Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/9d0245-7855-4031-9648-54628dfcba4c/1/yKqwm37t4yVmxr4NwzTqfwD-IDY.roa
File:                     yKqwm37t4yVmxr4NwzTqfwD-IDY.roa (raw, json)
Hash identifier:          MxaSTIqKL5tTZsGpRXKzjl3dEdK1M2+iZYuBArbrbWM=
Subject key identifier:   C8:AA:B0:9B:7E:ED:E3:25:66:C6:BE:0D:C3:34:EA:7F:00:FE:20:36
Certificate issuer:       /CN=0a84e473aa564eb51a7e7eb8b18f14ac0cbc2c9c
Certificate serial:       019425FDE4A4121C045A3E45DD3053A442A9
Authority key identifier: 0A:84:E4:73:AA:56:4E:B5:1A:7E:7E:B8:B1:8F:14:AC:0C:BC:2C:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/CoTkc6pWTrUafn64sY8UrAy8LJw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/9d0245-7855-4031-9648-54628dfcba4c/1/yKqwm37t4yVmxr4NwzTqfwD-IDY.roa
Signing time:             Thu 02 Jan 2025 07:49:43 +0000
ROA not before:           Thu 02 Jan 2025 07:49:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     49570
IP address blocks:        195.64.184.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/9d0245-7855-4031-9648-54628dfcba4c/1/CoTkc6pWTrUafn64sY8UrAy8LJw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/9d0245-7855-4031-9648-54628dfcba4c/1/CoTkc6pWTrUafn64sY8UrAy8LJw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/CoTkc6pWTrUafn64sY8UrAy8LJw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:e4:a4:12:1c:04:5a:3e:45:dd:30:53:a4:42:a9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0a84e473aa564eb51a7e7eb8b18f14ac0cbc2c9c
        Validity
            Not Before: Jan  2 07:49:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c8aab09b7eede32566c6be0dc334ea7f00fe2036
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:e8:f5:df:37:52:04:7f:13:6d:e8:65:b1:83:
                    3e:1f:fb:f2:52:0f:c1:52:25:d8:74:c7:59:13:63:
                    20:6d:67:37:bb:24:53:26:36:ce:68:24:e5:2d:a3:
                    4c:94:f6:6e:25:55:6c:f5:db:af:40:69:41:85:d4:
                    ee:c9:a6:f9:fc:99:f6:38:d7:8c:48:44:10:a5:18:
                    13:e6:18:f4:87:80:17:ad:32:35:2c:bc:7e:95:90:
                    10:76:27:5a:37:cf:28:31:40:5d:f0:15:48:52:9f:
                    72:19:b8:6a:dd:e0:ba:50:15:df:07:f1:6a:08:85:
                    75:ce:74:36:cc:87:4e:32:b9:47:a0:e7:52:5e:e5:
                    3f:4b:f6:df:45:e3:5d:9d:d8:35:70:fb:43:c3:ca:
                    ce:8c:01:d1:61:0a:87:b6:01:d2:a4:84:af:7b:28:
                    aa:0f:14:f7:0a:a7:a9:34:32:48:54:04:dc:57:d6:
                    56:06:f6:24:d2:99:02:df:66:f9:f6:4e:08:36:d1:
                    1d:9e:ab:e6:6d:8f:70:40:b7:db:d4:50:1d:b8:06:
                    43:47:ff:55:a9:2d:37:25:2c:a5:f7:fb:7e:4e:88:
                    07:db:1c:2e:fd:0b:bb:f5:77:31:73:4a:19:da:e7:
                    72:e5:8c:a1:5a:5c:25:0c:b5:e5:af:75:be:f2:e2:
                    7b:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:AA:B0:9B:7E:ED:E3:25:66:C6:BE:0D:C3:34:EA:7F:00:FE:20:36
            X509v3 Authority Key Identifier:
                keyid:0A:84:E4:73:AA:56:4E:B5:1A:7E:7E:B8:B1:8F:14:AC:0C:BC:2C:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CoTkc6pWTrUafn64sY8UrAy8LJw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/9d0245-7855-4031-9648-54628dfcba4c/1/yKqwm37t4yVmxr4NwzTqfwD-IDY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/9d0245-7855-4031-9648-54628dfcba4c/1/CoTkc6pWTrUafn64sY8UrAy8LJw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.64.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         49:50:fa:68:f1:53:95:a7:52:a4:2a:4e:95:29:9f:a4:0f:5e:
         91:01:59:95:cd:4e:91:5e:82:7b:16:93:75:64:e2:93:af:07:
         9b:e3:e2:67:91:a6:77:a8:72:b1:59:ce:35:76:5b:8a:31:26:
         46:3c:2a:e2:a7:bb:49:95:0f:5f:df:8e:17:c7:8d:4e:ac:57:
         61:50:91:3a:0a:63:ad:e1:c9:cd:17:53:f8:67:78:e8:a3:8d:
         3d:7a:43:11:d1:6e:0c:3f:ac:f1:ff:81:b1:c4:df:32:2d:70:
         cb:47:5c:45:84:e4:25:b9:68:6c:53:62:e2:de:ef:80:b6:46:
         74:c3:92:49:25:ab:32:0b:c2:5f:3c:da:b4:5b:90:5e:7c:41:
         33:2a:b9:03:1f:9f:77:e6:ac:fb:fa:96:24:b7:35:9b:b0:f0:
         1e:22:f5:2b:bf:ee:53:ab:0b:95:0f:f7:85:e9:5e:4c:38:f9:
         c2:c5:b2:49:e8:18:ab:1c:49:cb:ac:ef:35:4d:1a:db:bd:13:
         ee:2d:0d:e0:a2:c8:31:87:05:d8:55:9e:10:39:16:1a:13:3e:
         d7:54:e3:c9:d0:4e:36:3d:62:87:d8:4d:e9:d7:15:4b:fc:9a:
         9b:06:e7:81:31:f4:b8:6f:29:83:a4:6e:ad:37:42:59:27:11:
         e6:24:7e:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQl/eSkEhwEWj5F3TBTpEKpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhODRlNDczYWE1NjRlYjUxYTdlN2ViOGIxOGYxNGFjMGNi
YzJjOWMwHhcNMjUwMTAyMDc0OTQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGFhYjA5YjdlZWRlMzI1NjZjNmJlMGRjMzM0ZWE3ZjAwZmUyMDM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnuj13zdSBH8TbehlsYM+H/vyUg/B
UiXYdMdZE2MgbWc3uyRTJjbOaCTlLaNMlPZuJVVs9duvQGlBhdTuyab5/Jn2ONeM
SEQQpRgT5hj0h4AXrTI1LLx+lZAQdidaN88oMUBd8BVIUp9yGbhq3eC6UBXfB/Fq
CIV1znQ2zIdOMrlHoOdSXuU/S/bfReNdndg1cPtDw8rOjAHRYQqHtgHSpISveyiq
DxT3CqepNDJIVATcV9ZWBvYk0pkC32b59k4INtEdnqvmbY9wQLfb1FAduAZDR/9V
qS03JSyl9/t+TogH2xwu/Qu79Xcxc0oZ2udy5YyhWlwlDLXlr3W+8uJ7PwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMiqsJt+7eMlZsa+DcM06n8A/iA2MB8GA1UdIwQY
MBaAFAqE5HOqVk61Gn5+uLGPFKwMvCycMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ29Ua2M2cFdUclVhZm42NHNZOFVyQXk4TEp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy85ZDAyNDUtNzg1NS00MDMxLTk2NDgt
NTQ2MjhkZmNiYTRjLzEveUtxd20zN3Q0eVZteHI0Tnd6VHFmd0QtSURZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy85ZDAyNDUtNzg1NS00MDMxLTk2NDgtNTQ2MjhkZmNiYTRj
LzEvQ29Ua2M2cFdUclVhZm42NHNZOFVyQXk4TEp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw0C4MA0G
CSqGSIb3DQEBCwUAA4IBAQBJUPpo8VOVp1KkKk6VKZ+kD16RAVmVzU6RXoJ7FpN1
ZOKTrweb4+JnkaZ3qHKxWc41dluKMSZGPCrip7tJlQ9f344Xx41OrFdhUJE6CmOt
4cnNF1P4Z3joo409ekMR0W4MP6zx/4GxxN8yLXDLR1xFhOQluWhsU2Li3u+AtkZ0
w5JJJasyC8JfPNq0W5BefEEzKrkDH5935qz7+pYktzWbsPAeIvUrv+5TqwuVD/eF
6V5MOPnCxbJJ6BirHEnLrO81TRrbvRPuLQ3gosgxhwXYVZ4QORYaEz7XVOPJ0E42
PWKH2E3p1xVL/JqbBueBMfS4bymDpG6tN0JZJxHmJH61
-----END CERTIFICATE-----