Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/YnMnO6Ox-cLnCOmPN8tx_DOoXrE.roa
File:                     YnMnO6Ox-cLnCOmPN8tx_DOoXrE.roa (raw, json)
Hash identifier:          H/u4fv7xb+AglIzSXH/LHd19mSFb3s1BHiBbxYj4lFI=
Subject key identifier:   62:73:27:3B:A3:B1:F9:C2:E7:08:E9:8F:37:CB:71:FC:33:A8:5E:B1
Certificate issuer:       /CN=1e14eb1eef66c2d349f3f7d7bafa68e49fbfec9c
Certificate serial:       01941F8C134E319ED3ED486CDDB5362CF9D5
Authority key identifier: 1E:14:EB:1E:EF:66:C2:D3:49:F3:F7:D7:BA:FA:68:E4:9F:BF:EC:9C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/YnMnO6Ox-cLnCOmPN8tx_DOoXrE.roa
Signing time:             Wed 01 Jan 2025 01:47:41 +0000
ROA not before:           Wed 01 Jan 2025 01:47:41 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8075
IP address blocks:        185.12.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:13:4e:31:9e:d3:ed:48:6c:dd:b5:36:2c:f9:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1e14eb1eef66c2d349f3f7d7bafa68e49fbfec9c
        Validity
            Not Before: Jan  1 01:47:41 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6273273ba3b1f9c2e708e98f37cb71fc33a85eb1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:9a:32:14:48:f8:01:b7:a8:0b:6f:1b:dd:cf:
                    25:ae:58:a2:3b:2a:04:15:2f:71:5b:23:2f:f0:5b:
                    12:4f:65:c5:ec:0c:10:b1:ef:ba:ec:af:4d:9c:73:
                    b2:3a:18:75:60:d3:aa:8c:e8:17:f3:f4:8f:ef:85:
                    f2:22:82:ab:d8:97:f1:54:8d:b5:66:ef:a8:68:5e:
                    55:b8:47:b9:3d:8d:66:0a:3b:3f:5b:54:28:b4:49:
                    1c:e6:f2:bd:55:7a:6f:49:29:48:ba:6d:f9:29:d0:
                    f1:f0:db:f6:44:f4:0e:2d:7b:64:47:59:16:ad:61:
                    01:f5:26:68:32:09:63:7e:ff:b6:eb:a4:2b:cf:1b:
                    11:0c:82:5d:20:b4:0c:4d:6d:3f:37:38:0a:a9:cc:
                    1f:c2:f6:58:8a:d5:f0:92:f7:af:ae:3e:4b:09:0e:
                    e0:2b:e4:f5:f2:d4:a8:3c:47:e7:b9:ca:f8:26:fe:
                    86:82:50:f0:05:f6:5d:d9:14:37:cf:17:a8:bb:65:
                    e1:0e:9c:f9:31:96:76:64:43:80:a8:a6:ca:0a:81:
                    5b:cc:79:27:d6:cd:62:e4:53:16:ab:da:cb:75:89:
                    99:0f:2d:69:57:7b:6f:b6:be:66:1d:3e:f8:30:ef:
                    aa:da:be:08:7f:ae:c4:69:3b:0c:25:86:a4:c3:78:
                    c0:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:73:27:3B:A3:B1:F9:C2:E7:08:E9:8F:37:CB:71:FC:33:A8:5E:B1
            X509v3 Authority Key Identifier:
                keyid:1E:14:EB:1E:EF:66:C2:D3:49:F3:F7:D7:BA:FA:68:E4:9F:BF:EC:9C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/YnMnO6Ox-cLnCOmPN8tx_DOoXrE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/13/333ab1-af9b-434c-8d13-9ca98f4950cf/1/HhTrHu9mwtNJ8_fXuvpo5J-_7Jw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.12.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:ec:10:fa:0a:16:f1:bc:1a:5d:ab:9e:85:86:8e:70:98:6e:
