Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/cbc50e-faef-43ec-bdba-fda470c61e09/1/nYyst-VXzn3xSdM3Fb9jRPKd5O0.roa
File:                     nYyst-VXzn3xSdM3Fb9jRPKd5O0.roa (raw, json)
Hash identifier:          utz/hKliLWf+w0YBiWTvZl5n+Jt5jKsuYbG8pQFD4oQ=
Subject key identifier:   9D:8C:AC:B7:E5:57:CE:7D:F1:49:D3:37:15:BF:63:44:F2:9D:E4:ED
Certificate issuer:       /CN=b312db95dfc3b31395e0ecb5ff26212d798de834
Certificate serial:       019427479F718F4B720445B45A232B73F546
Authority key identifier: B3:12:DB:95:DF:C3:B3:13:95:E0:EC:B5:FF:26:21:2D:79:8D:E8:34
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/sxLbld_DsxOV4Oy1_yYhLXmN6DQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/49/cbc50e-faef-43ec-bdba-fda470c61e09/1/nYyst-VXzn3xSdM3Fb9jRPKd5O0.roa
Signing time:             Thu 02 Jan 2025 13:49:52 +0000
ROA not before:           Thu 02 Jan 2025 13:49:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42910
IP address blocks:        185.51.20.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/49/cbc50e-faef-43ec-bdba-fda470c61e09/1/sxLbld_DsxOV4Oy1_yYhLXmN6DQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/49/cbc50e-faef-43ec-bdba-fda470c61e09/1/sxLbld_DsxOV4Oy1_yYhLXmN6DQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/sxLbld_DsxOV4Oy1_yYhLXmN6DQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:9f:71:8f:4b:72:04:45:b4:5a:23:2b:73:f5:46
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b312db95dfc3b31395e0ecb5ff26212d798de834
        Validity
            Not Before: Jan  2 13:49:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=9d8cacb7e557ce7df149d33715bf6344f29de4ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:0d:e2:9b:ea:8e:11:57:76:1e:d4:fc:8b:99:
                    75:f2:c8:5f:68:46:03:3b:e7:9e:14:b2:57:d0:eb:
                    61:a8:ad:b4:89:77:9f:4c:26:e6:0d:e0:a4:a5:6a:
                    5f:ad:2c:9d:cc:fd:6f:f0:4d:0c:52:1b:f4:0e:11:
                    9c:28:46:cc:c9:95:e4:da:3c:33:5b:c3:ca:42:d3:
                    3f:d6:6f:9f:22:34:2a:e5:66:ed:ad:e9:da:5b:01:
                    db:f0:77:b6:df:59:6b:3a:3f:7c:ab:97:28:c6:6f:
                    98:db:93:15:8f:fb:e9:b5:97:60:b1:da:c9:1b:63:
                    3c:a4:39:5e:9a:de:8d:97:1c:a8:5c:99:ea:74:39:
                    02:13:5f:6f:e4:be:95:bd:80:de:11:67:79:7f:b4:
                    6a:68:14:63:70:60:22:c2:db:c2:30:c0:5f:ff:e0:
                    2f:5b:cb:49:96:ca:5f:1a:13:b7:55:04:6e:81:b2:
                    56:cd:ed:df:2f:f3:ce:e6:77:04:33:f4:80:4b:3e:
                    57:3d:4c:03:90:af:b0:00:46:b8:be:54:b8:9f:31:
                    63:08:6e:32:d8:ef:d2:9a:99:c7:7d:5f:aa:fd:5b:
                    10:98:a6:b1:8b:05:90:c8:01:b9:15:e6:c1:d4:24:
                    e0:0b:44:ff:11:65:dc:80:85:89:a7:23:72:0b:c4:
                    17:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:8C:AC:B7:E5:57:CE:7D:F1:49:D3:37:15:BF:63:44:F2:9D:E4:ED
            X509v3 Authority Key Identifier:
                keyid:B3:12:DB:95:DF:C3:B3:13:95:E0:EC:B5:FF:26:21:2D:79:8D:E8:34

