Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b7/f143d0-aeb8-4b52-9c35-b3a50910c2a8/1/Y_LE7fqvC-DJjpGE04PAiZiS4sM.roa
File:                     Y_LE7fqvC-DJjpGE04PAiZiS4sM.roa (raw, json)
Hash identifier:          /iG8f1CjLF+Lu2JxpQ3C4TbNa9Jv5YP2v7PLHqXyCAI=
Subject key identifier:   63:F2:C4:ED:FA:AF:0B:E0:C9:8E:91:84:D3:83:C0:89:98:92:E2:C3
Certificate issuer:       /CN=a999cffa6e48fa2c4f8d09803396b457a630a33d
Certificate serial:       0194F014C4BE271363E9717586FC6B5B645F
Authority key identifier: A9:99:CF:FA:6E:48:FA:2C:4F:8D:09:80:33:96:B4:57:A6:30:A3:3D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qZnP-m5I-ixPjQmAM5a0V6Ywoz0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b7/f143d0-aeb8-4b52-9c35-b3a50910c2a8/1/Y_LE7fqvC-DJjpGE04PAiZiS4sM.roa
Signing time:             Mon 10 Feb 2025 13:38:00 +0000
ROA not before:           Mon 10 Feb 2025 13:38:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51809
IP address blocks:        185.138.196.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b7/f143d0-aeb8-4b52-9c35-b3a50910c2a8/1/qZnP-m5I-ixPjQmAM5a0V6Ywoz0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b7/f143d0-aeb8-4b52-9c35-b3a50910c2a8/1/qZnP-m5I-ixPjQmAM5a0V6Ywoz0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qZnP-m5I-ixPjQmAM5a0V6Ywoz0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 12:01:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:f0:14:c4:be:27:13:63:e9:71:75:86:fc:6b:5b:64:5f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a999cffa6e48fa2c4f8d09803396b457a630a33d
        Validity
            Not Before: Feb 10 13:38:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63f2c4edfaaf0be0c98e9184d383c0899892e2c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:b8:86:95:2d:1a:fd:21:4b:87:77:6e:98:f9:
                    cd:7c:5d:f4:0b:44:df:d5:6e:d8:b2:89:f3:68:67:
                    d0:5b:64:1c:49:32:e3:e4:26:8c:cf:84:20:1f:a7:
                    76:ba:ad:d5:90:1c:ed:3d:e9:e4:30:1a:d2:76:e0:
                    b5:80:8e:89:84:df:82:b4:02:ed:c3:a9:69:75:55:
                    65:f0:d0:8c:c3:e3:29:e6:0d:ca:bc:07:2f:15:42:
                    84:47:cb:9c:09:03:12:b5:fa:c8:7f:0f:1a:a3:b8:
                    07:b7:39:36:05:28:ba:22:00:1b:02:72:78:b9:75:
                    51:11:fd:19:fc:48:fa:c1:bd:95:be:ed:b7:2f:b0:
                    50:ed:5d:34:09:43:29:a5:e8:d4:e0:b0:17:b3:c8:
                    13:4f:e5:6f:2a:1d:23:28:61:23:68:73:7c:2c:88:
                    4c:fc:b7:3b:90:79:8d:a8:2f:6f:7e:39:e8:06:e7:
                    36:38:65:41:f7:95:ee:6a:5f:78:84:0b:74:28:84:
                    85:4f:db:bb:08:12:40:e3:b6:02:0d:c9:c1:69:62:
                    cd:d2:ee:4c:8a:73:ff:7c:6b:e1:ab:60:d5:d4:fe:
                    fb:6c:fd:6d:f5:2b:53:e0:6d:e2:56:d2:7a:8b:e5:
                    1d:1c:d4:68:fe:04:8a:c7:b9:8b:65:f2:a6:47:c5:
                    60:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:F2:C4:ED:FA:AF:0B:E0:C9:8E:91:84:D3:83:C0:89:98:92:E2:C3
            X509v3 Authority Key Identifier:
                keyid:A9:99:CF:FA:6E:48:FA:2C:4F:8D:09:80:33:96:B4:57:A6:30:A3:3D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qZnP-m5I-ixPjQmAM5a0V6Ywoz0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/f143d0-aeb8-4b52-9c35-b3a50910c2a8/1/Y_LE7fqvC-DJjpGE04PAiZiS4sM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b7/f143d0-aeb8-4b52-9c35-b3a50910c2a8/1/qZnP-m5I-ixPjQmAM5a0V6Ywoz0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.138.196.0/22

    Signature Algorithm: sha256WithRSAEncryption
         07:dd:25:0d:16:4f:90:6a:70:c0:c5:5d:39:ce:65:11:98:b5:
         d8:fc:a2:b3:62:e3:7a:fb:8e:90:93:99:39:cf:3d:88:39:2b:
         08:c7:a0:42:22:b2:04:45:31:d6:93:e6:e7:8a:28:61:45:38:
         0a:d6:b6:73:64:a2:77:e0:5c:4a:c9:91:0a:5b:b2:d6:f0:cc:
         6e:3b:63:2b:1f:c4:8f:8e:0c:62:79:6b:c0:f4:d7:b4:56:fc:
         ac:0d:61:20:99:d8:6d:4f:a2:46:ab:bd:ff:f6:ff:1e:69:cc:
         c6:81:fe:a0:e4:a6:2c:a7:71:cf:b5:1a:3e:d1:b0:5e:8c:9c:
         40:d0:ef:57:59:83:7a:08:71:b4:c9:f1:ca:e0:45:50:b3:e0:
         e1:0f:40:5e:ce:55:ef:cb:f4:b7:90:51:a0:47:d9:e5:e7:de:
         98:78:e5:c7:f4:1c:a2:9b:0a:47:fb:82:59:bf:e4:0b:eb:dd:
         0b:43:5c:db:1d:05:0d:fe:f4:5e:1e:00:35:92:65:3c:d8:74:
         3a:3e:a1:d2:a4:74:3f:88:9a:0f:78:44:06:59:88:fe:db:19:
         76:db:2e:32:8c:72:af:9a:62:c4:5d:c6:59:7c:7b:42:5d:25:
         bb:30:cc:96:b1:94:03:f6:3c:9e:0a:68:7b:a9:c4:d8:64:b3:
         5a:ae:d4:3e
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTwFMS+JxNj6XF1hvxrW2RfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5OTljZmZhNmU0OGZhMmM0ZjhkMDk4MDMzOTZiNDU3YTYz
MGEzM2QwHhcNMjUwMjEwMTMzODAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2YyYzRlZGZhYWYwYmUwYzk4ZTkxODRkMzgzYzA4OTk4OTJlMmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyLiGlS0a/SFLh3dumPnNfF30C0Tf
1W7YsonzaGfQW2QcSTLj5CaMz4QgH6d2uq3VkBztPenkMBrSduC1gI6JhN+CtALt
w6lpdVVl8NCMw+Mp5g3KvAcvFUKER8ucCQMStfrIfw8ao7gHtzk2BSi6IgAbAnJ4
uXVREf0Z/Ej6wb2Vvu23L7BQ7V00CUMppejU4LAXs8gTT+VvKh0jKGEjaHN8LIhM
/Lc7kHmNqC9vfjnoBuc2OGVB95Xual94hAt0KISFT9u7CBJA47YCDcnBaWLN0u5M
inP/fGvhq2DV1P77bP1t9StT4G3iVtJ6i+UdHNRo/gSKx7mLZfKmR8VgGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGPyxO36rwvgyY6RhNODwImYkuLDMB8GA1UdIwQY
MBaAFKmZz/puSPosT40JgDOWtFemMKM9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVpuUC1tNUktaXhQalFtQU01YTBWNll3b3owLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNy9mMTQzZDAtYWViOC00YjUyLTljMzUt
YjNhNTA5MTBjMmE4LzEvWV9MRTdmcXZDLURKanBHRTA0UEFpWmlTNHNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNy9mMTQzZDAtYWViOC00YjUyLTljMzUtYjNhNTA5MTBjMmE4
LzEvcVpuUC1tNUktaXhQalFtQU01YTBWNll3b3owLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYrEMA0G
CSqGSIb3DQEBCwUAA4IBAQAH3SUNFk+QanDAxV05zmURmLXY/KKzYuN6+46Qk5k5
zz2IOSsIx6BCIrIERTHWk+bniihhRTgK1rZzZKJ34FxKyZEKW7LW8MxuO2MrH8SP
jgxieWvA9Ne0VvysDWEgmdhtT6JGq73/9v8eaczGgf6g5KYsp3HPtRo+0bBejJxA
0O9XWYN6CHG0yfHK4EVQs+DhD0BezlXvy/S3kFGgR9nl596YeOXH9ByimwpH+4JZ
v+QL690LQ1zbHQUN/vReHgA1kmU82HQ6PqHSpHQ/iJoPeEQGWYj+2xl22y4yjHKv
mmLEXcZZfHtCXSW7MMyWsZQD9jyeCmh7qcTYZLNartQ+
-----END CERTIFICATE-----