Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/_yn-31rADEG7zTcXfVb92NptH0Q.roa
File:                     _yn-31rADEG7zTcXfVb92NptH0Q.roa (raw, json)
Hash identifier:          Tyq49fvsXK4jK1l1SC866Zxd+HFpg8YBsLVC4Nlc/M8=
Subject key identifier:   FF:29:FE:DF:5A:C0:0C:41:BB:CD:37:17:7D:56:FD:D8:DA:6D:1F:44
Certificate issuer:       /CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
Certificate serial:       0197C4030904DB53970644BB6144D56EE285
Authority key identifier: E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/_yn-31rADEG7zTcXfVb92NptH0Q.roa
Signing time:             Tue 01 Jul 2025 03:23:42 +0000
ROA not before:           Tue 01 Jul 2025 03:23:42 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     142111
IP address blocks:        185.39.51.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 03 Jul 2025 11:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:c4:03:09:04:db:53:97:06:44:bb:61:44:d5:6e:e2:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e1ef9694aa48d81279e8ede430795f2768d2dd52
        Validity
            Not Before: Jul  1 03:23:42 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ff29fedf5ac00c41bbcd37177d56fdd8da6d1f44
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:00:1d:97:3f:33:ce:f2:43:b8:8d:c3:bd:75:
                    3a:0a:56:74:81:6e:12:07:1c:7d:86:e9:a6:90:30:
                    e5:87:4b:d5:91:5d:03:88:6d:b2:af:32:bc:3f:83:
                    5b:c9:2d:f7:4e:27:69:25:92:a4:0b:de:66:97:22:
                    8e:5a:22:53:0f:7e:96:80:4a:74:ca:e2:7a:ca:73:
                    8f:73:2a:34:99:bd:9b:a0:d2:78:71:4b:56:8c:5c:
                    6d:84:ee:58:b0:bd:12:84:b7:b9:c2:e5:9f:59:50:
                    a6:e3:b8:7c:54:fc:5b:85:c9:27:3b:40:d6:ea:b7:
                    a2:37:a3:9d:e8:9f:6b:ec:8d:f0:03:9e:c2:26:78:
                    24:a1:37:37:52:a8:5f:2c:52:d0:61:c1:06:dd:68:
                    b3:75:a6:06:f4:00:a9:a1:b8:0c:e6:7c:61:25:f8:
                    fc:7a:b2:c1:21:6b:88:c4:f4:7b:b5:20:2d:c6:ad:
                    c8:7b:b3:00:30:27:e0:c3:3a:96:fd:82:dc:fc:c8:
                    94:ef:58:dc:8c:3d:d4:a6:ff:b0:56:e6:9c:14:1c:
                    4f:22:69:74:9d:9c:bc:4c:54:68:90:d9:39:12:35:
                    aa:58:0b:be:85:ee:e7:8c:77:e6:c2:c0:2a:19:86:
                    45:9f:32:6f:36:48:82:70:5c:6d:73:bb:d7:a9:95:
                    4f:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:29:FE:DF:5A:C0:0C:41:BB:CD:37:17:7D:56:FD:D8:DA:6D:1F:44
            X509v3 Authority Key Identifier:
                keyid:E1:EF:96:94:AA:48:D8:12:79:E8:ED:E4:30:79:5F:27:68:D2:DD:52

