Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vHkPPj4t3I6JC-NGSRFJVvw18do.roa
File:                     vHkPPj4t3I6JC-NGSRFJVvw18do.roa (raw, json)
Hash identifier:          BgEQpFpX2dK8u6IlNHcyUxQ1UHpWgDEWMizGyyDv2Vg=
Subject key identifier:   BC:79:0F:3E:3E:2D:DC:8E:89:0B:E3:46:49:11:49:56:FC:35:F1:DA
Certificate issuer:       /CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
Certificate serial:       019717AA21B6F235A4F2FA33D0D0C6B36D7D
Authority key identifier: 60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vHkPPj4t3I6JC-NGSRFJVvw18do.roa
Signing time:             Wed 28 May 2025 16:11:55 +0000
ROA not before:           Wed 28 May 2025 16:11:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199704
IP address blocks:        185.224.184.0/22 maxlen: 24
                          185.224.192.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 01:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:17:aa:21:b6:f2:35:a4:f2:fa:33:d0:d0:c6:b3:6d:7d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=606784c105085b9d6ad5f73a03b20d9a5c114caf
        Validity
            Not Before: May 28 16:11:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bc790f3e3e2ddc8e890be34649114956fc35f1da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:38:85:69:34:e1:96:b6:cc:9f:b3:df:ac:53:
                    e7:b8:1b:74:67:35:0e:e5:65:c8:cf:c3:1a:b4:19:
                    c3:e4:8f:26:a8:99:d2:28:28:42:ec:b3:c0:11:17:
                    01:60:fc:c6:ac:8b:71:80:1b:39:43:d1:40:15:55:
                    28:a0:7f:33:88:2f:84:9e:c0:d7:a6:c5:35:e7:d8:
                    55:30:92:e2:08:3d:88:fc:dc:f3:19:1f:fd:ee:fd:
                    03:a5:dc:e9:a5:64:b6:a3:9e:87:5a:87:96:2c:16:
                    98:db:0f:4e:2c:7a:a1:01:09:29:dd:33:7c:75:c9:
                    72:5f:ce:4f:5b:1b:4a:29:d9:83:8d:a0:09:66:22:
                    c6:c8:5c:b5:48:86:8a:a4:2f:e3:97:15:f1:0b:6f:
                    98:e6:1a:a2:79:9c:20:56:d9:80:f9:6e:e4:a0:4a:
                    11:e7:5a:9b:54:12:17:f5:68:bc:02:87:64:60:bc:
                    18:3f:f2:2f:b9:5c:c2:74:e1:fa:0d:2f:38:69:4e:
                    30:43:70:31:95:4a:fa:11:df:12:76:46:46:d4:66:
                    f2:8b:31:45:7b:e0:65:5e:9e:e4:e6:6d:ee:45:a0:
                    97:87:9b:80:12:da:f9:5f:ff:35:22:ca:72:47:7b:
                    ba:87:85:6c:79:79:61:86:f9:dd:8d:1c:72:3f:12:
                    d8:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:79:0F:3E:3E:2D:DC:8E:89:0B:E3:46:49:11:49:56:FC:35:F1:DA
            X509v3 Authority Key Identifier:
                keyid:60:67:84:C1:05:08:5B:9D:6A:D5:F7:3A:03:B2:0D:9A:5C:11:4C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YGeEwQUIW51q1fc6A7INmlwRTK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/vHkPPj4t3I6JC-NGSRFJVvw18do.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d0/2b834e-bad2-49ff-ba38-b4342ba91abc/1/YGeEwQUIW51q1fc6A7INmlwRTK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.224.184.0/22
                  185.224.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9c:60:f1:23:d2:de:b1:77:d7:f2:53:ec:10:66:67:11:e1:eb:
         fa:d9:95:a9:bb:eb:bc:cb:46:97:cb:8b:b3:4a:0e:2c:57:41:
         42:d1:1b:0b:6b:00:97:0b:55:bc:71:98:d8:b8:47:60:fb:bf:
         74:6b:ae:71:20:0c:68:21:48:54:f5:b5:eb:d7:6b:a6:6d:68:
         56:f1:ba:17:ba:8a:31:45:16:4a:6b:c7:15:5f:aa:b5:02:e8:
         b8:3f:da:24:cc:9a:b6:bc:5d:99:1a:dc:15:a7:19:6c:aa:fa:
         81:a4:6b:92:dd:ef:1b:ad:03:9a:f3:f6:2d:e8:e5:19:0e:2f:
         73:96:0d:a8:e6:e1:24:d5:f0:2a:b9:62:28:ff:aa:86:88:cc:
         5d:e8:c4:94:23:71:d1:ce:12:6a:3d:ce:86:90:7d:29:65:30:
         a3:89:a9:ee:e4:be:26:82:8e:de:cb:f3:af:b4:ba:3b:bf:e4:
         ac:2f:60:d9:3d:4e:3a:e8:d2:62:89:4e:af:42:19:6b:b7:3e:
         14:75:e2:47:72:5f:f1:80:71:32:0f:fb:18:fe:e1:e0:cd:57:
         5f:30:5b:2c:fc:12:eb:24:c3:59:c4:6e:1a:7e:bd:20:81:df:
         8a:50:62:49:4a:88:12:9b:97:64:a7:73:ba:d3:ac:49:0b:94:
         8d:9d:d0:67
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZcXqiG28jWk8voz0NDGs219MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwNjc4NGMxMDUwODViOWQ2YWQ1ZjczYTAzYjIwZDlhNWMx
MTRjYWYwHhcNMjUwNTI4MTYxMTU1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYzc5MGYzZTNlMmRkYzhlODkwYmUzNDY0OTExNDk1NmZjMzVmMWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApziFaTThlrbMn7PfrFPnuBt0ZzUO
5WXIz8MatBnD5I8mqJnSKChC7LPAERcBYPzGrItxgBs5Q9FAFVUooH8ziC+EnsDX
psU159hVMJLiCD2I/NzzGR/97v0DpdzppWS2o56HWoeWLBaY2w9OLHqhAQkp3TN8
dclyX85PWxtKKdmDjaAJZiLGyFy1SIaKpC/jlxXxC2+Y5hqieZwgVtmA+W7koEoR
51qbVBIX9Wi8AodkYLwYP/IvuVzCdOH6DS84aU4wQ3AxlUr6Ed8SdkZG1GbyizFF
e+BlXp7k5m3uRaCXh5uAEtr5X/81IspyR3u6h4VseXlhhvndjRxyPxLYMwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLx5Dz4+LdyOiQvjRkkRSVb8NfHaMB8GA1UdIwQY
MBaAFGBnhMEFCFudatX3OgOyDZpcEUyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgt
YjQzNDJiYTkxYWJjLzEvdkhrUFBqNHQzSTZKQy1OR1NSRkpWdncxOGRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMC8yYjgzNGUtYmFkMi00OWZmLWJhMzgtYjQzNDJiYTkxYWJj
LzEvWUdlRXdRVUlXNTFxMWZjNkE3SU5tbHdSVEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCueC4AwQC
ueDAMA0GCSqGSIb3DQEBCwUAA4IBAQCcYPEj0t6xd9fyU+wQZmcR4ev62ZWpu+u8
y0aXy4uzSg4sV0FC0RsLawCXC1W8cZjYuEdg+790a65xIAxoIUhU9bXr12umbWhW
8boXuooxRRZKa8cVX6q1Aui4P9okzJq2vF2ZGtwVpxlsqvqBpGuS3e8brQOa8/Yt
6OUZDi9zlg2o5uEk1fAquWIo/6qGiMxd6MSUI3HRzhJqPc6GkH0pZTCjianu5L4m
go7ey/OvtLo7v+SsL2DZPU466NJiiU6vQhlrtz4UdeJHcl/xgHEyD/sY/uHgzVdf
MFss/BLrJMNZxG4afr0ggd+KUGJJSogSm5dkp3O606xJC5SNndBn
-----END CERTIFICATE-----