Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/RYSW4-JdkoBKfIznV9vyOBl6v0k.roa
File:                     RYSW4-JdkoBKfIznV9vyOBl6v0k.roa (raw, json)
Hash identifier:          tfbM0g7bQsYb1raiS9o3/ZoSCJhkN7ErYxyrCWx4xjs=
Subject key identifier:   45:84:96:E3:E2:5D:92:80:4A:7C:8C:E7:57:DB:F2:38:19:7A:BF:49
Certificate issuer:       /CN=70f9b16adf2fd31988859922b4457481dd7eef40
Certificate serial:       0196F72F4F628B105CF61BDE0616A6598367
Authority key identifier: 70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/RYSW4-JdkoBKfIznV9vyOBl6v0k.roa
Signing time:             Thu 22 May 2025 08:49:54 +0000
ROA not before:           Thu 22 May 2025 08:49:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     834
IP address blocks:        141.226.245.0/24 maxlen: 24
                          213.137.92.0/24 maxlen: 24
                          213.137.95.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 06 Jun 2025 12:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:f7:2f:4f:62:8b:10:5c:f6:1b:de:06:16:a6:59:83:67
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=70f9b16adf2fd31988859922b4457481dd7eef40
        Validity
            Not Before: May 22 08:49:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=458496e3e25d92804a7c8ce757dbf238197abf49
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:6d:80:2c:a7:b7:48:27:1e:24:90:16:13:58:
                    b7:da:85:eb:85:84:ba:01:df:52:b2:6a:b9:87:e4:
                    da:cf:4e:35:97:88:25:b7:c2:49:6d:de:e3:97:52:
                    86:ec:94:ea:a9:c5:dd:81:89:b0:69:a7:09:10:74:
                    0a:c7:f2:e1:53:c8:23:7e:b5:63:6d:21:c0:29:00:
                    70:98:62:58:7a:7a:2e:da:e1:d1:0d:fd:42:bb:c9:
                    c2:6f:53:4d:77:fb:93:9c:8f:ec:ed:a5:a6:ed:55:
                    10:22:30:41:be:f0:29:6b:50:81:f3:f9:4e:39:ff:
                    e8:75:eb:e7:14:39:c6:33:b4:3e:78:68:d6:5c:50:
                    e3:0e:15:e6:8a:10:75:f1:5c:7a:ac:a7:25:79:88:
                    1e:d6:7e:82:56:cc:2c:a5:86:38:48:29:4d:ae:57:
                    7b:83:0c:dc:e2:e5:c2:a3:cf:88:43:df:82:77:bb:
                    c4:1f:41:49:0b:7e:05:02:76:c6:36:b3:58:d7:3b:
                    1d:bf:78:65:60:b9:2e:40:50:08:68:51:91:fd:da:
                    38:11:6d:67:09:a5:55:3e:1d:91:da:13:ec:7b:88:
                    82:ee:a2:b7:db:ed:86:5e:96:ee:d5:09:32:fc:00:
                    74:e1:16:a2:d1:5f:28:ab:31:6c:04:72:bd:19:58:
                    c5:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:84:96:E3:E2:5D:92:80:4A:7C:8C:E7:57:DB:F2:38:19:7A:BF:49
            X509v3 Authority Key Identifier:
                keyid:70:F9:B1:6A:DF:2F:D3:19:88:85:99:22:B4:45:74:81:DD:7E:EF:40

