Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/yIXDpYWYaCwEFGgii0w8mAe6aKE.roa
File:                     yIXDpYWYaCwEFGgii0w8mAe6aKE.roa (raw, json)
Hash identifier:          kpPsmD1/gHbiuZR5vWf8YWncSE2HiZ9uJEAXpqQD68g=
Subject key identifier:   C8:85:C3:A5:85:98:68:2C:04:14:68:22:8B:4C:3C:98:07:BA:68:A1
Certificate issuer:       /CN=3433ae1c60672c7591a8f97d68f79fb2a5ee8da7
Certificate serial:       019426D9E75F976402747F321048DE0553A7
Authority key identifier: 34:33:AE:1C:60:67:2C:75:91:A8:F9:7D:68:F7:9F:B2:A5:EE:8D:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/yIXDpYWYaCwEFGgii0w8mAe6aKE.roa
Signing time:             Thu 02 Jan 2025 11:50:02 +0000
ROA not before:           Thu 02 Jan 2025 11:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214159
IP address blocks:        185.189.44.0/22 maxlen: 32
                          2a02:ae00:2000::/36 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:e7:5f:97:64:02:74:7f:32:10:48:de:05:53:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3433ae1c60672c7591a8f97d68f79fb2a5ee8da7
        Validity
            Not Before: Jan  2 11:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c885c3a58598682c041468228b4c3c9807ba68a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:d2:72:ed:94:99:22:37:ba:f2:ea:c4:98:68:
                    ee:ce:d1:9f:6a:50:13:25:05:55:0b:e0:44:d2:67:
                    3f:63:b4:5f:c2:ba:ac:51:67:0e:cd:03:9f:c3:2c:
                    90:ae:a3:a8:77:2b:01:94:bb:bf:41:73:21:3e:ba:
                    d5:ec:b0:9f:2d:d0:88:94:f9:45:61:6e:2a:a5:2b:
                    12:5a:84:6a:e4:72:b4:1f:c7:f1:47:cc:10:9a:96:
                    be:86:1f:e0:ea:dd:60:c8:d4:74:57:89:6c:f9:aa:
                    39:8a:5a:39:d9:5a:03:f3:0d:b9:e5:13:4d:52:9c:
                    1c:36:5e:29:2a:92:08:67:ed:2e:e5:1d:65:2c:fe:
                    99:c1:53:da:5d:a6:c6:ce:03:f8:bc:3b:32:3b:cb:
                    3a:60:b9:2f:46:7e:0e:b3:e7:a3:61:e2:14:a9:38:
                    59:af:cd:9c:54:db:db:9a:d3:80:dc:0e:7c:8e:17:
                    be:cc:14:79:9d:2f:f5:f0:63:62:4b:95:95:a3:09:
                    77:16:f8:e5:0e:71:8f:c3:6e:76:6a:76:07:bc:b0:
                    2a:84:d8:78:74:2e:87:02:cf:79:86:08:78:7b:a0:
                    91:3c:83:3d:df:0d:03:35:8d:d9:e2:24:ea:eb:86:
                    82:c6:3a:da:93:b0:8e:0d:71:27:63:da:f0:97:01:
                    e2:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:85:C3:A5:85:98:68:2C:04:14:68:22:8B:4C:3C:98:07:BA:68:A1
            X509v3 Authority Key Identifier:
                keyid:34:33:AE:1C:60:67:2C:75:91:A8:F9:7D:68:F7:9F:B2:A5:EE:8D:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NDOuHGBnLHWRqPl9aPefsqXujac.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/yIXDpYWYaCwEFGgii0w8mAe6aKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/9ca446-fc5c-4746-b26f-30ce83701b39/1/NDOuHGBnLHWRqPl9aPefsqXujac.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.189.44.0/22
