Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6e/a1882e-0c4c-4696-885d-cd6a503163d6/1/y1KtkhbJcf8xMKGegKszt0QDaOo.roa
File:                     y1KtkhbJcf8xMKGegKszt0QDaOo.roa (raw, json)
Hash identifier:          MP5sL9q4mE2nj3U5Tn7LLkafXsvaYmUnSKWAsDGsqZg=
Subject key identifier:   CB:52:AD:92:16:C9:71:FF:31:30:A1:9E:80:AB:33:B7:44:03:68:EA
Certificate issuer:       /CN=8c3f538f8a01edd0a76b008b4d45d41f67821bd2
Certificate serial:       019420686D30A4B2837353970D3542D5A289
Authority key identifier: 8C:3F:53:8F:8A:01:ED:D0:A7:6B:00:8B:4D:45:D4:1F:67:82:1B:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jD9Tj4oB7dCnawCLTUXUH2eCG9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6e/a1882e-0c4c-4696-885d-cd6a503163d6/1/y1KtkhbJcf8xMKGegKszt0QDaOo.roa
Signing time:             Wed 01 Jan 2025 05:48:22 +0000
ROA not before:           Wed 01 Jan 2025 05:48:22 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41354
IP address blocks:        185.25.92.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6e/a1882e-0c4c-4696-885d-cd6a503163d6/1/jD9Tj4oB7dCnawCLTUXUH2eCG9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6e/a1882e-0c4c-4696-885d-cd6a503163d6/1/jD9Tj4oB7dCnawCLTUXUH2eCG9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jD9Tj4oB7dCnawCLTUXUH2eCG9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:68:6d:30:a4:b2:83:73:53:97:0d:35:42:d5:a2:89
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8c3f538f8a01edd0a76b008b4d45d41f67821bd2
        Validity
            Not Before: Jan  1 05:48:22 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cb52ad9216c971ff3130a19e80ab33b7440368ea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:78:61:89:83:12:d9:ee:4e:00:72:a9:3f:a4:
                    ea:11:d8:15:1a:40:55:aa:cb:91:f8:e2:7b:a8:eb:
                    8a:9c:7e:d2:b6:ca:3e:7e:bf:28:89:53:8c:b1:bb:
                    c4:85:1a:09:6a:dd:32:1b:f3:ce:f1:81:6c:2e:f9:
                    7d:53:f8:24:88:9d:0f:f3:eb:80:d6:85:23:fc:b2:
                    25:e7:35:f3:b5:a4:d5:8c:1e:bd:e1:cb:ff:c9:f1:
                    7b:c8:3c:6a:45:69:45:8f:85:70:cf:2f:7f:02:58:
                    ae:22:5c:7a:36:98:b7:e4:a5:71:ad:e5:26:84:c7:
                    58:a3:c4:a3:99:eb:ef:f9:26:3c:c7:f9:0c:d9:06:
                    fa:57:b3:74:ed:9e:d6:d1:c3:ce:c5:2d:4f:d3:92:
                    50:72:b9:9a:ea:34:05:64:11:2e:04:8e:4e:c3:f1:
                    b9:79:38:4f:70:59:49:4f:85:54:5d:cc:44:82:0f:
                    ab:48:ea:d4:65:16:c5:0f:d0:cd:a3:c5:b7:80:70:
                    68:4c:95:51:db:b2:17:30:f5:e8:6f:f3:f0:ee:36:
                    6f:50:06:97:3d:35:f1:b1:51:e0:83:8f:ca:aa:97:
                    f7:36:04:02:ce:ee:20:94:4c:6a:d9:a2:35:a3:cc:
                    28:e9:77:a0:d1:72:c6:a6:0b:50:84:5b:98:2c:fd:
                    15:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:52:AD:92:16:C9:71:FF:31:30:A1:9E:80:AB:33:B7:44:03:68:EA
            X509v3 Authority Key Identifier:
                keyid:8C:3F:53:8F:8A:01:ED:D0:A7:6B:00:8B:4D:45:D4:1F:67:82:1B:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jD9Tj4oB7dCnawCLTUXUH2eCG9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a1882e-0c4c-4696-885d-cd6a503163d6/1/y1KtkhbJcf8xMKGegKszt0QDaOo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6e/a1882e-0c4c-4696-885d-cd6a503163d6/1/jD9Tj4oB7dCnawCLTUXUH2eCG9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.92.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:2e:14:de:24:ec:d6:05:22:ac:df:35:d5:13:c0:f7:18:47:
         da:df:34:40:63:be:3f:62:94:9c:4e:3b:ad:bb:b2:5d:fd:ca:
         94:48:cc:41:7e:02:a3:7c:9d:21:49:2b:bd:cb:bb:00:12:62:
         57:4b:d2:b2:77:83:d7:f2:97:e5:cc:c6:f9:c7:5a:c9:5b:08:
         9e:c4:2a:3d:f0:41:f1:72:9c:82:e0:07:ab:fd:bc:d0:53:41:
         31:90:63:df:41:38:d6:96:30:c2:ce:08:71:57:2d:99:10:51:
         97:32:98:2b:bd:6d:f4:57:21:4c:d3:78:31:13:73:7d:d7:74:
         ed:d6:93:00:9a:29:45:13:cb:9a:39:08:35:e1:d5:43:46:96:
         36:ff:87:74:da:c5:18:e0:a1:20:b1:a4:aa:c2:4d:fc:b9:cd:
         f5:d3:95:42:31:e1:87:43:30:b4:4c:d9:6f:aa:3a:e4:23:38:
         74:bf:f5:8b:b9:0d:af:96:0d:74:3a:39:49:a0:00:97:ef:0a:
         e9:99:5a:e8:78:39:34:2d:9c:d4:3f:14:76:65:35:e8:0e:ba:
         8a:04:24:85:cd:7d:46:95:e1:4d:d3:69:9f:f0:1a:b3:a3:fd:
         13:03:20:b5:cf:c9:53:88:6f:b8:22:60:03:ee:36:e2:97:c6:
         2b:92:39:b5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQgaG0wpLKDc1OXDTVC1aKJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjM2Y1MzhmOGEwMWVkZDBhNzZiMDA4YjRkNDVkNDFmNjc4
MjFiZDIwHhcNMjUwMTAxMDU0ODIyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYjUyYWQ5MjE2Yzk3MWZmMzEzMGExOWU4MGFiMzNiNzQ0MDM2OGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn3hhiYMS2e5OAHKpP6TqEdgVGkBV
qsuR+OJ7qOuKnH7Stso+fr8oiVOMsbvEhRoJat0yG/PO8YFsLvl9U/gkiJ0P8+uA
1oUj/LIl5zXztaTVjB694cv/yfF7yDxqRWlFj4Vwzy9/AliuIlx6Npi35KVxreUm
hMdYo8Sjmevv+SY8x/kM2Qb6V7N07Z7W0cPOxS1P05JQcrma6jQFZBEuBI5Ow/G5
eThPcFlJT4VUXcxEgg+rSOrUZRbFD9DNo8W3gHBoTJVR27IXMPXob/Pw7jZvUAaX
PTXxsVHgg4/Kqpf3NgQCzu4glExq2aI1o8wo6Xeg0XLGpgtQhFuYLP0VBQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMtSrZIWyXH/MTChnoCrM7dEA2jqMB8GA1UdIwQY
MBaAFIw/U4+KAe3Qp2sAi01F1B9nghvSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakQ5VGo0b0I3ZENuYXdDTFRVWFVIMmVDRzlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82ZS9hMTg4MmUtMGM0Yy00Njk2LTg4NWQt
Y2Q2YTUwMzE2M2Q2LzEveTFLdGtoYkpjZjh4TUtHZWdLc3p0MFFEYU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82ZS9hMTg4MmUtMGM0Yy00Njk2LTg4NWQtY2Q2YTUwMzE2M2Q2
LzEvakQ5VGo0b0I3ZENuYXdDTFRVWFVIMmVDRzlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuRlcMA0G
CSqGSIb3DQEBCwUAA4IBAQBGLhTeJOzWBSKs3zXVE8D3GEfa3zRAY74/YpScTjut
u7Jd/cqUSMxBfgKjfJ0hSSu9y7sAEmJXS9Kyd4PX8pflzMb5x1rJWwiexCo98EHx
cpyC4Aer/bzQU0ExkGPfQTjWljDCzghxVy2ZEFGXMpgrvW30VyFM03gxE3N913Tt
1pMAmilFE8uaOQg14dVDRpY2/4d02sUY4KEgsaSqwk38uc3105VCMeGHQzC0TNlv
qjrkIzh0v/WLuQ2vlg10OjlJoACX7wrpmVroeDk0LZzUPxR2ZTXoDrqKBCSFzX1G
leFN02mf8Bqzo/0TAyC1z8lTiG+4ImAD7jbil8Yrkjm1
-----END CERTIFICATE-----