Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/33/c60b1b-9b42-45eb-a582-92ddec6bd0a2/1/y-thR2-wOGxjUF2dmavWMwBsUm0.roa
File:                     y-thR2-wOGxjUF2dmavWMwBsUm0.roa (raw, json)
Hash identifier:          WQLO7IU5V5iq1uzzyryZYM1QGfm/WLluTpgcnyQ2D8Q=
Subject key identifier:   CB:EB:61:47:6F:B0:38:6C:63:50:5D:9D:99:AB:D6:33:00:6C:52:6D
Certificate issuer:       /CN=4b4fbfcf5fdc48ab0bfb52854f7a04fc1cff1dbd
Certificate serial:       019489445DC03962140825993F12B1730819
Authority key identifier: 4B:4F:BF:CF:5F:DC:48:AB:0B:FB:52:85:4F:7A:04:FC:1C:FF:1D:BD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/S0-_z1_cSKsL-1KFT3oE_Bz_Hb0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/33/c60b1b-9b42-45eb-a582-92ddec6bd0a2/1/y-thR2-wOGxjUF2dmavWMwBsUm0.roa
Signing time:             Tue 21 Jan 2025 14:29:06 +0000
ROA not before:           Tue 21 Jan 2025 14:29:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     5609
IP address blocks:        163.162.0.0/16 maxlen: 24
                          185.57.208.0/22 maxlen: 22
                          2001:6b8::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/33/c60b1b-9b42-45eb-a582-92ddec6bd0a2/1/S0-_z1_cSKsL-1KFT3oE_Bz_Hb0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/33/c60b1b-9b42-45eb-a582-92ddec6bd0a2/1/S0-_z1_cSKsL-1KFT3oE_Bz_Hb0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/S0-_z1_cSKsL-1KFT3oE_Bz_Hb0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 22:01:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:89:44:5d:c0:39:62:14:08:25:99:3f:12:b1:73:08:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4b4fbfcf5fdc48ab0bfb52854f7a04fc1cff1dbd
        Validity
            Not Before: Jan 21 14:29:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cbeb61476fb0386c63505d9d99abd633006c526d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:05:d5:89:b2:72:c5:68:96:aa:1d:cd:a0:a9:
                    88:12:9c:32:cc:64:5c:71:19:57:e7:01:62:d3:03:
                    fc:b0:75:b5:37:d2:38:a0:d4:3f:c0:79:91:ec:28:
                    d5:59:d2:39:f0:eb:60:1f:30:69:30:c9:6a:c3:67:
                    89:0c:7b:e9:c7:71:36:09:19:43:6a:5b:54:8e:29:
                    3f:7d:c9:d7:1f:c5:23:b7:23:52:73:9c:df:30:b8:
                    6a:63:b1:6e:00:51:e6:40:d7:02:e3:9e:d1:6a:2e:
                    4c:76:74:99:5f:78:8f:45:a1:64:19:e5:f6:fd:83:
                    6d:42:c7:2d:22:ea:df:e1:2b:88:ec:22:19:b0:80:
                    af:b0:a7:eb:a1:e2:db:b4:f4:15:06:3b:0c:7a:da:
                    7a:e3:5c:e4:32:15:85:9e:43:02:17:52:18:9f:6f:
                    28:34:ec:03:5b:c6:0a:52:85:c8:2d:7e:9a:be:1b:
                    8b:37:29:f0:35:b6:09:e7:0e:cb:f1:67:57:7a:96:
                    cf:10:d1:cb:6b:3b:0b:36:aa:47:ba:ef:25:63:9a:
                    34:5d:9a:92:85:2b:ab:5b:b8:73:ab:d4:3c:33:ba:
                    fe:28:4e:8d:e4:5c:de:b6:5d:96:9c:a2:d3:5f:c4:
                    cc:3f:1c:11:3b:8f:ae:bc:03:4a:42:30:3d:c5:0a:
                    bb:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:EB:61:47:6F:B0:38:6C:63:50:5D:9D:99:AB:D6:33:00:6C:52:6D
            X509v3 Authority Key Identifier:
