Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/y_nsYj5ukmuGHg1FwnghygZPNtE.roa
File:                     y_nsYj5ukmuGHg1FwnghygZPNtE.roa (raw, json)
Hash identifier:          Z3btILynrnMXwAKpX0v9pTVp5I1JWRzLRy4WUkLzYaI=
Subject key identifier:   CB:F9:EC:62:3E:6E:92:6B:86:1E:0D:45:C2:78:21:CA:06:4F:36:D1
Certificate issuer:       /CN=21021b252222997bfe33b7e4b315ac8d5e067954
Certificate serial:       019424454698551928A41AE0FE14CE3D7736
Authority key identifier: 21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/y_nsYj5ukmuGHg1FwnghygZPNtE.roa
Signing time:             Wed 01 Jan 2025 23:48:27 +0000
ROA not before:           Wed 01 Jan 2025 23:48:27 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203061
IP address blocks:        185.145.216.0/22 maxlen: 22
                          193.84.183.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 04:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:24:45:46:98:55:19:28:a4:1a:e0:fe:14:ce:3d:77:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=21021b252222997bfe33b7e4b315ac8d5e067954
        Validity
            Not Before: Jan  1 23:48:27 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cbf9ec623e6e926b861e0d45c27821ca064f36d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:57:28:64:44:b5:53:55:78:bd:6a:29:9d:24:
                    32:c6:f6:d7:46:64:8f:62:1e:17:17:82:5e:bc:d1:
                    3f:d8:6a:30:48:55:fd:e5:75:c7:d0:f8:1d:08:ca:
                    a9:af:fa:f4:98:d1:77:96:7d:21:ca:5e:3d:e9:d4:
                    5d:f2:54:90:6c:10:39:24:0f:dc:86:b7:39:d9:03:
                    1c:72:72:eb:a7:94:7b:f0:48:7e:3f:89:ac:e8:82:
                    74:36:76:3d:69:fb:73:ec:1c:6c:62:ab:f4:46:36:
                    6a:90:88:ec:79:d8:1d:5b:53:74:75:23:64:6d:0e:
                    66:1d:29:b6:38:cc:f1:7c:ce:0f:cd:7e:06:44:08:
                    2f:22:98:5d:0d:17:14:c9:4b:dc:7f:d7:2e:fd:c6:
                    92:f4:68:3c:f3:3e:11:72:38:c6:8c:49:23:4f:76:
                    61:67:f0:41:ed:37:79:b7:be:d5:2d:c5:51:b1:5e:
                    c2:de:13:d1:fe:6d:db:b9:f5:7c:3c:19:62:dc:3f:
                    92:ef:b9:d7:c8:9f:8c:7a:ea:f3:0a:9c:ef:f4:bd:
                    80:88:e5:c9:d7:80:76:6f:fd:b1:ba:02:6d:53:b8:
                    a8:c4:38:1e:04:44:62:fd:a7:e7:b1:00:db:76:d8:
                    52:e5:ed:50:10:46:21:65:05:59:3e:52:1a:1c:b8:
                    39:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:F9:EC:62:3E:6E:92:6B:86:1E:0D:45:C2:78:21:CA:06:4F:36:D1
            X509v3 Authority Key Identifier:
                keyid:21:02:1B:25:22:22:99:7B:FE:33:B7:E4:B3:15:AC:8D:5E:06:79:54

