Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/YZm_xLtmsH08Bas2THq1RxLz81g.roa
File:                     YZm_xLtmsH08Bas2THq1RxLz81g.roa (raw, json)
Hash identifier:          qHMBbTPBGSfjxU8aJsAB/XiYXwHHASUN+b5Hn+g/xts=
Subject key identifier:   61:99:BF:C4:BB:66:B0:7D:3C:05:AB:36:4C:7A:B5:47:12:F3:F3:58
Certificate issuer:       /CN=27a39e4794c34612e7f22569b1a6a81710260ae5
Certificate serial:       019427479C974642C859154C9BF6708DB785
Authority key identifier: 27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/YZm_xLtmsH08Bas2THq1RxLz81g.roa
Signing time:             Thu 02 Jan 2025 13:49:52 +0000
ROA not before:           Thu 02 Jan 2025 13:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48359
IP address blocks:        2.189.88.0/22 maxlen: 24
                          2.189.175.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:9c:97:46:42:c8:59:15:4c:9b:f6:70:8d:b7:85
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=27a39e4794c34612e7f22569b1a6a81710260ae5
        Validity
            Not Before: Jan  2 13:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6199bfc4bb66b07d3c05ab364c7ab54712f3f358
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:91:32:6e:17:b1:68:f7:a0:27:cc:a9:e8:7a:
                    65:61:4d:88:96:0d:c7:4d:13:45:0c:74:de:7e:59:
                    6e:d6:d6:a9:b3:cc:74:df:28:bf:70:a3:b6:08:ac:
                    fb:13:bb:dc:00:67:56:80:46:7d:ed:58:84:35:d4:
                    7e:bc:4e:3e:77:83:9a:f1:93:70:41:33:31:07:7e:
                    9d:15:22:6d:10:5f:ef:77:42:22:50:b5:1a:f4:9c:
                    ee:83:bb:88:04:32:8a:f6:86:84:03:29:dc:58:e2:
                    80:18:f7:66:f5:fa:85:45:f9:e0:47:29:1b:b9:bd:
                    5e:17:54:5a:1c:ed:ab:ea:39:b3:ab:b5:9c:93:72:
                    a2:66:51:91:de:88:fa:03:f4:dd:ee:79:fb:43:81:
                    bd:aa:61:f2:c9:5d:61:c2:16:ab:81:7b:aa:79:b5:
                    5c:8b:fd:6a:68:20:c0:76:fa:12:e0:4a:8f:d9:62:
                    4d:51:0d:3d:8b:f3:46:50:bb:7c:66:19:a7:ca:75:
                    b6:59:29:28:34:71:c4:6f:cf:1b:b4:79:fe:b0:0e:
                    82:10:47:2d:03:ae:60:ed:7e:45:4d:28:2f:89:49:
                    81:28:f3:d3:bd:91:4c:cf:b0:04:75:b9:57:bb:29:
                    59:53:3e:a0:1a:16:30:77:2b:b8:68:5b:a5:54:f4:
                    9b:2d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:99:BF:C4:BB:66:B0:7D:3C:05:AB:36:4C:7A:B5:47:12:F3:F3:58
            X509v3 Authority Key Identifier:
                keyid:27:A3:9E:47:94:C3:46:12:E7:F2:25:69:B1:A6:A8:17:10:26:0A:E5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J6OeR5TDRhLn8iVpsaaoFxAmCuU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/YZm_xLtmsH08Bas2THq1RxLz81g.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/40/38fc33-06c1-4006-9e23-f74d9518576c/1/J6OeR5TDRhLn8iVpsaaoFxAmCuU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  2.189.88.0/22