                keyid:4B:4F:BF:CF:5F:DC:48:AB:0B:FB:52:85:4F:7A:04:FC:1C:FF:1D:BD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/S0-_z1_cSKsL-1KFT3oE_Bz_Hb0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/33/c60b1b-9b42-45eb-a582-92ddec6bd0a2/1/y-thR2-wOGxjUF2dmavWMwBsUm0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/33/c60b1b-9b42-45eb-a582-92ddec6bd0a2/1/S0-_z1_cSKsL-1KFT3oE_Bz_Hb0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.162.0.0/16
                  185.57.208.0/22
                IPv6:
                  2001:6b8::/32

    Signature Algorithm: sha256WithRSAEncryption
         17:41:e5:e2:a3:dd:94:b2:93:3d:fd:bb:12:76:a7:3d:61:09:
         fe:a6:e3:65:d4:9b:fb:ba:44:28:9f:45:ab:ea:08:81:62:5f:
         73:ec:36:e3:6a:3a:a9:7a:b9:a3:b7:92:db:64:09:ce:69:40:
         51:c9:c4:16:4d:46:63:9e:40:48:b9:4f:74:c7:d3:82:e5:6e:
         9f:99:42:15:92:f2:1f:7b:e1:cd:c4:b9:a8:aa:0b:6b:32:bc:
         48:6f:0f:b7:41:a8:0f:0a:ca:77:e4:8a:ac:9d:81:60:e3:13:
         95:0f:6e:f3:11:62:67:1c:65:14:bf:37:4d:1f:66:d7:24:6d:
         7a:bc:8a:f6:54:6e:dd:e2:9b:53:77:26:e7:90:12:22:cc:8b:
         69:84:18:d2:4c:e6:c4:86:c5:91:d8:57:e2:06:4e:7e:51:ca:
         98:5e:5d:0e:9d:54:6b:c3:e9:b9:b6:99:35:77:39:1b:5c:9e:
         a4:87:b0:78:ec:94:0a:7b:a0:1c:e3:93:40:54:99:22:b0:3c:
         37:11:2f:ad:5a:97:68:a5:41:ba:1d:57:54:19:04:14:14:cf:
         8c:eb:2d:a1:96:14:54:bb:d6:84:c2:dc:db:a3:d1:0d:93:ef:
         3b:04:ed:ac:15:0e:ba:0a:f2:29:39:5b:55:cd:e4:c4:34:01:
         e5:41:65:8f
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAZSJRF3AOWIUCCWZPxKxcwgZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRiNGZiZmNmNWZkYzQ4YWIwYmZiNTI4NTRmN2EwNGZjMWNm
ZjFkYmQwHhcNMjUwMTIxMTQyOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmViNjE0NzZmYjAzODZjNjM1MDVkOWQ5OWFiZDYzMzAwNmM1MjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvQXVibJyxWiWqh3NoKmIEpwyzGRc
cRlX5wFi0wP8sHW1N9I4oNQ/wHmR7CjVWdI58OtgHzBpMMlqw2eJDHvpx3E2CRlD
altUjik/fcnXH8UjtyNSc5zfMLhqY7FuAFHmQNcC457Rai5MdnSZX3iPRaFkGeX2
/YNtQsctIurf4SuI7CIZsICvsKfroeLbtPQVBjsMetp641zkMhWFnkMCF1IYn28o
NOwDW8YKUoXILX6avhuLNynwNbYJ5w7L8WdXepbPENHLazsLNqpHuu8lY5o0XZqS
hSurW7hzq9Q8M7r+KE6N5Fzetl2WnKLTX8TMPxwRO4+uvANKQjA9xQq7kQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFMvrYUdvsDhsY1BdnZmr1jMAbFJtMB8GA1UdIwQY
MBaAFEtPv89f3EirC/tShU96BPwc/x29MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUzAtX3oxX2NTS3NMLTFLRlQzb0VfQnpfSGIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zMy9jNjBiMWItOWI0Mi00NWViLWE1ODIt
OTJkZGVjNmJkMGEyLzEveS10aFIyLXdPR3hqVUYyZG1hdldNd0JzVW0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zMy9jNjBiMWItOWI0Mi00NWViLWE1ODItOTJkZGVjNmJkMGEy
LzEvUzAtX3oxX2NTS3NMLTFLRlQzb0VfQnpfSGIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjARBAIAATALAwMAo6IDBAK5
OdAwDQQCAAIwBwMFACABBrgwDQYJKoZIhvcNAQELBQADggEBABdB5eKj3ZSykz39
uxJ2pz1hCf6m42XUm/u6RCifRavqCIFiX3PsNuNqOql6uaO3kttkCc5pQFHJxBZN
RmOeQEi5T3TH04Llbp+ZQhWS8h974c3EuaiqC2syvEhvD7dBqA8KynfkiqydgWDj
E5UPbvMRYmccZRS/N00fZtckbXq8ivZUbt3im1N3JueQEiLMi2mEGNJM5sSGxZHY
V+IGTn5RypheXQ6dVGvD6bm2mTV3ORtcnqSHsHjslAp7oBzjk0BUmSKwPDcRL61a
l2ilQbodV1QZBBQUz4zrLaGWFFS71oTC3Nuj0Q2T7zsE7awVDroK8ik5W1XN5MQ0
AeVBZY8=
-----END CERTIFICATE-----