg2BAiPQmb9woQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKgkFgmJc3S4/p/8H+COHx+xIzTOMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvcUNRV0NZbHpkTGotbl93ZjRJNGZIN0VqTk00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuc76AwQA
ueJoMA0GCSqGSIb3DQEBCwUAA4IBAQB1X9CW/x2pmKpoWJW4aVJdXUgEVUsd6R61
sh/zZhiYauKN8c9G0bcmmJw658DCzM8o2vgA1vetlv0edozMO1FjowtreYKOa8Dp
rXns/XyvojKJcrnow2ysSz6W90cPk2chuXJGLnDkw9ysIfrsA2+CZ2fzVCKMMiNs
3ssmR9RjBp6Jn32Yxnj6G+6P+QdkPfxZ6d8XLNVE1WKSo+G3Rea7E0i9Vr2zwiYU
7r7IM//4YiGprQMg52HGiJACFi1REwqwmdXNQQkQxeFugxMAepg32zujxALM0dwL
kczY2h6kNBlRVcqqw2wfeKh0//JMInX5SU2HYlYbaVcjzHzgsWXv
-----END CERTIFICATE-----