                  2.189.175.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:13:67:05:78:dd:ee:94:be:ce:76:18:8f:30:0c:52:a6:02:
         67:f1:a8:7d:f9:b5:5f:d3:26:c3:22:66:c4:c8:95:d3:db:48:
         80:17:ed:71:20:54:d7:8d:f1:52:8c:1b:8c:40:b3:00:76:41:
         42:a9:15:a7:61:c5:fa:0f:31:f4:59:03:f1:3f:88:40:bd:ff:
         90:72:7b:c0:ac:4d:82:ff:bb:f9:13:00:9b:7c:23:f5:b5:bc:
         cd:e9:67:e7:23:36:85:cd:dc:79:17:93:6a:5c:f0:46:4b:70:
         30:28:3e:d2:d9:a0:3f:a1:3f:fb:e3:9b:e2:75:76:4e:19:46:
         a4:be:c5:43:73:7e:c6:f8:90:dd:0c:ef:fc:1f:dc:b5:f1:03:
         cc:93:69:8c:2c:2e:e6:42:6a:bf:80:2c:4b:e5:b4:0e:b9:ab:
         9c:3f:b7:b7:25:3e:13:73:15:7b:ed:a1:bd:f2:7a:2a:d8:af:
         7c:5d:7a:5c:2f:9d:8e:e0:47:c1:67:c7:40:fb:a1:39:e9:f4:
         cc:3b:8c:cd:b0:69:72:7e:23:1e:43:7f:06:49:e1:5a:09:6d:
         ed:cb:48:12:3a:15:f3:db:c1:a6:3b:1d:c4:f8:f8:f4:d2:dc:
         44:d5:fa:ff:c2:1c:ab:e8:65:13:85:5b:bb:22:bb:49:8b:f2:
         3f:d5:c8:02
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnR5yXRkLIWRVMm/ZwjbeFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YTM5ZTQ3OTRjMzQ2MTJlN2YyMjU2OWIxYTZhODE3MTAy
NjBhZTUwHhcNMjUwMTAyMTM0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTk5YmZjNGJiNjZiMDdkM2MwNWFiMzY0YzdhYjU0NzEyZjNmMzU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJEybhexaPegJ8yp6HplYU2Ilg3H
TRNFDHTefllu1taps8x03yi/cKO2CKz7E7vcAGdWgEZ97ViENdR+vE4+d4Oa8ZNw
QTMxB36dFSJtEF/vd0IiULUa9Jzug7uIBDKK9oaEAyncWOKAGPdm9fqFRfngRykb
ub1eF1RaHO2r6jmzq7Wck3KiZlGR3oj6A/Td7nn7Q4G9qmHyyV1hwhargXuqebVc
i/1qaCDAdvoS4EqP2WJNUQ09i/NGULt8ZhmnynW2WSkoNHHEb88btHn+sA6CEEct
A65g7X5FTSgviUmBKPPTvZFMz7AEdblXuylZUz6gGhYwdyu4aFulVPSbLQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGGZv8S7ZrB9PAWrNkx6tUcS8/NYMB8GA1UdIwQY
MBaAFCejnkeUw0YS5/IlabGmqBcQJgrlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMt
Zjc0ZDk1MTg1NzZjLzEvWVptX3hMdG1zSDA4QmFzMlRIcTFSeEx6ODFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80MC8zOGZjMzMtMDZjMS00MDA2LTllMjMtZjc0ZDk1MTg1NzZj
LzEvSjZPZVI1VERSaExuOGlWcHNhYW9GeEFtQ3VVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCAr1YAwQA
Ar2vMA0GCSqGSIb3DQEBCwUAA4IBAQARE2cFeN3ulL7OdhiPMAxSpgJn8ah9+bVf
0ybDImbEyJXT20iAF+1xIFTXjfFSjBuMQLMAdkFCqRWnYcX6DzH0WQPxP4hAvf+Q
cnvArE2C/7v5EwCbfCP1tbzN6WfnIzaFzdx5F5NqXPBGS3AwKD7S2aA/oT/745vi
dXZOGUakvsVDc37G+JDdDO/8H9y18QPMk2mMLC7mQmq/gCxL5bQOuaucP7e3JT4T
cxV77aG98noq2K98XXpcL52O4EfBZ8dA+6E56fTMO4zNsGlyfiMeQ38GSeFaCW3t
y0gSOhXz28GmOx3E+Pj00txE1fr/whyr6GUThVu7IrtJi/I/1cgC
-----END CERTIFICATE-----