Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f1b74c-16ac-4831-b6c5-f1c6bf1e4ba7/1/y-sAhGmLXsrvtyzcs-P1Krv1IEM.roa
File:                     y-sAhGmLXsrvtyzcs-P1Krv1IEM.roa (raw, json)
Hash identifier:          gakkTLCDHgMStUPcUteFn+9iMHkMulhBY1VQp5Kocag=
Subject key identifier:   CB:EB:00:84:69:8B:5E:CA:EF:B7:2C:DC:B3:E3:F5:2A:BB:F5:20:43
Certificate issuer:       /CN=3c1f14d37fbdc87ae7c9c7b9153eaea5d4c5549b
Certificate serial:       019426D9561CCFD8D2679C8E18B3FA6093C8
Authority key identifier: 3C:1F:14:D3:7F:BD:C8:7A:E7:C9:C7:B9:15:3E:AE:A5:D4:C5:54:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PB8U03-9yHrnyce5FT6updTFVJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/f1b74c-16ac-4831-b6c5-f1c6bf1e4ba7/1/y-sAhGmLXsrvtyzcs-P1Krv1IEM.roa
Signing time:             Thu 02 Jan 2025 11:49:25 +0000
ROA not before:           Thu 02 Jan 2025 11:49:25 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     215272
IP address blocks:        45.128.205.0/24 maxlen: 24
                          185.251.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/51/f1b74c-16ac-4831-b6c5-f1c6bf1e4ba7/1/PB8U03-9yHrnyce5FT6updTFVJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/51/f1b74c-16ac-4831-b6c5-f1c6bf1e4ba7/1/PB8U03-9yHrnyce5FT6updTFVJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PB8U03-9yHrnyce5FT6updTFVJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 16:01:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:56:1c:cf:d8:d2:67:9c:8e:18:b3:fa:60:93:c8
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3c1f14d37fbdc87ae7c9c7b9153eaea5d4c5549b
        Validity
            Not Before: Jan  2 11:49:25 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cbeb0084698b5ecaefb72cdcb3e3f52abbf52043
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:1b:b2:6e:67:b7:b6:95:c5:4b:11:ca:3a:4c:
                    76:75:df:36:1f:ac:2f:ac:ac:4e:97:f8:07:78:00:
                    7b:ae:7f:95:fe:cb:26:1c:d5:8c:17:79:ac:d3:f5:
                    fd:f9:2e:dc:28:f9:16:fd:80:8d:8c:6b:16:30:f9:
                    68:76:ed:57:e1:d1:fd:71:49:2d:2c:2f:84:8f:2e:
                    60:0a:e8:21:96:19:74:f2:43:b4:b0:df:a6:72:80:
                    f2:48:0c:e4:54:7d:68:89:64:d5:7e:9b:3d:12:81:
                    05:20:6a:24:41:78:5f:63:68:e2:dd:05:58:26:69:
                    80:28:b2:d6:a9:36:f8:9d:a0:11:1a:b1:04:b6:cb:
                    c4:47:66:cd:67:e9:0b:60:6b:ed:61:be:83:2b:7b:
                    a9:5a:0a:87:a6:97:ac:8c:b8:94:fb:c5:ef:51:2c:
                    b3:3c:7a:5f:79:d3:cf:a5:42:c3:6c:a3:1b:de:9a:
                    da:f3:04:18:d3:74:b2:29:9c:01:7c:eb:3d:39:84:
                    a1:83:3d:17:23:8c:8b:ce:6c:66:5c:3d:12:2f:63:
                    af:e6:c1:9d:ed:0e:e0:4b:08:2f:46:9d:3f:a3:5c:
                    06:ea:16:b4:fc:32:a4:5b:cb:23:e0:81:fc:74:73:
                    e2:cc:7f:54:82:3d:f3:1e:1f:ea:21:69:92:c6:87:
                    9f:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:EB:00:84:69:8B:5E:CA:EF:B7:2C:DC:B3:E3:F5:2A:BB:F5:20:43
            X509v3 Authority Key Identifier:
                keyid:3C:1F:14:D3:7F:BD:C8:7A:E7:C9:C7:B9:15:3E:AE:A5:D4:C5:54:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PB8U03-9yHrnyce5FT6updTFVJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f1b74c-16ac-4831-b6c5-f1c6bf1e4ba7/1/y-sAhGmLXsrvtyzcs-P1Krv1IEM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f1b74c-16ac-4831-b6c5-f1c6bf1e4ba7/1/PB8U03-9yHrnyce5FT6updTFVJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.128.205.0/24
                  185.251.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:eb:b3:1c:10:d3:30:1b:1b:87:7c:91:4c:03:12:e9:61:a2:
         8f:65:88:5e:08:d4:39:f6:23:39:16:a5:93:9c:93:d3:b0:de:
         eb:7e:9a:51:1b:b8:e2:03:8e:08:cf:cc:16:0f:88:10:38:33:
         78:f6:17:98:81:a4:5d:df:ac:e3:0a:6a:6f:53:d8:d0:8c:6d:
         03:b1:5b:42:6d:81:64:9d:cd:cd:8f:8e:d6:da:c7:52:ea:e3:
         6e:df:f4:31:2b:30:61:0e:f1:be:11:64:b3:b0:8d:3b:3e:81:
         e5:ca:30:d5:92:7e:52:ad:81:8d:97:ad:89:93:b5:17:a5:40:
         a7:de:bf:1e:e7:d8:0d:f0:60:fd:35:ca:9a:a6:d3:51:a7:28:
         bc:ca:d8:b6:a1:41:54:36:2d:b4:11:34:3b:d9:ba:2e:9f:4d:
         86:47:0b:b7:15:cf:f8:6c:a9:a6:cc:50:90:d1:79:cc:30:ce:
         91:b6:96:f8:e7:38:7f:b9:c2:c5:40:2c:29:cd:60:cb:f2:b0:
         d1:7a:26:20:db:93:1c:5b:78:36:2a:84:c3:a6:0a:f0:15:41:
         24:78:a8:0b:9b:04:95:6c:a4:80:ea:84:4f:86:09:58:f3:89:
         4b:d1:32:fc:3a:12:a8:47:21:a2:0f:55:9c:8a:dd:93:43:c2:
         cf:35:9d:3f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQm2VYcz9jSZ5yOGLP6YJPIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjMWYxNGQzN2ZiZGM4N2FlN2M5YzdiOTE1M2VhZWE1ZDRj
NTU0OWIwHhcNMjUwMTAyMTE0OTI1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmViMDA4NDY5OGI1ZWNhZWZiNzJjZGNiM2UzZjUyYWJiZjUyMDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnxuybme3tpXFSxHKOkx2dd82H6wv
rKxOl/gHeAB7rn+V/ssmHNWMF3ms0/X9+S7cKPkW/YCNjGsWMPlodu1X4dH9cUkt
LC+Ejy5gCughlhl08kO0sN+mcoDySAzkVH1oiWTVfps9EoEFIGokQXhfY2ji3QVY
JmmAKLLWqTb4naARGrEEtsvER2bNZ+kLYGvtYb6DK3upWgqHppesjLiU+8XvUSyz
PHpfedPPpULDbKMb3pra8wQY03SyKZwBfOs9OYShgz0XI4yLzmxmXD0SL2Ov5sGd
7Q7gSwgvRp0/o1wG6ha0/DKkW8sj4IH8dHPizH9Ugj3zHh/qIWmSxoefcQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMvrAIRpi17K77cs3LPj9Sq79SBDMB8GA1UdIwQY
MBaAFDwfFNN/vch658nHuRU+rqXUxVSbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEI4VTAzLTl5SHJueWNlNUZUNnVwZFRGVkpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMWI3NGMtMTZhYy00ODMxLWI2YzUt
ZjFjNmJmMWU0YmE3LzEveS1zQWhHbUxYc3J2dHl6Y3MtUDFLcnYxSUVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMWI3NGMtMTZhYy00ODMxLWI2YzUtZjFjNmJmMWU0YmE3
LzEvUEI4VTAzLTl5SHJueWNlNUZUNnVwZFRGVkpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQALYDNAwQA
ufsmMA0GCSqGSIb3DQEBCwUAA4IBAQBG67McENMwGxuHfJFMAxLpYaKPZYheCNQ5
9iM5FqWTnJPTsN7rfppRG7jiA44Iz8wWD4gQODN49heYgaRd36zjCmpvU9jQjG0D
sVtCbYFknc3Nj47W2sdS6uNu3/QxKzBhDvG+EWSzsI07PoHlyjDVkn5SrYGNl62J
k7UXpUCn3r8e59gN8GD9NcqaptNRpyi8yti2oUFUNi20ETQ72boun02GRwu3Fc/4
bKmmzFCQ0XnMMM6Rtpb45zh/ucLFQCwpzWDL8rDReiYg25McW3g2KoTDpgrwFUEk
eKgLmwSVbKSA6oRPhglY84lL0TL8OhKoRyGiD1Wcit2TQ8LPNZ0/
-----END CERTIFICATE-----