Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/59/7def13-c4cd-46a6-825f-42ea5514e722/1/1ylHoCjP82H2cRlJcKOWxCiIA9s.roa
File:                     1ylHoCjP82H2cRlJcKOWxCiIA9s.roa (raw, json)
Hash identifier:          c062Fjrkbud1S9wrUUG9+yQLXJvgcVhnwrbsUatXzgg=
Subject key identifier:   D7:29:47:A0:28:CF:F3:61:F6:71:19:49:70:A3:96:C4:28:88:03:DB
Certificate issuer:       /CN=c556bccbdc9f2e4badc0a057ea08f7c748188b1f
Certificate serial:       01942747BF88BE41E6F25630056AC0F9B012
Authority key identifier: C5:56:BC:CB:DC:9F:2E:4B:AD:C0:A0:57:EA:08:F7:C7:48:18:8B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xVa8y9yfLkutwKBX6gj3x0gYix8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/59/7def13-c4cd-46a6-825f-42ea5514e722/1/1ylHoCjP82H2cRlJcKOWxCiIA9s.roa
Signing time:             Thu 02 Jan 2025 13:50:00 +0000
ROA not before:           Thu 02 Jan 2025 13:50:00 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     212238
IP address blocks:        185.203.86.0/24 maxlen: 24
                          185.203.87.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/59/7def13-c4cd-46a6-825f-42ea5514e722/1/xVa8y9yfLkutwKBX6gj3x0gYix8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/59/7def13-c4cd-46a6-825f-42ea5514e722/1/xVa8y9yfLkutwKBX6gj3x0gYix8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xVa8y9yfLkutwKBX6gj3x0gYix8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 22:01:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:47:bf:88:be:41:e6:f2:56:30:05:6a:c0:f9:b0:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c556bccbdc9f2e4badc0a057ea08f7c748188b1f
        Validity
            Not Before: Jan  2 13:50:00 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d72947a028cff361f671194970a396c4288803db
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:9c:4a:14:1a:2b:5c:26:f8:77:96:7b:04:df:
                    66:61:c6:0a:c8:a1:d2:00:81:03:8b:3f:46:d7:33:
                    c8:80:17:f1:67:7b:79:2e:70:f1:56:27:04:73:39:
                    cd:14:6b:6a:90:25:7c:7a:ec:42:c1:53:88:56:67:
                    b9:ea:d2:c3:85:4d:85:47:80:71:32:ed:b2:14:41:
                    5b:ff:8e:86:9d:57:3f:95:6c:6e:40:69:eb:fb:1e:
                    a7:35:c4:f6:44:27:36:db:93:87:61:26:dd:eb:f9:
                    64:02:a8:c3:9f:2a:27:06:d2:c5:63:49:08:b8:b3:
                    30:0e:b6:0a:e5:bd:f0:7b:8e:ca:b6:1a:bc:b7:9d:
                    46:e3:c1:3b:bd:cc:23:ca:2f:6d:30:19:19:ca:05:
                    0f:6a:99:d0:11:de:ca:ca:13:05:1d:22:55:5b:af:
                    9c:0a:e5:85:a2:3e:57:f6:03:a9:4f:c0:8d:5d:68:
                    f5:2f:b2:6a:cb:93:d3:d3:4b:10:76:f3:31:c6:69:
                    9f:47:3f:08:87:0a:f4:75:e7:27:7b:de:47:06:a4:
                    90:8b:66:f6:8b:3c:20:86:60:7f:38:76:91:ad:e3:
                    76:3c:2a:66:90:92:9d:15:87:84:41:be:4b:af:46:
                    cd:87:38:b2:05:6e:2c:45:22:45:75:d4:7e:60:e2:
                    fb:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:29:47:A0:28:CF:F3:61:F6:71:19:49:70:A3:96:C4:28:88:03:DB
            X509v3 Authority Key Identifier:
                keyid:C5:56:BC:CB:DC:9F:2E:4B:AD:C0:A0:57:EA:08:F7:C7:48:18:8B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xVa8y9yfLkutwKBX6gj3x0gYix8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/59/7def13-c4cd-46a6-825f-42ea5514e722/1/1ylHoCjP82H2cRlJcKOWxCiIA9s.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/59/7def13-c4cd-46a6-825f-42ea5514e722/1/xVa8y9yfLkutwKBX6gj3x0gYix8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.86.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:aa:85:d1:66:67:e3:b8:37:24:6d:11:82:47:96:b1:8d:af:
         97:20:7c:b5:4c:48:f4:12:01:92:69:0d:16:17:32:37:6a:0b:
         38:34:36:b8:ed:85:a9:72:b8:d0:4d:bb:56:63:0d:e1:32:9f:
         85:55:14:d0:8e:5b:01:1a:9d:5a:fe:9e:38:fc:39:05:c3:b4:
         db:b9:b4:c3:23:c2:49:1f:26:b0:2a:20:46:15:ca:fb:46:9a:
         58:a3:f3:e6:4b:69:b3:91:cd:4c:88:82:47:f4:9a:59:65:da:
         e0:29:46:2a:53:ed:44:5d:06:8c:69:ea:3e:30:5d:30:58:9c:
         57:0d:e8:c0:ab:4f:c9:18:96:fa:c7:f4:7f:52:e3:37:83:84:
         80:f2:e2:82:af:35:da:dc:17:34:75:a8:d3:75:24:b3:75:fa:
         f7:dc:88:43:24:d0:34:0c:21:a4:85:7a:d7:41:4a:f6:a0:83:
         02:9e:c9:6b:b4:90:56:d3:83:d4:54:6d:68:65:d1:61:15:9f:
         fc:f7:af:79:0e:b2:bc:bb:1d:89:5a:07:d6:fc:48:3f:5e:33:
         ff:f1:7b:09:bc:0d:59:dc:a2:c2:9f:55:74:e9:f0:05:2a:05:
         23:29:fb:6d:f0:f9:31:d7:b4:0a:67:ff:18:7e:d2:8b:7a:da:
         f2:bf:fa:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQnR7+IvkHm8lYwBWrA+bASMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1NTZiY2NiZGM5ZjJlNGJhZGMwYTA1N2VhMDhmN2M3NDgx
ODhiMWYwHhcNMjUwMTAyMTM1MDAwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzI5NDdhMDI4Y2ZmMzYxZjY3MTE5NDk3MGEzOTZjNDI4ODgwM2RiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAppxKFBorXCb4d5Z7BN9mYcYKyKHS
AIEDiz9G1zPIgBfxZ3t5LnDxVicEcznNFGtqkCV8euxCwVOIVme56tLDhU2FR4Bx
Mu2yFEFb/46GnVc/lWxuQGnr+x6nNcT2RCc225OHYSbd6/lkAqjDnyonBtLFY0kI
uLMwDrYK5b3we47Kthq8t51G48E7vcwjyi9tMBkZygUPapnQEd7KyhMFHSJVW6+c
CuWFoj5X9gOpT8CNXWj1L7Jqy5PT00sQdvMxxmmfRz8Ihwr0decne95HBqSQi2b2
izwghmB/OHaRreN2PCpmkJKdFYeEQb5Lr0bNhziyBW4sRSJFddR+YOL7VwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNcpR6Aoz/Nh9nEZSXCjlsQoiAPbMB8GA1UdIwQY
MBaAFMVWvMvcny5LrcCgV+oI98dIGIsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFZhOHk5eWZMa3V0d0tCWDZnajN4MGdZaXg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81OS83ZGVmMTMtYzRjZC00NmE2LTgyNWYt
NDJlYTU1MTRlNzIyLzEvMXlsSG9DalA4MkgyY1JsSmNLT1d4Q2lJQTlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81OS83ZGVmMTMtYzRjZC00NmE2LTgyNWYtNDJlYTU1MTRlNzIy
LzEveFZhOHk5eWZMa3V0d0tCWDZnajN4MGdZaXg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuctWMA0G
CSqGSIb3DQEBCwUAA4IBAQCZqoXRZmfjuDckbRGCR5axja+XIHy1TEj0EgGSaQ0W
FzI3ags4NDa47YWpcrjQTbtWYw3hMp+FVRTQjlsBGp1a/p44/DkFw7TbubTDI8JJ
HyawKiBGFcr7RppYo/PmS2mzkc1MiIJH9JpZZdrgKUYqU+1EXQaMaeo+MF0wWJxX
DejAq0/JGJb6x/R/UuM3g4SA8uKCrzXa3Bc0dajTdSSzdfr33IhDJNA0DCGkhXrX
QUr2oIMCnslrtJBW04PUVG1oZdFhFZ/89695DrK8ux2JWgfW/Eg/XjP/8XsJvA1Z
3KLCn1V06fAFKgUjKftt8Pkx17QKZ/8YftKLetryv/qn
-----END CERTIFICATE-----