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IQIbJSIimXv-M7fksxWsjV4GeVQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/y_nsYj5ukmuGHg1FwnghygZPNtE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5d/59294c-0f24-40c5-b5c3-6eac62e60df7/1/IQIbJSIimXv-M7fksxWsjV4GeVQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.145.216.0/22
                  193.84.183.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4a:4a:55:f1:0b:cd:e4:d1:af:48:22:f6:8a:bc:84:82:11:a7:
         46:29:89:d2:66:de:dd:27:c2:12:9e:04:c0:6f:d9:91:3b:ff:
         19:43:43:37:45:4a:5b:5b:1c:de:77:c6:82:18:60:1d:ee:b2:
         cb:59:4c:79:29:ed:59:8e:31:c7:58:13:1b:58:9c:47:ae:40:
         fc:cb:a4:7f:78:ea:62:ae:9d:6e:75:d0:5d:69:8f:21:63:54:
         b3:49:4d:be:15:7b:8c:50:02:96:0d:2f:22:6f:66:7f:a0:74:
         97:72:6e:0d:a6:99:18:d4:f9:4b:62:b3:5b:51:5c:b0:22:a4:
         83:03:6e:a5:f1:c2:c9:b2:68:c0:fd:8e:f8:f9:49:58:4f:9f:
         e4:42:50:53:17:8f:fd:01:0b:93:5a:6a:e0:85:8e:fa:5e:3a:
         cb:c6:ee:2d:10:28:dd:dd:b5:27:b1:96:91:be:c1:d8:29:a8:
         1b:e7:b2:86:b3:14:0e:d3:64:5e:b9:ea:34:1b:7f:c0:23:9f:
         ff:83:d6:df:16:a0:49:75:a0:34:29:e4:54:19:10:11:87:75:
         6d:df:92:b9:69:16:65:76:3b:26:92:9a:f8:5e:a6:72:86:09:
         82:60:44:53:bc:28:3a:ee:49:7e:83:1a:21:55:f4:24:52:4a:
         79:0d:37:a0
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQkRUaYVRkopBrg/hTOPXc2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIxMDIxYjI1MjIyMjk5N2JmZTMzYjdlNGIzMTVhYzhkNWUw
Njc5NTQwHhcNMjUwMTAxMjM0ODI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmY5ZWM2MjNlNmU5MjZiODYxZTBkNDVjMjc4MjFjYTA2NGYzNmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzlcoZES1U1V4vWopnSQyxvbXRmSP
Yh4XF4JevNE/2GowSFX95XXH0PgdCMqpr/r0mNF3ln0hyl496dRd8lSQbBA5JA/c
hrc52QMccnLrp5R78Eh+P4ms6IJ0NnY9aftz7BxsYqv0RjZqkIjsedgdW1N0dSNk
bQ5mHSm2OMzxfM4PzX4GRAgvIphdDRcUyUvcf9cu/caS9Gg88z4RcjjGjEkjT3Zh
Z/BB7Td5t77VLcVRsV7C3hPR/m3bufV8PBli3D+S77nXyJ+MeurzCpzv9L2AiOXJ
14B2b/2xugJtU7ioxDgeBERi/afnsQDbdthS5e1QEEYhZQVZPlIaHLg5PQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMv57GI+bpJrhh4NRcJ4IcoGTzbRMB8GA1UdIwQY
MBaAFCECGyUiIpl7/jO35LMVrI1eBnlUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMt
NmVhYzYyZTYwZGY3LzEveV9uc1lqNXVrbXVHSGcxRnduZ2h5Z1pQTnRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZC81OTI5NGMtMGYyNC00MGM1LWI1YzMtNmVhYzYyZTYwZGY3
LzEvSVFJYkpTSWltWHYtTTdma3N4V3NqVjRHZVZRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuZHYAwQA
wVS3MA0GCSqGSIb3DQEBCwUAA4IBAQBKSlXxC83k0a9IIvaKvISCEadGKYnSZt7d
J8ISngTAb9mRO/8ZQ0M3RUpbWxzed8aCGGAd7rLLWUx5Ke1ZjjHHWBMbWJxHrkD8
y6R/eOpirp1uddBdaY8hY1SzSU2+FXuMUAKWDS8ib2Z/oHSXcm4NppkY1PlLYrNb
UVywIqSDA26l8cLJsmjA/Y74+UlYT5/kQlBTF4/9AQuTWmrghY76XjrLxu4tECjd
3bUnsZaRvsHYKagb57KGsxQO02Reueo0G3/AI5//g9bfFqBJdaA0KeRUGRARh3Vt
35K5aRZldjsmkpr4XqZyhgmCYERTvCg67kl+gxohVfQkUkp5DTeg
-----END CERTIFICATE-----