Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/a0ca76-e264-40f1-9d8a-065ca1f36310/1/YV4mxnesnEqsoXEgOeVxrXzaM2I.roa
File:                     YV4mxnesnEqsoXEgOeVxrXzaM2I.roa (raw, json)
Hash identifier:          cQ3+oKEwuuiKGHKe3AeYP28TBOd1C3qmRH0uqKxLNb4=
Subject key identifier:   61:5E:26:C6:77:AC:9C:4A:AC:A1:71:20:39:E5:71:AD:7C:DA:33:62
Certificate issuer:       /CN=d05b2623a39d556c50b7046d36447fb621af974a
Certificate serial:       0194266C2ABE16A4004E59395C8A8CBDCF83
Authority key identifier: D0:5B:26:23:A3:9D:55:6C:50:B7:04:6D:36:44:7F:B6:21:AF:97:4A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0FsmI6OdVWxQtwRtNkR_tiGvl0o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/29/a0ca76-e264-40f1-9d8a-065ca1f36310/1/YV4mxnesnEqsoXEgOeVxrXzaM2I.roa
Signing time:             Thu 02 Jan 2025 09:50:10 +0000
ROA not before:           Thu 02 Jan 2025 09:50:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35802
IP address blocks:        195.10.198.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/29/a0ca76-e264-40f1-9d8a-065ca1f36310/1/0FsmI6OdVWxQtwRtNkR_tiGvl0o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/29/a0ca76-e264-40f1-9d8a-065ca1f36310/1/0FsmI6OdVWxQtwRtNkR_tiGvl0o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0FsmI6OdVWxQtwRtNkR_tiGvl0o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:2a:be:16:a4:00:4e:59:39:5c:8a:8c:bd:cf:83
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d05b2623a39d556c50b7046d36447fb621af974a
        Validity
            Not Before: Jan  2 09:50:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=615e26c677ac9c4aaca1712039e571ad7cda3362
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:a3:6e:62:0b:29:0a:8e:8a:71:7d:6b:5c:f8:
                    47:cc:18:53:b6:a7:1a:68:1a:9b:c6:2c:43:5a:75:
                    ad:28:fe:cc:51:d7:8b:b8:5b:da:f1:76:7e:fb:41:
                    62:dc:50:7c:56:0f:49:3a:06:02:56:a5:cc:46:05:
                    92:c1:06:ec:fe:64:3b:5c:81:8a:7e:e4:25:70:bf:
                    78:a0:6f:33:24:a3:f9:77:a6:f3:0f:56:86:e0:18:
                    1c:0c:9a:c8:2b:78:ba:fa:0c:af:e2:a9:28:0d:e4:
                    5c:ad:24:21:fa:c3:e2:a1:c2:ff:e1:97:fe:03:1f:
                    5d:dd:f4:4c:cf:6d:45:3c:df:b2:35:3d:45:99:43:
                    b3:ee:aa:d9:76:4a:80:ce:5d:c7:2c:ae:b5:4e:8f:
                    e4:fe:4d:d4:88:8a:6f:38:56:b1:7d:40:8f:a4:38:
                    60:29:77:50:f0:b8:71:0e:96:60:2a:9f:97:0a:22:
                    a7:26:40:eb:b8:cd:2c:f7:cb:f5:48:ae:dd:78:50:
                    b0:21:a4:1f:05:67:8b:c2:6b:9a:b8:78:38:5d:ca:
                    c2:28:a9:ac:15:5a:31:75:fc:2b:a7:33:a4:02:b2:
                    97:0e:30:43:68:48:c8:13:08:a1:82:53:23:10:93:
                    a3:41:84:8c:b7:83:0b:c4:93:51:81:15:bb:28:3d:
                    0b:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:5E:26:C6:77:AC:9C:4A:AC:A1:71:20:39:E5:71:AD:7C:DA:33:62
            X509v3 Authority Key Identifier:
                keyid:D0:5B:26:23:A3:9D:55:6C:50:B7:04:6D:36:44:7F:B6:21:AF:97:4A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0FsmI6OdVWxQtwRtNkR_tiGvl0o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a0ca76-e264-40f1-9d8a-065ca1f36310/1/YV4mxnesnEqsoXEgOeVxrXzaM2I.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/29/a0ca76-e264-40f1-9d8a-065ca1f36310/1/0FsmI6OdVWxQtwRtNkR_tiGvl0o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.10.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         62:f0:72:56:6a:52:8f:5f:94:70:a6:70:51:c5:da:63:55:89:
         19:28:65:06:b8:4d:cf:d5:1e:5b:8d:0d:8e:13:a7:30:d9:53:
         89:2b:ed:a1:10:2e:b1:c0:08:da:53:d1:06:31:f8:d1:da:29:
         96:f0:9b:6e:47:38:4e:7b:fe:2c:d4:cb:6b:6b:ba:ee:04:88:
         83:25:8b:e5:52:78:b2:a8:d1:b9:56:4f:32:11:6b:58:2f:30:
         ba:24:54:0b:68:19:53:e1:c9:4e:37:dc:e5:aa:3f:c0:dc:38:
         8e:6f:7b:44:25:1d:30:c4:07:fb:4b:5f:26:4b:0a:d3:82:ae:
         6f:cf:2a:f2:3a:49:b7:2d:f8:d6:4f:70:30:82:96:14:a5:18:
         b6:ee:f6:e5:c9:d4:43:86:98:5e:1c:a0:ee:ed:1a:a4:85:b0:
         5e:0d:da:5e:87:8d:49:4b:2d:1a:8c:52:3b:0a:6f:43:5a:c2:
         b3:99:32:8e:b1:d8:ab:82:94:b1:f1:10:14:7e:d9:f5:c3:a7:
         61:ba:e6:54:a5:26:7e:05:a6:a0:c0:b3:27:34:e4:76:89:83:
         a6:8e:5f:ec:e4:cc:68:36:7a:42:9c:0b:a0:b3:53:fa:32:22:
         1f:9e:13:90:2b:a7:8d:2c:a9:71:83:e4:47:ad:0a:35:0c:a3:
         66:64:2a:75
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQmbCq+FqQATlk5XIqMvc+DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwNWIyNjIzYTM5ZDU1NmM1MGI3MDQ2ZDM2NDQ3ZmI2MjFh
Zjk3NGEwHhcNMjUwMTAyMDk1MDEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTVlMjZjNjc3YWM5YzRhYWNhMTcxMjAzOWU1NzFhZDdjZGEzMzYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs6NuYgspCo6KcX1rXPhHzBhTtqca
aBqbxixDWnWtKP7MUdeLuFva8XZ++0Fi3FB8Vg9JOgYCVqXMRgWSwQbs/mQ7XIGK
fuQlcL94oG8zJKP5d6bzD1aG4BgcDJrIK3i6+gyv4qkoDeRcrSQh+sPiocL/4Zf+
Ax9d3fRMz21FPN+yNT1FmUOz7qrZdkqAzl3HLK61To/k/k3UiIpvOFaxfUCPpDhg
KXdQ8LhxDpZgKp+XCiKnJkDruM0s98v1SK7deFCwIaQfBWeLwmuauHg4XcrCKKms
FVoxdfwrpzOkArKXDjBDaEjIEwihglMjEJOjQYSMt4MLxJNRgRW7KD0LvQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGFeJsZ3rJxKrKFxIDnlca182jNiMB8GA1UdIwQY
MBaAFNBbJiOjnVVsULcEbTZEf7Yhr5dKMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEZzbUk2T2RWV3hRdHdSdE5rUl90aUd2bDBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9hMGNhNzYtZTI2NC00MGYxLTlkOGEt
MDY1Y2ExZjM2MzEwLzEvWVY0bXhuZXNuRXFzb1hFZ09lVnhyWHphTTJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOS9hMGNhNzYtZTI2NC00MGYxLTlkOGEtMDY1Y2ExZjM2MzEw
LzEvMEZzbUk2T2RWV3hRdHdSdE5rUl90aUd2bDBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwwrGMA0G
CSqGSIb3DQEBCwUAA4IBAQBi8HJWalKPX5RwpnBRxdpjVYkZKGUGuE3P1R5bjQ2O
E6cw2VOJK+2hEC6xwAjaU9EGMfjR2imW8JtuRzhOe/4s1Mtra7ruBIiDJYvlUniy
qNG5Vk8yEWtYLzC6JFQLaBlT4clON9zlqj/A3DiOb3tEJR0wxAf7S18mSwrTgq5v
zyryOkm3LfjWT3AwgpYUpRi27vblydRDhpheHKDu7RqkhbBeDdpeh41JSy0ajFI7
Cm9DWsKzmTKOsdirgpSx8RAUftn1w6dhuuZUpSZ+BaagwLMnNOR2iYOmjl/s5Mxo
NnpCnAugs1P6MiIfnhOQK6eNLKlxg+RHrQo1DKNmZCp1
-----END CERTIFICATE-----