Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/20/bb01ce-b9b0-4b15-9400-394f50d4ba38/1/YmG5FcsW3S43XyijT62zmWMd610.roa
File:                     YmG5FcsW3S43XyijT62zmWMd610.roa (raw, json)
Hash identifier:          Sh1sRBIDqrknsDPBNOeRI3CSuT41xnHIPduRy76n3aY=
Subject key identifier:   62:61:B9:15:CB:16:DD:2E:37:5F:28:A3:4F:AD:B3:99:63:1D:EB:5D
Certificate issuer:       /CN=27b24fd66efe6dc5c3aab2e2e651a4e207fe62e7
Certificate serial:       019422FC200F3B2296A1CF35CEA577B91DAA
Authority key identifier: 27:B2:4F:D6:6E:FE:6D:C5:C3:AA:B2:E2:E6:51:A4:E2:07:FE:62:E7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J7JP1m7-bcXDqrLi5lGk4gf-Yuc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/20/bb01ce-b9b0-4b15-9400-394f50d4ba38/1/YmG5FcsW3S43XyijT62zmWMd610.roa
Signing time:             Wed 01 Jan 2025 17:48:56 +0000
ROA not before:           Wed 01 Jan 2025 17:48:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     61073
IP address blocks:        185.51.123.0/24 maxlen: 24
                          185.183.99.0/24 maxlen: 24
                          2a04:1680::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/20/bb01ce-b9b0-4b15-9400-394f50d4ba38/1/J7JP1m7-bcXDqrLi5lGk4gf-Yuc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/20/bb01ce-b9b0-4b15-9400-394f50d4ba38/1/J7JP1m7-bcXDqrLi5lGk4gf-Yuc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J7JP1m7-bcXDqrLi5lGk4gf-Yuc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fc:20:0f:3b:22:96:a1:cf:35:ce:a5:77:b9:1d:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27b24fd66efe6dc5c3aab2e2e651a4e207fe62e7
        Validity
            Not Before: Jan  1 17:48:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6261b915cb16dd2e375f28a34fadb399631deb5d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:3d:f7:ec:16:fc:11:94:00:e2:e6:5c:a2:2a:
                    93:8d:66:04:e1:10:d4:d1:85:20:4a:a7:79:3c:e2:
                    8d:d2:5d:34:99:2a:20:82:f3:71:f1:22:db:e8:4a:
                    79:62:b6:6a:15:ac:4d:20:48:86:ce:83:a1:b0:e9:
                    c3:da:b0:fc:f7:7d:8e:77:a5:1a:89:10:5d:33:0e:
                    a8:fd:07:61:03:73:61:f0:72:fb:9b:b6:c5:7b:f0:
                    c6:9e:46:88:87:a3:74:43:04:6f:91:f1:96:3d:a7:
                    79:0e:0b:2f:3e:21:eb:16:03:11:e9:06:2a:01:85:
                    bf:56:17:1c:a7:58:ec:63:77:95:b7:1c:48:aa:be:
                    6e:5a:6f:4a:43:9e:4f:67:60:99:40:5d:2a:fa:0a:
                    4b:17:2a:46:52:1d:07:51:de:02:44:82:57:00:28:
                    76:41:e9:bf:ab:3d:c7:0a:da:bf:50:7f:be:7d:01:
                    91:45:91:ce:38:f0:36:4a:f2:17:33:8f:66:57:9c:
                    c6:49:21:d7:7f:52:f4:87:28:6c:e4:94:f8:11:9b:
                    14:a7:97:37:2f:b6:e6:c3:1f:c5:f8:53:93:59:a1:
                    ef:8d:b8:a9:5f:4d:5b:04:6e:8d:f3:ee:25:55:1a:
                    8e:fd:4b:52:49:fe:9d:34:89:8c:71:81:79:d4:fe:
                    e4:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:61:B9:15:CB:16:DD:2E:37:5F:28:A3:4F:AD:B3:99:63:1D:EB:5D
            X509v3 Authority Key Identifier:
                keyid:27:B2:4F:D6:6E:FE:6D:C5:C3:AA:B2:E2:E6:51:A4:E2:07:FE:62:E7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J7JP1m7-bcXDqrLi5lGk4gf-Yuc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/20/bb01ce-b9b0-4b15-9400-394f50d4ba38/1/YmG5FcsW3S43XyijT62zmWMd610.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/20/bb01ce-b9b0-4b15-9400-394f50d4ba38/1/J7JP1m7-bcXDqrLi5lGk4gf-Yuc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.123.0/24
                  185.183.99.0/24
                IPv6:
                  2a04:1680::/29

    Signature Algorithm: sha256WithRSAEncryption
         08:01:b1:2d:c0:48:66:76:54:ce:93:06:6d:87:b0:e8:74:f5:
         6e:1a:3b:61:f3:53:9a:1f:4b:be:33:d9:2b:f8:53:54:dd:17:
         17:09:54:3e:70:4e:26:1f:58:2f:49:0f:26:fc:21:28:56:13:
         62:4d:ed:cf:13:ac:7f:8c:f5:d6:5e:00:47:a0:fd:05:6d:56:
         e6:ce:50:c7:e2:8f:76:50:1a:9c:1b:0c:d1:42:6b:56:03:6a:
         b1:09:34:66:63:26:3e:d0:b9:6d:1c:f1:94:b4:7c:a5:11:0a:
         2f:df:07:91:93:94:2e:4c:b3:83:c9:6d:0a:c2:33:ce:4e:c9:
         c2:b5:bf:91:db:d0:0d:d7:c0:17:6f:b3:af:6d:a2:65:f0:2a:
         a4:10:39:14:05:66:aa:5b:95:59:d1:6a:d7:cb:e0:6c:9d:f5:
         9b:57:bc:a6:2f:85:dd:f2:fd:97:42:eb:34:c4:48:06:a1:87:
         9a:10:2e:e5:da:95:0a:b1:95:1b:f1:c1:24:a8:b5:39:72:09:
         90:e4:b5:b9:f9:25:8d:25:29:76:df:3b:1f:c4:09:6e:27:98:
         a1:ec:13:79:0a:b8:b7:c3:be:74:2a:be:1e:ef:6a:05:d0:61:
         98:59:7a:13:d5:29:45:18:64:d0:d2:d3:3c:ec:f0:69:83:45:
         30:67:31:11
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQi/CAPOyKWoc81zqV3uR2qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YjI0ZmQ2NmVmZTZkYzVjM2FhYjJlMmU2NTFhNGUyMDdm
ZTYyZTcwHhcNMjUwMTAxMTc0ODU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjYxYjkxNWNiMTZkZDJlMzc1ZjI4YTM0ZmFkYjM5OTYzMWRlYjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuz337Bb8EZQA4uZcoiqTjWYE4RDU
0YUgSqd5POKN0l00mSoggvNx8SLb6Ep5YrZqFaxNIEiGzoOhsOnD2rD8932Od6Ua
iRBdMw6o/QdhA3Nh8HL7m7bFe/DGnkaIh6N0QwRvkfGWPad5DgsvPiHrFgMR6QYq
AYW/Vhccp1jsY3eVtxxIqr5uWm9KQ55PZ2CZQF0q+gpLFypGUh0HUd4CRIJXACh2
Qem/qz3HCtq/UH++fQGRRZHOOPA2SvIXM49mV5zGSSHXf1L0hyhs5JT4EZsUp5c3
L7bmwx/F+FOTWaHvjbipX01bBG6N8+4lVRqO/UtSSf6dNImMcYF51P7kiwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGJhuRXLFt0uN18oo0+ts5ljHetdMB8GA1UdIwQY
MBaAFCeyT9Zu/m3Fw6qy4uZRpOIH/mLnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjdKUDFtNy1iY1hEcXJMaTVsR2s0Z2YtWXVjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMC9iYjAxY2UtYjliMC00YjE1LTk0MDAt
Mzk0ZjUwZDRiYTM4LzEvWW1HNUZjc1czUzQzWHlpalQ2MnptV01kNjEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMC9iYjAxY2UtYjliMC00YjE1LTk0MDAtMzk0ZjUwZDRiYTM4
LzEvSjdKUDFtNy1iY1hEcXJMaTVsR2s0Z2YtWXVjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAuTN7AwQA
ubdjMA0EAgACMAcDBQMqBBaAMA0GCSqGSIb3DQEBCwUAA4IBAQAIAbEtwEhmdlTO
kwZth7DodPVuGjth81OaH0u+M9kr+FNU3RcXCVQ+cE4mH1gvSQ8m/CEoVhNiTe3P
E6x/jPXWXgBHoP0FbVbmzlDH4o92UBqcGwzRQmtWA2qxCTRmYyY+0LltHPGUtHyl
EQov3weRk5QuTLODyW0KwjPOTsnCtb+R29AN18AXb7OvbaJl8CqkEDkUBWaqW5VZ
0WrXy+BsnfWbV7ymL4Xd8v2XQus0xEgGoYeaEC7l2pUKsZUb8cEkqLU5cgmQ5LW5
+SWNJSl23zsfxAluJ5ih7BN5Cri3w750Kr4e72oF0GGYWXoT1SlFGGTQ0tM87PBp
g0UwZzER
-----END CERTIFICATE-----