Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/y8xYTgAr0I6Ey9cl5SQeDmBCFMs.roa
File:                     y8xYTgAr0I6Ey9cl5SQeDmBCFMs.roa (raw, json)
Hash identifier:          mP3NwcxWRCZWTq7H9+TXY5ejsJOx2RREtsQ+jrRZ6HU=
Subject key identifier:   CB:CC:58:4E:00:2B:D0:8E:84:CB:D7:25:E5:24:1E:0E:60:42:14:CB
Certificate issuer:       /CN=f8ad543624f8d3281ec970458ee752f10a424529
Certificate serial:       019633A2592FD750C1D311EC36B65C7E9AC8
Authority key identifier: F8:AD:54:36:24:F8:D3:28:1E:C9:70:45:8E:E7:52:F1:0A:42:45:29
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-K1UNiT40ygeyXBFjudS8QpCRSk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/y8xYTgAr0I6Ey9cl5SQeDmBCFMs.roa
Signing time:             Mon 14 Apr 2025 09:29:59 +0000
ROA not before:           Mon 14 Apr 2025 09:29:59 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197412
IP address blocks:        185.230.172.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/1-K1UNiT40ygeyXBFjudS8QpCRSk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/1-K1UNiT40ygeyXBFjudS8QpCRSk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-K1UNiT40ygeyXBFjudS8QpCRSk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 21 Apr 2025 18:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:33:a2:59:2f:d7:50:c1:d3:11:ec:36:b6:5c:7e:9a:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f8ad543624f8d3281ec970458ee752f10a424529
        Validity
            Not Before: Apr 14 09:29:59 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cbcc584e002bd08e84cbd725e5241e0e604214cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:d2:88:e0:0f:fb:a4:23:d6:93:ed:42:fd:80:
                    fd:fb:b6:60:d3:d3:5c:a9:50:22:00:31:d7:63:71:
                    c4:62:a2:a6:c0:e7:52:0b:c9:84:db:e4:d0:0f:e8:
                    bd:69:01:d2:b3:a8:91:1d:a1:77:c3:4a:b2:20:0d:
                    16:95:aa:39:6e:09:19:ac:82:27:32:44:00:b8:e0:
                    d2:9f:72:09:c8:a7:12:aa:b6:45:f7:4c:f2:4d:a0:
                    10:13:aa:db:17:f8:7d:3b:ad:61:13:a7:85:93:84:
                    b7:f1:bf:1b:73:99:e3:67:25:99:dc:12:a4:85:41:
                    4a:d0:d4:65:90:67:12:dd:9b:cb:7a:c0:34:1e:dc:
                    86:c2:6e:52:95:2a:8a:d4:41:79:f1:90:6a:6d:43:
                    27:b7:96:11:97:f1:af:a4:72:06:50:ec:b1:9a:99:
                    85:44:29:07:eb:a9:cc:84:01:18:3e:bd:f9:19:73:
                    89:75:8a:82:03:bb:04:d0:32:f6:d9:80:b8:b3:8e:
                    1c:ff:8b:b3:44:18:f2:db:a1:14:4a:9b:e3:33:58:
                    bc:28:32:ab:00:df:56:fe:73:7e:f7:50:ca:ac:f5:
                    cd:af:c6:9a:a8:b2:ff:39:70:8a:d1:38:1f:ff:43:
                    2d:ea:89:f2:d1:a0:95:f0:9e:12:ca:41:c6:e4:98:
                    9b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:CC:58:4E:00:2B:D0:8E:84:CB:D7:25:E5:24:1E:0E:60:42:14:CB
            X509v3 Authority Key Identifier:
                keyid:F8:AD:54:36:24:F8:D3:28:1E:C9:70:45:8E:E7:52:F1:0A:42:45:29