                IPv6:
                  2a02:ae00:2000::/36

    Signature Algorithm: sha256WithRSAEncryption
         7f:8d:31:50:79:18:2a:34:d2:b9:55:81:3e:db:11:26:55:85:
         8b:4b:17:a4:9d:83:c1:54:34:9b:05:67:5e:62:79:c0:54:df:
         5f:43:a1:05:42:25:3e:56:c7:05:5c:a9:40:96:5d:2b:9d:26:
         93:bf:12:8b:4e:25:30:3a:b7:58:e1:36:f2:86:c4:84:7f:c8:
         ae:00:6c:b6:1f:e5:a7:df:aa:f3:76:3f:78:61:54:f6:be:28:
         cf:30:19:32:1c:7b:c8:e6:6b:3d:57:ee:ca:4f:8a:61:5e:6b:
         dc:84:89:c1:28:b4:1c:1f:0c:81:52:30:b6:1b:fd:42:85:9c:
         2a:b4:34:8c:5b:a3:fa:d7:6c:e3:47:b0:ba:b8:fc:64:95:af:
         a6:5c:0c:03:9c:47:90:5c:9b:d2:76:2a:97:ee:78:dc:f9:89:
         b3:13:d6:80:3e:3c:fb:b1:0a:b7:7a:5d:58:88:b4:ab:0c:90:
         c8:20:ae:49:65:59:51:3e:e1:a5:49:7a:b8:4b:54:56:84:88:
         4b:a2:07:06:31:05:d8:84:f4:c2:6e:56:5c:32:eb:b5:59:86:
         77:ce:3c:5c:92:3d:97:c6:be:73:87:dd:de:6b:07:a7:7a:94:
         3c:97:c8:ce:9b:e2:52:8a:34:cd:47:0c:5d:6e:60:0f:3e:d3:
         3c:a6:d4:8a
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAZQm2edfl2QCdH8yEEjeBVOnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM0MzNhZTFjNjA2NzJjNzU5MWE4Zjk3ZDY4Zjc5ZmIyYTVl
ZThkYTcwHhcNMjUwMTAyMTE1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODg1YzNhNTg1OTg2ODJjMDQxNDY4MjI4YjRjM2M5ODA3YmE2OGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8NJy7ZSZIje68urEmGjuztGfalAT
JQVVC+BE0mc/Y7RfwrqsUWcOzQOfwyyQrqOodysBlLu/QXMhPrrV7LCfLdCIlPlF
YW4qpSsSWoRq5HK0H8fxR8wQmpa+hh/g6t1gyNR0V4ls+ao5ilo52VoD8w255RNN
UpwcNl4pKpIIZ+0u5R1lLP6ZwVPaXabGzgP4vDsyO8s6YLkvRn4Os+ejYeIUqThZ
r82cVNvbmtOA3A58jhe+zBR5nS/18GNiS5WVowl3FvjlDnGPw252anYHvLAqhNh4
dC6HAs95hgh4e6CRPIM93w0DNY3Z4iTq64aCxjrak7CODXEnY9rwlwHiFQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFMiFw6WFmGgsBBRoIotMPJgHumihMB8GA1UdIwQY
MBaAFDQzrhxgZyx1kaj5fWj3n7Kl7o2nMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTkRPdUhHQm5MSFdScVBsOWFQZWZzcVh1amFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My85Y2E0NDYtZmM1Yy00NzQ2LWIyNmYt
MzBjZTgzNzAxYjM5LzEveUlYRHBZV1lhQ3dFRkdnaWkwdzhtQWU2YUtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My85Y2E0NDYtZmM1Yy00NzQ2LWIyNmYtMzBjZTgzNzAxYjM5
LzEvTkRPdUhHQm5MSFdScVBsOWFQZWZzcVh1amFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC8GCCsGAQUFBwEHAQH/BCAwHjAMBAIAATAGAwQCub0sMA4E
AgACMAgDBgQqAq4AIDANBgkqhkiG9w0BAQsFAAOCAQEAf40xUHkYKjTSuVWBPtsR
JlWFi0sXpJ2DwVQ0mwVnXmJ5wFTfX0OhBUIlPlbHBVypQJZdK50mk78Si04lMDq3
WOE28obEhH/IrgBsth/lp9+q83Y/eGFU9r4ozzAZMhx7yOZrPVfuyk+KYV5r3ISJ
wSi0HB8MgVIwthv9QoWcKrQ0jFuj+tds40ewurj8ZJWvplwMA5xHkFyb0nYql+54
3PmJsxPWgD48+7EKt3pdWIi0qwyQyCCuSWVZUT7hpUl6uEtUVoSIS6IHBjEF2IT0
wm5WXDLrtVmGd848XJI9l8a+c4fd3msHp3qUPJfIzpviUoo0zUcMXW5gDz7TPKbU
ig==
-----END CERTIFICATE-----