Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/31/a01acd-a3de-4839-9d02-643c1fe38385/1/yV4dNy3NsBZVUNWCmHTLsnrsaLM.roa
File:                     yV4dNy3NsBZVUNWCmHTLsnrsaLM.roa (raw, json)
Hash identifier:          HeRl5vH7gTSirrF3z1irtqiGbkDXqM3OvljtYndKLgE=
Subject key identifier:   C9:5E:1D:37:2D:CD:B0:16:55:50:D5:82:98:74:CB:B2:7A:EC:68:B3
Certificate issuer:       /CN=f0f636fec7b5b2d18de3797e6984c06955e716d7
Certificate serial:       0196D3DB0DBC4DF8714C35F94B85D99C5999
Authority key identifier: F0:F6:36:FE:C7:B5:B2:D1:8D:E3:79:7E:69:84:C0:69:55:E7:16:D7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8PY2_se1stGN43l-aYTAaVXnFtc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/31/a01acd-a3de-4839-9d02-643c1fe38385/1/yV4dNy3NsBZVUNWCmHTLsnrsaLM.roa
Signing time:             Thu 15 May 2025 12:11:10 +0000
ROA not before:           Thu 15 May 2025 12:11:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209445
IP address blocks:        185.182.80.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/31/a01acd-a3de-4839-9d02-643c1fe38385/1/8PY2_se1stGN43l-aYTAaVXnFtc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/31/a01acd-a3de-4839-9d02-643c1fe38385/1/8PY2_se1stGN43l-aYTAaVXnFtc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8PY2_se1stGN43l-aYTAaVXnFtc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 08 Jun 2025 11:24:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:d3:db:0d:bc:4d:f8:71:4c:35:f9:4b:85:d9:9c:59:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f0f636fec7b5b2d18de3797e6984c06955e716d7
        Validity
            Not Before: May 15 12:11:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c95e1d372dcdb0165550d5829874cbb27aec68b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:3a:2a:36:5f:19:9f:76:c8:7d:df:99:4a:6c:
                    73:01:71:46:4b:24:3c:21:c7:53:dd:1c:67:20:ee:
                    5d:73:54:38:1f:c6:a7:1e:7d:28:87:25:ca:8a:18:
                    85:1c:e7:89:20:4a:5d:07:f1:22:fe:2e:63:9f:7b:
                    96:6e:bb:c3:69:af:f8:de:e3:09:7e:ec:1e:7f:ee:
                    1f:00:e9:79:26:e1:0e:49:b8:4c:47:d2:61:aa:b5:
                    a2:41:ad:47:8c:42:32:5f:64:c5:b2:71:d6:9e:60:
                    a6:f2:97:cf:2b:85:6b:7b:68:ad:f5:5f:c3:ba:72:
                    26:4c:40:7e:9f:61:6b:1b:c1:67:96:aa:94:51:cb:
                    e9:d1:1d:bd:ff:0a:e9:16:5d:9b:af:7b:62:7e:ca:
                    c1:13:ac:a5:70:62:d8:24:fa:53:79:34:68:dd:fd:
                    d3:ed:ad:c7:48:0b:da:01:9e:d9:54:94:9b:9e:96:
                    99:47:57:9f:6e:56:fe:dc:db:09:5a:0f:06:33:d4:
                    18:9f:27:d0:ef:98:24:ef:0a:aa:94:2a:85:93:fd:
                    ec:51:06:97:d1:01:e7:95:e6:da:f9:2b:6b:ed:ff:
                    97:42:0c:19:d2:21:b0:4c:48:de:f5:10:bb:9b:34:
                    a2:a5:01:ae:05:31:01:72:c9:0a:94:ac:59:6c:1f:
                    8c:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:5E:1D:37:2D:CD:B0:16:55:50:D5:82:98:74:CB:B2:7A:EC:68:B3
            X509v3 Authority Key Identifier:
                keyid:F0:F6:36:FE:C7:B5:B2:D1:8D:E3:79:7E:69:84:C0:69:55:E7:16:D7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8PY2_se1stGN43l-aYTAaVXnFtc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/31/a01acd-a3de-4839-9d02-643c1fe38385/1/yV4dNy3NsBZVUNWCmHTLsnrsaLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/31/a01acd-a3de-4839-9d02-643c1fe38385/1/8PY2_se1stGN43l-aYTAaVXnFtc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.182.80.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:44:ef:0a:56:58:6c:91:3b:1a:24:36:fa:33:d2:3a:a5:0b:
         f6:f2:2f:a4:19:48:c0:a7:69:f5:e2:3d:5f:70:40:d2:39:ba:
         26:73:f7:65:fa:e5:00:cf:14:d5:8f:b1:c4:6a:b6:36:a7:67:
         d4:07:27:6a:89:64:82:d0:82:84:f7:91:e7:5d:ee:2b:02:79:
         95:1e:26:52:32:12:03:a5:45:22:36:52:32:69:9e:e1:37:a7:
         95:14:29:39:b6:9e:a1:8d:83:56:07:d0:1d:cc:66:35:eb:48:
         de:d6:94:e6:a3:ba:97:43:ee:e4:6a:aa:4f:4c:5b:16:06:1e:
         54:22:48:29:e4:f2:2f:a7:4e:25:3e:09:b7:22:cd:7a:29:ba:
         76:48:85:c9:62:41:e8:0d:8b:47:2a:6b:58:db:ce:fb:23:72:
         1b:0a:c1:93:27:c9:83:c8:8f:c6:1e:3f:3a:94:c3:54:8d:4c:
         1c:8a:3b:0c:5c:6c:fd:46:65:22:28:4a:b6:3a:57:74:fb:58:
         ae:e0:99:55:bc:0d:6a:7a:af:d6:a9:fd:21:87:de:8e:7e:08:
         84:50:22:d6:4c:84:db:48:99:08:16:1f:39:b3:fc:b9:22:9a:
         da:de:68:71:02:38:59:02:b3:d7:a7:3b:8c:e4:49:05:8f:7d:
         97:f0:c2:83
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZbT2w28TfhxTDX5S4XZnFmZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwZjYzNmZlYzdiNWIyZDE4ZGUzNzk3ZTY5ODRjMDY5NTVl
NzE2ZDcwHhcNMjUwNTE1MTIxMTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTVlMWQzNzJkY2RiMDE2NTU1MGQ1ODI5ODc0Y2JiMjdhZWM2OGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDoqNl8Zn3bIfd+ZSmxzAXFGSyQ8
IcdT3RxnIO5dc1Q4H8anHn0ohyXKihiFHOeJIEpdB/Ei/i5jn3uWbrvDaa/43uMJ
fuwef+4fAOl5JuEOSbhMR9JhqrWiQa1HjEIyX2TFsnHWnmCm8pfPK4Vre2it9V/D
unImTEB+n2FrG8FnlqqUUcvp0R29/wrpFl2br3tifsrBE6ylcGLYJPpTeTRo3f3T
7a3HSAvaAZ7ZVJSbnpaZR1efblb+3NsJWg8GM9QYnyfQ75gk7wqqlCqFk/3sUQaX
0QHnleba+Str7f+XQgwZ0iGwTEje9RC7mzSipQGuBTEBcskKlKxZbB+M2QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMleHTctzbAWVVDVgph0y7J67GizMB8GA1UdIwQY
MBaAFPD2Nv7HtbLRjeN5fmmEwGlV5xbXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFBZMl9zZTFzdEdONDNsLWFZVEFhVlhuRnRjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMS9hMDFhY2QtYTNkZS00ODM5LTlkMDIt
NjQzYzFmZTM4Mzg1LzEveVY0ZE55M05zQlpWVU5XQ21IVExzbnJzYUxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMS9hMDFhY2QtYTNkZS00ODM5LTlkMDItNjQzYzFmZTM4Mzg1
LzEvOFBZMl9zZTFzdEdONDNsLWFZVEFhVlhuRnRjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAubZQMA0G
CSqGSIb3DQEBCwUAA4IBAQAVRO8KVlhskTsaJDb6M9I6pQv28i+kGUjAp2n14j1f
cEDSObomc/dl+uUAzxTVj7HEarY2p2fUBydqiWSC0IKE95HnXe4rAnmVHiZSMhID
pUUiNlIyaZ7hN6eVFCk5tp6hjYNWB9AdzGY160je1pTmo7qXQ+7kaqpPTFsWBh5U
Ikgp5PIvp04lPgm3Is16Kbp2SIXJYkHoDYtHKmtY2877I3IbCsGTJ8mDyI/GHj86
lMNUjUwcijsMXGz9RmUiKEq2Old0+1iu4JlVvA1qeq/Wqf0hh96OfgiEUCLWTITb
SJkIFh85s/y5Ipra3mhxAjhZArPXpzuM5EkFj32X8MKD
-----END CERTIFICATE-----