Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/cE6m8a5CriIv0E83s33sLplDAfM.roa
File:                     cE6m8a5CriIv0E83s33sLplDAfM.roa (raw, json)
Hash identifier:          ZKfoScq7UpI9CVF2pPqRtC9t9MqCP9EUcKUkrohEP6I=
Subject key identifier:   70:4E:A6:F1:AE:42:AE:22:2F:D0:4F:37:B3:7D:EC:2E:99:43:01:F3
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       01974E91A8F0F592CE0311AD7A27B4BABD00
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/cE6m8a5CriIv0E83s33sLplDAfM.roa
Signing time:             Sun 08 Jun 2025 08:04:18 +0000
ROA not before:           Sun 08 Jun 2025 08:04:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215287
IP address blocks:        193.8.112.0/24 maxlen: 24
                          194.5.64.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:4e:91:a8:f0:f5:92:ce:03:11:ad:7a:27:b4:ba:bd:00
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: Jun  8 08:04:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=704ea6f1ae42ae222fd04f37b37dec2e994301f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:3d:67:74:fe:70:2c:08:8c:83:4a:07:60:5e:
                    cb:d4:60:bb:cd:bc:bb:87:2b:95:ef:7b:0b:77:02:
                    63:4c:91:60:82:fd:2e:27:77:05:e1:f1:a0:0c:7f:
                    8f:f8:77:77:69:e5:e9:80:d6:02:b6:57:2e:a8:db:
                    67:67:a3:21:47:61:e3:8f:51:80:50:57:fd:fe:61:
                    bd:19:af:10:2f:2e:37:4c:0a:80:17:94:f2:b5:fd:
                    8f:92:fb:04:3c:57:83:11:3f:0d:b3:64:81:94:2d:
                    a2:c9:80:fd:34:aa:e9:e5:1d:c9:25:1a:48:f1:60:
                    ad:53:fd:30:0d:61:80:28:21:6e:8c:f1:cf:57:5f:
                    ad:5a:29:24:9e:04:c8:5f:0a:93:dd:e4:68:3e:9b:
                    6b:77:ed:9b:83:dd:ca:9a:c6:b9:8c:e2:b4:73:d6:
                    d1:3a:bc:40:a4:7a:71:33:8d:84:f7:e5:a7:cb:e7:
                    48:f6:24:be:16:00:7b:88:1b:52:08:0c:3d:1c:2a:
                    3a:da:49:4b:fa:f4:72:2d:19:99:cb:01:9e:19:e0:
                    68:d6:17:6f:dc:a7:aa:3a:22:49:32:76:61:12:5f:
                    2d:11:bc:c0:a2:50:30:80:d1:cb:5c:5b:cb:a7:54:
                    d2:8f:8f:4d:cf:ea:09:69:a3:ee:e5:40:be:3c:24:
                    08:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                70:4E:A6:F1:AE:42:AE:22:2F:D0:4F:37:B3:7D:EC:2E:99:43:01:F3
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/cE6m8a5CriIv0E83s33sLplDAfM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.8.112.0/24
                  194.5.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:28:6c:be:e6:61:80:d2:26:e0:2d:e8:a3:9d:fe:c4:1f:21:
         58:85:6d:b5:5a:7d:0d:1d:79:34:fc:ef:2d:9d:f2:08:89:b0:
         c6:df:81:95:45:69:4f:7e:ff:9c:ab:bb:0e:ff:68:13:81:c8:
         14:71:38:37:5f:3f:fd:58:7c:1e:c3:b9:08:39:1a:43:9e:54:
         b0:aa:4f:ab:2f:2c:eb:13:9b:fe:52:67:b7:81:26:e8:15:05:
         6c:9a:67:ac:7c:6f:ac:3d:65:aa:f8:34:71:54:02:cd:4c:a6:
         0b:09:92:c0:46:bd:99:9e:c0:74:d9:83:63:47:b5:23:c5:fb:
         b1:30:74:e3:0b:25:d9:fc:61:dd:b2:88:2c:1d:dc:c7:2a:1d:
         7d:b5:97:a2:5f:f9:c9:5d:f1:e2:7d:9e:5d:32:49:26:73:d4:
         b3:67:91:7a:a9:09:a6:92:fa:a5:96:2c:46:25:f2:d1:30:89:
         b4:19:c0:69:17:72:b1:bf:e4:bf:a6:7c:18:b4:ea:24:98:6a:
         91:6a:08:70:95:46:da:75:d4:99:65:d9:00:c8:11:eb:09:eb:
         8a:cf:55:4a:83:1c:6f:a1:d5:af:b3:2f:7b:f8:89:cd:2c:8d:
         79:3e:6c:7e:82:36:ce:77:87:49:29:a2:9b:74:be:97:60:b2:
         86:56:c1:a9
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZdOkajw9ZLOAxGteie0ur0AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNjA4MDgwNDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDRlYTZmMWFlNDJhZTIyMmZkMDRmMzdiMzdkZWMyZTk5NDMwMWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1T1ndP5wLAiMg0oHYF7L1GC7zby7
hyuV73sLdwJjTJFggv0uJ3cF4fGgDH+P+Hd3aeXpgNYCtlcuqNtnZ6MhR2Hjj1GA
UFf9/mG9Ga8QLy43TAqAF5Tytf2PkvsEPFeDET8Ns2SBlC2iyYD9NKrp5R3JJRpI
8WCtU/0wDWGAKCFujPHPV1+tWikkngTIXwqT3eRoPptrd+2bg93Kmsa5jOK0c9bR
OrxApHpxM42E9+Wny+dI9iS+FgB7iBtSCAw9HCo62klL+vRyLRmZywGeGeBo1hdv
3KeqOiJJMnZhEl8tEbzAolAwgNHLXFvLp1TSj49Nz+oJaaPu5UC+PCQI9wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHBOpvGuQq4iL9BPN7N97C6ZQwHzMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvY0U2bThhNUNyaUl2MEU4M3MzM3NMcGxEQWZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwQhwAwQA
wgVAMA0GCSqGSIb3DQEBCwUAA4IBAQAhKGy+5mGA0ibgLeijnf7EHyFYhW21Wn0N
HXk0/O8tnfIIibDG34GVRWlPfv+cq7sO/2gTgcgUcTg3Xz/9WHwew7kIORpDnlSw
qk+rLyzrE5v+Ume3gSboFQVsmmesfG+sPWWq+DRxVALNTKYLCZLARr2ZnsB02YNj
R7UjxfuxMHTjCyXZ/GHdsogsHdzHKh19tZeiX/nJXfHifZ5dMkkmc9SzZ5F6qQmm
kvqllixGJfLRMIm0GcBpF3Kxv+S/pnwYtOokmGqRaghwlUbaddSZZdkAyBHrCeuK
z1VKgxxvodWvsy97+InNLI15Pmx+gjbOd4dJKaKbdL6XYLKGVsGp
-----END CERTIFICATE-----