Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/48/847ee0-ba2a-4fd2-89d7-87fe2e54ba79/1/1-4YCAM0PPWpbsIo98h9fkDFWnfg.roa
File:                     1-4YCAM0PPWpbsIo98h9fkDFWnfg.roa (raw, json)
Hash identifier:          3vMBuIr7SB4QB0M6+bNSVLgKbzy+afGhB2NFcCi6J/M=
Subject key identifier:   FB:86:02:00:CD:0F:3D:6A:5B:B0:8A:3D:F2:1F:5F:90:31:56:9D:F8
Certificate issuer:       /CN=60077f22c6428bc889b365b006cb5248d4bf61cf
Certificate serial:       019421B242F68C7FAD48A08B25A9066A3B68
Authority key identifier: 60:07:7F:22:C6:42:8B:C8:89:B3:65:B0:06:CB:52:48:D4:BF:61:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YAd_IsZCi8iJs2WwBstSSNS_Yc8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/48/847ee0-ba2a-4fd2-89d7-87fe2e54ba79/1/1-4YCAM0PPWpbsIo98h9fkDFWnfg.roa
Signing time:             Wed 01 Jan 2025 11:48:38 +0000
ROA not before:           Wed 01 Jan 2025 11:48:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41202
IP address blocks:        95.214.208.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/48/847ee0-ba2a-4fd2-89d7-87fe2e54ba79/1/YAd_IsZCi8iJs2WwBstSSNS_Yc8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/48/847ee0-ba2a-4fd2-89d7-87fe2e54ba79/1/YAd_IsZCi8iJs2WwBstSSNS_Yc8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YAd_IsZCi8iJs2WwBstSSNS_Yc8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:42:f6:8c:7f:ad:48:a0:8b:25:a9:06:6a:3b:68
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=60077f22c6428bc889b365b006cb5248d4bf61cf
        Validity
            Not Before: Jan  1 11:48:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=fb860200cd0f3d6a5bb08a3df21f5f9031569df8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:da:98:54:cd:ed:ed:af:c4:91:fa:c6:20:fa:
                    7e:05:34:39:90:d6:65:d4:32:c5:da:34:3c:02:c4:
                    20:70:36:02:98:d0:39:50:db:41:ec:89:f9:42:c8:
                    fd:30:24:b2:94:ea:f3:c9:13:a6:b9:26:25:f7:60:
                    2e:eb:f8:b1:ee:7e:1a:ba:36:3f:5e:b8:9a:39:de:
                    a7:99:a5:f8:5f:17:cf:ee:c0:55:c7:c0:d3:33:74:
                    bc:e5:b1:0d:db:73:78:3c:54:81:72:cc:91:79:f4:
                    4f:88:e1:c6:95:db:8a:86:3b:1a:d8:ac:8e:f6:48:
                    00:41:4b:63:25:67:65:2a:d9:af:17:48:17:89:29:
                    72:f0:4d:75:96:f2:66:17:e0:11:2f:7f:36:f9:b7:
                    be:72:ec:3d:2c:b2:a8:1a:a0:eb:26:26:09:64:65:
                    12:bb:8d:ce:c2:05:10:22:27:93:7f:a4:f2:72:de:
                    fb:60:1a:6e:95:74:5f:b7:06:13:a0:11:db:6b:ad:
                    14:ea:b6:95:53:8c:1e:57:b8:65:cc:d2:98:cf:ab:
                    fe:cb:2b:1d:e3:ac:69:f4:61:5d:a1:ee:49:98:ab:
                    ad:61:78:9f:69:70:0c:df:06:23:2e:a1:aa:92:f8:
                    de:18:d1:af:4e:b7:dc:0e:3f:81:ff:9c:33:d2:ff:
                    0f:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:86:02:00:CD:0F:3D:6A:5B:B0:8A:3D:F2:1F:5F:90:31:56:9D:F8
            X509v3 Authority Key Identifier:
