Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/yc5B0WnZegARGGQ9j1H6_YJudww.roa
File:                     yc5B0WnZegARGGQ9j1H6_YJudww.roa (raw, json)
Hash identifier:          mwW5Bm15DR/yAwdRU5lrY7pwK+7PI9XSedLPuRbBoZU=
Subject key identifier:   C9:CE:41:D1:69:D9:7A:00:11:18:64:3D:8F:51:FA:FD:82:6E:77:0C
Certificate issuer:       /CN=86d648bdba965461b1e8c11b9dd436c61382873c
Certificate serial:       0195957382BD2EE83CD9779073B43DC6B8E0
Authority key identifier: 86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/yc5B0WnZegARGGQ9j1H6_YJudww.roa
Signing time:             Fri 14 Mar 2025 16:18:50 +0000
ROA not before:           Fri 14 Mar 2025 16:18:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     400992
IP address blocks:        147.45.113.0/24 maxlen: 24
                          147.45.124.0/24 maxlen: 24
                          147.45.125.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 19:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:95:73:82:bd:2e:e8:3c:d9:77:90:73:b4:3d:c6:b8:e0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86d648bdba965461b1e8c11b9dd436c61382873c
        Validity
            Not Before: Mar 14 16:18:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9ce41d169d97a001118643d8f51fafd826e770c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:12:05:4a:9b:74:37:05:4f:bd:d3:86:47:5d:
                    07:5d:b2:1c:ee:df:d7:d6:98:42:74:60:74:c1:5e:
                    57:5f:ba:55:52:96:c6:d3:7e:cf:2e:5a:0e:9f:5d:
                    52:60:81:81:0a:5b:32:ec:6c:5f:71:61:77:09:31:
                    09:94:cb:06:2c:84:9a:28:34:5e:1b:04:d0:b0:2d:
                    18:98:7b:5e:bc:78:ac:8c:e0:cb:b4:b2:b6:3e:ae:
                    35:05:7a:fd:b9:c5:a3:85:e2:be:9f:c3:4f:fd:8b:
                    23:04:03:51:bc:33:ca:6b:c3:2e:b5:fe:3f:d0:81:
                    13:88:78:b0:55:19:9e:96:6c:46:74:84:4e:e4:44:
                    3c:d7:dc:3e:7d:db:e4:ce:13:44:ce:c3:70:17:8f:
                    1c:ba:37:89:09:94:41:cf:4e:30:e8:1b:8a:98:20:
                    a3:a1:97:90:08:04:fc:0e:aa:e8:5a:54:be:9f:9a:
                    83:71:1c:5f:aa:5f:fa:36:26:e7:fb:6a:a3:0f:ac:
                    a2:ed:3c:0f:14:e6:7c:4b:58:a6:18:f2:c7:65:97:
                    ce:6e:fa:d6:03:f5:98:1a:9b:ca:cb:b8:f4:7f:8b:
                    51:5a:de:ce:4a:5d:4e:3c:ba:8e:a4:82:04:40:fe:
                    e9:13:4e:ad:0c:76:14:aa:c7:57:a3:63:5a:fb:01:
                    d0:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:CE:41:D1:69:D9:7A:00:11:18:64:3D:8F:51:FA:FD:82:6E:77:0C
            X509v3 Authority Key Identifier:
