Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/A4cEvYFG06e3IeJdNC1Fyaghmg8.roa
File:                     A4cEvYFG06e3IeJdNC1Fyaghmg8.roa (raw, json)
Hash identifier:          1Y/6mR/j57bIROe4HdWgVYmiswW+oevn/UIKwSU4C0o=
Subject key identifier:   03:87:04:BD:81:46:D3:A7:B7:21:E2:5D:34:2D:45:C9:A8:21:9A:0F
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019759BB04816B69CDDE2D09BAF2F5A2BA61
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/A4cEvYFG06e3IeJdNC1Fyaghmg8.roa
Signing time:             Tue 10 Jun 2025 12:05:17 +0000
ROA not before:           Tue 10 Jun 2025 12:05:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215334
IP address blocks:        193.26.152.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 16 Jun 2025 10:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:59:bb:04:81:6b:69:cd:de:2d:09:ba:f2:f5:a2:ba:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jun 10 12:05:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=038704bd8146d3a7b721e25d342d45c9a8219a0f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e7:7d:48:31:36:cd:2d:00:e4:66:1b:3a:54:
                    29:43:f8:37:52:46:c4:00:25:00:df:cb:0c:f7:2f:
                    bd:c2:2b:24:0c:0b:dd:02:1d:04:77:a2:34:62:62:
                    b0:a6:be:f6:dd:5d:79:93:f5:2c:d6:0f:ea:0b:1e:
                    6a:92:f1:9c:84:41:dd:f4:16:9e:c7:57:01:66:70:
                    c8:66:f5:4d:f3:95:4b:b1:52:2c:ae:af:4c:aa:3a:
                    4c:8a:14:88:c2:d6:bf:f6:30:7e:9c:23:72:9d:ac:
                    90:97:a2:67:e6:14:f4:80:51:c6:6a:23:1c:27:43:
                    0f:a2:93:b4:8d:8b:86:cc:3e:63:65:3f:fc:d5:a9:
                    34:dc:d3:a5:51:e5:94:82:c3:27:c1:d4:8e:d8:78:
                    20:f4:32:99:91:32:5a:18:d6:49:b9:fd:ab:4c:9c:
                    8c:a0:ae:a8:07:dc:4b:d4:7a:d5:7a:16:02:fd:a2:
                    a7:8e:de:5b:ec:d1:d1:44:15:81:65:e7:c4:87:ef:
                    bb:a8:8c:4c:23:e4:64:6a:57:87:2c:3b:8a:aa:47:
                    c6:fa:94:3c:d4:68:bb:a7:aa:0d:9c:30:eb:cf:5f:
                    fe:c4:0d:14:e9:20:7b:6a:b3:4a:d6:47:28:78:96:
                    20:38:10:de:4f:40:92:d3:e0:77:93:4a:8b:e4:04:
                    6d:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                03:87:04:BD:81:46:D3:A7:B7:21:E2:5D:34:2D:45:C9:A8:21:9A:0F
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/A4cEvYFG06e3IeJdNC1Fyaghmg8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.26.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:33:a2:60:92:e6:90:db:e7:75:df:1c:79:59:b7:97:0f:81:
         f3:9f:a8:42:ea:3b:bf:a4:65:38:12:8f:8e:b0:4f:61:f0:9a:
         64:f1:50:ae:43:a2:c2:e8:b3:7d:e1:74:4d:27:9f:4e:af:a3:
         a0:a0:ba:6d:67:66:a5:e2:a6:bc:6a:17:43:7d:08:af:65:ea:
         3a:f2:c3:d7:1e:97:c7:23:36:0b:bf:41:45:36:b4:f7:14:07:
         01:65:69:fb:59:d2:dc:31:fd:59:92:c4:3a:5b:64:42:49:98:
         ea:29:84:b6:98:6e:1a:7d:70:de:50:ed:32:6d:e8:f7:a2:93:
         98:8e:f5:87:6d:c8:2f:a6:13:91:65:18:17:e5:94:ff:40:d4:
         d3:e6:b0:10:49:e8:1c:88:2c:89:0d:0c:cc:cf:e5:43:74:dd:
         2a:e7:4e:94:1b:dc:bc:16:02:db:c5:f3:49:24:78:18:62:b7:
         d6:b0:ba:ac:fa:de:43:26:8d:4c:37:52:52:0e:77:50:d1:b1:
         d7:49:95:83:41:4a:e3:41:92:78:a1:dd:96:8d:65:4a:ae:85:
         74:9e:01:b9:45:5e:20:8d:bc:cf:85:cf:2f:2b:a7:ed:88:1b:
         5d:88:3d:f5:61:f7:73:d3:1e:50:7f:72:58:64:aa:03:22:5e:
         70:8a:81:6d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdZuwSBa2nN3i0JuvL1orphMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNjEwMTIwNTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzg3MDRiZDgxNDZkM2E3YjcyMWUyNWQzNDJkNDVjOWE4MjE5YTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAved9SDE2zS0A5GYbOlQpQ/g3UkbE
ACUA38sM9y+9wiskDAvdAh0Ed6I0YmKwpr723V15k/Us1g/qCx5qkvGchEHd9Bae
x1cBZnDIZvVN85VLsVIsrq9MqjpMihSIwta/9jB+nCNynayQl6Jn5hT0gFHGaiMc
J0MPopO0jYuGzD5jZT/81ak03NOlUeWUgsMnwdSO2Hgg9DKZkTJaGNZJuf2rTJyM
oK6oB9xL1HrVehYC/aKnjt5b7NHRRBWBZefEh++7qIxMI+RkaleHLDuKqkfG+pQ8
1Gi7p6oNnDDrz1/+xA0U6SB7arNK1kcoeJYgOBDeT0CS0+B3k0qL5ARtUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAOHBL2BRtOntyHiXTQtRcmoIZoPMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvQTRjRXZZRkcwNmUzSWVKZE5DMUZ5YWdobWc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwRqYMA0G
CSqGSIb3DQEBCwUAA4IBAQCHM6JgkuaQ2+d13xx5WbeXD4Hzn6hC6ju/pGU4Eo+O
sE9h8Jpk8VCuQ6LC6LN94XRNJ59Or6OgoLptZ2al4qa8ahdDfQivZeo68sPXHpfH
IzYLv0FFNrT3FAcBZWn7WdLcMf1ZksQ6W2RCSZjqKYS2mG4afXDeUO0ybej3opOY
jvWHbcgvphORZRgX5ZT/QNTT5rAQSegciCyJDQzMz+VDdN0q506UG9y8FgLbxfNJ
JHgYYrfWsLqs+t5DJo1MN1JSDndQ0bHXSZWDQUrjQZJ4od2WjWVKroV0ngG5RV4g
jbzPhc8vK6ftiBtdiD31Yfdz0x5Qf3JYZKoDIl5wioFt
-----END CERTIFICATE-----