Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/yIFDC3DQyKnYJrOVoxpI_9NxtQ4.roa
File:                     yIFDC3DQyKnYJrOVoxpI_9NxtQ4.roa (raw, json)
Hash identifier:          cgrK+K+/SobWe5sM1Xw8KgFBTC6aou6l85u0UGfO0is=
Subject key identifier:   C8:81:43:0B:70:D0:C8:A9:D8:26:B3:95:A3:1A:48:FF:D3:71:B5:0E
Certificate issuer:       /CN=60c44dff71879863ea71442023b7f354dc3dad7c
Certificate serial:       0194228D94CDED6DFB8900B2095C0A2D0498
Authority key identifier: 60:C4:4D:FF:71:87:98:63:EA:71:44:20:23:B7:F3:54:DC:3D:AD:7C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YMRN_3GHmGPqcUQgI7fzVNw9rXw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/yIFDC3DQyKnYJrOVoxpI_9NxtQ4.roa
Signing time:             Wed 01 Jan 2025 15:48:11 +0000
ROA not before:           Wed 01 Jan 2025 15:48:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        185.88.184.0/24 maxlen: 24
                          185.88.185.0/24 maxlen: 24
                          185.88.186.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/YMRN_3GHmGPqcUQgI7fzVNw9rXw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/YMRN_3GHmGPqcUQgI7fzVNw9rXw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YMRN_3GHmGPqcUQgI7fzVNw9rXw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:94:cd:ed:6d:fb:89:00:b2:09:5c:0a:2d:04:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60c44dff71879863ea71442023b7f354dc3dad7c
        Validity
            Not Before: Jan  1 15:48:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c881430b70d0c8a9d826b395a31a48ffd371b50e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:0f:91:7b:f2:4f:ae:2d:fc:13:03:a9:7e:a3:
                    ae:a4:01:55:1a:36:fb:52:76:07:8b:46:ce:6a:e6:
                    72:f2:f6:1c:95:59:26:15:5b:86:45:94:72:96:ef:
                    65:0c:dd:e3:e1:19:d6:87:42:f1:f1:af:83:a9:91:
                    e2:0a:60:9e:78:29:65:ea:e3:ad:82:b3:55:80:65:
                    c6:d7:4d:24:a8:a4:3f:cd:1c:9b:02:47:6c:af:6b:
                    48:c9:fd:58:4f:1a:b2:57:27:bb:ea:85:3e:e1:64:
                    81:b0:0d:94:2d:10:74:ee:4c:e1:af:d0:19:06:4b:
                    18:bd:6c:c8:25:89:2f:ac:e2:81:5a:7c:a7:78:5a:
                    4c:42:ab:0e:29:f6:b5:93:c3:19:2d:cc:15:a0:a4:
                    d2:89:b3:d9:f1:9a:0c:a1:a1:b3:57:26:fa:f5:84:
                    c2:69:db:81:83:d8:f7:6b:82:8e:a3:b7:62:e8:82:
                    5b:19:e7:46:51:54:e0:5d:27:5e:8e:8c:54:15:e1:
                    d3:6e:e1:aa:ce:5e:24:9a:f9:70:6f:17:9f:27:25:
                    4b:17:b5:7a:fe:48:84:12:53:bd:f8:81:52:db:ac:
                    da:be:43:96:29:82:5d:61:53:b8:5e:e3:b4:6e:a4:
                    6b:9d:08:3e:ee:26:4b:e5:3f:3d:18:db:9b:67:36:
                    69:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:81:43:0B:70:D0:C8:A9:D8:26:B3:95:A3:1A:48:FF:D3:71:B5:0E
            X509v3 Authority Key Identifier:
                keyid:60:C4:4D:FF:71:87:98:63:EA:71:44:20:23:B7:F3:54:DC:3D:AD:7C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YMRN_3GHmGPqcUQgI7fzVNw9rXw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/yIFDC3DQyKnYJrOVoxpI_9NxtQ4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/6ce994-8e99-40f9-a4eb-b2d73678727b/1/YMRN_3GHmGPqcUQgI7fzVNw9rXw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.88.184.0-185.88.186.255

    Signature Algorithm: sha256WithRSAEncryption
         23:28:62:78:b1:d5:9e:b5:0d:e0:7c:ef:29:fb:1a:f7:0e:be:
         01:d1:67:5f:59:02:1e:29:5d:2e:45:d9:5d:b0:03:f7:2d:c7:
         73:2c:36:96:c4:eb:82:f4:28:7f:94:5f:f3:5c:06:9a:9d:e9:
         3f:98:cf:2d:49:98:a6:9d:88:15:85:e8:c4:ce:7a:b2:ce:65:
         ff:87:dd:f7:5e:67:8f:b3:c8:e2:57:d6:0a:6d:5f:64:c9:45:
         c7:cc:fc:62:a8:d1:fb:66:3d:b2:df:84:87:a1:b6:7f:17:2b:
         d4:f5:3a:e2:bc:b2:be:3e:db:04:dd:e2:f4:8e:92:1e:e3:a2:
         80:d8:46:08:1c:46:2b:c6:2b:9e:06:f6:29:9f:a2:0b:0c:ce:
         66:08:03:41:c5:28:1e:36:97:02:bd:ec:2b:18:40:62:73:00:
         ca:a2:c9:b2:93:13:15:42:3b:2c:07:5c:3b:63:03:3e:ec:09:
         fd:1f:6e:c8:08:b0:be:61:7d:4f:d7:09:2e:92:c7:f7:5f:de:
         4c:32:c3:ca:37:40:fe:45:e8:d5:c2:ef:ed:28:7f:3b:60:0e:
         cc:d0:5c:75:1a:c0:4a:42:67:15:19:e0:0c:e7:b0:91:1b:49:
         2a:d5:bb:2c:c4:84:5d:ac:85:7f:d9:2a:f2:97:81:de:f7:4e:
         5e:ec:5b:57
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAZQijZTN7W37iQCyCVwKLQSYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwYzQ0ZGZmNzE4Nzk4NjNlYTcxNDQyMDIzYjdmMzU0ZGMz
ZGFkN2MwHhcNMjUwMTAxMTU0ODExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODgxNDMwYjcwZDBjOGE5ZDgyNmIzOTVhMzFhNDhmZmQzNzFiNTBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzQ+Re/JPri38EwOpfqOupAFVGjb7
UnYHi0bOauZy8vYclVkmFVuGRZRylu9lDN3j4RnWh0Lx8a+DqZHiCmCeeCll6uOt
grNVgGXG100kqKQ/zRybAkdsr2tIyf1YTxqyVye76oU+4WSBsA2ULRB07kzhr9AZ
BksYvWzIJYkvrOKBWnyneFpMQqsOKfa1k8MZLcwVoKTSibPZ8ZoMoaGzVyb69YTC
aduBg9j3a4KOo7di6IJbGedGUVTgXSdejoxUFeHTbuGqzl4kmvlwbxefJyVLF7V6
/kiEElO9+IFS26zavkOWKYJdYVO4XuO0bqRrnQg+7iZL5T89GNubZzZpowIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFMiBQwtw0Mip2CazlaMaSP/TcbUOMB8GA1UdIwQY
MBaAFGDETf9xh5hj6nFEICO381TcPa18MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWU1STl8zR0htR1BxY1VRZ0k3ZnpWTnc5clh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC82Y2U5OTQtOGU5OS00MGY5LWE0ZWIt
YjJkNzM2Nzg3MjdiLzEveUlGREMzRFF5S25ZSnJPVm94cElfOU54dFE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC82Y2U5OTQtOGU5OS00MGY5LWE0ZWItYjJkNzM2Nzg3Mjdi
LzEvWU1STl8zR0htR1BxY1VRZ0k3ZnpWTnc5clh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAO5WLgD
BAC5WLowDQYJKoZIhvcNAQELBQADggEBACMoYnix1Z61DeB87yn7GvcOvgHRZ19Z
Ah4pXS5F2V2wA/ctx3MsNpbE64L0KH+UX/NcBpqd6T+Yzy1JmKadiBWF6MTOerLO
Zf+H3fdeZ4+zyOJX1gptX2TJRcfM/GKo0ftmPbLfhIehtn8XK9T1OuK8sr4+2wTd
4vSOkh7jooDYRggcRivGK54G9imfogsMzmYIA0HFKB42lwK97CsYQGJzAMqiybKT
ExVCOywHXDtjAz7sCf0fbsgIsL5hfU/XCS6Sx/df3kwyw8o3QP5F6NXC7+0ofztg
DszQXHUawEpCZxUZ4AznsJEbSSrVuyzEhF2shX/ZKvKXgd73Tl7sW1c=
-----END CERTIFICATE-----