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sxLbld_DsxOV4Oy1_yYhLXmN6DQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/cbc50e-faef-43ec-bdba-fda470c61e09/1/nYyst-VXzn3xSdM3Fb9jRPKd5O0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/49/cbc50e-faef-43ec-bdba-fda470c61e09/1/sxLbld_DsxOV4Oy1_yYhLXmN6DQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.51.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:79:34:c0:c5:b5:bc:3e:e5:95:f2:47:1a:84:dc:54:58:6b:
         09:b7:c3:e0:5c:9c:c8:02:a4:d5:38:28:e2:9f:5c:79:70:44:
         01:eb:41:49:c0:e1:99:6e:18:9e:8a:92:7e:07:d7:e3:0f:6b:
         c1:eb:6e:c5:cc:9b:47:bd:67:34:52:b8:5a:76:c7:89:33:25:
         eb:dd:d1:2d:5d:26:6a:67:bb:84:0f:97:29:bf:ab:49:4d:51:
         94:b9:96:c2:0e:24:ff:f5:0e:4a:e2:d5:12:42:bb:01:24:cc:
         74:18:86:dc:13:38:f1:d7:3a:be:91:36:d3:bc:52:78:bf:ea:
         8b:6d:28:5d:fc:2c:2d:17:23:2c:be:78:14:32:bd:49:ee:c3:
         e0:4b:5e:96:f0:52:38:e8:b6:9d:68:50:dc:e5:3b:8f:da:25:
         12:87:0a:64:49:17:f0:14:9e:2b:d5:4d:8c:ad:0d:59:ec:f6:
         ad:eb:4e:93:94:da:21:89:0f:33:a8:e7:06:b4:30:df:09:0a:
         30:a7:a7:0c:c4:8b:f0:14:7d:a5:85:68:c2:28:95:4e:3a:cf:
         f4:57:ba:74:a6:83:eb:71:06:44:63:09:83:e6:43:2c:81:38:
         0f:ae:0c:41:c3:e6:a3:36:93:49:db:30:6b:a8:69:be:9b:74:
         63:da:c1:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR59xj0tyBEW0WiMrc/VGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMTJkYjk1ZGZjM2IzMTM5NWUwZWNiNWZmMjYyMTJkNzk4
ZGU4MzQwHhcNMjUwMTAyMTM0OTUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDhjYWNiN2U1NTdjZTdkZjE0OWQzMzcxNWJmNjM0NGYyOWRlNGVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApw3im+qOEVd2HtT8i5l18shfaEYD
O+eeFLJX0OthqK20iXefTCbmDeCkpWpfrSydzP1v8E0MUhv0DhGcKEbMyZXk2jwz
W8PKQtM/1m+fIjQq5WbtrenaWwHb8He231lrOj98q5coxm+Y25MVj/vptZdgsdrJ
G2M8pDlemt6NlxyoXJnqdDkCE19v5L6VvYDeEWd5f7RqaBRjcGAiwtvCMMBf/+Av
W8tJlspfGhO3VQRugbJWze3fL/PO5ncEM/SASz5XPUwDkK+wAEa4vlS4nzFjCG4y
2O/SmpnHfV+q/VsQmKaxiwWQyAG5FebB1CTgC0T/EWXcgIWJpyNyC8QX3wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFJ2MrLflV8598UnTNxW/Y0TyneTtMB8GA1UdIwQY
MBaAFLMS25Xfw7MTleDstf8mIS15jeg0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3hMYmxkX0RzeE9WNE95MV95WWhMWG1ONkRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80OS9jYmM1MGUtZmFlZi00M2VjLWJkYmEt
ZmRhNDcwYzYxZTA5LzEvbll5c3QtVlh6bjN4U2RNM0ZiOWpSUEtkNU8wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80OS9jYmM1MGUtZmFlZi00M2VjLWJkYmEtZmRhNDcwYzYxZTA5
LzEvc3hMYmxkX0RzeE9WNE95MV95WWhMWG1ONkRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuTMUMA0G
CSqGSIb3DQEBCwUAA4IBAQCTeTTAxbW8PuWV8kcahNxUWGsJt8PgXJzIAqTVOCji
n1x5cEQB60FJwOGZbhieipJ+B9fjD2vB627FzJtHvWc0UrhadseJMyXr3dEtXSZq
Z7uED5cpv6tJTVGUuZbCDiT/9Q5K4tUSQrsBJMx0GIbcEzjx1zq+kTbTvFJ4v+qL
bShd/CwtFyMsvngUMr1J7sPgS16W8FI46LadaFDc5TuP2iUShwpkSRfwFJ4r1U2M
rQ1Z7Pat606TlNohiQ8zqOcGtDDfCQowp6cMxIvwFH2lhWjCKJVOOs/0V7p0poPr
cQZEYwmD5kMsgTgPrgxBw+ajNpNJ2zBrqGm+m3Rj2sGI
-----END CERTIFICATE-----