Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/YrKYk7I6vE-csMWooaZM6NHB8BQ.roa
File:                     YrKYk7I6vE-csMWooaZM6NHB8BQ.roa (raw, json)
Hash identifier:          DGcItu+t1LfBz2hIuLIG2raDTGGDZoaJ5stlNvHsdUs=
Subject key identifier:   62:B2:98:93:B2:3A:BC:4F:9C:B0:C5:A8:A1:A6:4C:E8:D1:C1:F0:14
Certificate issuer:       /CN=c11909548695f18c04cb895e2aceeb1103e03e12
Certificate serial:       0194266C14185F651A05CB044A8214ED6FA0
Authority key identifier: C1:19:09:54:86:95:F1:8C:04:CB:89:5E:2A:CE:EB:11:03:E0:3E:12
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/wRkJVIaV8YwEy4leKs7rEQPgPhI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/YrKYk7I6vE-csMWooaZM6NHB8BQ.roa
Signing time:             Thu 02 Jan 2025 09:50:04 +0000
ROA not before:           Thu 02 Jan 2025 09:50:04 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     207515
IP address blocks:        84.252.106.0/24 maxlen: 24
                          2a10:1100::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/wRkJVIaV8YwEy4leKs7rEQPgPhI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/wRkJVIaV8YwEy4leKs7rEQPgPhI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/wRkJVIaV8YwEy4leKs7rEQPgPhI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 11 Apr 2025 21:50:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:14:18:5f:65:1a:05:cb:04:4a:82:14:ed:6f:a0
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c11909548695f18c04cb895e2aceeb1103e03e12
        Validity
            Not Before: Jan  2 09:50:04 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=62b29893b23abc4f9cb0c5a8a1a64ce8d1c1f014
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:fb:14:b5:7e:10:04:6f:a3:a5:a2:27:dc:13:
                    17:25:e6:20:38:d5:94:d5:2d:6d:1b:05:4f:c6:ad:
                    71:c0:9d:bc:c0:d6:64:eb:92:4c:de:05:08:07:e9:
                    6b:52:36:0b:5c:ce:35:64:a2:c8:0a:91:75:1f:09:
                    98:08:a7:c2:50:ae:56:dc:23:f5:84:dc:36:b1:74:
                    0d:ec:51:df:4f:23:4c:ed:65:1a:b1:c6:25:e8:b1:
                    05:d4:88:eb:73:9c:e0:65:6f:86:94:2a:de:2b:63:
                    82:24:0c:27:fb:5f:b9:ee:6f:e5:18:b0:3f:66:b5:
                    53:02:b8:b3:4a:57:55:9d:ec:3a:93:c4:bf:d3:70:
                    71:63:ef:6a:ad:f4:0d:ed:1d:4b:ab:7f:3f:6e:08:
                    dc:48:70:99:56:98:5c:6b:2d:c0:65:44:14:26:da:
                    f3:63:36:45:75:d9:3b:10:2a:9e:6e:02:ea:60:ae:
                    fb:8e:b8:ef:4e:9e:21:9f:0b:16:b3:f5:5f:fb:82:
                    f3:4d:d3:0d:6f:a6:51:64:5d:18:8f:8a:b6:2e:74:
                    8c:75:cf:8f:09:85:eb:41:6a:ab:b2:4a:4d:e3:e1:
                    d5:f9:64:ff:fc:cc:fa:ab:e3:20:80:74:3d:67:06:
                    7c:61:b3:c3:34:33:c4:78:e3:00:d3:5d:1c:f9:a4:
                    0c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:B2:98:93:B2:3A:BC:4F:9C:B0:C5:A8:A1:A6:4C:E8:D1:C1:F0:14
            X509v3 Authority Key Identifier:
                keyid:C1:19:09:54:86:95:F1:8C:04:CB:89:5E:2A:CE:EB:11:03:E0:3E:12