         a7:d5:15:ca:20:22:86:b0:da:ba:07:d7:29:e8:df:82:ff:70:
         56:a4:cb:64:9e:e4:0f:32:c4:28:71:a3:0d:83:27:f4:48:ab:
         76:e6:2b:e8:39:fe:25:33:3b:4d:eb:28:9b:ab:06:74:51:1d:
         22:94:aa:24:6d:2f:df:16:07:5e:5a:92:a3:48:51:ce:b4:95:
         44:39:d3:2f:b9:dc:68:b1:18:23:d4:f9:12:56:a5:cf:d8:df:
         81:2d:68:42:2c:c1:8f:d8:78:0f:89:39:dc:ea:9f:75:04:8a:
         42:4d:17:a3:61:67:0f:84:de:8a:93:d5:d7:6b:fe:b5:25:e0:
         da:70:da:63:a8:b0:ae:e3:21:26:e6:41:e1:fa:82:11:8f:41:
         82:1b:29:9a:8f:a9:58:d9:06:aa:3c:01:48:44:8f:b1:a4:0a:
         bc:25:38:47:01:a6:1b:6e:76:13:6c:2d:52:f4:01:07:ca:de:
         c5:6a:f2:80:2c:e4:90:c0:57:f4:c7:fe:01:55:36:9f:7f:15:
         b9:89:4d:cc:f3:64:40:0e:87:bf:ac:d9:39:0e:f7:77:b8:d3:
         25:ac:8d:5e:8f:ec:63:53:32:23:51:c1:f5:95:6c:39:96:eb:
         d6:31:c7:dd
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjBNOMZ7T7Uhs3bU2LPnVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFlMTRlYjFlZWY2NmMyZDM0OWYzZjdkN2JhZmE2OGU0OWZi
ZmVjOWMwHhcNMjUwMTAxMDE0NzQxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjczMjczYmEzYjFmOWMyZTcwOGU5OGYzN2NiNzFmYzMzYTg1ZWIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn5oyFEj4AbeoC28b3c8lrliiOyoE
FS9xWyMv8FsST2XF7AwQse+67K9NnHOyOhh1YNOqjOgX8/SP74XyIoKr2JfxVI21
Zu+oaF5VuEe5PY1mCjs/W1QotEkc5vK9VXpvSSlIum35KdDx8Nv2RPQOLXtkR1kW
rWEB9SZoMgljfv+266QrzxsRDIJdILQMTW0/NzgKqcwfwvZYitXwkvevrj5LCQ7g
K+T18tSoPEfnucr4Jv6GglDwBfZd2RQ3zxeou2XhDpz5MZZ2ZEOAqKbKCoFbzHkn
1s1i5FMWq9rLdYmZDy1pV3tvtr5mHT74MO+q2r4If67EaTsMJYakw3jAQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJzJzujsfnC5wjpjzfLcfwzqF6xMB8GA1UdIwQY
MBaAFB4U6x7vZsLTSfP317r6aOSfv+ycMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSGhUckh1OW13dE5KOF9mWHV2cG81Si1fN0p3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMy8zMzNhYjEtYWY5Yi00MzRjLThkMTMt
OWNhOThmNDk1MGNmLzEvWW5Nbk82T3gtY0xuQ09tUE44dHhfRE9vWHJFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMy8zMzNhYjEtYWY5Yi00MzRjLThkMTMtOWNhOThmNDk1MGNm
LzEvSGhUckh1OW13dE5KOF9mWHV2cG81Si1fN0p3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuQwKMA0G
CSqGSIb3DQEBCwUAA4IBAQAw7BD6ChbxvBpdq56Fho5wmG6n1RXKICKGsNq6B9cp
6N+C/3BWpMtknuQPMsQocaMNgyf0SKt25ivoOf4lMztN6yibqwZ0UR0ilKokbS/f
FgdeWpKjSFHOtJVEOdMvudxosRgj1PkSVqXP2N+BLWhCLMGP2HgPiTnc6p91BIpC
TRejYWcPhN6Kk9XXa/61JeDacNpjqLCu4yEm5kHh+oIRj0GCGymaj6lY2QaqPAFI
RI+xpAq8JThHAaYbbnYTbC1S9AEHyt7FavKALOSQwFf0x/4BVTaffxW5iU3M82RA
Doe/rNk5Dvd3uNMlrI1ej+xjUzIjUcH1lWw5luvWMcfd
-----END CERTIFICATE-----