Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/cVBmLuzm2N91rkXcI8I1zoqmd0o.roa
File:                     cVBmLuzm2N91rkXcI8I1zoqmd0o.roa (raw, json)
Hash identifier:          Xu2GknAk4GrbM03UAVmDf9urIGDf0BBDMTrK/0bketQ=
Subject key identifier:   71:50:66:2E:EC:E6:D8:DF:75:AE:45:DC:23:C2:35:CE:8A:A6:77:4A
Certificate issuer:       /CN=60581e673d80f7474936b21337eafcc1bdc385e9
Certificate serial:       01970D9542365C9B65C445E5E16F3E5068E8
Authority key identifier: 60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/cVBmLuzm2N91rkXcI8I1zoqmd0o.roa
Signing time:             Mon 26 May 2025 17:12:55 +0000
ROA not before:           Mon 26 May 2025 17:12:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209183
IP address blocks:        104.238.30.0/24 maxlen: 24
                          104.239.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 10:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0d:95:42:36:5c:9b:65:c4:45:e5:e1:6f:3e:50:68:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60581e673d80f7474936b21337eafcc1bdc385e9
        Validity
            Not Before: May 26 17:12:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=7150662eece6d8df75ae45dc23c235ce8aa6774a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:81:5b:06:a3:51:73:1a:2a:92:46:71:5b:5c:
                    94:d7:f4:88:96:5f:9f:b0:64:fb:e4:70:22:c9:e6:
                    2c:ec:4c:2e:34:c7:84:77:90:36:fa:ad:7d:21:10:
                    92:53:d8:e6:f9:97:95:ca:07:84:1b:0a:6d:d2:fe:
                    86:0a:e6:1f:b6:0e:ee:a5:3a:aa:c5:55:9e:2d:f7:
                    d1:a3:5b:ba:77:90:8f:5d:3d:4c:81:a1:3f:f7:c8:
                    73:ec:6d:0a:c4:97:2b:c5:9b:bd:da:28:37:f0:9a:
                    34:13:89:fa:c6:9b:e2:88:73:21:23:8d:a2:86:8a:
                    dc:35:81:cb:a6:53:3d:dd:70:b0:ad:2e:a9:4b:a1:
                    bb:ab:93:7d:24:e1:3d:f6:46:16:61:7b:ba:a0:4e:
                    a7:92:91:5f:b6:bb:ee:67:93:b0:dd:7b:ba:20:28:
                    e6:40:95:bb:b6:80:33:23:e2:95:16:10:82:28:62:
                    07:4c:7c:b6:82:fe:57:71:90:48:b5:97:1d:8b:ec:
                    80:3e:ed:7d:d9:ae:05:6e:6f:7c:a8:e7:af:69:ba:
                    e5:8b:0d:c8:60:5a:1e:85:56:23:0d:81:36:97:2f:
                    4b:32:f2:e7:46:c6:e7:fc:28:b8:fd:57:6a:39:1b:
                    a0:9f:41:96:53:cb:b9:8b:14:4c:68:c8:87:5a:8a:
                    d2:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:50:66:2E:EC:E6:D8:DF:75:AE:45:DC:23:C2:35:CE:8A:A6:77:4A
            X509v3 Authority Key Identifier:
                keyid:60:58:1E:67:3D:80:F7:47:49:36:B2:13:37:EA:FC:C1:BD:C3:85:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YFgeZz2A90dJNrITN-r8wb3Dhek.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/cVBmLuzm2N91rkXcI8I1zoqmd0o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/fdd633-c658-49c5-9e8f-fb07955f3aaa/1/YFgeZz2A90dJNrITN-r8wb3Dhek.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.238.30.0/24
                  104.239.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:32:8b:2c:8f:31:f7:35:3c:70:47:dd:4b:85:e5:2b:9f:98:
         f5:43:ac:8b:cd:3c:43:0c:93:77:42:40:58:84:97:23:01:c9:
         f9:af:dd:37:94:5b:e3:a7:a0:88:82:71:e6:30:ff:68:39:71:
         87:10:01:3a:7e:69:2f:89:1c:e1:6b:c5:b8:18:0f:5d:63:89:
         49:3e:7d:21:ca:f2:e8:33:5e:89:0c:b1:12:05:05:5c:3c:f7:
         81:f6:9e:ea:7d:65:d4:cb:e5:94:ae:28:54:d1:b1:d9:f1:60:
         4b:b1:82:54:72:7b:34:18:09:62:f9:6e:90:e2:27:29:5e:0b:
         be:e9:93:29:11:4a:5d:8f:d7:08:60:fa:79:9e:08:b0:3a:95:
         d6:89:df:29:3f:c3:67:13:a4:31:eb:db:91:d7:ae:e6:27:72:
         dd:0a:7d:e4:aa:da:dd:af:d4:c6:1f:96:e0:f1:05:88:2c:01:
         ca:34:dc:2d:64:ad:24:cc:19:a7:7b:46:94:37:89:38:5a:1b:
         7e:d4:60:44:94:4e:11:a2:a9:fd:c8:de:fb:06:7d:8e:dc:77:
         e0:a9:e1:85:1a:ff:a3:6d:8c:0c:cf:31:c7:d9:ca:47:14:5c:
         f7:d3:13:ac:49:30:a9:bb:d9:66:ff:31:93:e9:d0:a0:ff:dc:
         1b:5a:14:0c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcNlUI2XJtlxEXl4W8+UGjoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNTgxZTY3M2Q4MGY3NDc0OTM2YjIxMzM3ZWFmY2MxYmRj
Mzg1ZTkwHhcNMjUwNTI2MTcxMjU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTUwNjYyZWVjZTZkOGRmNzVhZTQ1ZGMyM2MyMzVjZThhYTY3NzRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YFbBqNRcxoqkkZxW1yU1/SIll+f
sGT75HAiyeYs7EwuNMeEd5A2+q19IRCSU9jm+ZeVygeEGwpt0v6GCuYftg7upTqq
xVWeLffRo1u6d5CPXT1MgaE/98hz7G0KxJcrxZu92ig38Jo0E4n6xpviiHMhI42i
horcNYHLplM93XCwrS6pS6G7q5N9JOE99kYWYXu6oE6nkpFftrvuZ5Ow3Xu6ICjm
QJW7toAzI+KVFhCCKGIHTHy2gv5XcZBItZcdi+yAPu192a4Fbm98qOevabrliw3I
YFoehVYjDYE2ly9LMvLnRsbn/Ci4/VdqORugn0GWU8u5ixRMaMiHWorSCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHFQZi7s5tjfda5F3CPCNc6KpndKMB8GA1UdIwQY
MBaAFGBYHmc9gPdHSTayEzfq/MG9w4XpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYt
ZmIwNzk1NWYzYWFhLzEvY1ZCbUx1em0yTjkxcmtYY0k4STF6b3FtZDBvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS9mZGQ2MzMtYzY1OC00OWM1LTllOGYtZmIwNzk1NWYzYWFh
LzEvWUZnZVp6MkE5MGRKTnJJVE4tcjh3YjNEaGVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAaO4eAwQA
aO9KMA0GCSqGSIb3DQEBCwUAA4IBAQBdMossjzH3NTxwR91LheUrn5j1Q6yLzTxD
DJN3QkBYhJcjAcn5r903lFvjp6CIgnHmMP9oOXGHEAE6fmkviRzha8W4GA9dY4lJ
Pn0hyvLoM16JDLESBQVcPPeB9p7qfWXUy+WUrihU0bHZ8WBLsYJUcns0GAli+W6Q
4icpXgu+6ZMpEUpdj9cIYPp5ngiwOpXWid8pP8NnE6Qx69uR167mJ3LdCn3kqtrd
r9TGH5bg8QWILAHKNNwtZK0kzBmne0aUN4k4Wht+1GBElE4Roqn9yN77Bn2O3Hfg
qeGFGv+jbYwMzzHH2cpHFFz30xOsSTCpu9lm/zGT6dCg/9wbWhQM
-----END CERTIFICATE-----