Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/4gI_4-IO4A-DLjbwey2IpOI1Gac.roa
File:                     4gI_4-IO4A-DLjbwey2IpOI1Gac.roa (raw, json)
Hash identifier:          mQ7omWDIQV8V9vzwSyRnlClYxhElWnlIxHJNMRFaihs=
Subject key identifier:   E2:02:3F:E3:E2:0E:E0:0F:83:2E:36:F0:7B:2D:88:A4:E2:35:19:A7
Certificate issuer:       /CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
Certificate serial:       0196557851A124D5614247388C0BEE3FD122
Authority key identifier: 6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/4gI_4-IO4A-DLjbwey2IpOI1Gac.roa
Signing time:             Sun 20 Apr 2025 23:11:10 +0000
ROA not before:           Sun 20 Apr 2025 23:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5065
IP address blocks:        185.65.60.0/24 maxlen: 24
                          185.65.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 11:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:55:78:51:a1:24:d5:61:42:47:38:8c:0b:ee:3f:d1:22
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6f75e4e94b5cb74517b7b01568015da9e6eecdb6
        Validity
            Not Before: Apr 20 23:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=e2023fe3e20ee00f832e36f07b2d88a4e23519a7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:81:7a:c0:bb:6b:78:68:5f:ec:c6:23:1d:02:
                    26:0d:31:f9:44:fb:44:96:7a:dc:62:29:65:96:34:
                    5f:56:06:63:69:f4:2a:ee:39:6e:e4:17:7b:6e:4c:
                    1c:9a:64:72:8a:b4:64:37:23:56:26:4c:0f:65:6d:
                    73:83:8e:79:bd:6d:71:f7:a3:6c:be:b8:1c:90:94:
                    4e:b2:b3:4f:81:2b:71:fc:45:3f:e4:bf:10:a3:03:
                    8c:a9:bd:f4:b3:dd:58:15:6c:97:18:41:a0:db:8b:
                    22:5c:38:e8:4f:05:71:7a:62:c0:46:bd:80:f2:10:
                    b0:3d:e7:b7:3b:d0:82:3f:cf:58:cf:37:7f:fb:d6:
                    fa:51:ef:3c:a0:34:6c:37:c8:57:4b:cf:1d:3e:a7:
                    42:8a:30:ac:28:d7:2b:68:21:85:00:c7:5b:ba:9d:
                    28:70:24:3c:8c:80:3f:7a:cf:d8:9e:58:3e:93:d6:
                    c2:51:0b:51:91:9e:64:83:4d:8d:60:14:2a:1c:c6:
                    d4:79:24:3d:be:10:3a:b7:ea:76:5c:5e:44:b5:37:
                    d0:cc:e6:b9:e6:04:86:5d:3b:29:e5:40:06:74:19:
                    73:be:d4:f5:a1:da:4e:41:b0:56:c4:dc:63:85:c8:
                    5b:ac:8e:32:3c:0a:55:64:f0:3e:3c:2e:95:1f:dc:
                    74:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:02:3F:E3:E2:0E:E0:0F:83:2E:36:F0:7B:2D:88:A4:E2:35:19:A7
            X509v3 Authority Key Identifier:
                keyid:6F:75:E4:E9:4B:5C:B7:45:17:B7:B0:15:68:01:5D:A9:E6:EE:CD:B6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3Xk6Utct0UXt7AVaAFdqebuzbY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/4gI_4-IO4A-DLjbwey2IpOI1Gac.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/42/57a34f-e33b-4e17-bc32-66457724c2d3/1/b3Xk6Utct0UXt7AVaAFdqebuzbY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.65.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         b6:e2:51:3b:fa:75:bc:52:d2:e9:52:80:33:d7:83:39:a2:6a:
         a7:d2:1b:d5:d4:50:c2:25:71:43:d9:e6:b9:64:c9:33:2f:3a:
         0b:b5:e5:df:b7:38:ec:98:dc:83:96:85:5d:9f:ee:87:5e:05:
         40:0b:72:1c:da:88:8e:72:3a:9d:13:5a:44:3b:b3:fc:7e:05:
         84:c9:c0:c7:8a:bd:ed:09:d1:7b:bf:25:b0:91:a5:86:36:e9:
         37:9f:6e:c5:ad:b1:23:28:40:18:3c:a8:68:a3:0a:78:ff:7b:
         ca:f4:b9:25:e2:7a:ce:59:cb:84:e7:98:6c:91:ce:59:0c:6f:
         c3:9c:fa:9f:3d:6e:82:a4:11:39:02:3c:bf:9a:ad:bf:cd:f8:
         c1:62:d6:ff:99:b6:4c:61:80:53:9a:fa:72:0b:c1:1d:dc:c2:
         a7:08:32:24:14:e2:63:b5:1e:59:bb:d7:90:af:f6:1e:ac:a9:
         43:2a:47:2a:a7:3a:77:f8:3d:3e:ca:59:72:5b:0e:c5:be:9f:
         fd:6b:69:46:00:6f:d0:ce:2d:7d:f3:99:5c:ce:21:c8:31:13:
         86:7f:7f:75:77:d1:6e:ac:5c:7e:b0:da:5d:87:fb:92:43:3e:
         e6:5b:7d:08:69:57:99:b0:f2:84:0d:bc:b9:ab:26:e9:4e:ed:
         b2:e6:48:b4
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZVeFGhJNVhQkc4jAvuP9EiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZmNzVlNGU5NGI1Y2I3NDUxN2I3YjAxNTY4MDE1ZGE5ZTZl
ZWNkYjYwHhcNMjUwNDIwMjMxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMjAyM2ZlM2UyMGVlMDBmODMyZTM2ZjA3YjJkODhhNGUyMzUxOWE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApoF6wLtreGhf7MYjHQImDTH5RPtE
lnrcYillljRfVgZjafQq7jlu5Bd7bkwcmmRyirRkNyNWJkwPZW1zg455vW1x96Ns
vrgckJROsrNPgStx/EU/5L8QowOMqb30s91YFWyXGEGg24siXDjoTwVxemLARr2A
8hCwPee3O9CCP89Yzzd/+9b6Ue88oDRsN8hXS88dPqdCijCsKNcraCGFAMdbup0o
cCQ8jIA/es/Ynlg+k9bCUQtRkZ5kg02NYBQqHMbUeSQ9vhA6t+p2XF5EtTfQzOa5
5gSGXTsp5UAGdBlzvtT1odpOQbBWxNxjhchbrI4yPApVZPA+PC6VH9x0HwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOICP+PiDuAPgy428HstiKTiNRmnMB8GA1UdIwQY
MBaAFG915OlLXLdFF7ewFWgBXanm7s22MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzIt
NjY0NTc3MjRjMmQzLzEvNGdJXzQtSU80QS1ETGpid2V5MklwT0kxR2FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Mi81N2EzNGYtZTMzYi00ZTE3LWJjMzItNjY0NTc3MjRjMmQz
LzEvYjNYazZVdGN0MFVYdDdBVmFBRmRxZWJ1emJZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuUE8MA0G
CSqGSIb3DQEBCwUAA4IBAQC24lE7+nW8UtLpUoAz14M5omqn0hvV1FDCJXFD2ea5
ZMkzLzoLteXftzjsmNyDloVdn+6HXgVAC3Ic2oiOcjqdE1pEO7P8fgWEycDHir3t
CdF7vyWwkaWGNuk3n27FrbEjKEAYPKhoowp4/3vK9Lkl4nrOWcuE55hskc5ZDG/D
nPqfPW6CpBE5Ajy/mq2/zfjBYtb/mbZMYYBTmvpyC8Ed3MKnCDIkFOJjtR5Zu9eQ
r/YerKlDKkcqpzp3+D0+yllyWw7Fvp/9a2lGAG/Qzi1985lcziHIMROGf391d9Fu
rFx+sNpdh/uSQz7mW30IaVeZsPKEDby5qybpTu2y5ki0
-----END CERTIFICATE-----