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/_yn-31rADEG7zTcXfVb92NptH0Q.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/b05667-e850-4c45-aee3-aded1c469eaf/1/4e-WlKpI2BJ56O3kMHlfJ2jS3VI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.39.51.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:7e:ff:cb:e7:dc:b9:ee:0c:97:bc:6f:01:24:2a:86:4b:53:
         f7:e5:6f:1e:89:42:9c:13:55:36:94:4a:42:98:30:89:dc:c8:
         d1:ce:68:92:e3:d6:6b:04:db:1f:9e:e7:ee:c6:26:a1:97:07:
         71:59:13:2f:b3:b8:33:00:1d:ce:34:de:20:10:bc:b3:37:a4:
         b9:de:f7:36:5d:84:b9:ed:3a:06:18:98:f7:ef:14:bc:32:cc:
         23:a9:e0:dc:74:b9:14:4c:8e:ec:a4:86:c6:08:44:db:02:4d:
         16:0c:af:06:30:ae:f9:16:75:84:8e:0c:a5:99:57:bc:83:ed:
         11:2f:f9:08:e8:82:51:1e:f6:e0:2c:d2:d2:16:a9:86:b2:57:
         06:46:3b:23:15:36:2b:e1:ba:b9:0e:ed:ae:73:c3:27:b2:08:
         8f:44:0b:ac:83:7f:ae:5b:0d:96:70:82:14:28:cb:b4:d2:56:
         3c:ff:95:bd:7d:b9:1a:f7:d1:38:4a:ca:4e:7d:54:d7:29:52:
         38:30:39:da:22:f2:1f:25:df:e6:f4:c6:98:05:1d:05:29:bd:
         aa:29:6b:12:88:66:ef:dc:87:98:00:00:b5:b4:20:ec:06:9e:
         e3:2b:9f:1e:9f:af:88:15:89:7b:c2:1a:cf:85:6a:8b:b0:76:
         cc:6f:2b:80
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZfEAwkE21OXBkS7YUTVbuKFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUxZWY5Njk0YWE0OGQ4MTI3OWU4ZWRlNDMwNzk1ZjI3Njhk
MmRkNTIwHhcNMjUwNzAxMDMyMzQyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjI5ZmVkZjVhYzAwYzQxYmJjZDM3MTc3ZDU2ZmRkOGRhNmQxZjQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAogAdlz8zzvJDuI3DvXU6ClZ0gW4S
Bxx9hummkDDlh0vVkV0DiG2yrzK8P4NbyS33TidpJZKkC95mlyKOWiJTD36WgEp0
yuJ6ynOPcyo0mb2boNJ4cUtWjFxthO5YsL0ShLe5wuWfWVCm47h8VPxbhcknO0DW
6reiN6Od6J9r7I3wA57CJngkoTc3UqhfLFLQYcEG3WizdaYG9ACpobgM5nxhJfj8
erLBIWuIxPR7tSAtxq3Ie7MAMCfgwzqW/YLc/MiU71jcjD3Upv+wVuacFBxPIml0
nZy8TFRokNk5EjWqWAu+he7njHfmwsAqGYZFnzJvNkiCcFxtc7vXqZVPUQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFP8p/t9awAxBu803F31W/djabR9EMB8GA1UdIwQY
MBaAFOHvlpSqSNgSeejt5DB5Xydo0t1SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMt
YWRlZDFjNDY5ZWFmLzEvX3luLTMxckFERUc3elRjWGZWYjkyTnB0SDBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS9iMDU2NjctZTg1MC00YzQ1LWFlZTMtYWRlZDFjNDY5ZWFm
LzEvNGUtV2xLcEkyQko1Nk8za01IbGZKMmpTM1ZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSczMA0G
CSqGSIb3DQEBCwUAA4IBAQBsfv/L59y57gyXvG8BJCqGS1P35W8eiUKcE1U2lEpC
mDCJ3MjRzmiS49ZrBNsfnufuxiahlwdxWRMvs7gzAB3ONN4gELyzN6S53vc2XYS5
7ToGGJj37xS8MswjqeDcdLkUTI7spIbGCETbAk0WDK8GMK75FnWEjgylmVe8g+0R
L/kI6IJRHvbgLNLSFqmGslcGRjsjFTYr4bq5Du2uc8MnsgiPRAusg3+uWw2WcIIU
KMu00lY8/5W9fbka99E4SspOfVTXKVI4MDnaIvIfJd/m9MaYBR0FKb2qKWsSiGbv
3IeYAAC1tCDsBp7jK58en6+IFYl7whrPhWqLsHbMbyuA
-----END CERTIFICATE-----