Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/pYZCrMGmxkKgeeR3OB7Sabq_PhY.roa
File:                     pYZCrMGmxkKgeeR3OB7Sabq_PhY.roa (raw, json)
Hash identifier:          xXgcQpyaaoiy7n7zCgLujfBrckf/0cL3u4clvozeQMo=
Subject key identifier:   A5:86:42:AC:C1:A6:C6:42:A0:79:E4:77:38:1E:D2:69:BA:BF:3E:16
Certificate issuer:       /CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
Certificate serial:       019422FB6B88FF931DB2D631866008BBEBD3
Authority key identifier: DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/pYZCrMGmxkKgeeR3OB7Sabq_PhY.roa
Signing time:             Wed 01 Jan 2025 17:48:09 +0000
ROA not before:           Wed 01 Jan 2025 17:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     208795
IP address blocks:        185.32.84.0/22 maxlen: 24
                          185.135.172.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 19 Apr 2025 18:00:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:6b:88:ff:93:1d:b2:d6:31:86:60:08:bb:eb:d3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=dc86e3e928c7f0c9db69515ff3aa1f678cee43c0
        Validity
            Not Before: Jan  1 17:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=a58642acc1a6c642a079e477381ed269babf3e16
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:4f:cc:0b:f5:6e:da:99:ca:f9:10:bd:c5:e4:
                    bf:1c:2d:0a:51:2c:ab:63:f8:06:2a:0a:d7:3a:33:
                    ed:39:00:46:d9:9e:d6:2d:37:30:67:01:96:bf:ac:
                    a6:27:3a:8e:3b:0a:24:55:93:7c:17:a3:e5:3d:b0:
                    2e:cd:f0:22:07:90:34:25:3d:37:ca:fe:16:30:96:
                    5b:a5:51:e3:3a:fe:e6:48:e9:4b:44:ae:f1:20:68:
                    fe:d7:ab:eb:e6:5a:03:5f:85:d8:b5:d9:71:c7:37:
                    bf:7c:82:d3:c9:af:97:dd:88:ae:68:e5:aa:1b:43:
                    f3:2e:8c:9e:df:8d:19:c6:91:0e:18:07:6a:21:fc:
                    47:80:dd:2e:03:9e:1c:a2:3a:ff:03:93:76:dc:02:
                    a5:f3:aa:f7:57:01:c3:b3:dc:eb:85:91:9a:a0:66:
                    a2:cb:da:cc:65:1b:ce:8c:66:d3:7d:69:5b:6f:94:
                    50:fd:19:a9:69:d8:63:c6:9d:81:49:2f:6a:ea:2d:
                    31:af:7b:b7:4c:9c:6b:46:ed:9d:97:c4:28:ec:db:
                    34:d0:aa:f2:7c:b0:94:03:f3:84:26:37:f4:98:49:
                    6a:c4:b2:0b:8d:06:0d:61:e2:d2:38:1a:ac:8b:1e:
                    9f:0c:59:92:04:90:e2:e2:5b:bd:01:3c:1d:7a:d1:
                    46:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:86:42:AC:C1:A6:C6:42:A0:79:E4:77:38:1E:D2:69:BA:BF:3E:16
            X509v3 Authority Key Identifier:
                keyid:DC:86:E3:E9:28:C7:F0:C9:DB:69:51:5F:F3:AA:1F:67:8C:EE:43:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/pYZCrMGmxkKgeeR3OB7Sabq_PhY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e8/471aa5-c3f7-4afd-b122-9c8e59c2771c/1/3Ibj6SjH8MnbaVFf86ofZ4zuQ8A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.32.84.0/22
