Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/25/99beb5-4fd9-469e-9d7f-a3fd8f33fa74/1/YR4ujQ2sFqpF0bDdCJnNqsqvwEU.roa
File:                     YR4ujQ2sFqpF0bDdCJnNqsqvwEU.roa (raw, json)
Hash identifier:          yGa4f7/iphZYLthfBwuXeS2/L8/Ji+s9D58wXkN4t3E=
Subject key identifier:   61:1E:2E:8D:0D:AC:16:AA:45:D1:B0:DD:08:99:CD:AA:CA:AF:C0:45
Certificate issuer:       /CN=a5920dec6ff00949e82161721eb94cc645e34776
Certificate serial:       01942067E645CCC85407D796FD457B12BB0B
Authority key identifier: A5:92:0D:EC:6F:F0:09:49:E8:21:61:72:1E:B9:4C:C6:45:E3:47:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pZIN7G_wCUnoIWFyHrlMxkXjR3Y.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/25/99beb5-4fd9-469e-9d7f-a3fd8f33fa74/1/YR4ujQ2sFqpF0bDdCJnNqsqvwEU.roa
Signing time:             Wed 01 Jan 2025 05:47:47 +0000
ROA not before:           Wed 01 Jan 2025 05:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     59889
IP address blocks:        185.186.148.0/22 maxlen: 22
                          2a0b:7d80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/25/99beb5-4fd9-469e-9d7f-a3fd8f33fa74/1/pZIN7G_wCUnoIWFyHrlMxkXjR3Y.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/25/99beb5-4fd9-469e-9d7f-a3fd8f33fa74/1/pZIN7G_wCUnoIWFyHrlMxkXjR3Y.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pZIN7G_wCUnoIWFyHrlMxkXjR3Y.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:67:e6:45:cc:c8:54:07:d7:96:fd:45:7b:12:bb:0b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5920dec6ff00949e82161721eb94cc645e34776
        Validity
            Not Before: Jan  1 05:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=611e2e8d0dac16aa45d1b0dd0899cdaacaafc045
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:99:3c:c6:35:b7:d8:8d:e9:29:25:93:27:b2:
                    cb:4e:a9:e6:5c:82:4f:ec:a8:31:93:80:3a:8e:61:
                    e3:e5:fe:92:65:2c:69:51:ba:60:b7:50:1c:42:f1:
                    ca:c5:e2:01:ae:c4:37:23:1b:62:b8:2a:56:a1:1a:
                    26:de:09:2a:02:73:c6:43:da:d0:ea:74:57:f4:9d:
                    ab:5d:4b:4f:42:6d:10:a4:9f:32:3e:27:e5:26:c2:
                    37:c4:1e:e5:eb:5a:de:c0:28:20:ff:db:17:73:fa:
                    4c:0b:c8:64:97:92:f6:c5:03:e1:47:16:39:7b:a3:
                    60:a3:56:55:fd:9c:bc:3e:6b:5e:57:15:a0:7e:00:
                    ae:87:b3:cc:d9:44:d1:dc:10:98:24:43:19:3f:1c:
                    df:ff:94:2f:6a:23:8d:fb:bd:69:db:2d:97:fa:a0:
                    52:49:0b:09:89:05:50:57:59:d9:86:95:11:82:e1:
                    73:1d:dc:0d:bf:16:d4:27:ca:60:07:97:15:31:72:
                    21:21:a3:1a:13:8b:35:27:11:24:f7:97:0b:5a:26:
                    4c:d0:d5:b0:c7:ca:37:4d:b5:a7:c6:7b:a3:a5:21:
                    34:e7:a1:cc:0f:e4:6e:db:ea:b1:de:d0:21:aa:16:
                    04:81:8e:1b:97:6e:56:81:52:72:9f:70:e6:77:b0:
                    23:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:1E:2E:8D:0D:AC:16:AA:45:D1:B0:DD:08:99:CD:AA:CA:AF:C0:45
            X509v3 Authority Key Identifier:
