Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/72/7cba62-77d0-4118-a4c5-a1076d127ec6/1/yAFTVipgzUq2JehlyXdlgvk4lGA.roa
File:                     yAFTVipgzUq2JehlyXdlgvk4lGA.roa (raw, json)
Hash identifier:          4JLBxrRXaq9Ej5PAfStMaFMw5Cw8Ln+aMWKMUmNE/iE=
Subject key identifier:   C8:01:53:56:2A:60:CD:4A:B6:25:E8:65:C9:77:65:82:F9:38:94:60
Certificate issuer:       /CN=d2c17db099bd419eba552a37704deeed3b2e303b
Certificate serial:       0194266C48A10A5FCC4BDC6552E1937A234C
Authority key identifier: D2:C1:7D:B0:99:BD:41:9E:BA:55:2A:37:70:4D:EE:ED:3B:2E:30:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0sF9sJm9QZ66VSo3cE3u7TsuMDs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/72/7cba62-77d0-4118-a4c5-a1076d127ec6/1/yAFTVipgzUq2JehlyXdlgvk4lGA.roa
Signing time:             Thu 02 Jan 2025 09:50:18 +0000
ROA not before:           Thu 02 Jan 2025 09:50:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202719
IP address blocks:        185.156.120.0/22 maxlen: 22
                          2a03:61a0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/72/7cba62-77d0-4118-a4c5-a1076d127ec6/1/0sF9sJm9QZ66VSo3cE3u7TsuMDs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/72/7cba62-77d0-4118-a4c5-a1076d127ec6/1/0sF9sJm9QZ66VSo3cE3u7TsuMDs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0sF9sJm9QZ66VSo3cE3u7TsuMDs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:48:a1:0a:5f:cc:4b:dc:65:52:e1:93:7a:23:4c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d2c17db099bd419eba552a37704deeed3b2e303b
        Validity
            Not Before: Jan  2 09:50:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c80153562a60cd4ab625e865c9776582f9389460
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:c7:91:4a:5d:8e:2a:b0:a2:2b:5f:74:e5:82:
                    61:82:e3:da:86:e3:12:8a:6b:ca:23:11:3c:ae:e5:
                    5c:b4:76:4e:77:0e:2c:23:a3:45:1c:9f:f7:3f:59:
                    14:a5:6c:1d:ed:90:a9:7e:2b:62:61:55:79:f3:6e:
                    06:22:dc:07:f9:4e:e5:15:d1:16:3f:03:ae:93:60:
                    e9:99:ff:e7:92:cf:82:91:af:a1:1a:4c:65:71:13:
                    01:ee:5a:18:2b:9d:0c:12:35:6d:15:2d:e2:98:ca:
                    50:d4:3b:40:a1:b3:d8:22:4b:a0:74:86:ec:fe:94:
                    bf:79:73:ae:a6:20:9b:0f:08:5b:00:78:f3:94:3c:
                    37:ff:67:d4:fc:07:36:18:b1:d6:25:fe:d0:31:fb:
                    63:45:0a:be:11:93:14:e5:a2:7c:1a:17:0b:7c:bd:
                    15:01:b2:46:7c:01:37:07:e2:9c:db:b4:ad:46:50:
                    95:2a:3e:cc:32:cb:4b:9e:52:5e:79:b3:8a:0d:77:
                    ae:69:f4:25:e0:75:0e:b6:eb:b3:b2:f2:88:ef:fe:
                    7a:93:fa:81:18:14:e5:e3:bf:d1:eb:7e:33:67:6d:
                    9d:35:15:54:73:ac:3c:ea:ef:6f:66:2a:cc:0d:b9:
                    fc:b7:b4:8c:c0:06:97:7a:fa:59:1e:b9:ba:00:7c:
                    da:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:01:53:56:2A:60:CD:4A:B6:25:E8:65:C9:77:65:82:F9:38:94:60
            X509v3 Authority Key Identifier:
                keyid:D2:C1:7D:B0:99:BD:41:9E:BA:55:2A:37:70:4D:EE:ED:3B:2E:30:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0sF9sJm9QZ66VSo3cE3u7TsuMDs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7cba62-77d0-4118-a4c5-a1076d127ec6/1/yAFTVipgzUq2JehlyXdlgvk4lGA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/72/7cba62-77d0-4118-a4c5-a1076d127ec6/1/0sF9sJm9QZ66VSo3cE3u7TsuMDs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.156.120.0/22
                IPv6:
                  2a03:61a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:68:1c:a7:c1:f9:70:58:f0:25:83:4a:fa:9f:9f:15:00:8c:
         a5:04:51:ac:85:e6:fc:8a:e9:f6:9a:38:d3:7f:8b:dd:28:4b:
         f7:6d:e9:0a:71:6d:16:d8:50:bf:09:7b:86:3c:11:3e:c3:3f:
         3c:3c:47:20:58:b0:28:c6:1c:44:2d:29:56:d2:71:5a:c5:2d:
         56:1d:92:42:ce:d0:22:db:b5:99:19:fd:f2:1f:0d:79:db:da:
         d2:b5:6d:ed:bc:38:e4:3e:66:20:90:1a:00:47:4e:6e:39:6a:
         c0:db:17:05:e1:56:de:d1:c5:67:c5:15:79:1c:f1:4c:08:56:
         0c:41:3f:d4:5f:40:52:84:96:19:48:c4:38:14:4d:0b:66:23:
         25:29:a8:86:5b:ce:eb:29:61:c1:a6:9d:78:4d:57:28:32:66:
         f1:8d:6c:91:6e:42:1a:56:22:ca:0c:e5:0e:7c:b6:43:13:f0:
         d2:e3:e6:c1:5e:1a:88:73:23:71:df:b8:82:8e:59:85:db:b2:
         3a:4d:4b:c2:f6:3d:9c:64:87:89:de:ca:b8:09:69:12:ca:06:
         f3:9d:e0:00:9e:c4:2c:fd:19:7a:63:29:d1:dc:74:87:15:39:
         7a:8d:f1:a4:4b:df:5d:d5:71:40:56:05:dd:42:f4:f8:26:9f:
         e4:21:fa:ea
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQmbEihCl/MS9xlUuGTeiNMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQyYzE3ZGIwOTliZDQxOWViYTU1MmEzNzcwNGRlZWVkM2Iy
ZTMwM2IwHhcNMjUwMTAyMDk1MDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODAxNTM1NjJhNjBjZDRhYjYyNWU4NjVjOTc3NjU4MmY5Mzg5NDYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoseRSl2OKrCiK1905YJhguPahuMS
imvKIxE8ruVctHZOdw4sI6NFHJ/3P1kUpWwd7ZCpfitiYVV5824GItwH+U7lFdEW
PwOuk2Dpmf/nks+Cka+hGkxlcRMB7loYK50MEjVtFS3imMpQ1DtAobPYIkugdIbs
/pS/eXOupiCbDwhbAHjzlDw3/2fU/Ac2GLHWJf7QMftjRQq+EZMU5aJ8GhcLfL0V
AbJGfAE3B+Kc27StRlCVKj7MMstLnlJeebOKDXeuafQl4HUOtuuzsvKI7/56k/qB
GBTl47/R634zZ22dNRVUc6w86u9vZirMDbn8t7SMwAaXevpZHrm6AHza2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMgBU1YqYM1KtiXoZcl3ZYL5OJRgMB8GA1UdIwQY
MBaAFNLBfbCZvUGeulUqN3BN7u07LjA7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMHNGOXNKbTlRWjY2VlNvM2NFM3U3VHN1TURzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Mi83Y2JhNjItNzdkMC00MTE4LWE0YzUt
YTEwNzZkMTI3ZWM2LzEveUFGVFZpcGd6VXEySmVobHlYZGxndms0bEdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Mi83Y2JhNjItNzdkMC00MTE4LWE0YzUtYTEwNzZkMTI3ZWM2
LzEvMHNGOXNKbTlRWjY2VlNvM2NFM3U3VHN1TURzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuZx4MA0E
AgACMAcDBQAqA2GgMA0GCSqGSIb3DQEBCwUAA4IBAQBqaBynwflwWPAlg0r6n58V
AIylBFGsheb8iun2mjjTf4vdKEv3bekKcW0W2FC/CXuGPBE+wz88PEcgWLAoxhxE
LSlW0nFaxS1WHZJCztAi27WZGf3yHw1529rStW3tvDjkPmYgkBoAR05uOWrA2xcF
4Vbe0cVnxRV5HPFMCFYMQT/UX0BShJYZSMQ4FE0LZiMlKaiGW87rKWHBpp14TVco
MmbxjWyRbkIaViLKDOUOfLZDE/DS4+bBXhqIcyNx37iCjlmF27I6TUvC9j2cZIeJ
3sq4CWkSygbzneAAnsQs/Rl6YynR3HSHFTl6jfGkS99d1XFAVgXdQvT4Jp/kIfrq
-----END CERTIFICATE-----