Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/yV5VAilxWOh0of_wXNotAN0Ules.roa
File:                     yV5VAilxWOh0of_wXNotAN0Ules.roa (raw, json)
Hash identifier:          okzmmgBoCtu74qSYeftTIK3U3j25WujMDAESaACQXMQ=
Subject key identifier:   C9:5E:55:02:29:71:58:E8:74:A1:FF:F0:5C:DA:2D:00:DD:14:95:EB
Certificate issuer:       /CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
Certificate serial:       019425FD9DFB798729F86CA2063919A464A6
Authority key identifier: 0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/yV5VAilxWOh0of_wXNotAN0Ules.roa
Signing time:             Thu 02 Jan 2025 07:49:25 +0000
ROA not before:           Thu 02 Jan 2025 07:49:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        87.236.165.0/24 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:9d:fb:79:87:29:f8:6c:a2:06:39:19:a4:64:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0db67c5c7fa7fe2492eec37cf427642b71d425b0
        Validity
            Not Before: Jan  2 07:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c95e5502297158e874a1fff05cda2d00dd1495eb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:4e:0c:c4:cc:b8:95:12:9a:0c:7f:6c:c1:bb:
                    2a:0c:5e:68:e1:52:52:c0:12:36:e4:39:bd:27:ab:
                    95:7a:be:a4:41:64:cf:73:eb:d6:49:0e:5f:c3:98:
                    33:26:28:c8:16:d2:42:01:96:c0:ca:0b:04:37:4f:
                    cc:2f:cd:a7:e2:3b:a2:69:29:b2:63:b8:ea:6e:77:
                    6d:2a:3f:f3:89:f8:ee:da:36:22:fb:1c:0e:45:59:
                    82:26:c3:5a:d6:1c:12:17:c4:01:d8:1d:b8:63:b3:
                    25:c3:32:31:60:77:0a:40:fd:a9:0e:57:4a:28:58:
                    ed:f5:64:7d:7b:e8:5a:f1:bc:6e:30:a6:f9:1d:6e:
                    cb:00:f6:f5:9c:70:c1:b6:72:07:8f:23:7a:8d:17:
                    af:84:da:5f:4f:a8:f6:fb:2f:bb:cc:aa:1e:35:bd:
                    02:ee:c8:6d:bd:27:b5:41:7a:ff:a2:06:8e:3a:f3:
                    6a:bc:f5:39:d1:e8:dd:0b:97:1f:05:8f:21:d2:12:
                    f0:d9:9c:37:f1:ad:54:94:29:e5:90:7c:00:37:f1:
                    a2:d0:fb:fa:c6:e7:b6:a4:6c:57:43:3b:0d:11:ef:
                    86:77:5c:c3:94:24:5a:78:b7:96:7b:e7:34:11:20:
                    95:b8:51:43:9b:db:0d:41:93:27:d3:0f:a7:6f:07:
                    5f:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:5E:55:02:29:71:58:E8:74:A1:FF:F0:5C:DA:2D:00:DD:14:95:EB
            X509v3 Authority Key Identifier:
                keyid:0D:B6:7C:5C:7F:A7:FE:24:92:EE:C3:7C:F4:27:64:2B:71:D4:25:B0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/DbZ8XH-n_iSS7sN89CdkK3HUJbA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/yV5VAilxWOh0of_wXNotAN0Ules.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a9/0f3757-f0ed-4e7e-9329-b03df996e481/1/DbZ8XH-n_iSS7sN89CdkK3HUJbA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  87.236.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         43:a5:4d:f6:c4:4f:30:27:be:bb:07:d0:08:95:9a:1a:b2:95:
         40:fd:3a:40:c4:50:19:02:b5:57:fe:89:cc:01:65:61:26:6b:
         5a:7c:1b:7a:16:59:4a:94:a2:1c:47:8b:80:e8:cf:5c:97:a6:
         81:44:19:32:31:12:20:00:bc:39:67:d9:c6:1d:21:19:c9:fe:
         79:44:ca:63:41:0c:4e:e6:01:2f:1d:de:90:24:66:b3:b9:8b:
         04:0d:a0:f2:82:73:c7:36:9e:4a:1b:fa:67:06:c4:9c:fa:35:
         21:3b:1e:d2:64:ba:f9:67:eb:8d:f8:9c:a2:0e:88:19:96:11:
         69:42:e6:0b:16:14:5c:e3:6a:16:30:83:22:2e:0a:56:45:ca:
         90:16:ca:fd:36:b9:35:44:01:f5:71:2c:c4:51:cc:97:9d:bf:
         ca:6e:7d:20:bc:b6:4b:ce:fe:8b:83:6e:fc:30:d3:29:b7:90:
         f3:d2:3c:55:ac:82:d7:be:b3:03:c9:80:89:61:77:f9:8e:fd:
         b0:df:86:1f:38:f4:83:c9:f6:15:94:ec:7d:19:18:c0:49:aa:
         dd:dc:61:b7:5e:a2:45:26:97:bd:2f:1e:c2:a2:a1:08:3b:5b:
         2e:e0:b4:45:77:5f:c5:f0:07:d3:28:68:79:3f:20:9f:5a:11:
         90:2c:8f:79
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/Z37eYcp+GyiBjkZpGSmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBkYjY3YzVjN2ZhN2ZlMjQ5MmVlYzM3Y2Y0Mjc2NDJiNzFk
NDI1YjAwHhcNMjUwMTAyMDc0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTVlNTUwMjI5NzE1OGU4NzRhMWZmZjA1Y2RhMmQwMGRkMTQ5NWViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3E4MxMy4lRKaDH9swbsqDF5o4VJS
wBI25Dm9J6uVer6kQWTPc+vWSQ5fw5gzJijIFtJCAZbAygsEN0/ML82n4juiaSmy
Y7jqbndtKj/zifju2jYi+xwORVmCJsNa1hwSF8QB2B24Y7MlwzIxYHcKQP2pDldK
KFjt9WR9e+ha8bxuMKb5HW7LAPb1nHDBtnIHjyN6jRevhNpfT6j2+y+7zKoeNb0C
7shtvSe1QXr/ogaOOvNqvPU50ejdC5cfBY8h0hLw2Zw38a1UlCnlkHwAN/Gi0Pv6
xue2pGxXQzsNEe+Gd1zDlCRaeLeWe+c0ESCVuFFDm9sNQZMn0w+nbwdfFwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMleVQIpcVjodKH/8FzaLQDdFJXrMB8GA1UdIwQY
MBaAFA22fFx/p/4kku7DfPQnZCtx1CWwMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjkt
YjAzZGY5OTZlNDgxLzEveVY1VkFpbHhXT2gwb2Zfd1hOb3RBTjBVbGVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOS8wZjM3NTctZjBlZC00ZTdlLTkzMjktYjAzZGY5OTZlNDgx
LzEvRGJaOFhILW5faVNTN3NOODlDZGtLM0hVSmJBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAV+ylMA0G
CSqGSIb3DQEBCwUAA4IBAQBDpU32xE8wJ767B9AIlZoaspVA/TpAxFAZArVX/onM
AWVhJmtafBt6FllKlKIcR4uA6M9cl6aBRBkyMRIgALw5Z9nGHSEZyf55RMpjQQxO
5gEvHd6QJGazuYsEDaDygnPHNp5KG/pnBsSc+jUhOx7SZLr5Z+uN+JyiDogZlhFp
QuYLFhRc42oWMIMiLgpWRcqQFsr9Nrk1RAH1cSzEUcyXnb/Kbn0gvLZLzv6Lg278
MNMpt5Dz0jxVrILXvrMDyYCJYXf5jv2w34YfOPSDyfYVlOx9GRjASard3GG3XqJF
Jpe9Lx7CoqEIO1su4LRFd1/F8AfTKGh5PyCfWhGQLI95
-----END CERTIFICATE-----