                  185.135.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9f:4d:eb:c3:3f:88:e0:88:28:16:8b:fc:75:c1:87:8b:4a:05:
         1d:6c:11:e4:cf:81:1c:57:d3:d2:97:8d:78:81:12:73:56:9e:
         3b:d0:e7:fd:e4:63:6b:27:fb:36:91:2d:2f:8e:21:6f:34:1f:
         8f:40:b3:96:35:a1:2a:92:fa:51:73:46:1d:3b:84:87:cb:9c:
         47:4c:5a:02:c5:fb:a6:72:37:46:7b:b2:cb:01:2b:10:0a:93:
         6e:0c:fb:a9:95:fb:a9:9c:3c:f9:0b:8f:a2:65:a6:ef:e8:1a:
         66:45:e7:d3:d8:9e:20:bd:b2:7b:2e:c1:88:64:66:bc:f0:a2:
         15:36:95:89:ca:34:85:c9:0e:12:7a:1d:47:b6:c4:e9:5f:d3:
         7c:04:72:10:12:89:10:cb:af:1e:c0:54:90:99:29:c8:df:c3:
         ee:1b:79:3c:cf:56:a6:5c:42:4d:b5:41:94:86:6f:e7:95:23:
         96:94:4e:84:8b:c2:f7:c6:78:70:85:96:c8:57:64:4a:5f:4b:
         06:50:c9:83:a6:3d:6d:4f:4c:13:31:a0:cc:16:36:a1:ea:04:
         52:f6:47:c6:4d:11:11:65:a5:ca:30:0a:50:f0:99:61:99:2a:
         04:33:5c:3e:40:00:17:6e:75:2c:e5:aa:ea:5c:13:97:9a:0b:
         58:cf:e0:04
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQi+2uI/5MdstYxhmAIu+vTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjODZlM2U5MjhjN2YwYzlkYjY5NTE1ZmYzYWExZjY3OGNl
ZTQzYzAwHhcNMjUwMTAxMTc0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTg2NDJhY2MxYTZjNjQyYTA3OWU0NzczODFlZDI2OWJhYmYzZTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx0/MC/Vu2pnK+RC9xeS/HC0KUSyr
Y/gGKgrXOjPtOQBG2Z7WLTcwZwGWv6ymJzqOOwokVZN8F6PlPbAuzfAiB5A0JT03
yv4WMJZbpVHjOv7mSOlLRK7xIGj+16vr5loDX4XYtdlxxze/fILTya+X3YiuaOWq
G0PzLoye340ZxpEOGAdqIfxHgN0uA54cojr/A5N23AKl86r3VwHDs9zrhZGaoGai
y9rMZRvOjGbTfWlbb5RQ/Rmpadhjxp2BSS9q6i0xr3u3TJxrRu2dl8Qo7Ns00Kry
fLCUA/OEJjf0mElqxLILjQYNYeLSOBqsix6fDFmSBJDi4lu9ATwdetFGFQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFKWGQqzBpsZCoHnkdzge0mm6vz4WMB8GA1UdIwQY
MBaAFNyG4+kox/DJ22lRX/OqH2eM7kPAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0liajZTakg4TW5iYVZGZjg2b2ZaNHp1UThBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOC80NzFhYTUtYzNmNy00YWZkLWIxMjIt
OWM4ZTU5YzI3NzFjLzEvcFlaQ3JNR214a0tnZWVSM09CN1NhYnFfUGhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOC80NzFhYTUtYzNmNy00YWZkLWIxMjItOWM4ZTU5YzI3NzFj
LzEvM0liajZTakg4TW5iYVZGZjg2b2ZaNHp1UThBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuSBUAwQC
uYesMA0GCSqGSIb3DQEBCwUAA4IBAQCfTevDP4jgiCgWi/x1wYeLSgUdbBHkz4Ec
V9PSl414gRJzVp470Of95GNrJ/s2kS0vjiFvNB+PQLOWNaEqkvpRc0YdO4SHy5xH
TFoCxfumcjdGe7LLASsQCpNuDPuplfupnDz5C4+iZabv6BpmRefT2J4gvbJ7LsGI
ZGa88KIVNpWJyjSFyQ4Seh1HtsTpX9N8BHIQEokQy68ewFSQmSnI38PuG3k8z1am
XEJNtUGUhm/nlSOWlE6Ei8L3xnhwhZbIV2RKX0sGUMmDpj1tT0wTMaDMFjah6gRS
9kfGTRERZaXKMApQ8JlhmSoEM1w+QAAXbnUs5arqXBOXmgtYz+AE
-----END CERTIFICATE-----