Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/YOcpXFVJRTJW2caFAPTppkNQBuk.roa
File:                     YOcpXFVJRTJW2caFAPTppkNQBuk.roa (raw, json)
Hash identifier:          bsMm8G8+2Vegzn+c1SqEObi1wuYbeOXaQ994ZEYf674=
Subject key identifier:   60:E7:29:5C:55:49:45:32:56:D9:C6:85:00:F4:E9:A6:43:50:06:E9
Certificate issuer:       /CN=74e3c336972094b1a8c13d41816857d197a3aae9
Certificate serial:       019422FB60F168499446743D440A2B8F7C61
Authority key identifier: 74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/YOcpXFVJRTJW2caFAPTppkNQBuk.roa
Signing time:             Wed 01 Jan 2025 17:48:07 +0000
ROA not before:           Wed 01 Jan 2025 17:48:07 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     204715
IP address blocks:        194.183.163.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 05:00:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:60:f1:68:49:94:46:74:3d:44:0a:2b:8f:7c:61
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=74e3c336972094b1a8c13d41816857d197a3aae9
        Validity
            Not Before: Jan  1 17:48:07 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60e7295c5549453256d9c68500f4e9a6435006e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:9b:ad:30:7b:85:be:83:05:45:81:ac:b9:fb:
                    e5:e0:e6:17:69:d4:c7:35:0a:01:6f:2e:02:2d:8d:
                    38:6e:3d:a8:49:df:40:fc:97:14:5a:ed:aa:60:31:
                    21:93:00:87:87:6b:7a:91:9b:57:c9:c3:6b:2a:2f:
                    be:d3:d1:c4:29:b9:2a:5a:5b:7a:a0:74:e3:e7:b6:
                    38:fe:28:43:1b:f9:6c:7f:6d:32:4f:9c:8e:da:f6:
                    0d:1a:92:9c:c6:e5:1d:e6:71:2e:9b:bb:14:b2:07:
                    ad:62:19:2f:70:16:85:57:44:b9:3e:69:bf:2a:9e:
                    cb:12:23:e8:90:e5:cf:5f:dd:de:2a:e0:ef:7f:da:
                    32:c8:ad:14:db:49:9c:77:25:eb:c6:6f:d7:14:0a:
                    6f:d2:bc:c9:15:b3:7b:64:ec:d5:97:c6:9a:0b:f2:
                    a4:80:1f:c1:53:e2:a3:5b:03:ce:22:22:36:7b:e3:
                    64:48:e8:f1:51:99:e2:4a:bd:4d:2b:9a:98:45:bb:
                    54:cf:c2:08:4d:99:d1:4e:e1:1e:30:f8:09:c2:d5:
                    f8:f7:f2:26:3d:a2:72:e8:4b:ff:01:b2:88:b0:8b:
                    58:1f:84:af:88:4e:8b:c3:8b:61:d5:e3:bc:17:47:
                    ff:f2:97:74:85:ba:3e:1e:02:41:b6:7f:fc:c6:07:
                    ec:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:E7:29:5C:55:49:45:32:56:D9:C6:85:00:F4:E9:A6:43:50:06:E9
            X509v3 Authority Key Identifier:
                keyid:74:E3:C3:36:97:20:94:B1:A8:C1:3D:41:81:68:57:D1:97:A3:AA:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dOPDNpcglLGowT1BgWhX0Zejquk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/YOcpXFVJRTJW2caFAPTppkNQBuk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/18c498-2171-4e1c-8d80-a6c49eb28287/1/dOPDNpcglLGowT1BgWhX0Zejquk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.183.163.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:fd:05:4e:3d:98:e7:22:ff:17:40:30:4f:4b:2d:12:29:f8:
         78:45:b2:ff:31:4d:03:dd:4f:7f:2b:bd:c1:f0:8e:4b:42:d8:
         26:06:f8:ff:b0:f5:1f:a9:32:99:70:2a:df:9b:54:7e:19:71:
         ad:c5:e6:ef:1a:d9:f1:a1:97:21:d3:66:2d:8b:6a:ea:03:9e:
         a2:59:56:f8:a5:84:e0:b1:c0:c2:e3:d0:ca:e3:5e:0d:95:80:
         4b:d3:b1:60:ca:0f:79:92:ea:13:47:ec:58:51:c4:24:e8:2d:
         f4:18:70:0f:30:62:6b:ed:dd:0f:c6:36:20:96:55:f5:80:74:
         d5:65:93:b8:10:dd:02:8f:a9:8f:53:27:c7:66:11:b3:b1:61:
         4c:3b:a9:f4:dc:0a:a8:a9:2e:1a:93:6f:1b:ba:a9:55:61:05:
         5c:ba:4e:81:df:d5:81:96:f7:99:28:0b:c2:df:e2:b9:66:70:
         5f:a6:b9:41:a7:d9:c7:0e:ac:43:6a:3b:81:0d:31:a1:bb:a1:
         43:1a:de:15:e7:b1:eb:a4:69:5a:bb:3c:04:a8:01:e4:48:16:
         17:fc:70:dc:7a:ae:1f:cd:04:e1:49:94:0e:e8:04:ef:c2:77:
         4d:41:93:ab:59:1c:cf:26:91:8f:c6:d8:74:28:21:3f:91:24:
         21:9d:72:cc
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+2DxaEmURnQ9RAorj3xhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0ZTNjMzM2OTcyMDk0YjFhOGMxM2Q0MTgxNjg1N2QxOTdh
M2FhZTkwHhcNMjUwMTAxMTc0ODA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGU3Mjk1YzU1NDk0NTMyNTZkOWM2ODUwMGY0ZTlhNjQzNTAwNmU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1JutMHuFvoMFRYGsufvl4OYXadTH
NQoBby4CLY04bj2oSd9A/JcUWu2qYDEhkwCHh2t6kZtXycNrKi++09HEKbkqWlt6
oHTj57Y4/ihDG/lsf20yT5yO2vYNGpKcxuUd5nEum7sUsgetYhkvcBaFV0S5Pmm/
Kp7LEiPokOXPX93eKuDvf9oyyK0U20mcdyXrxm/XFApv0rzJFbN7ZOzVl8aaC/Kk
gB/BU+KjWwPOIiI2e+NkSOjxUZniSr1NK5qYRbtUz8IITZnRTuEeMPgJwtX49/Im
PaJy6Ev/AbKIsItYH4SviE6Lw4th1eO8F0f/8pd0hbo+HgJBtn/8xgfsawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGDnKVxVSUUyVtnGhQD06aZDUAbpMB8GA1UdIwQY
MBaAFHTjwzaXIJSxqME9QYFoV9GXo6rpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAt
YTZjNDllYjI4Mjg3LzEvWU9jcFhGVkpSVEpXMmNhRkFQVHBwa05RQnVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8xOGM0OTgtMjE3MS00ZTFjLThkODAtYTZjNDllYjI4Mjg3
LzEvZE9QRE5wY2dsTEdvd1QxQmdXaFgwWmVqcXVrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwrejMA0G
CSqGSIb3DQEBCwUAA4IBAQBd/QVOPZjnIv8XQDBPSy0SKfh4RbL/MU0D3U9/K73B
8I5LQtgmBvj/sPUfqTKZcCrfm1R+GXGtxebvGtnxoZch02Yti2rqA56iWVb4pYTg
scDC49DK414NlYBL07Fgyg95kuoTR+xYUcQk6C30GHAPMGJr7d0PxjYgllX1gHTV
ZZO4EN0Cj6mPUyfHZhGzsWFMO6n03AqoqS4ak28buqlVYQVcuk6B39WBlveZKAvC
3+K5ZnBfprlBp9nHDqxDajuBDTGhu6FDGt4V57HrpGlauzwEqAHkSBYX/HDceq4f
zQThSZQO6ATvwndNQZOrWRzPJpGPxth0KCE/kSQhnXLM
-----END CERTIFICATE-----