Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/05/36e4b8-4beb-43fb-a68e-2a8a2253fe0a/1/YdAjbfCRxVQuhwuJCOd8n6-9uGc.roa
File:                     YdAjbfCRxVQuhwuJCOd8n6-9uGc.roa (raw, json)
Hash identifier:          ryQI+IE9GniEW1zRKSAQBzSoJ8r45pp9QujhZtOYmEk=
Subject key identifier:   61:D0:23:6D:F0:91:C5:54:2E:87:0B:89:08:E7:7C:9F:AF:BD:B8:67
Certificate issuer:       /CN=80afa708e098e56942b162f34e4633497f3ae2d9
Certificate serial:       019811F456353865D70C6132464FAAE651E8
Authority key identifier: 80:AF:A7:08:E0:98:E5:69:42:B1:62:F3:4E:46:33:49:7F:3A:E2:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/gK-nCOCY5WlCsWLzTkYzSX864tk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/05/36e4b8-4beb-43fb-a68e-2a8a2253fe0a/1/YdAjbfCRxVQuhwuJCOd8n6-9uGc.roa
Signing time:             Wed 16 Jul 2025 06:38:02 +0000
ROA not before:           Wed 16 Jul 2025 06:38:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49556
IP address blocks:        185.27.44.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/05/36e4b8-4beb-43fb-a68e-2a8a2253fe0a/1/gK-nCOCY5WlCsWLzTkYzSX864tk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/05/36e4b8-4beb-43fb-a68e-2a8a2253fe0a/1/gK-nCOCY5WlCsWLzTkYzSX864tk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/gK-nCOCY5WlCsWLzTkYzSX864tk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Jul 2025 16:21:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:98:11:f4:56:35:38:65:d7:0c:61:32:46:4f:aa:e6:51:e8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=80afa708e098e56942b162f34e4633497f3ae2d9
        Validity
            Not Before: Jul 16 06:38:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61d0236df091c5542e870b8908e77c9fafbdb867
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:34:7e:82:ee:95:4c:54:d2:ce:9d:45:8f:37:
                    3d:4c:78:fd:22:ce:41:21:bf:d8:d4:86:ef:88:7f:
                    f1:78:01:99:6f:ce:e0:7a:61:c1:36:f0:39:19:d3:
                    29:a9:7c:83:4e:65:39:d6:01:b0:c2:73:be:1e:3d:
                    c4:3a:36:1f:39:8d:57:43:2a:74:53:7e:6e:7f:32:
                    48:f4:b7:2a:33:c2:5b:c2:4d:cd:8f:12:9b:1a:0d:
                    bc:3b:20:24:86:8e:95:33:78:b8:ec:67:b8:6b:fc:
                    27:94:e1:e7:a8:3f:7b:dc:62:e8:f5:32:c5:5c:73:
                    52:61:d9:79:9b:45:53:a7:f3:85:f4:4c:77:0a:de:
                    54:39:9a:7d:95:b2:c6:f4:6c:fc:8f:a2:7c:e3:78:
                    f9:25:93:3e:4b:5a:f2:20:f2:fb:c5:da:89:9b:f0:
                    4b:9d:38:4b:80:48:f0:01:21:79:b4:76:bd:94:1d:
                    dc:fa:e2:df:4d:71:af:6b:cc:64:a0:54:47:dd:10:
                    ef:7f:26:9d:7f:40:c3:18:b9:61:35:8f:0a:6f:25:
                    66:ad:39:3d:76:2a:81:26:ab:d2:5f:b8:c3:8d:86:
                    bc:84:7c:af:91:2e:c4:1c:59:93:ed:e1:63:53:3d:
                    13:45:c7:84:84:34:5d:95:23:29:c3:c1:41:b0:05:
                    bd:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:D0:23:6D:F0:91:C5:54:2E:87:0B:89:08:E7:7C:9F:AF:BD:B8:67
            X509v3 Authority Key Identifier:
                keyid:80:AF:A7:08:E0:98:E5:69:42:B1:62:F3:4E:46:33:49:7F:3A:E2:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gK-nCOCY5WlCsWLzTkYzSX864tk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/05/36e4b8-4beb-43fb-a68e-2a8a2253fe0a/1/YdAjbfCRxVQuhwuJCOd8n6-9uGc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/05/36e4b8-4beb-43fb-a68e-2a8a2253fe0a/1/gK-nCOCY5WlCsWLzTkYzSX864tk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.27.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3a:4e:e4:1a:19:d1:b8:d8:e9:aa:98:67:0b:ec:2a:4b:8e:0b:
         f5:60:e0:e9:40:08:ea:bc:dd:13:ac:d1:fb:9b:fb:06:82:db:
         1d:6d:ef:30:6b:19:2c:e4:98:5f:d8:59:50:9b:60:67:00:ba:
         9b:49:25:51:16:c7:63:4b:ce:28:b5:d1:88:8a:a9:3d:cd:f1:
         ef:f7:d9:b8:94:3b:2c:08:47:aa:aa:ce:16:24:35:a6:5e:7c:
         d6:6e:31:2f:6a:eb:01:b4:f5:2c:3f:de:49:95:54:21:c0:24:
         f8:15:d1:b8:8b:fd:68:f7:68:a2:bb:6b:69:2c:a3:b8:02:ec:
         f7:50:39:0c:f9:e9:3e:8a:9c:4a:80:41:5d:bc:e3:87:2a:9b:
         4a:34:e9:c6:9c:2d:39:38:e7:fa:b4:11:a6:d0:47:c3:4c:7b:
         9b:c1:c5:99:0a:72:05:06:3d:55:92:33:af:21:46:4b:3c:af:
         0f:d4:ac:3f:60:ad:ae:17:ac:96:2b:bb:bf:a4:0d:90:b2:92:
         3f:d6:1b:46:23:aa:8e:76:11:81:81:61:2e:44:dd:12:b3:31:
         2d:9e:9d:36:63:f7:5a:2a:41:0c:0b:a9:24:e8:1c:8b:e3:3a:
         58:23:cd:9e:27:a9:05:e1:b8:51:39:5c:7f:ee:3a:cc:31:a6:
         a7:48:fe:cb
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZgR9FY1OGXXDGEyRk+q5lHoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgwYWZhNzA4ZTA5OGU1Njk0MmIxNjJmMzRlNDYzMzQ5N2Yz
YWUyZDkwHhcNMjUwNzE2MDYzODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWQwMjM2ZGYwOTFjNTU0MmU4NzBiODkwOGU3N2M5ZmFmYmRiODY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnTR+gu6VTFTSzp1Fjzc9THj9Is5B
Ib/Y1IbviH/xeAGZb87gemHBNvA5GdMpqXyDTmU51gGwwnO+Hj3EOjYfOY1XQyp0
U35ufzJI9LcqM8Jbwk3NjxKbGg28OyAkho6VM3i47Ge4a/wnlOHnqD973GLo9TLF
XHNSYdl5m0VTp/OF9Ex3Ct5UOZp9lbLG9Gz8j6J843j5JZM+S1ryIPL7xdqJm/BL
nThLgEjwASF5tHa9lB3c+uLfTXGva8xkoFRH3RDvfyadf0DDGLlhNY8KbyVmrTk9
diqBJqvSX7jDjYa8hHyvkS7EHFmT7eFjUz0TRceEhDRdlSMpw8FBsAW9lQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGHQI23wkcVULocLiQjnfJ+vvbhnMB8GA1UdIwQY
MBaAFICvpwjgmOVpQrFi805GM0l/OuLZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ0stbkNPQ1k1V2xDc1dMelRrWXpTWDg2NHRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNS8zNmU0YjgtNGJlYi00M2ZiLWE2OGUt
MmE4YTIyNTNmZTBhLzEvWWRBamJmQ1J4VlF1aHd1SkNPZDhuNi05dUdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNS8zNmU0YjgtNGJlYi00M2ZiLWE2OGUtMmE4YTIyNTNmZTBh
LzEvZ0stbkNPQ1k1V2xDc1dMelRrWXpTWDg2NHRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRssMA0G
CSqGSIb3DQEBCwUAA4IBAQA6TuQaGdG42OmqmGcL7CpLjgv1YODpQAjqvN0TrNH7
m/sGgtsdbe8waxks5Jhf2FlQm2BnALqbSSVRFsdjS84otdGIiqk9zfHv99m4lDss
CEeqqs4WJDWmXnzWbjEvausBtPUsP95JlVQhwCT4FdG4i/1o92iiu2tpLKO4Auz3
UDkM+ek+ipxKgEFdvOOHKptKNOnGnC05OOf6tBGm0EfDTHubwcWZCnIFBj1VkjOv
IUZLPK8P1Kw/YK2uF6yWK7u/pA2QspI/1htGI6qOdhGBgWEuRN0SszEtnp02Y/da
KkEMC6kk6ByL4zpYI82eJ6kF4bhROVx/7jrMMaanSP7L
-----END CERTIFICATE-----