Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/1b35c5-7ac6-4253-86ea-7744ef3c0b99/1/YRfkigtRLNkJN8VNtKbb3fRiIKs.roa
File:                     YRfkigtRLNkJN8VNtKbb3fRiIKs.roa (raw, json)
Hash identifier:          CvzEdkr6eZNRd+mAapP+a07GKzLUJC/WQEw0I1mUkjI=
Subject key identifier:   61:17:E4:8A:0B:51:2C:D9:09:37:C5:4D:B4:A6:DB:DD:F4:62:20:AB
Certificate issuer:       /CN=7e4b54dfd41610774fe7f242d7dd3873a658473b
Certificate serial:       019422FAF28C81DC10E63E81A0AC9C65E3C4
Authority key identifier: 7E:4B:54:DF:D4:16:10:77:4F:E7:F2:42:D7:DD:38:73:A6:58:47:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/fktU39QWEHdP5_JC1904c6ZYRzs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/1b35c5-7ac6-4253-86ea-7744ef3c0b99/1/YRfkigtRLNkJN8VNtKbb3fRiIKs.roa
Signing time:             Wed 01 Jan 2025 17:47:38 +0000
ROA not before:           Wed 01 Jan 2025 17:47:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51561
IP address blocks:        185.207.140.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/1b35c5-7ac6-4253-86ea-7744ef3c0b99/1/fktU39QWEHdP5_JC1904c6ZYRzs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/1b35c5-7ac6-4253-86ea-7744ef3c0b99/1/fktU39QWEHdP5_JC1904c6ZYRzs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/fktU39QWEHdP5_JC1904c6ZYRzs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 14 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fa:f2:8c:81:dc:10:e6:3e:81:a0:ac:9c:65:e3:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=7e4b54dfd41610774fe7f242d7dd3873a658473b
        Validity
            Not Before: Jan  1 17:47:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6117e48a0b512cd90937c54db4a6dbddf46220ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b2:2b:5e:39:30:28:de:86:ac:f5:e6:fc:0b:
                    b1:58:c2:30:1d:ef:88:cd:b4:af:8d:10:36:eb:0d:
                    ed:02:fe:cb:2e:2b:6b:e0:e9:ed:eb:b4:c5:94:41:
                    9f:01:37:9e:56:3f:c7:ce:69:d0:91:b8:36:68:a7:
                    e6:a4:59:0e:34:f4:1f:2c:48:a7:25:3c:4c:0f:0e:
                    e1:ad:c8:d6:8c:13:3e:26:4b:db:3a:c9:55:51:1d:
                    44:63:b7:5e:91:92:30:a3:2d:b7:eb:c3:c3:b4:6c:
                    77:f2:07:51:3b:7b:41:76:e3:d0:4e:7e:5d:c4:90:
                    e8:37:48:74:03:4e:79:53:67:c8:7a:f6:54:9b:db:
                    98:15:8d:0c:e4:25:40:0e:74:a7:f9:97:68:a8:77:
                    45:79:57:a3:74:de:ad:32:67:5d:f2:84:f6:aa:56:
                    2c:5a:54:29:8f:c4:4d:67:89:43:cc:97:53:e0:e7:
                    86:13:b9:cd:dd:3f:cd:64:9e:80:10:59:32:db:03:
                    c1:2c:bb:8d:80:83:d7:a8:73:94:20:c7:d6:60:83:
                    27:9c:31:7b:d2:d9:31:e0:bb:a3:ca:a3:25:04:6a:
                    b6:2e:3f:7d:06:58:c8:91:6f:29:68:1a:07:29:7d:
                    2b:77:b9:6d:ec:cc:39:2e:15:ec:3b:fb:d3:a9:c4:
                    fd:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:17:E4:8A:0B:51:2C:D9:09:37:C5:4D:B4:A6:DB:DD:F4:62:20:AB
            X509v3 Authority Key Identifier:
                keyid:7E:4B:54:DF:D4:16:10:77:4F:E7:F2:42:D7:DD:38:73:A6:58:47:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fktU39QWEHdP5_JC1904c6ZYRzs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/1b35c5-7ac6-4253-86ea-7744ef3c0b99/1/YRfkigtRLNkJN8VNtKbb3fRiIKs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/1b35c5-7ac6-4253-86ea-7744ef3c0b99/1/fktU39QWEHdP5_JC1904c6ZYRzs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.207.140.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b3:30:bf:0c:3b:36:35:fa:6c:7b:63:7d:89:9e:c3:28:b0:f9:
         2d:4f:26:c6:a6:db:76:a9:42:81:e0:03:bf:18:d1:cd:4f:fe:
         39:29:60:ec:49:46:fd:81:98:34:37:67:5e:73:2c:00:1e:6f:
         ba:30:3f:80:db:4a:39:18:ff:6b:a1:47:85:9c:13:bb:f4:53:
         81:67:0a:ca:43:60:07:c8:f2:ec:2f:85:e4:9c:39:88:19:7a:
         94:d2:fa:7e:ff:19:28:7b:8e:51:7a:72:cb:8d:15:8b:6c:ce:
         22:d9:28:04:4d:99:d6:cc:f9:aa:32:ae:27:c7:44:e4:25:d3:
         29:44:52:d0:88:7a:04:bd:29:c3:52:da:22:0f:77:61:08:a6:
         c2:6d:99:78:9e:d4:75:0b:4e:7d:ba:3e:20:7a:7b:02:25:da:
         1c:f1:96:1e:4a:d5:1f:a4:bf:77:62:ca:3d:d3:9e:00:c2:3a:
         9c:32:f8:d7:9a:4a:d3:d0:b4:a9:97:ea:07:9f:9f:d7:c0:8f:
         f1:9d:99:97:63:80:35:57:ce:75:d3:05:7c:df:fc:aa:e1:6e:
         12:ec:1b:8e:e3:f1:18:6a:3b:a0:fb:f7:5f:ce:23:aa:69:fe:
         c6:6f:f7:15:3e:c0:1c:fe:9b:79:52:67:52:e2:e7:2c:7f:0d:
         d8:a4:a5:5f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+vKMgdwQ5j6BoKycZePEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdlNGI1NGRmZDQxNjEwNzc0ZmU3ZjI0MmQ3ZGQzODczYTY1
ODQ3M2IwHhcNMjUwMTAxMTc0NzM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTE3ZTQ4YTBiNTEyY2Q5MDkzN2M1NGRiNGE2ZGJkZGY0NjIyMGFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq7IrXjkwKN6GrPXm/AuxWMIwHe+I
zbSvjRA26w3tAv7LLitr4Ont67TFlEGfATeeVj/HzmnQkbg2aKfmpFkONPQfLEin
JTxMDw7hrcjWjBM+JkvbOslVUR1EY7dekZIwoy2368PDtGx38gdRO3tBduPQTn5d
xJDoN0h0A055U2fIevZUm9uYFY0M5CVADnSn+ZdoqHdFeVejdN6tMmdd8oT2qlYs
WlQpj8RNZ4lDzJdT4OeGE7nN3T/NZJ6AEFky2wPBLLuNgIPXqHOUIMfWYIMnnDF7
0tkx4LujyqMlBGq2Lj99BljIkW8paBoHKX0rd7lt7Mw5LhXsO/vTqcT9jwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGEX5IoLUSzZCTfFTbSm2930YiCrMB8GA1UdIwQY
MBaAFH5LVN/UFhB3T+fyQtfdOHOmWEc7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmt0VTM5UVdFSGRQNV9KQzE5MDRjNlpZUnpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS8xYjM1YzUtN2FjNi00MjUzLTg2ZWEt
Nzc0NGVmM2MwYjk5LzEvWVJma2lndFJMTmtKTjhWTnRLYmIzZlJpSUtzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS8xYjM1YzUtN2FjNi00MjUzLTg2ZWEtNzc0NGVmM2MwYjk5
LzEvZmt0VTM5UVdFSGRQNV9KQzE5MDRjNlpZUnpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuc+MMA0G
CSqGSIb3DQEBCwUAA4IBAQCzML8MOzY1+mx7Y32JnsMosPktTybGptt2qUKB4AO/
GNHNT/45KWDsSUb9gZg0N2decywAHm+6MD+A20o5GP9roUeFnBO79FOBZwrKQ2AH
yPLsL4XknDmIGXqU0vp+/xkoe45RenLLjRWLbM4i2SgETZnWzPmqMq4nx0TkJdMp
RFLQiHoEvSnDUtoiD3dhCKbCbZl4ntR1C059uj4gensCJdoc8ZYeStUfpL93Yso9
054AwjqcMvjXmkrT0LSpl+oHn5/XwI/xnZmXY4A1V8510wV83/yq4W4S7BuO4/EY
ajug+/dfziOqaf7Gb/cVPsAc/pt5UmdS4ucsfw3YpKVf
-----END CERTIFICATE-----