                keyid:86:D6:48:BD:BA:96:54:61:B1:E8:C1:1B:9D:D4:36:C6:13:82:87:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/htZIvbqWVGGx6MEbndQ2xhOChzw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/yc5B0WnZegARGGQ9j1H6_YJudww.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0c/ac58ea-c459-48ca-b82b-4dec4dafee49/1/htZIvbqWVGGx6MEbndQ2xhOChzw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  147.45.113.0/24
                  147.45.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         74:96:83:89:30:02:4b:c3:66:d7:f3:3d:55:f3:a7:0d:e7:73:
         9d:d0:04:96:2a:9a:40:37:80:3b:0e:b4:bd:84:b5:ba:d8:c7:
         f5:08:56:6b:ad:d3:0b:eb:97:62:10:ac:df:6b:9e:d3:e9:50:
         87:8b:ef:be:07:c5:ff:bf:67:a9:17:e5:7e:6c:05:27:46:52:
         56:9f:94:45:f5:31:c2:c5:f3:99:bd:bd:6e:df:15:c4:47:d5:
         9f:52:98:50:6b:75:8b:e1:b6:fc:8b:5f:4e:e3:25:37:a6:8a:
         b2:5f:ec:b4:b7:10:59:97:0d:6b:75:7e:ff:21:d3:2b:e7:fe:
         63:4d:e2:ed:35:f6:be:bd:56:50:37:fe:4a:70:9f:71:6b:ee:
         ae:bd:34:60:24:32:14:12:46:0c:79:3a:ea:a8:9e:36:06:68:
         c9:5b:88:ae:54:4d:98:56:2e:2a:50:8e:34:1f:e0:84:97:56:
         22:d9:9f:1b:a2:3d:15:ed:dc:18:f9:4b:60:23:6d:7f:37:07:
         d8:29:b6:f0:b7:c6:0e:53:26:ce:5c:3d:a6:22:01:45:3f:c2:
         b2:7b:75:89:3c:80:ef:7b:aa:60:2c:4a:43:b5:50:3f:2f:e0:
         40:b6:21:5d:66:16:34:ac:80:27:1a:e7:48:36:83:a8:aa:a5:
         b7:94:c3:9c
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWVc4K9Lug82XeQc7Q9xrjgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2ZDY0OGJkYmE5NjU0NjFiMWU4YzExYjlkZDQzNmM2MTM4
Mjg3M2MwHhcNMjUwMzE0MTYxODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWNlNDFkMTY5ZDk3YTAwMTExODY0M2Q4ZjUxZmFmZDgyNmU3NzBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzhIFSpt0NwVPvdOGR10HXbIc7t/X
1phCdGB0wV5XX7pVUpbG037PLloOn11SYIGBClsy7GxfcWF3CTEJlMsGLISaKDRe
GwTQsC0YmHtevHisjODLtLK2Pq41BXr9ucWjheK+n8NP/YsjBANRvDPKa8Mutf4/
0IETiHiwVRmelmxGdIRO5EQ819w+fdvkzhNEzsNwF48cujeJCZRBz04w6BuKmCCj
oZeQCAT8DqroWlS+n5qDcRxfql/6Nibn+2qjD6yi7TwPFOZ8S1imGPLHZZfObvrW
A/WYGpvKy7j0f4tRWt7OSl1OPLqOpIIEQP7pE06tDHYUqsdXo2Na+wHQiQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMnOQdFp2XoAERhkPY9R+v2CbncMMB8GA1UdIwQY
MBaAFIbWSL26llRhsejBG53UNsYTgoc8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmIt
NGRlYzRkYWZlZTQ5LzEveWM1QjBXblplZ0FSR0dROWoxSDZfWUp1ZHd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wYy9hYzU4ZWEtYzQ1OS00OGNhLWI4MmItNGRlYzRkYWZlZTQ5
LzEvaHRaSXZicVdWR0d4Nk1FYm5kUTJ4aE9DaHp3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAky1xAwQB
ky18MA0GCSqGSIb3DQEBCwUAA4IBAQB0loOJMAJLw2bX8z1V86cN53Od0ASWKppA
N4A7DrS9hLW62Mf1CFZrrdML65diEKzfa57T6VCHi+++B8X/v2epF+V+bAUnRlJW
n5RF9THCxfOZvb1u3xXER9WfUphQa3WL4bb8i19O4yU3poqyX+y0txBZlw1rdX7/
IdMr5/5jTeLtNfa+vVZQN/5KcJ9xa+6uvTRgJDIUEkYMeTrqqJ42BmjJW4iuVE2Y
Vi4qUI40H+CEl1Yi2Z8boj0V7dwY+UtgI21/NwfYKbbwt8YOUybOXD2mIgFFP8Ky
e3WJPIDve6pgLEpDtVA/L+BAtiFdZhY0rIAnGudINoOoqqW3lMOc
-----END CERTIFICATE-----