Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/87/71779b-5830-4c87-9e79-e5c459c91a48/1/ys86q5jXiENW-WW7AK-nkVinoug.roa
File:                     ys86q5jXiENW-WW7AK-nkVinoug.roa (raw, json)
Hash identifier:          PK1sfbQN38TktvS2UC6cxV1eHaxPEymB6l0sa2UeYfk=
Subject key identifier:   CA:CF:3A:AB:98:D7:88:43:56:F9:65:BB:00:AF:A7:91:58:A7:A2:E8
Certificate issuer:       /CN=466bf8762fe42f0a13da7d21ca96c4301500ebcc
Certificate serial:       0194258ED6932714A399E1A8136D7450B301
Authority key identifier: 46:6B:F8:76:2F:E4:2F:0A:13:DA:7D:21:CA:96:C4:30:15:00:EB:CC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Rmv4di_kLwoT2n0hypbEMBUA68w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/87/71779b-5830-4c87-9e79-e5c459c91a48/1/ys86q5jXiENW-WW7AK-nkVinoug.roa
Signing time:             Thu 02 Jan 2025 05:48:25 +0000
ROA not before:           Thu 02 Jan 2025 05:48:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     199017
IP address blocks:        93.114.131.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/87/71779b-5830-4c87-9e79-e5c459c91a48/1/Rmv4di_kLwoT2n0hypbEMBUA68w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/87/71779b-5830-4c87-9e79-e5c459c91a48/1/Rmv4di_kLwoT2n0hypbEMBUA68w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Rmv4di_kLwoT2n0hypbEMBUA68w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 23 Apr 2025 11:00:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8e:d6:93:27:14:a3:99:e1:a8:13:6d:74:50:b3:01
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=466bf8762fe42f0a13da7d21ca96c4301500ebcc
        Validity
            Not Before: Jan  2 05:48:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cacf3aab98d7884356f965bb00afa79158a7a2e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:8b:4b:db:30:04:65:6f:2a:82:db:17:79:c3:
                    e1:f1:ec:7a:c6:a1:d5:a4:58:96:69:24:44:e3:05:
                    ec:95:9b:cb:c6:1b:6a:5f:d1:ce:24:09:ac:1d:5f:
                    a2:04:1e:e7:d8:eb:a6:bd:2e:eb:fb:a0:0b:71:93:
                    b5:77:52:c9:0a:73:56:c9:3b:fa:db:83:ea:83:ba:
                    3b:a7:00:fd:c5:51:14:d3:78:fc:9f:9f:71:52:95:
                    f6:e1:17:15:f4:ba:16:7f:95:56:59:70:fc:45:ca:
                    ce:8e:d3:e2:8b:d3:2d:ce:9c:8c:1d:d0:a0:f8:0d:
                    a8:ed:23:fc:09:a3:12:b6:46:0c:06:31:c8:87:bd:
                    38:23:ae:14:28:8f:c1:6d:05:6b:df:1d:d4:2f:51:
                    7f:61:67:3b:44:3a:7d:3f:15:2c:71:b9:44:15:25:
                    8f:3b:63:89:82:15:d9:2f:8c:e9:44:32:18:35:43:
                    f8:01:ee:54:3a:a8:64:19:df:1d:c2:af:72:71:71:
                    6b:28:17:1a:66:41:2c:de:5b:16:de:0d:9d:5e:48:
                    7e:fe:7c:e7:08:86:d7:a7:52:f9:e7:01:7b:94:15:
                    73:11:ed:02:1a:1f:be:15:6a:91:19:1f:7e:65:1b:
                    cf:84:dc:5d:b5:ba:92:62:4d:19:9c:41:c1:df:ca:
                    c9:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:CF:3A:AB:98:D7:88:43:56:F9:65:BB:00:AF:A7:91:58:A7:A2:E8
            X509v3 Authority Key Identifier:
                keyid:46:6B:F8:76:2F:E4:2F:0A:13:DA:7D:21:CA:96:C4:30:15:00:EB:CC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rmv4di_kLwoT2n0hypbEMBUA68w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/87/71779b-5830-4c87-9e79-e5c459c91a48/1/ys86q5jXiENW-WW7AK-nkVinoug.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/87/71779b-5830-4c87-9e79-e5c459c91a48/1/Rmv4di_kLwoT2n0hypbEMBUA68w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  93.114.131.0/24

    Signature Algorithm: sha256WithRSAEncryption
         25:8f:f2:cf:83:ca:92:af:59:6b:73:4a:e1:dd:50:c6:1d:83:
         24:00:8d:9b:e0:85:09:5a:43:e5:16:26:43:2a:b0:0b:e3:b5:
         74:99:70:0f:b4:e8:97:6e:6f:ba:52:7f:63:2c:8c:ef:a7:38:
         a2:b6:90:79:74:3d:fb:65:b2:c2:ec:92:2e:15:50:44:cd:f9:
         cb:3a:36:72:8a:38:d7:2a:ed:39:80:75:53:67:ed:dd:a6:1d:
         eb:3b:4d:6a:ec:77:96:02:f3:ab:d7:c6:ec:04:e7:f8:f8:02:
         c0:23:b8:9b:fa:c7:c7:bd:c5:c4:b5:89:a8:4f:52:7c:63:0e:
         e1:74:39:74:9f:33:12:8a:8c:dc:dc:8b:a8:a0:3e:8e:58:7b:
         c2:2c:ef:35:06:0e:64:90:43:6c:da:6e:43:20:8d:2f:85:06:
         3b:54:74:43:95:2f:6c:ba:ce:47:7a:61:6a:0d:23:99:2e:e6:
         0a:d7:da:1c:86:62:43:c4:c3:50:e4:39:e3:5e:89:3e:e6:30:
         9a:49:09:a8:8b:53:d9:f3:be:62:c1:e8:2e:9c:b4:5a:23:1e:
         01:17:19:04:9e:8b:27:3a:3b:5c:59:2f:d0:7b:95:d9:a8:d2:
         80:60:49:cf:f1:7c:d0:5f:35:6a:03:2b:1f:14:34:1c:72:29:
         9b:8a:1a:60
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQljtaTJxSjmeGoE210ULMBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NmJmODc2MmZlNDJmMGExM2RhN2QyMWNhOTZjNDMwMTUw
MGViY2MwHhcNMjUwMTAyMDU0ODI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWNmM2FhYjk4ZDc4ODQzNTZmOTY1YmIwMGFmYTc5MTU4YTdhMmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwYtL2zAEZW8qgtsXecPh8ex6xqHV
pFiWaSRE4wXslZvLxhtqX9HOJAmsHV+iBB7n2OumvS7r+6ALcZO1d1LJCnNWyTv6
24Pqg7o7pwD9xVEU03j8n59xUpX24RcV9LoWf5VWWXD8RcrOjtPii9MtzpyMHdCg
+A2o7SP8CaMStkYMBjHIh704I64UKI/BbQVr3x3UL1F/YWc7RDp9PxUscblEFSWP
O2OJghXZL4zpRDIYNUP4Ae5UOqhkGd8dwq9ycXFrKBcaZkEs3lsW3g2dXkh+/nzn
CIbXp1L55wF7lBVzEe0CGh++FWqRGR9+ZRvPhNxdtbqSYk0ZnEHB38rJDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMrPOquY14hDVvlluwCvp5FYp6LoMB8GA1UdIwQY
MBaAFEZr+HYv5C8KE9p9IcqWxDAVAOvMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUm12NGRpX2tMd29UMm4waHlwYkVNQlVBNjh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Ny83MTc3OWItNTgzMC00Yzg3LTllNzkt
ZTVjNDU5YzkxYTQ4LzEveXM4NnE1alhpRU5XLVdXN0FLLW5rVmlub3VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Ny83MTc3OWItNTgzMC00Yzg3LTllNzktZTVjNDU5YzkxYTQ4
LzEvUm12NGRpX2tMd29UMm4waHlwYkVNQlVBNjh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAXXKDMA0G
CSqGSIb3DQEBCwUAA4IBAQAlj/LPg8qSr1lrc0rh3VDGHYMkAI2b4IUJWkPlFiZD
KrAL47V0mXAPtOiXbm+6Un9jLIzvpziitpB5dD37ZbLC7JIuFVBEzfnLOjZyijjX
Ku05gHVTZ+3dph3rO01q7HeWAvOr18bsBOf4+ALAI7ib+sfHvcXEtYmoT1J8Yw7h
dDl0nzMSiozc3IuooD6OWHvCLO81Bg5kkENs2m5DII0vhQY7VHRDlS9sus5HemFq
DSOZLuYK19ochmJDxMNQ5DnjXok+5jCaSQmoi1PZ875iwegunLRaIx4BFxkEnosn
OjtcWS/Qe5XZqNKAYEnP8XzQXzVqAysfFDQccimbihpg
-----END CERTIFICATE-----