Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/YaHy853da93BgH6RfguxUPJfVLo.roa
File:                     YaHy853da93BgH6RfguxUPJfVLo.roa (raw, json)
Hash identifier:          0j9KCyGYrKnVsUjih9K2QETrLLFsgZaBmann0nAUaSU=
Subject key identifier:   61:A1:F2:F3:9D:DD:6B:DD:C1:80:7E:91:7E:0B:B1:50:F2:5F:54:BA
Certificate issuer:       /CN=896a82a725ed22bb46847ae568912078de25c108
Certificate serial:       0194221F7EE597A986C48054CFBE73679791
Authority key identifier: 89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/YaHy853da93BgH6RfguxUPJfVLo.roa
Signing time:             Wed 01 Jan 2025 13:47:56 +0000
ROA not before:           Wed 01 Jan 2025 13:47:56 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     209980
IP address blocks:        193.220.160.0/24 maxlen: 24
                          193.220.161.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 16 Apr 2025 08:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:1f:7e:e5:97:a9:86:c4:80:54:cf:be:73:67:97:91
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=896a82a725ed22bb46847ae568912078de25c108
        Validity
            Not Before: Jan  1 13:47:56 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61a1f2f39ddd6bddc1807e917e0bb150f25f54ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:67:48:84:c2:aa:b6:a2:67:33:2b:3e:70:ce:
                    29:9f:bd:3a:53:78:dd:bb:67:ee:4f:fb:4e:df:cc:
                    db:a8:9b:84:b1:b2:92:3c:ae:2d:67:7b:c0:16:8f:
                    2a:18:57:af:5a:01:25:87:ae:68:4b:1d:91:35:6a:
                    00:68:b0:29:e3:e1:19:d2:ab:38:3f:de:40:29:16:
                    86:1c:23:6c:6e:2a:f4:c2:a1:f0:ba:a8:3c:79:8e:
                    28:39:bc:36:b2:ff:44:91:ab:14:49:2f:a5:a7:ad:
                    0f:4a:55:ee:d6:30:d3:c8:cf:92:b7:fe:41:b6:c7:
                    74:fa:d7:a6:70:b6:fd:27:df:dd:52:d0:03:4f:0c:
                    34:6f:f4:ac:a6:24:2c:f7:d1:ce:ea:ea:d8:f9:40:
                    5c:6d:03:78:94:09:f4:51:45:61:6d:a1:64:9d:5f:
                    7f:dd:de:c0:39:51:d8:1e:28:1d:fa:1c:e0:38:04:
                    65:d1:c1:0c:57:89:9e:f0:d1:77:97:36:3c:48:24:
                    2f:52:4a:de:fb:9a:db:e1:bb:66:5f:b2:8d:7d:f8:
                    3f:7f:0f:4e:b8:38:03:17:8a:df:0e:ef:42:94:59:
                    dc:dd:a9:a9:68:17:50:02:ae:11:f0:bc:2e:3d:ee:
                    79:8b:de:e0:c3:8c:72:60:77:90:9a:4f:4e:f4:60:
                    7f:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:A1:F2:F3:9D:DD:6B:DD:C1:80:7E:91:7E:0B:B1:50:F2:5F:54:BA
            X509v3 Authority Key Identifier:
                keyid:89:6A:82:A7:25:ED:22:BB:46:84:7A:E5:68:91:20:78:DE:25:C1:08