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/wRkJVIaV8YwEy4leKs7rEQPgPhI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/YrKYk7I6vE-csMWooaZM6NHB8BQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/58/3b33e7-30b4-4149-9045-a0564c9d6fde/1/wRkJVIaV8YwEy4leKs7rEQPgPhI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  84.252.106.0/24
                IPv6:
                  2a10:1100::/29

    Signature Algorithm: sha256WithRSAEncryption
         5d:52:87:08:0e:76:ca:63:c2:90:14:c6:8c:1f:a7:7f:12:84:
         79:70:67:90:80:a4:33:e8:3a:3b:74:ac:ef:e3:f7:52:75:43:
         fd:c0:96:70:8d:ab:71:68:27:e3:6b:93:ed:5d:3d:9b:73:a0:
         ba:42:ce:5a:5f:1b:4d:69:e2:3c:e7:36:d4:23:d6:24:21:e2:
         01:41:e4:64:81:58:cb:d1:97:19:19:dd:34:a6:63:61:e0:ba:
         be:45:80:b5:bc:fc:5d:a8:4d:6f:98:31:95:ac:b8:fc:37:e8:
         c1:f3:57:3f:f9:15:a9:39:09:ad:5a:c6:22:5c:84:09:1f:08:
         eb:1e:15:7c:b8:5c:7c:0f:4b:42:c0:63:4d:c9:6a:12:24:52:
         ba:b3:7e:9e:5a:a4:75:a7:f0:bd:c5:85:8c:3a:e2:76:b6:2f:
         ef:a7:23:cc:df:95:af:f4:1c:43:25:dd:8a:66:44:90:5a:97:
         51:2b:1d:92:f5:78:33:50:99:47:2f:c0:5e:1e:a4:db:b5:16:
         09:50:25:dd:92:bb:cc:54:a8:d6:4e:b9:8c:ce:e7:f0:d7:68:
         6f:f4:8b:48:54:e3:13:a9:3b:9c:2a:09:2d:fc:b4:69:49:81:
         8a:bc:3b:ed:7b:b1:a9:19:b1:d4:21:75:79:37:b2:d7:e2:fd:
         49:40:60:8e
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQmbBQYX2UaBcsESoIU7W+gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMxMTkwOTU0ODY5NWYxOGMwNGNiODk1ZTJhY2VlYjExMDNl
MDNlMTIwHhcNMjUwMTAyMDk1MDA0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MmIyOTg5M2IyM2FiYzRmOWNiMGM1YThhMWE2NGNlOGQxYzFmMDE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp/sUtX4QBG+jpaIn3BMXJeYgONWU
1S1tGwVPxq1xwJ28wNZk65JM3gUIB+lrUjYLXM41ZKLICpF1HwmYCKfCUK5W3CP1
hNw2sXQN7FHfTyNM7WUascYl6LEF1Ijrc5zgZW+GlCreK2OCJAwn+1+57m/lGLA/
ZrVTArizSldVnew6k8S/03BxY+9qrfQN7R1Lq38/bgjcSHCZVphcay3AZUQUJtrz
YzZFddk7ECqebgLqYK77jrjvTp4hnwsWs/Vf+4LzTdMNb6ZRZF0Yj4q2LnSMdc+P
CYXrQWqrskpN4+HV+WT//Mz6q+MggHQ9ZwZ8YbPDNDPEeOMA010c+aQM7QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGKymJOyOrxPnLDFqKGmTOjRwfAUMB8GA1UdIwQY
MBaAFMEZCVSGlfGMBMuJXirO6xED4D4SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvd1JrSlZJYVY4WXdFeTRsZUtzN3JFUVBnUGhJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OC8zYjMzZTctMzBiNC00MTQ5LTkwNDUt
YTA1NjRjOWQ2ZmRlLzEvWXJLWWs3STZ2RS1jc01Xb29hWk02TkhCOEJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OC8zYjMzZTctMzBiNC00MTQ5LTkwNDUtYTA1NjRjOWQ2ZmRl
LzEvd1JrSlZJYVY4WXdFeTRsZUtzN3JFUVBnUGhJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAVPxqMA0E
AgACMAcDBQMqEBEAMA0GCSqGSIb3DQEBCwUAA4IBAQBdUocIDnbKY8KQFMaMH6d/
EoR5cGeQgKQz6Do7dKzv4/dSdUP9wJZwjatxaCfja5PtXT2bc6C6Qs5aXxtNaeI8
5zbUI9YkIeIBQeRkgVjL0ZcZGd00pmNh4Lq+RYC1vPxdqE1vmDGVrLj8N+jB81c/
+RWpOQmtWsYiXIQJHwjrHhV8uFx8D0tCwGNNyWoSJFK6s36eWqR1p/C9xYWMOuJ2
ti/vpyPM35Wv9BxDJd2KZkSQWpdRKx2S9XgzUJlHL8BeHqTbtRYJUCXdkrvMVKjW
TrmMzufw12hv9ItIVOMTqTucKgkt/LRpSYGKvDvte7GpGbHUIXV5N7LX4v1JQGCO
-----END CERTIFICATE-----