Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/YaM_6GNAfAUY1a7EBWWPiZdkY80.roa
File:                     YaM_6GNAfAUY1a7EBWWPiZdkY80.roa (raw, json)
Hash identifier:          imYp4kHblD7OJu3xkBBiybF6gSfL+pAE8EuXrkCO7Ws=
Subject key identifier:   61:A3:3F:E8:63:40:7C:05:18:D5:AE:C4:05:65:8F:89:97:64:63:CD
Certificate issuer:       /CN=b393df877bf2f0cf01a9718973eaeee87b0697d9
Certificate serial:       019707E93B6123F97D6BFE8B388A7C301361
Authority key identifier: B3:93:DF:87:7B:F2:F0:CF:01:A9:71:89:73:EA:EE:E8:7B:06:97:D9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/YaM_6GNAfAUY1a7EBWWPiZdkY80.roa
Signing time:             Sun 25 May 2025 14:46:54 +0000
ROA not before:           Sun 25 May 2025 14:46:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58349
IP address blocks:        195.128.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 07 Jun 2025 22:50:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:07:e9:3b:61:23:f9:7d:6b:fe:8b:38:8a:7c:30:13:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b393df877bf2f0cf01a9718973eaeee87b0697d9
        Validity
            Not Before: May 25 14:46:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61a33fe863407c0518d5aec405658f89976463cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:a2:f6:38:2e:ef:85:62:e6:0f:85:95:3f:16:
                    6d:54:c0:25:1d:b8:ec:ec:4f:b2:d7:29:9a:8c:f6:
                    d1:22:2b:bd:13:3e:c5:46:e7:c3:05:a7:09:f5:41:
                    b2:34:aa:e1:7b:f6:fa:da:5d:b1:89:25:0f:b9:f3:
                    f3:77:4d:7e:ab:a1:e0:bf:79:4c:75:1a:cf:b8:82:
                    de:d7:d1:47:15:1a:0f:2c:ff:fe:dd:b2:f7:7c:30:
                    21:8d:f4:4f:25:b3:6d:89:e8:a3:04:3f:c9:cf:10:
                    ac:5a:94:c6:f7:a6:7e:6a:d1:f3:90:59:72:61:63:
                    e2:5e:97:8b:c3:76:2d:d5:f0:c1:78:68:c4:a1:9f:
                    94:8d:4d:7b:d0:78:fa:4f:65:be:5b:db:fa:74:5d:
                    e1:35:03:76:0c:33:f6:dc:9a:cc:1a:3d:08:7f:83:
                    7e:2d:47:9e:a0:98:17:c4:fd:61:cc:19:94:06:61:
                    e5:f1:33:a0:15:e4:06:41:94:cf:a0:0b:92:86:68:
                    d1:08:f0:c1:bc:74:77:41:cd:7e:98:e4:ce:ab:26:
                    ca:13:f8:83:7a:17:d9:f7:7e:5a:16:8f:b1:bf:25:
                    95:65:1a:c9:49:92:a5:71:41:29:b9:41:20:26:61:
                    16:4a:79:db:c2:dc:75:64:c2:73:7c:a2:f2:cc:46:
                    60:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:A3:3F:E8:63:40:7C:05:18:D5:AE:C4:05:65:8F:89:97:64:63:CD
            X509v3 Authority Key Identifier:
                keyid:B3:93:DF:87:7B:F2:F0:CF:01:A9:71:89:73:EA:EE:E8:7B:06:97:D9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/YaM_6GNAfAUY1a7EBWWPiZdkY80.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3b/9375e3-377e-4b70-ba36-396bc720e2b4/1/s5Pfh3vy8M8BqXGJc-ru6HsGl9k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.128.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:8e:2d:a9:b3:31:40:68:a6:96:ba:4f:3b:98:6e:63:94:3c:
         68:a8:b8:93:a7:7a:18:a1:41:8f:86:3f:1b:88:61:91:76:3e:
         43:e7:4b:09:49:a2:b6:c2:36:70:89:12:2f:fc:41:66:38:a7:
         21:e4:68:26:bc:21:b0:f6:2f:56:d2:bc:da:70:84:26:31:4d:
         6a:f2:85:e3:ae:a3:d4:54:0a:a7:8a:b3:2c:35:3b:41:4c:84:
         87:6f:80:09:2e:83:35:a5:42:b6:7a:7c:aa:7e:df:35:89:a6:
         a5:a4:a0:cd:76:02:c0:a2:90:87:c5:df:c6:e5:3b:83:73:63:
         46:a5:2d:22:f7:7d:1a:56:ae:c2:da:d8:6a:be:e3:fb:00:45:
         4f:a1:61:12:8a:5f:38:e3:a6:fe:7b:19:b9:04:82:df:aa:49:
         c3:92:d2:9e:46:91:bb:17:c8:73:de:13:db:07:a5:b4:67:92:
         e3:4f:d5:11:19:70:7c:f7:cd:3a:c3:80:24:cf:da:e3:9d:92:
         bd:a1:cf:bc:c8:12:40:ec:8c:9d:ae:27:42:91:71:38:3d:94:
         85:52:85:80:59:6b:6c:9e:ea:5d:3b:1d:5d:4e:c9:f0:64:04:
         6d:bf:81:ac:c9:af:07:1d:95:64:5e:2f:74:37:b1:a0:7f:8e:
         3f:0e:0a:74
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZcH6TthI/l9a/6LOIp8MBNhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzOTNkZjg3N2JmMmYwY2YwMWE5NzE4OTczZWFlZWU4N2Iw
Njk3ZDkwHhcNMjUwNTI1MTQ0NjU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWEzM2ZlODYzNDA3YzA1MThkNWFlYzQwNTY1OGY4OTk3NjQ2M2NkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApaL2OC7vhWLmD4WVPxZtVMAlHbjs
7E+y1ymajPbRIiu9Ez7FRufDBacJ9UGyNKrhe/b62l2xiSUPufPzd01+q6Hgv3lM
dRrPuILe19FHFRoPLP/+3bL3fDAhjfRPJbNtieijBD/JzxCsWpTG96Z+atHzkFly
YWPiXpeLw3Yt1fDBeGjEoZ+UjU170Hj6T2W+W9v6dF3hNQN2DDP23JrMGj0If4N+
LUeeoJgXxP1hzBmUBmHl8TOgFeQGQZTPoAuShmjRCPDBvHR3Qc1+mOTOqybKE/iD
ehfZ935aFo+xvyWVZRrJSZKlcUEpuUEgJmEWSnnbwtx1ZMJzfKLyzEZgPQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGjP+hjQHwFGNWuxAVlj4mXZGPNMB8GA1UdIwQY
MBaAFLOT34d78vDPAalxiXPq7uh7BpfZMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvczVQZmgzdnk4TThCcVhHSmMtcnU2SHNHbDlrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYi85Mzc1ZTMtMzc3ZS00YjcwLWJhMzYt
Mzk2YmM3MjBlMmI0LzEvWWFNXzZHTkFmQVVZMWE3RUJXV1BpWmRrWTgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYi85Mzc1ZTMtMzc3ZS00YjcwLWJhMzYtMzk2YmM3MjBlMmI0
LzEvczVQZmgzdnk4TThCcVhHSmMtcnU2SHNHbDlrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw4AYMA0G
CSqGSIb3DQEBCwUAA4IBAQA9ji2pszFAaKaWuk87mG5jlDxoqLiTp3oYoUGPhj8b
iGGRdj5D50sJSaK2wjZwiRIv/EFmOKch5GgmvCGw9i9W0rzacIQmMU1q8oXjrqPU
VAqnirMsNTtBTISHb4AJLoM1pUK2enyqft81iaalpKDNdgLAopCHxd/G5TuDc2NG
pS0i930aVq7C2thqvuP7AEVPoWESil8446b+exm5BILfqknDktKeRpG7F8hz3hPb
B6W0Z5LjT9URGXB89806w4Akz9rjnZK9oc+8yBJA7IydridCkXE4PZSFUoWAWWts
nupdOx1dTsnwZARtv4Gsya8HHZVkXi90N7Ggf44/Dgp0
-----END CERTIFICATE-----