Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/zI9NWKQwEmNLRsfjUNGYFLtjySE.roa
File:                     zI9NWKQwEmNLRsfjUNGYFLtjySE.roa (raw, json)
Hash identifier:          ZqBwiov7UsQ5TIXy1vL3mpFiP4z5RaiwSwC1bVckpAg=
Subject key identifier:   CC:8F:4D:58:A4:30:12:63:4B:46:C7:E3:50:D1:98:14:BB:63:C9:21
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       0197AB8B005650B13351A4E19CD6D5565543
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/zI9NWKQwEmNLRsfjUNGYFLtjySE.roa
Signing time:             Thu 26 Jun 2025 09:21:42 +0000
ROA not before:           Thu 26 Jun 2025 09:21:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214024
IP address blocks:        185.206.250.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 02 Jul 2025 16:57:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:ab:8b:00:56:50:b1:33:51:a4:e1:9c:d6:d5:56:55:43
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jun 26 09:21:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cc8f4d58a43012634b46c7e350d19814bb63c921
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:28:3f:89:27:22:96:31:f4:d2:fe:f9:8a:11:
                    92:7c:21:26:a9:71:18:6a:44:57:31:81:10:7d:9a:
                    51:0e:07:c6:ea:b8:83:99:b0:5a:db:93:39:a1:f2:
                    9b:4d:ed:a8:23:1e:88:9f:06:7e:ad:17:15:08:c4:
                    ca:6a:76:2e:97:36:bc:cb:31:74:fb:48:87:b3:58:
                    63:ec:37:b6:e6:f5:51:38:66:de:37:83:40:67:93:
                    94:67:29:20:46:b0:d7:cc:ab:14:9c:05:d8:2c:28:
                    1f:b8:54:55:db:2e:d5:da:b3:bd:22:58:6a:ab:24:
                    4d:b9:42:55:cb:cc:e1:5c:2b:a2:af:15:82:5e:f9:
                    bd:2d:cf:13:35:2f:6c:9c:37:33:97:41:f6:72:35:
                    ef:22:e5:05:2d:75:af:d1:71:ca:d5:b2:37:96:7c:
                    52:59:e1:09:bd:a7:09:b1:0f:7a:45:4c:3f:cc:9c:
                    68:6b:34:54:7b:dc:94:87:35:cb:c8:91:a0:85:d2:
                    37:60:d3:5b:a2:a8:33:91:40:fb:4e:ba:6a:b9:f0:
                    64:f8:d2:2f:a9:dc:03:9a:48:dd:c4:77:2a:90:02:
                    9b:bf:85:57:fc:67:7b:d0:e9:d8:63:c3:eb:26:43:
                    c6:fa:a9:76:ff:36:87:9e:5c:ea:f1:35:2b:90:1a:
                    fc:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:8F:4D:58:A4:30:12:63:4B:46:C7:E3:50:D1:98:14:BB:63:C9:21
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/zI9NWKQwEmNLRsfjUNGYFLtjySE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.206.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c2:fa:b6:04:11:57:1d:28:aa:90:e3:f9:6c:73:f3:60:2d:13:
         cb:db:f8:a8:99:27:c5:d0:cf:fe:76:e5:89:9b:67:31:b0:87:
         a6:be:ae:f4:65:46:36:4b:80:7a:92:e5:2f:8a:e0:7e:e0:bd:
         b9:90:dc:8e:a2:3c:ac:90:7f:08:c3:59:8e:d6:6e:9a:e9:23:
         70:63:a6:d0:3b:81:39:a0:38:f9:dc:b1:3f:09:d2:2e:04:5d:
         f3:8a:09:f2:12:e9:71:b9:fa:27:a1:cb:44:2f:05:4c:26:e6:
         d0:17:05:eb:30:f7:60:f4:49:e5:99:74:f0:40:31:ce:98:ce:
         72:33:12:15:1d:0c:3c:ed:3e:6d:cb:f3:e7:e4:75:2d:2e:3c:
         a9:6c:94:c1:e0:de:02:69:ff:f4:46:ba:e9:37:d2:b6:3c:85:
         e0:c7:37:cb:e0:12:48:4f:0e:bc:b9:9f:d0:27:d4:e3:62:98:
         49:6a:99:8e:ed:a5:47:83:e3:51:df:50:6f:68:b0:1d:83:dd:
         2f:83:72:e0:bd:fb:bb:6a:46:8f:7d:a0:24:49:f9:1e:57:d8:
         04:42:82:31:a8:62:ce:c8:c9:89:01:3e:01:ba:64:13:77:53:
         52:6f:c3:30:64:19:77:36:76:4c:b3:6d:b7:4b:34:6e:d2:8f:
         e5:d3:0f:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZeriwBWULEzUaThnNbVVlVDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNjI2MDkyMTQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzhmNGQ1OGE0MzAxMjYzNGI0NmM3ZTM1MGQxOTgxNGJiNjNjOTIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzSg/iSciljH00v75ihGSfCEmqXEY
akRXMYEQfZpRDgfG6riDmbBa25M5ofKbTe2oIx6InwZ+rRcVCMTKanYulza8yzF0
+0iHs1hj7De25vVROGbeN4NAZ5OUZykgRrDXzKsUnAXYLCgfuFRV2y7V2rO9Ilhq
qyRNuUJVy8zhXCuirxWCXvm9Lc8TNS9snDczl0H2cjXvIuUFLXWv0XHK1bI3lnxS
WeEJvacJsQ96RUw/zJxoazRUe9yUhzXLyJGghdI3YNNboqgzkUD7TrpqufBk+NIv
qdwDmkjdxHcqkAKbv4VX/Gd70OnYY8PrJkPG+ql2/zaHnlzq8TUrkBr8twIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMyPTVikMBJjS0bH41DRmBS7Y8khMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvekk5TldLUXdFbU5MUnNmalVOR1lGTHRqeVNFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuc76MA0G
CSqGSIb3DQEBCwUAA4IBAQDC+rYEEVcdKKqQ4/lsc/NgLRPL2/iomSfF0M/+duWJ
m2cxsIemvq70ZUY2S4B6kuUviuB+4L25kNyOojyskH8Iw1mO1m6a6SNwY6bQO4E5
oDj53LE/CdIuBF3zignyEulxufonoctELwVMJubQFwXrMPdg9EnlmXTwQDHOmM5y
MxIVHQw87T5ty/Pn5HUtLjypbJTB4N4Caf/0RrrpN9K2PIXgxzfL4BJITw68uZ/Q
J9TjYphJapmO7aVHg+NR31BvaLAdg90vg3Lgvfu7akaPfaAkSfkeV9gEQoIxqGLO
yMmJAT4BumQTd1NSb8MwZBl3NnZMs223SzRu0o/l0w8t
-----END CERTIFICATE-----