Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/yMbSdUOBKCqn_NswdvutijlK684.roa
File:                     yMbSdUOBKCqn_NswdvutijlK684.roa (raw, json)
Hash identifier:          K0IjYQFHztO8K2x6H3KgphHn4JSijnZlB4Ox3bR44Pk=
Subject key identifier:   C8:C6:D2:75:43:81:28:2A:A7:FC:DB:30:76:FB:AD:8A:39:4A:EB:CE
Certificate issuer:       /CN=632e3d037bf0507571b2a068cb90308374ce53ed
Certificate serial:       01941FFAA49F8E7599B6708BFB772750902F
Authority key identifier: 63:2E:3D:03:7B:F0:50:75:71:B2:A0:68:CB:90:30:83:74:CE:53:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yy49A3vwUHVxsqBoy5Awg3TOU-0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/yMbSdUOBKCqn_NswdvutijlK684.roa
Signing time:             Wed 01 Jan 2025 03:48:27 +0000
ROA not before:           Wed 01 Jan 2025 03:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        171.22.145.0/24 maxlen: 24
                          185.243.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/Yy49A3vwUHVxsqBoy5Awg3TOU-0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/Yy49A3vwUHVxsqBoy5Awg3TOU-0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Yy49A3vwUHVxsqBoy5Awg3TOU-0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:a4:9f:8e:75:99:b6:70:8b:fb:77:27:50:90:2f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=632e3d037bf0507571b2a068cb90308374ce53ed
        Validity
            Not Before: Jan  1 03:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8c6d2754381282aa7fcdb3076fbad8a394aebce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:62:57:5a:99:4e:3f:f8:e3:a5:8c:91:74:a3:
                    30:78:f8:16:d1:2c:7a:da:ec:eb:ad:f0:1f:1b:ad:
                    bf:84:5e:af:09:5f:a3:88:23:8b:aa:62:ae:cc:bc:
                    63:f6:3f:ff:bd:36:08:22:a3:81:83:bb:f4:0b:b8:
                    5d:92:c3:9a:17:d0:01:83:4a:7e:d7:eb:9c:70:63:
                    2d:c2:c8:44:61:26:83:ee:60:a2:f4:97:d9:47:fe:
                    a0:2b:56:0b:0e:58:58:4e:c8:76:38:dd:b1:b8:78:
                    96:ae:71:06:28:a6:1c:2f:ba:71:57:d3:27:48:5e:
                    80:00:ea:e5:22:29:63:40:fb:bb:c7:c2:d6:95:1f:
                    4b:44:d7:74:d8:84:fc:72:00:57:34:61:50:e2:7e:
                    75:0b:28:1a:bf:36:1e:63:58:34:35:6c:f0:35:0c:
                    82:2a:7d:2b:3d:bd:4d:a0:63:6b:32:f4:94:8f:de:
                    37:23:61:0e:9e:e8:ff:34:71:ef:a9:0d:81:e9:d3:
                    b6:50:3e:dd:85:82:4a:98:97:12:6b:61:93:d4:44:
                    31:f2:3c:ab:00:d9:67:00:f8:78:82:fd:a4:c4:ea:
                    7a:85:ff:b3:d4:3e:ef:f5:be:4b:84:9c:69:08:bb:
                    42:b3:d9:47:5b:01:bd:4c:81:05:a2:7b:6c:15:57:
                    60:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:C6:D2:75:43:81:28:2A:A7:FC:DB:30:76:FB:AD:8A:39:4A:EB:CE
            X509v3 Authority Key Identifier:
                keyid:63:2E:3D:03:7B:F0:50:75:71:B2:A0:68:CB:90:30:83:74:CE:53:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yy49A3vwUHVxsqBoy5Awg3TOU-0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/yMbSdUOBKCqn_NswdvutijlK684.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/f9f4a9-a0cd-4107-aa41-d52a18985999/1/Yy49A3vwUHVxsqBoy5Awg3TOU-0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  171.22.145.0/24
                  185.243.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:47:fc:3a:dd:e2:0f:8c:dc:42:0c:88:ab:d2:33:e0:96:71:
         be:18:3d:6e:c3:5f:73:fb:99:e7:88:4d:8f:18:a8:c9:2e:e1:
         f2:23:18:98:95:c3:bb:79:39:e2:91:c9:09:42:29:71:f9:3a:
         ec:40:45:58:3d:cf:62:58:fd:04:44:bb:0b:d3:d9:40:19:3e:
         f5:d4:5b:4e:c7:a5:6b:6a:0c:ac:fc:c6:f1:d0:53:ac:07:90:
         cf:35:2a:02:ed:c0:d3:ef:88:37:f5:73:b2:05:38:ba:c7:9a:
         83:64:5b:cb:32:5d:cb:8e:bf:ed:98:84:14:61:8b:7a:b7:e0:
         59:f5:2d:8e:de:93:da:7f:6e:eb:76:78:a9:c1:5b:16:33:47:
         62:6d:6c:d7:c3:76:82:86:09:8b:cf:13:82:b5:d2:63:71:43:
         c6:af:2e:c7:9e:c4:7d:78:4c:62:ec:e2:da:02:91:aa:8b:4d:
         5a:14:6c:1f:80:bb:ad:29:ca:1a:df:8d:d9:cb:ba:ad:51:a0:
         0d:8f:b1:13:af:14:ec:5d:e8:77:e4:44:8b:d6:5a:29:b4:e7:
         d1:1e:27:82:3e:6e:a6:a3:75:bb:bc:0d:f3:41:16:cc:50:4c:
         ac:2a:8b:d9:84:00:b7:68:95:5a:d9:31:2a:de:0f:c1:e8:4d:
         fc:18:e3:24
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQf+qSfjnWZtnCL+3cnUJAvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzMmUzZDAzN2JmMDUwNzU3MWIyYTA2OGNiOTAzMDgzNzRj
ZTUzZWQwHhcNMjUwMTAxMDM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGM2ZDI3NTQzODEyODJhYTdmY2RiMzA3NmZiYWQ4YTM5NGFlYmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqWJXWplOP/jjpYyRdKMwePgW0Sx6
2uzrrfAfG62/hF6vCV+jiCOLqmKuzLxj9j//vTYIIqOBg7v0C7hdksOaF9ABg0p+
1+uccGMtwshEYSaD7mCi9JfZR/6gK1YLDlhYTsh2ON2xuHiWrnEGKKYcL7pxV9Mn
SF6AAOrlIiljQPu7x8LWlR9LRNd02IT8cgBXNGFQ4n51CygavzYeY1g0NWzwNQyC
Kn0rPb1NoGNrMvSUj943I2EOnuj/NHHvqQ2B6dO2UD7dhYJKmJcSa2GT1EQx8jyr
ANlnAPh4gv2kxOp6hf+z1D7v9b5LhJxpCLtCs9lHWwG9TIEFontsFVdgPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMjG0nVDgSgqp/zbMHb7rYo5SuvOMB8GA1UdIwQY
MBaAFGMuPQN78FB1cbKgaMuQMIN0zlPtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXk0OUEzdndVSFZ4c3FCb3k1QXdnM1RPVS0wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS9mOWY0YTktYTBjZC00MTA3LWFhNDEt
ZDUyYTE4OTg1OTk5LzEveU1iU2RVT0JLQ3FuX05zd2R2dXRpamxLNjg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS9mOWY0YTktYTBjZC00MTA3LWFhNDEtZDUyYTE4OTg1OTk5
LzEvWXk0OUEzdndVSFZ4c3FCb3k1QXdnM1RPVS0wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAqxaRAwQA
ufOBMA0GCSqGSIb3DQEBCwUAA4IBAQAnR/w63eIPjNxCDIir0jPglnG+GD1uw19z
+5nniE2PGKjJLuHyIxiYlcO7eTnikckJQilx+TrsQEVYPc9iWP0ERLsL09lAGT71
1FtOx6Vragys/Mbx0FOsB5DPNSoC7cDT74g39XOyBTi6x5qDZFvLMl3Ljr/tmIQU
YYt6t+BZ9S2O3pPaf27rdnipwVsWM0dibWzXw3aChgmLzxOCtdJjcUPGry7HnsR9
eExi7OLaApGqi01aFGwfgLutKcoa343Zy7qtUaANj7ETrxTsXeh35ESL1loptOfR
HieCPm6mo3W7vA3zQRbMUEysKovZhAC3aJVa2TEq3g/B6E38GOMk
-----END CERTIFICATE-----