Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/f2700b-9853-4172-9a61-a691448b2ec4/1/yvO64MJqKXwU9zQx1VNZmF0vwiQ.roa
File:                     yvO64MJqKXwU9zQx1VNZmF0vwiQ.roa (raw, json)
Hash identifier:          suqTW5OcdpqYPj7vinRk1PIGqjKi/55px0F96ecmjEo=
Subject key identifier:   CA:F3:BA:E0:C2:6A:29:7C:14:F7:34:31:D5:53:59:98:5D:2F:C2:24
Certificate issuer:       /CN=a5a975239fdd443b7d3d82e392a9e4ae39218ef6
Certificate serial:       019422FC46B8AF8F3F5FA5494E760C331228
Authority key identifier: A5:A9:75:23:9F:DD:44:3B:7D:3D:82:E3:92:A9:E4:AE:39:21:8E:F6
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pal1I5_dRDt9PYLjkqnkrjkhjvY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/02/f2700b-9853-4172-9a61-a691448b2ec4/1/yvO64MJqKXwU9zQx1VNZmF0vwiQ.roa
Signing time:             Wed 01 Jan 2025 17:49:05 +0000
ROA not before:           Wed 01 Jan 2025 17:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        193.36.66.0/24 maxlen: 24
                          193.36.67.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/02/f2700b-9853-4172-9a61-a691448b2ec4/1/pal1I5_dRDt9PYLjkqnkrjkhjvY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/02/f2700b-9853-4172-9a61-a691448b2ec4/1/pal1I5_dRDt9PYLjkqnkrjkhjvY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pal1I5_dRDt9PYLjkqnkrjkhjvY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 05 Apr 2025 17:01:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:46:b8:af:8f:3f:5f:a5:49:4e:76:0c:33:12:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5a975239fdd443b7d3d82e392a9e4ae39218ef6
        Validity
            Not Before: Jan  1 17:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=caf3bae0c26a297c14f73431d55359985d2fc224
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:bf:f1:dc:19:c7:04:d4:50:03:65:17:bb:49:
                    b8:69:0a:26:09:ac:d1:b7:31:2c:bf:03:62:c4:17:
                    1e:4f:a4:9f:18:ea:06:31:9e:1d:cc:28:b7:06:e7:
                    48:2b:bf:fa:b3:ae:f6:c2:f7:73:48:df:12:00:16:
                    78:f6:cc:6d:1c:9d:61:70:1f:19:0c:5d:5f:0a:0e:
                    5c:41:6c:56:8b:cb:87:cc:c7:e2:88:e6:32:d1:fa:
                    98:e4:36:b5:ea:c3:d7:63:91:bb:a0:f5:4a:1e:bc:
                    d7:77:ae:3f:d6:1a:09:e6:11:47:44:0d:dc:02:44:
                    5e:e5:a4:6a:6d:77:2e:26:7f:b5:cb:3e:53:b9:99:
                    e8:99:17:fb:54:53:1e:62:04:1c:04:22:59:03:77:
                    8b:fb:f1:6b:43:88:6b:9f:68:32:98:7d:e1:25:7a:
                    68:40:d5:64:09:52:7b:76:56:f4:f3:fb:0d:34:3e:
                    76:b1:4b:b0:26:37:2f:dd:3b:f8:71:bb:f2:50:ab:
                    a6:42:19:86:09:a5:34:40:05:7e:73:fb:77:23:f0:
                    15:56:77:67:cb:03:31:97:ea:9f:3e:80:32:e3:e1:
                    2e:6f:0f:4d:9f:1e:32:cd:7a:c6:c7:53:15:00:d2:
                    89:f8:77:f4:6f:e2:50:df:2a:f3:3e:28:8c:62:9c:
                    7b:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:F3:BA:E0:C2:6A:29:7C:14:F7:34:31:D5:53:59:98:5D:2F:C2:24
            X509v3 Authority Key Identifier:
                keyid:A5:A9:75:23:9F:DD:44:3B:7D:3D:82:E3:92:A9:E4:AE:39:21:8E:F6

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pal1I5_dRDt9PYLjkqnkrjkhjvY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f2700b-9853-4172-9a61-a691448b2ec4/1/yvO64MJqKXwU9zQx1VNZmF0vwiQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/02/f2700b-9853-4172-9a61-a691448b2ec4/1/pal1I5_dRDt9PYLjkqnkrjkhjvY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         83:7b:5d:66:50:17:85:be:3b:35:2a:45:7b:de:b2:2f:49:86:
         02:5e:be:8b:64:8e:c8:62:a6:2f:73:ea:8f:04:c6:6d:28:10:
         2c:b2:62:3a:46:fd:17:e2:d7:63:44:af:74:66:e8:f7:f7:3b:
         5b:33:42:01:c1:0b:22:9c:80:bb:a4:8f:ac:a2:23:57:29:e8:
         34:90:75:fb:0f:03:04:8b:2d:96:32:a1:da:d7:42:8b:8d:ef:
         80:25:cc:74:60:f6:d8:12:82:12:5b:93:3f:9d:77:4d:3e:5d:
         14:da:51:24:a6:f5:93:4e:4c:24:50:ff:d2:0d:cb:86:1e:08:
         d3:fc:ec:78:ac:ff:0c:ab:61:e0:75:d5:11:29:51:f7:18:d2:
         92:3c:5b:5a:11:f0:a2:3e:41:49:eb:6e:ab:45:4e:93:34:bf:
         b8:75:74:00:a1:a6:7f:e8:6b:90:f3:e2:84:8a:0b:1d:be:24:
         7d:90:37:c2:28:b5:c7:59:da:8a:1b:10:1f:dd:c5:bc:77:ba:
         24:37:5e:11:cc:4f:16:05:cb:06:c0:02:d1:2f:f4:8b:ea:60:
         ef:b8:3e:b4:c0:74:ab:62:ab:23:73:67:86:fb:50:04:ce:d2:
         46:15:4a:66:f4:e8:41:61:5d:c6:a2:4a:a6:4a:e0:4b:57:75:
         11:7f:9c:10
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi/Ea4r48/X6VJTnYMMxIoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YTk3NTIzOWZkZDQ0M2I3ZDNkODJlMzkyYTllNGFlMzky
MThlZjYwHhcNMjUwMTAxMTc0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWYzYmFlMGMyNmEyOTdjMTRmNzM0MzFkNTUzNTk5ODVkMmZjMjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArb/x3BnHBNRQA2UXu0m4aQomCazR
tzEsvwNixBceT6SfGOoGMZ4dzCi3BudIK7/6s672wvdzSN8SABZ49sxtHJ1hcB8Z
DF1fCg5cQWxWi8uHzMfiiOYy0fqY5Da16sPXY5G7oPVKHrzXd64/1hoJ5hFHRA3c
AkRe5aRqbXcuJn+1yz5TuZnomRf7VFMeYgQcBCJZA3eL+/FrQ4hrn2gymH3hJXpo
QNVkCVJ7dlb08/sNND52sUuwJjcv3Tv4cbvyUKumQhmGCaU0QAV+c/t3I/AVVndn
ywMxl+qfPoAy4+Eubw9Nnx4yzXrGx1MVANKJ+Hf0b+JQ3yrzPiiMYpx7SQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMrzuuDCail8FPc0MdVTWZhdL8IkMB8GA1UdIwQY
MBaAFKWpdSOf3UQ7fT2C45Kp5K45IY72MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGFsMUk1X2RSRHQ5UFlMamtxbmtyamtoanZZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi9mMjcwMGItOTg1My00MTcyLTlhNjEt
YTY5MTQ0OGIyZWM0LzEveXZPNjRNSnFLWHdVOXpReDFWTlptRjB2d2lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi9mMjcwMGItOTg1My00MTcyLTlhNjEtYTY5MTQ0OGIyZWM0
LzEvcGFsMUk1X2RSRHQ5UFlMamtxbmtyamtoanZZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwSRCMA0G
CSqGSIb3DQEBCwUAA4IBAQCDe11mUBeFvjs1KkV73rIvSYYCXr6LZI7IYqYvc+qP
BMZtKBAssmI6Rv0X4tdjRK90Zuj39ztbM0IBwQsinIC7pI+soiNXKeg0kHX7DwME
iy2WMqHa10KLje+AJcx0YPbYEoISW5M/nXdNPl0U2lEkpvWTTkwkUP/SDcuGHgjT
/Ox4rP8Mq2HgddURKVH3GNKSPFtaEfCiPkFJ626rRU6TNL+4dXQAoaZ/6GuQ8+KE
igsdviR9kDfCKLXHWdqKGxAf3cW8d7okN14RzE8WBcsGwALRL/SL6mDvuD60wHSr
Yqsjc2eG+1AEztJGFUpm9OhBYV3GokqmSuBLV3URf5wQ
-----END CERTIFICATE-----