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cPmxat8v0xmIhZkitEV0gd1-70A.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/RYSW4-JdkoBKfIznV9vyOBl6v0k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/956db9-c8f7-4b9f-a56e-bc6db7248add/1/cPmxat8v0xmIhZkitEV0gd1-70A.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.226.245.0/24
                  213.137.92.0/24
                  213.137.95.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:31:88:75:84:df:2b:6d:c5:3e:91:96:bc:e4:a9:3e:9f:50:
         28:d8:9f:f6:d9:83:88:f2:61:25:8e:a3:85:20:18:00:32:7b:
         21:82:7c:da:10:e9:07:b5:d6:2c:c1:ff:4b:c9:cc:82:1d:bd:
         ab:5f:0b:bd:af:fd:a3:0f:dc:63:10:f8:0d:79:92:49:83:28:
         37:72:0d:c0:39:86:9c:a9:de:67:fc:b1:36:c6:9e:0b:2e:f9:
         94:f7:07:17:63:ff:84:5c:85:6e:db:af:24:07:25:aa:0a:26:
         6c:7c:dc:d8:cb:13:a6:3a:d4:d8:5a:f4:b0:d5:d2:04:8d:ab:
         00:f7:a6:24:a8:b4:cc:94:43:04:45:1e:22:49:1f:63:3b:17:
         61:f2:46:11:48:31:ec:6b:e2:44:02:2d:57:e0:ae:ef:95:ba:
         e7:44:dd:f1:c4:ed:61:5a:6b:77:31:ba:d4:58:c0:fa:5f:a3:
         67:3e:11:67:e3:56:c4:92:82:83:9d:12:e7:ff:5e:bb:cd:7b:
         5e:c5:5e:02:16:5e:ce:22:97:06:55:73:9e:89:65:8b:88:eb:
         81:8c:2b:16:51:bc:06:7e:ce:65:6f:96:56:e5:98:bf:ea:73:
         bc:05:f6:c1:e3:db:31:ac:8c:8a:ae:f9:9b:dc:c6:e9:2e:d8:
         11:f0:31:b5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZb3L09iixBc9hveBhamWYNnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcwZjliMTZhZGYyZmQzMTk4ODg1OTkyMmI0NDU3NDgxZGQ3
ZWVmNDAwHhcNMjUwNTIyMDg0OTU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTg0OTZlM2UyNWQ5MjgwNGE3YzhjZTc1N2RiZjIzODE5N2FiZjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxG2ALKe3SCceJJAWE1i32oXrhYS6
Ad9Ssmq5h+Taz041l4glt8JJbd7jl1KG7JTqqcXdgYmwaacJEHQKx/LhU8gjfrVj
bSHAKQBwmGJYenou2uHRDf1Cu8nCb1NNd/uTnI/s7aWm7VUQIjBBvvApa1CB8/lO
Of/odevnFDnGM7Q+eGjWXFDjDhXmihB18Vx6rKcleYge1n6CVswspYY4SClNrld7
gwzc4uXCo8+IQ9+Cd7vEH0FJC34FAnbGNrNY1zsdv3hlYLkuQFAIaFGR/do4EW1n
CaVVPh2R2hPse4iC7qK32+2GXpbu1Qky/AB04Rai0V8oqzFsBHK9GVjFFwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFEWEluPiXZKASnyM51fb8jgZer9JMB8GA1UdIwQY
MBaAFHD5sWrfL9MZiIWZIrRFdIHdfu9AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUt
YmM2ZGI3MjQ4YWRkLzEvUllTVzQtSmRrb0JLZkl6blY5dnlPQmw2djBrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Zi85NTZkYjktYzhmNy00YjlmLWE1NmUtYmM2ZGI3MjQ4YWRk
LzEvY1BteGF0OHYweG1JaFpraXRFVjBnZDEtNzBBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAjeL1AwQA
1YlcAwQA1YlfMA0GCSqGSIb3DQEBCwUAA4IBAQAIMYh1hN8rbcU+kZa85Kk+n1Ao
2J/22YOI8mEljqOFIBgAMnshgnzaEOkHtdYswf9LycyCHb2rXwu9r/2jD9xjEPgN
eZJJgyg3cg3AOYacqd5n/LE2xp4LLvmU9wcXY/+EXIVu268kByWqCiZsfNzYyxOm
OtTYWvSw1dIEjasA96YkqLTMlEMERR4iSR9jOxdh8kYRSDHsa+JEAi1X4K7vlbrn
RN3xxO1hWmt3MbrUWMD6X6NnPhFn41bEkoKDnRLn/167zXtexV4CFl7OIpcGVXOe
iWWLiOuBjCsWUbwGfs5lb5ZW5Zi/6nO8BfbB49sxrIyKrvmb3MbpLtgR8DG1
-----END CERTIFICATE-----