Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6b/c4ca9d-5d32-4efd-8e1b-132937d39cea/1/tYoEMyoFgANiNY7nw4zfzPaPtkI.roa
File:                     tYoEMyoFgANiNY7nw4zfzPaPtkI.roa (raw, json)
Hash identifier:          PX+Kyq98vaXV0wz8tTuZQEWdK7K2Hq3OD8ndatlexb4=
Subject key identifier:   B5:8A:04:33:2A:05:80:03:62:35:8E:E7:C3:8C:DF:CC:F6:8F:B6:42
Certificate issuer:       /CN=b7a670e51c96419fc52028b12e45655ef914ddbb
Certificate serial:       019494FF4B177E23C79BFDC5050395DA1EC4
Authority key identifier: B7:A6:70:E5:1C:96:41:9F:C5:20:28:B1:2E:45:65:5E:F9:14:DD:BB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/t6Zw5RyWQZ_FICixLkVlXvkU3bs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6b/c4ca9d-5d32-4efd-8e1b-132937d39cea/1/tYoEMyoFgANiNY7nw4zfzPaPtkI.roa
Signing time:             Thu 23 Jan 2025 21:09:06 +0000
ROA not before:           Thu 23 Jan 2025 21:09:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     42337
IP address blocks:        185.66.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6b/c4ca9d-5d32-4efd-8e1b-132937d39cea/1/t6Zw5RyWQZ_FICixLkVlXvkU3bs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6b/c4ca9d-5d32-4efd-8e1b-132937d39cea/1/t6Zw5RyWQZ_FICixLkVlXvkU3bs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/t6Zw5RyWQZ_FICixLkVlXvkU3bs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 10:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:94:ff:4b:17:7e:23:c7:9b:fd:c5:05:03:95:da:1e:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b7a670e51c96419fc52028b12e45655ef914ddbb
        Validity
            Not Before: Jan 23 21:09:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=b58a04332a05800362358ee7c38cdfccf68fb642
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:69:e4:43:6b:6b:0d:4e:7a:7f:ea:1a:71:2e:
                    59:61:e3:80:c6:f5:19:ae:df:f7:77:94:2f:eb:1c:
                    08:5e:bf:81:01:6a:e5:d1:fa:93:3a:59:51:ff:29:
                    93:ed:db:4a:fb:b0:7d:f1:f2:d8:8a:0e:e2:12:71:
                    d5:1f:45:f8:8c:cc:6d:ec:83:8e:7c:b0:c3:29:2e:
                    2b:fe:c0:c6:04:95:1b:f5:33:e4:c9:1b:5b:57:47:
                    97:76:16:a7:2c:d5:d9:27:9d:f4:79:33:4e:c7:e1:
                    8b:25:c6:fd:c4:17:e5:97:71:14:97:3a:2d:02:87:
                    4c:96:80:08:2e:01:d7:25:36:6d:0c:46:55:c4:1a:
                    40:5e:72:96:45:75:4f:2b:e4:b8:ca:c4:52:47:64:
                    b3:9c:78:f5:54:f0:7d:43:50:1a:88:c0:30:16:ea:
                    e8:42:6c:a9:86:33:fb:eb:5d:29:70:05:d2:ce:fa:
                    65:bb:96:a4:60:82:f6:ae:e2:d9:5e:ba:a1:39:00:
                    20:4a:c8:7c:6e:22:23:08:6d:28:3c:6d:10:57:df:
                    9d:58:05:62:81:f8:1d:b1:ac:19:21:04:b8:71:15:
                    26:c4:33:e4:fe:05:a5:60:8c:40:ca:c7:47:6d:8d:
                    b9:04:42:28:88:2e:52:56:89:7c:62:6c:e8:6f:45:
                    74:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B5:8A:04:33:2A:05:80:03:62:35:8E:E7:C3:8C:DF:CC:F6:8F:B6:42
            X509v3 Authority Key Identifier:
                keyid:B7:A6:70:E5:1C:96:41:9F:C5:20:28:B1:2E:45:65:5E:F9:14:DD:BB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/t6Zw5RyWQZ_FICixLkVlXvkU3bs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c4ca9d-5d32-4efd-8e1b-132937d39cea/1/tYoEMyoFgANiNY7nw4zfzPaPtkI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6b/c4ca9d-5d32-4efd-8e1b-132937d39cea/1/t6Zw5RyWQZ_FICixLkVlXvkU3bs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.66.227.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:ff:7b:75:e2:f9:72:8c:f0:2c:60:ae:c0:73:18:2f:c2:2b:
         76:85:02:4f:d1:9c:bd:ba:89:38:45:2b:48:15:49:22:40:95:
         ae:4a:2a:94:61:b5:3c:3a:3a:c9:17:60:c5:76:7e:d3:28:df:
         ce:95:fa:f4:1e:34:91:df:0c:78:dc:be:71:09:8d:e1:43:8a:
         73:ca:30:a2:90:47:15:b4:c2:39:81:d1:31:e5:c1:e6:98:87:
         9e:50:47:79:85:9c:e2:da:ff:be:77:1b:fb:6a:09:98:41:4e:
         52:c4:97:e0:af:e6:21:aa:c3:b6:c7:5c:07:d2:5f:ff:63:af:
         fa:bd:ff:62:68:5a:10:fe:87:60:07:60:e5:63:49:a7:aa:89:
         87:02:06:01:78:27:11:a1:30:67:ea:4a:5e:1e:a8:1c:9d:90:
         77:39:81:b0:e2:63:09:84:b6:b6:23:f6:d4:83:50:ba:2a:3f:
         fd:6d:0d:a3:d6:00:cb:27:52:57:b1:67:ea:94:49:4b:27:64:
         dd:42:cf:43:47:13:91:26:e5:86:29:dd:46:65:0e:d7:3b:25:
         90:c6:8d:2f:48:6e:77:86:8d:a1:23:27:b3:d4:0d:07:77:27:
         f4:d9:23:b1:30:54:8d:d0:a2:5e:c7:95:76:2b:dd:7f:5a:40:
         a3:c8:d7:84
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZSU/0sXfiPHm/3FBQOV2h7EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI3YTY3MGU1MWM5NjQxOWZjNTIwMjhiMTJlNDU2NTVlZjkx
NGRkYmIwHhcNMjUwMTIzMjEwOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNThhMDQzMzJhMDU4MDAzNjIzNThlZTdjMzhjZGZjY2Y2OGZiNjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA42nkQ2trDU56f+oacS5ZYeOAxvUZ
rt/3d5Qv6xwIXr+BAWrl0fqTOllR/ymT7dtK+7B98fLYig7iEnHVH0X4jMxt7IOO
fLDDKS4r/sDGBJUb9TPkyRtbV0eXdhanLNXZJ530eTNOx+GLJcb9xBfll3EUlzot
AodMloAILgHXJTZtDEZVxBpAXnKWRXVPK+S4ysRSR2SznHj1VPB9Q1AaiMAwFuro
QmyphjP7610pcAXSzvplu5akYIL2ruLZXrqhOQAgSsh8biIjCG0oPG0QV9+dWAVi
gfgdsawZIQS4cRUmxDPk/gWlYIxAysdHbY25BEIoiC5SVol8Ymzob0V03wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLWKBDMqBYADYjWO58OM38z2j7ZCMB8GA1UdIwQY
MBaAFLemcOUclkGfxSAosS5FZV75FN27MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdDZadzVSeVdRWl9GSUNpeExrVmxYdmtVM2JzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Yi9jNGNhOWQtNWQzMi00ZWZkLThlMWIt
MTMyOTM3ZDM5Y2VhLzEvdFlvRU15b0ZnQU5pTlk3bnc0emZ6UGFQdGtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Yi9jNGNhOWQtNWQzMi00ZWZkLThlMWItMTMyOTM3ZDM5Y2Vh
LzEvdDZadzVSeVdRWl9GSUNpeExrVmxYdmtVM2JzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuULjMA0G
CSqGSIb3DQEBCwUAA4IBAQCZ/3t14vlyjPAsYK7Acxgvwit2hQJP0Zy9uok4RStI
FUkiQJWuSiqUYbU8OjrJF2DFdn7TKN/Olfr0HjSR3wx43L5xCY3hQ4pzyjCikEcV
tMI5gdEx5cHmmIeeUEd5hZzi2v++dxv7agmYQU5SxJfgr+YhqsO2x1wH0l//Y6/6
vf9iaFoQ/odgB2DlY0mnqomHAgYBeCcRoTBn6kpeHqgcnZB3OYGw4mMJhLa2I/bU
g1C6Kj/9bQ2j1gDLJ1JXsWfqlElLJ2TdQs9DRxORJuWGKd1GZQ7XOyWQxo0vSG53
ho2hIyez1A0Hdyf02SOxMFSN0KJex5V2K91/WkCjyNeE
-----END CERTIFICATE-----