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-K1UNiT40ygeyXBFjudS8QpCRSk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/y8xYTgAr0I6Ey9cl5SQeDmBCFMs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/af1f64-c35f-47e8-87c9-8a11b4719d82/1/1-K1UNiT40ygeyXBFjudS8QpCRSk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.230.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6c:32:63:90:c6:0f:d5:33:55:19:50:a5:74:ff:dd:28:d6:bf:
         cd:cd:f4:6d:81:00:b0:77:b3:8c:b9:ef:45:89:4b:06:00:64:
         df:f2:4d:77:ff:8e:25:49:62:63:c2:50:d9:d7:39:ce:f1:db:
         bd:fd:69:f8:28:7b:43:6e:68:68:77:80:0f:3d:a9:13:34:b3:
         89:69:13:44:78:21:71:1c:e3:6d:08:4f:73:34:a8:af:e8:a8:
         fd:ab:99:69:c0:e5:93:ea:21:af:b7:82:a8:2a:96:aa:17:5a:
         26:7f:ea:2f:f2:38:cb:3e:e0:c3:14:38:10:fa:ad:9c:34:b6:
         1b:b5:0f:ca:f6:f2:24:5b:94:2f:ae:a0:e2:cb:33:81:9e:4d:
         2b:38:41:de:49:d5:59:80:9c:a3:0f:88:b1:d3:37:68:e8:e2:
         38:d4:43:ba:13:56:0c:0c:4e:7d:61:b9:5e:fa:4e:4b:08:bb:
         b9:4a:7a:94:ea:d5:a0:4f:b4:25:74:ae:58:8e:24:74:a3:06:
         a0:44:32:e3:66:c7:ee:dd:20:00:52:56:d1:cc:7a:12:ea:c6:
         36:d0:8c:76:ad:a4:9e:f9:fd:0c:83:bb:b2:5b:fd:6b:f4:fe:
         a9:fc:72:21:23:47:f4:cf:22:37:11:a5:ec:87:fd:25:91:69:
         d3:e2:77:c7
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZYzolkv11DB0xHsNrZcfprIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4YWQ1NDM2MjRmOGQzMjgxZWM5NzA0NThlZTc1MmYxMGE0
MjQ1MjkwHhcNMjUwNDE0MDkyOTU5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmNjNTg0ZTAwMmJkMDhlODRjYmQ3MjVlNTI0MWUwZTYwNDIxNGNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo9KI4A/7pCPWk+1C/YD9+7Zg09Nc
qVAiADHXY3HEYqKmwOdSC8mE2+TQD+i9aQHSs6iRHaF3w0qyIA0Wlao5bgkZrIIn
MkQAuODSn3IJyKcSqrZF90zyTaAQE6rbF/h9O61hE6eFk4S38b8bc5njZyWZ3BKk
hUFK0NRlkGcS3ZvLesA0HtyGwm5SlSqK1EF58ZBqbUMnt5YRl/GvpHIGUOyxmpmF
RCkH66nMhAEYPr35GXOJdYqCA7sE0DL22YC4s44c/4uzRBjy26EUSpvjM1i8KDKr
AN9W/nN+91DKrPXNr8aaqLL/OXCK0Tgf/0Mt6ony0aCV8J4SykHG5Jib0QIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMvMWE4AK9COhMvXJeUkHg5gQhTLMB8GA1UdIwQY
MBaAFPitVDYk+NMoHslwRY7nUvEKQkUpMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1LMVVOaVQ0MHlnZXlYQkZqdWRTOFFwQ1JTay5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjAvYWYxZjY0LWMzNWYtNDdlOC04N2M5
LThhMTFiNDcxOWQ4Mi8xL3k4eFlUZ0FyMEk2RXk5Y2w1U1FlRG1CQ0ZNcy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMjAvYWYxZjY0LWMzNWYtNDdlOC04N2M5LThhMTFiNDcxOWQ4
Mi8xLzEtSzFVTmlUNDB5Z2V5WEJGanVkUzhRcENSU2suY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAK55qww
DQYJKoZIhvcNAQELBQADggEBAGwyY5DGD9UzVRlQpXT/3SjWv83N9G2BALB3s4y5
70WJSwYAZN/yTXf/jiVJYmPCUNnXOc7x2739afgoe0NuaGh3gA89qRM0s4lpE0R4
IXEc420IT3M0qK/oqP2rmWnA5ZPqIa+3gqgqlqoXWiZ/6i/yOMs+4MMUOBD6rZw0
thu1D8r28iRblC+uoOLLM4GeTSs4Qd5J1VmAnKMPiLHTN2jo4jjUQ7oTVgwMTn1h
uV76TksIu7lKepTq1aBPtCV0rliOJHSjBqBEMuNmx+7dIABSVtHMehLqxjbQjHat
pJ75/QyDu7Jb/Wv0/qn8ciEjR/TPIjcRpeyH/SWRadPid8c=
-----END CERTIFICATE-----