                keyid:A5:92:0D:EC:6F:F0:09:49:E8:21:61:72:1E:B9:4C:C6:45:E3:47:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pZIN7G_wCUnoIWFyHrlMxkXjR3Y.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/25/99beb5-4fd9-469e-9d7f-a3fd8f33fa74/1/YR4ujQ2sFqpF0bDdCJnNqsqvwEU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/25/99beb5-4fd9-469e-9d7f-a3fd8f33fa74/1/pZIN7G_wCUnoIWFyHrlMxkXjR3Y.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.186.148.0/22
                IPv6:
                  2a0b:7d80::/29

    Signature Algorithm: sha256WithRSAEncryption
         3f:b4:b5:f3:13:c2:1a:94:09:af:71:fa:a2:6a:fa:2f:d9:38:
         51:45:51:fa:de:d9:dc:74:1a:26:c6:c9:7e:6f:55:e8:ea:b6:
         f7:0c:31:8a:8a:17:ef:81:a7:2f:0a:37:59:09:b5:79:28:9a:
         6b:38:de:20:cc:33:69:b8:59:e9:f7:fa:f0:1f:f2:46:4a:c8:
         a8:11:c3:1d:02:65:6e:75:27:55:e7:cc:e7:90:3e:5f:e7:df:
         93:cd:4a:ad:77:90:cf:a9:5c:67:54:a1:0c:ea:40:be:96:6e:
         45:e9:6f:a5:68:22:b0:ea:ff:93:fb:d4:de:c2:ee:30:33:81:
         df:24:e7:89:ef:dc:bc:ff:cf:7a:b9:67:66:a6:eb:10:be:12:
         0c:6f:6f:e8:ee:f2:d6:bc:d1:35:8a:40:e8:f5:09:4a:14:f1:
         c0:7c:02:ef:47:2a:4e:68:21:ad:35:ce:d7:ce:b0:9a:e6:ff:
         b0:e8:d6:88:9b:3f:e3:78:6b:8a:48:5a:8c:13:ba:18:a9:c4:
         5c:bf:8e:b3:05:56:34:de:30:d6:83:b9:dc:fd:0d:37:79:cc:
         6c:58:45:61:4c:29:5e:cb:17:36:f8:93:67:33:ab:e3:c8:e6:
         ba:02:a3:8c:62:0c:b8:49:92:cb:ce:87:64:9e:82:ff:9e:5c:
         ce:17:f9:d6
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQgZ+ZFzMhUB9eW/UV7ErsLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1OTIwZGVjNmZmMDA5NDllODIxNjE3MjFlYjk0Y2M2NDVl
MzQ3NzYwHhcNMjUwMTAxMDU0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTFlMmU4ZDBkYWMxNmFhNDVkMWIwZGQwODk5Y2RhYWNhYWZjMDQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsZk8xjW32I3pKSWTJ7LLTqnmXIJP
7Kgxk4A6jmHj5f6SZSxpUbpgt1AcQvHKxeIBrsQ3IxtiuCpWoRom3gkqAnPGQ9rQ
6nRX9J2rXUtPQm0QpJ8yPiflJsI3xB7l61rewCgg/9sXc/pMC8hkl5L2xQPhRxY5
e6Ngo1ZV/Zy8PmteVxWgfgCuh7PM2UTR3BCYJEMZPxzf/5QvaiON+71p2y2X+qBS
SQsJiQVQV1nZhpURguFzHdwNvxbUJ8pgB5cVMXIhIaMaE4s1JxEk95cLWiZM0NWw
x8o3TbWnxnujpSE056HMD+Ru2+qx3tAhqhYEgY4bl25WgVJyn3Dmd7AjdQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGEeLo0NrBaqRdGw3QiZzarKr8BFMB8GA1UdIwQY
MBaAFKWSDexv8AlJ6CFhch65TMZF40d2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcFpJTjdHX3dDVW5vSVdGeUhybE14a1hqUjNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNS85OWJlYjUtNGZkOS00NjllLTlkN2Yt
YTNmZDhmMzNmYTc0LzEvWVI0dWpRMnNGcXBGMGJEZENKbk5xc3F2d0VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNS85OWJlYjUtNGZkOS00NjllLTlkN2YtYTNmZDhmMzNmYTc0
LzEvcFpJTjdHX3dDVW5vSVdGeUhybE14a1hqUjNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCubqUMA0E
AgACMAcDBQMqC32AMA0GCSqGSIb3DQEBCwUAA4IBAQA/tLXzE8IalAmvcfqiavov
2ThRRVH63tncdBomxsl+b1Xo6rb3DDGKihfvgacvCjdZCbV5KJprON4gzDNpuFnp
9/rwH/JGSsioEcMdAmVudSdV58znkD5f59+TzUqtd5DPqVxnVKEM6kC+lm5F6W+l
aCKw6v+T+9Tewu4wM4HfJOeJ79y8/896uWdmpusQvhIMb2/o7vLWvNE1ikDo9QlK
FPHAfALvRypOaCGtNc7XzrCa5v+w6NaImz/jeGuKSFqME7oYqcRcv46zBVY03jDW
g7nc/Q03ecxsWEVhTCleyxc2+JNnM6vjyOa6AqOMYgy4SZLLzodknoL/nlzOF/nW
-----END CERTIFICATE-----