                keyid:60:07:7F:22:C6:42:8B:C8:89:B3:65:B0:06:CB:52:48:D4:BF:61:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YAd_IsZCi8iJs2WwBstSSNS_Yc8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/48/847ee0-ba2a-4fd2-89d7-87fe2e54ba79/1/1-4YCAM0PPWpbsIo98h9fkDFWnfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/48/847ee0-ba2a-4fd2-89d7-87fe2e54ba79/1/YAd_IsZCi8iJs2WwBstSSNS_Yc8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  95.214.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         91:c1:97:67:f6:13:67:2d:2d:b0:95:b8:86:25:0e:99:3f:9e:
         cf:54:c0:f9:76:e0:29:9b:0b:2e:6d:5e:52:fa:7d:dd:72:bc:
         63:14:e3:b2:b5:bf:d0:d7:c7:ba:7f:0a:26:b3:81:19:ea:72:
         83:be:2e:1e:62:39:27:59:fd:35:93:8b:7c:7b:cc:63:92:28:
         cc:7d:65:79:31:84:bc:05:97:38:34:05:5d:25:bb:58:cd:0e:
         94:68:74:31:a4:94:d3:0a:69:f2:8f:41:b6:da:5d:fd:c9:a6:
         c6:ba:c8:53:bf:56:a7:a0:f1:d4:77:39:34:3a:c6:9a:ed:fc:
         30:40:63:29:07:58:72:88:83:c6:97:ff:6a:52:cd:2f:ea:e1:
         c1:fe:ae:cb:76:2d:46:2f:78:ad:48:c1:b7:17:bf:4a:df:a5:
         80:00:6e:fa:c0:0a:fc:fd:53:89:8a:34:64:67:a3:e2:64:81:
         11:a0:01:1f:7a:3c:e9:7e:83:b1:4e:e9:b2:42:93:1e:f0:27:
         50:b9:e2:d2:4f:4f:e4:56:d4:03:b6:12:20:b6:2e:80:06:7b:
         6d:a0:9d:d7:a5:42:89:17:e0:ad:24:1e:1b:06:ea:a8:f9:69:
         cd:57:e9:7e:8a:61:15:b3:ed:32:2a:c3:25:c6:7e:71:61:3a:
         ae:ca:14:77
-----BEGIN CERTIFICATE-----
MIIE/jCCA+agAwIBAgISAZQhskL2jH+tSKCLJakGajtoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYwMDc3ZjIyYzY0MjhiYzg4OWIzNjViMDA2Y2I1MjQ4ZDRi
ZjYxY2YwHhcNMjUwMTAxMTE0ODM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjg2MDIwMGNkMGYzZDZhNWJiMDhhM2RmMjFmNWY5MDMxNTY5ZGY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0dqYVM3t7a/EkfrGIPp+BTQ5kNZl
1DLF2jQ8AsQgcDYCmNA5UNtB7In5Qsj9MCSylOrzyROmuSYl92Au6/ix7n4aujY/
XriaOd6nmaX4XxfP7sBVx8DTM3S85bEN23N4PFSBcsyRefRPiOHGlduKhjsa2KyO
9kgAQUtjJWdlKtmvF0gXiSly8E11lvJmF+ARL382+be+cuw9LLKoGqDrJiYJZGUS
u43OwgUQIieTf6Tyct77YBpulXRftwYToBHba60U6raVU4weV7hlzNKYz6v+yysd
46xp9GFdoe5JmKutYXifaXAM3wYjLqGqkvjeGNGvTrfcDj+B/5wz0v8P+QIDAQAB
o4ICCjCCAgYwHQYDVR0OBBYEFPuGAgDNDz1qW7CKPfIfX5AxVp34MB8GA1UdIwQY
MBaAFGAHfyLGQovIibNlsAbLUkjUv2HPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWUFkX0lzWkNpOGlKczJXd0JzdFNTTlNfWWM4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OC84NDdlZTAtYmEyYS00ZmQyLTg5ZDct
ODdmZTJlNTRiYTc5LzEvMS00WUNBTTBQUFdwYnNJbzk4aDlma0RGV25mZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNDgvODQ3ZWUwLWJhMmEtNGZkMi04OWQ3LTg3ZmUyZTU0YmE3
OS8xL1lBZF9Jc1pDaThpSnMyV3dCc3RTU05TX1ljOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAfBggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAl/W0DAN
BgkqhkiG9w0BAQsFAAOCAQEAkcGXZ/YTZy0tsJW4hiUOmT+ez1TA+XbgKZsLLm1e
Uvp93XK8YxTjsrW/0NfHun8KJrOBGepyg74uHmI5J1n9NZOLfHvMY5IozH1leTGE
vAWXODQFXSW7WM0OlGh0MaSU0wpp8o9Bttpd/cmmxrrIU79Wp6Dx1Hc5NDrGmu38
MEBjKQdYcoiDxpf/alLNL+rhwf6uy3YtRi94rUjBtxe/St+lgABu+sAK/P1TiYo0
ZGej4mSBEaABH3o86X6DsU7pskKTHvAnULni0k9P5FbUA7YSILYugAZ7baCd16VC
iRfgrSQeGwbqqPlpzVfpfophFbPtMirDJcZ+cWE6rsoUdw==
-----END CERTIFICATE-----