Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/00/4ff3d1-cc2d-4eba-913e-2782477b9d1e/1/YcBJMOZnarbYkNxw905RMeZes7Q.roa
File:                     YcBJMOZnarbYkNxw905RMeZes7Q.roa (raw, json)
Hash identifier:          FciS9wueWxFbzT7TwtYBQ+UslPbKowgQrJac0SFsxR8=
Subject key identifier:   61:C0:49:30:E6:67:6A:B6:D8:90:DC:70:F7:4E:51:31:E6:5E:B3:B4
Certificate issuer:       /CN=48faed6714f46a2b843f14e40e54e626a0c500ee
Certificate serial:       019427B538F6DDF1589D86701E054A24E349
Authority key identifier: 48:FA:ED:67:14:F4:6A:2B:84:3F:14:E4:0E:54:E6:26:A0:C5:00:EE
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/SPrtZxT0aiuEPxTkDlTmJqDFAO4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/00/4ff3d1-cc2d-4eba-913e-2782477b9d1e/1/YcBJMOZnarbYkNxw905RMeZes7Q.roa
Signing time:             Thu 02 Jan 2025 15:49:35 +0000
ROA not before:           Thu 02 Jan 2025 15:49:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     34832
IP address blocks:        195.211.120.0/22 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/00/4ff3d1-cc2d-4eba-913e-2782477b9d1e/1/SPrtZxT0aiuEPxTkDlTmJqDFAO4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/00/4ff3d1-cc2d-4eba-913e-2782477b9d1e/1/SPrtZxT0aiuEPxTkDlTmJqDFAO4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/SPrtZxT0aiuEPxTkDlTmJqDFAO4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:38:f6:dd:f1:58:9d:86:70:1e:05:4a:24:e3:49
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=48faed6714f46a2b843f14e40e54e626a0c500ee
        Validity
            Not Before: Jan  2 15:49:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61c04930e6676ab6d890dc70f74e5131e65eb3b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:d3:de:8d:79:7f:70:42:b1:b9:c8:40:87:b3:
                    fe:29:97:ec:fb:98:7a:2b:d2:d3:fe:94:08:b2:8c:
                    db:72:40:1e:af:8d:c9:1e:ff:5d:d9:e5:9d:8d:b5:
                    16:17:a0:e9:97:f4:eb:19:cb:0c:31:9c:10:1e:89:
                    5d:66:67:6f:98:87:d3:ab:84:fe:13:bf:60:cf:20:
                    dd:1c:6c:4f:50:9b:ca:84:ca:19:9a:57:58:aa:e7:
                    c3:ca:8c:af:0e:b1:99:62:41:7a:2e:26:df:61:b5:
                    e4:4b:bc:c5:de:fe:f7:d8:c9:c8:07:ee:ba:00:42:
                    0b:08:c4:a7:51:ac:c2:56:fb:c2:0d:41:64:29:19:
                    6f:08:1c:ec:bd:e5:83:48:bb:2a:dc:d2:4f:95:54:
                    40:ac:c9:8d:9d:83:6c:e8:40:18:40:f5:8a:21:42:
                    16:21:07:7e:df:3e:af:b7:47:13:bb:ab:20:9f:a8:
                    bd:3b:ef:5a:f9:d3:4c:e1:78:27:06:1b:90:f6:ee:
                    e5:b4:ad:de:17:af:13:52:54:ec:cf:2c:24:f8:a2:
                    b4:76:7c:3f:6e:c8:93:95:37:c7:36:6e:2d:90:65:
                    b8:48:8f:6b:73:c4:88:ac:53:7b:26:5d:fb:3d:83:
                    e1:8d:a5:75:82:b3:75:ba:c6:ff:7b:54:c5:80:d2:
                    0b:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:C0:49:30:E6:67:6A:B6:D8:90:DC:70:F7:4E:51:31:E6:5E:B3:B4
            X509v3 Authority Key Identifier:
                keyid:48:FA:ED:67:14:F4:6A:2B:84:3F:14:E4:0E:54:E6:26:A0:C5:00:EE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SPrtZxT0aiuEPxTkDlTmJqDFAO4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/00/4ff3d1-cc2d-4eba-913e-2782477b9d1e/1/YcBJMOZnarbYkNxw905RMeZes7Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/00/4ff3d1-cc2d-4eba-913e-2782477b9d1e/1/SPrtZxT0aiuEPxTkDlTmJqDFAO4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.211.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         20:af:62:16:85:d7:dd:29:8f:23:50:50:08:8a:8e:b2:87:82:
         79:9b:4e:2c:d4:b4:f2:10:79:7c:bd:e8:e6:3e:a5:75:64:e6:
         97:a7:ea:7f:f3:af:25:b3:33:6a:cf:6a:7f:f3:7f:c3:ea:79:
         14:e0:6a:e1:ca:36:93:b7:c4:67:7b:bb:40:89:58:bb:8b:8c:
         83:3a:7c:2c:6c:0d:ef:87:f4:88:32:0d:34:cb:8e:39:17:11:
         0f:0c:ab:aa:bf:29:89:bc:50:48:96:15:2f:d5:c8:55:0d:02:
         9c:31:31:2f:50:3f:76:70:4f:8f:75:97:66:27:39:7b:ac:13:
         08:f9:ff:e6:2e:42:9d:a2:27:dd:0c:12:b0:79:95:f0:aa:4c:
         af:0b:1f:74:36:65:0e:32:08:65:cf:5a:02:d1:6a:ce:9a:9b:
         cf:69:a8:f7:a8:aa:2d:bb:3b:fd:9a:e9:d7:1b:84:b9:cd:08:
         38:0c:5f:49:48:b6:d2:96:22:c8:19:16:02:a5:c2:92:1e:e6:
         6b:e6:a8:30:b5:6e:4c:38:73:a7:99:0b:5d:3d:f6:99:ff:fe:
         82:65:2b:a6:0d:91:0c:62:15:1d:9e:88:0d:85:3f:69:1a:a8:
         50:e3:0e:21:22:e2:11:2f:02:4a:fc:41:29:2f:3f:aa:df:f0:
         c4:77:f6:4a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntTj23fFYnYZwHgVKJONJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4ZmFlZDY3MTRmNDZhMmI4NDNmMTRlNDBlNTRlNjI2YTBj
NTAwZWUwHhcNMjUwMTAyMTU0OTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWMwNDkzMGU2Njc2YWI2ZDg5MGRjNzBmNzRlNTEzMWU2NWViM2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6tPejXl/cEKxuchAh7P+KZfs+5h6
K9LT/pQIsozbckAer43JHv9d2eWdjbUWF6Dpl/TrGcsMMZwQHoldZmdvmIfTq4T+
E79gzyDdHGxPUJvKhMoZmldYqufDyoyvDrGZYkF6LibfYbXkS7zF3v732MnIB+66
AEILCMSnUazCVvvCDUFkKRlvCBzsveWDSLsq3NJPlVRArMmNnYNs6EAYQPWKIUIW
IQd+3z6vt0cTu6sgn6i9O+9a+dNM4XgnBhuQ9u7ltK3eF68TUlTszywk+KK0dnw/
bsiTlTfHNm4tkGW4SI9rc8SIrFN7Jl37PYPhjaV1grN1usb/e1TFgNILiwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGHASTDmZ2q22JDccPdOUTHmXrO0MB8GA1UdIwQY
MBaAFEj67WcU9GorhD8U5A5U5iagxQDuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU1BydFp4VDBhaXVFUHhUa0RsVG1KcURGQU80LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMC80ZmYzZDEtY2MyZC00ZWJhLTkxM2Ut
Mjc4MjQ3N2I5ZDFlLzEvWWNCSk1PWm5hcmJZa054dzkwNVJNZVplczdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMC80ZmYzZDEtY2MyZC00ZWJhLTkxM2UtMjc4MjQ3N2I5ZDFl
LzEvU1BydFp4VDBhaXVFUHhUa0RsVG1KcURGQU80LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCw9N4MA0G
CSqGSIb3DQEBCwUAA4IBAQAgr2IWhdfdKY8jUFAIio6yh4J5m04s1LTyEHl8vejm
PqV1ZOaXp+p/868lszNqz2p/83/D6nkU4GrhyjaTt8Rne7tAiVi7i4yDOnwsbA3v
h/SIMg00y445FxEPDKuqvymJvFBIlhUv1chVDQKcMTEvUD92cE+PdZdmJzl7rBMI
+f/mLkKdoifdDBKweZXwqkyvCx90NmUOMghlz1oC0WrOmpvPaaj3qKotuzv9munX
G4S5zQg4DF9JSLbSliLIGRYCpcKSHuZr5qgwtW5MOHOnmQtdPfaZ//6CZSumDZEM
YhUdnogNhT9pGqhQ4w4hIuIRLwJK/EEpLz+q3/DEd/ZK
-----END CERTIFICATE-----