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/iWqCpyXtIrtGhHrlaJEgeN4lwQg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/YaHy853da93BgH6RfguxUPJfVLo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/3fc8da-3515-434d-9f0e-040127102209/1/iWqCpyXtIrtGhHrlaJEgeN4lwQg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.220.160.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c5:78:6d:0b:02:bb:99:cb:ae:dd:ae:b4:02:8b:f8:6d:5b:7e:
         aa:09:95:ee:a8:8d:b6:a5:36:93:a6:71:22:bb:d7:c0:0c:66:
         b8:35:ca:67:68:a1:22:02:7c:c5:0b:21:03:18:9c:ff:54:b6:
         19:e3:53:50:b2:9d:c1:0c:68:da:50:bd:27:14:30:a2:05:4a:
         8d:ce:6a:9e:84:a8:63:50:dc:d8:b0:5a:23:6c:b1:4a:18:1e:
         63:46:da:04:26:d8:69:17:0d:6f:9b:31:d7:81:d3:cf:47:96:
         b7:60:df:ec:43:6a:a4:b9:47:1e:27:74:66:ce:2e:5c:d3:4d:
         ef:cb:b0:ab:28:ab:5d:0e:64:fc:47:ef:97:99:fe:dc:c0:9f:
         7b:a1:c0:d4:b4:20:9c:04:80:39:79:fb:14:8a:41:35:78:63:
         bb:01:f9:68:5c:58:42:50:ff:0b:ea:b2:97:ae:13:58:0d:f2:
         3f:3e:08:57:71:c8:db:54:13:72:04:ec:8f:d0:5b:f7:b2:c3:
         9d:6c:de:11:aa:8b:03:9b:04:69:25:84:c5:23:19:93:65:ef:
         e7:64:44:ba:96:44:92:b3:40:c2:e2:51:36:e3:9b:cc:ce:7f:
         58:f8:3a:5a:48:3c:64:0a:86:ce:b0:83:50:a4:ba:fd:a5:20:
         05:88:b2:09
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQiH37ll6mGxIBUz75zZ5eRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg5NmE4MmE3MjVlZDIyYmI0Njg0N2FlNTY4OTEyMDc4ZGUy
NWMxMDgwHhcNMjUwMTAxMTM0NzU2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWExZjJmMzlkZGQ2YmRkYzE4MDdlOTE3ZTBiYjE1MGYyNWY1NGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4mdIhMKqtqJnMys+cM4pn706U3jd
u2fuT/tO38zbqJuEsbKSPK4tZ3vAFo8qGFevWgElh65oSx2RNWoAaLAp4+EZ0qs4
P95AKRaGHCNsbir0wqHwuqg8eY4oObw2sv9EkasUSS+lp60PSlXu1jDTyM+St/5B
tsd0+temcLb9J9/dUtADTww0b/SspiQs99HO6urY+UBcbQN4lAn0UUVhbaFknV9/
3d7AOVHYHigd+hzgOARl0cEMV4me8NF3lzY8SCQvUkre+5rb4btmX7KNffg/fw9O
uDgDF4rfDu9ClFnc3ampaBdQAq4R8LwuPe55i97gw4xyYHeQmk9O9GB/7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGGh8vOd3WvdwYB+kX4LsVDyX1S6MB8GA1UdIwQY
MBaAFIlqgqcl7SK7RoR65WiRIHjeJcEIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUt
MDQwMTI3MTAyMjA5LzEvWWFIeTg1M2RhOTNCZ0g2UmZndXhVUEpmVkxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OC8zZmM4ZGEtMzUxNS00MzRkLTlmMGUtMDQwMTI3MTAyMjA5
LzEvaVdxQ3B5WHRJcnRHaEhybGFKRWdlTjRsd1FnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBwdygMA0G
CSqGSIb3DQEBCwUAA4IBAQDFeG0LAruZy67drrQCi/htW36qCZXuqI22pTaTpnEi
u9fADGa4NcpnaKEiAnzFCyEDGJz/VLYZ41NQsp3BDGjaUL0nFDCiBUqNzmqehKhj
UNzYsFojbLFKGB5jRtoEJthpFw1vmzHXgdPPR5a3YN/sQ2qkuUceJ3Rmzi5c003v
y7CrKKtdDmT8R++Xmf7cwJ97ocDUtCCcBIA5efsUikE1eGO7AfloXFhCUP8L6rKX
rhNYDfI/PghXccjbVBNyBOyP0Fv3ssOdbN4RqosDmwRpJYTFIxmTZe/nZES6lkSS
s0DC4lE245vMzn9Y+DpaSDxkCobOsINQpLr9pSAFiLIJ
-----END CERTIFICATE-----