Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/77/99dcca-963a-4003-bfaf-a1169a289c54/1/yCCi69gLNcXK21OeYiQEc0dJYb0.roa
File:                     yCCi69gLNcXK21OeYiQEc0dJYb0.roa (raw, json)
Hash identifier:          LUDNYecqqadlSSLSMwizFinS+Qyhum1Iomno4/Dzf7o=
Subject key identifier:   C8:20:A2:EB:D8:0B:35:C5:CA:DB:53:9E:62:24:04:73:47:49:61:BD
Certificate issuer:       /CN=1a1ae5e49a44abddc22b0adbdaeb64136f25d467
Certificate serial:       01942143F610645CAB25C00EF33E01F5251C
Authority key identifier: 1A:1A:E5:E4:9A:44:AB:DD:C2:2B:0A:DB:DA:EB:64:13:6F:25:D4:67
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Ghrl5JpEq93CKwrb2utkE28l1Gc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/77/99dcca-963a-4003-bfaf-a1169a289c54/1/yCCi69gLNcXK21OeYiQEc0dJYb0.roa
Signing time:             Wed 01 Jan 2025 09:48:09 +0000
ROA not before:           Wed 01 Jan 2025 09:48:09 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.238.12.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/77/99dcca-963a-4003-bfaf-a1169a289c54/1/Ghrl5JpEq93CKwrb2utkE28l1Gc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/77/99dcca-963a-4003-bfaf-a1169a289c54/1/Ghrl5JpEq93CKwrb2utkE28l1Gc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Ghrl5JpEq93CKwrb2utkE28l1Gc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 14 Mar 2025 00:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:43:f6:10:64:5c:ab:25:c0:0e:f3:3e:01:f5:25:1c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a1ae5e49a44abddc22b0adbdaeb64136f25d467
        Validity
            Not Before: Jan  1 09:48:09 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c820a2ebd80b35c5cadb539e62240473474961bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:d7:e4:6b:1f:d3:da:71:d4:08:98:f7:8b:7c:
                    9f:9c:66:7c:95:af:6c:e9:7a:34:a3:5a:61:a5:4d:
                    62:66:d5:14:2d:43:f1:34:9b:08:8e:0e:bb:af:55:
                    eb:79:47:17:6c:a0:0b:58:67:cf:91:4b:9f:3b:eb:
                    4b:11:41:e8:c5:12:aa:45:41:b6:7f:31:0d:55:4e:
                    3b:75:31:3d:8b:21:60:28:e4:81:e3:bd:28:74:b2:
                    f6:c4:05:ca:73:70:e5:9c:19:14:e1:1b:78:e5:32:
                    79:5b:9c:c3:65:bb:b5:4b:bd:c7:80:24:ce:74:63:
                    65:db:d4:6d:a6:00:78:17:c3:98:ef:75:ba:d8:60:
                    2a:6f:73:c4:7d:46:0c:f8:4b:a6:46:20:60:0a:bb:
                    9a:dc:9d:22:92:0f:55:bc:f7:c1:54:68:6b:8d:0d:
                    dc:1f:d0:44:a2:57:b4:bb:5a:19:e6:f9:27:87:83:
                    bb:cb:aa:fc:69:cd:c3:4a:49:39:5a:f2:41:f6:f6:
                    8e:4c:96:0b:da:66:9f:42:aa:5a:9a:8a:07:13:d0:
                    90:38:8f:0f:38:dc:3e:9b:43:87:55:68:4a:1b:5b:
                    b5:86:89:2f:c8:45:e2:41:d9:60:88:c8:22:6b:7d:
                    c9:e6:6e:25:f9:75:f6:4c:d5:09:5d:8c:fd:fa:3f:
                    61:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:20:A2:EB:D8:0B:35:C5:CA:DB:53:9E:62:24:04:73:47:49:61:BD
            X509v3 Authority Key Identifier:
                keyid:1A:1A:E5:E4:9A:44:AB:DD:C2:2B:0A:DB:DA:EB:64:13:6F:25:D4:67

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ghrl5JpEq93CKwrb2utkE28l1Gc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/77/99dcca-963a-4003-bfaf-a1169a289c54/1/yCCi69gLNcXK21OeYiQEc0dJYb0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/77/99dcca-963a-4003-bfaf-a1169a289c54/1/Ghrl5JpEq93CKwrb2utkE28l1Gc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.238.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         95:e2:38:4e:fc:f4:63:70:ce:99:72:f3:a6:a6:21:36:7e:e0:
         a5:5b:2b:b8:c8:c9:0b:9f:d1:f0:84:00:a9:4d:da:37:d3:7e:
         8f:a3:35:7c:68:37:d0:da:fd:0d:8a:81:0c:65:fb:9f:4e:1b:
         57:89:b0:da:da:37:4c:7f:fe:75:de:85:d1:9b:e2:83:a1:60:
         3d:3f:89:94:38:da:24:58:60:8f:06:f7:7f:ec:06:0e:72:a2:
         76:1d:a4:5b:43:df:ff:c9:2a:e9:b5:24:74:67:6a:2d:bc:8d:
         59:29:ca:d1:b7:36:24:c4:69:7e:c2:f5:58:54:5d:95:55:ff:
         60:24:66:eb:4d:81:50:9a:1f:d0:0b:db:e2:60:ae:4f:0c:f8:
         06:8f:89:5d:15:11:15:39:67:b3:3f:02:a0:52:34:1c:4d:4f:
         73:c9:01:ac:5d:2b:d8:cf:d6:d4:12:0b:b3:a4:05:28:14:6d:
         5c:0b:47:6d:37:f8:b5:d6:b1:14:c9:96:9b:1a:d5:d0:22:d6:
         c6:2f:93:65:0f:b7:97:17:1f:cd:03:19:f3:b1:2c:7f:a5:9f:
         b2:80:e5:5f:ab:a0:57:12:9d:5f:62:cf:2b:2b:f7:66:25:b1:
         65:24:70:d4:58:b7:b0:35:90:82:1d:fb:82:e4:94:3e:e0:2b:
         98:56:47:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhQ/YQZFyrJcAO8z4B9SUcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhMWFlNWU0OWE0NGFiZGRjMjJiMGFkYmRhZWI2NDEzNmYy
NWQ0NjcwHhcNMjUwMTAxMDk0ODA5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODIwYTJlYmQ4MGIzNWM1Y2FkYjUzOWU2MjI0MDQ3MzQ3NDk2MWJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsNfkax/T2nHUCJj3i3yfnGZ8la9s
6Xo0o1phpU1iZtUULUPxNJsIjg67r1XreUcXbKALWGfPkUufO+tLEUHoxRKqRUG2
fzENVU47dTE9iyFgKOSB470odLL2xAXKc3DlnBkU4Rt45TJ5W5zDZbu1S73HgCTO
dGNl29RtpgB4F8OY73W62GAqb3PEfUYM+EumRiBgCrua3J0ikg9VvPfBVGhrjQ3c
H9BEole0u1oZ5vknh4O7y6r8ac3DSkk5WvJB9vaOTJYL2mafQqpamooHE9CQOI8P
ONw+m0OHVWhKG1u1hokvyEXiQdlgiMgia33J5m4l+XX2TNUJXYz9+j9hgQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMggouvYCzXFyttTnmIkBHNHSWG9MB8GA1UdIwQY
MBaAFBoa5eSaRKvdwisK29rrZBNvJdRnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2hybDVKcEVxOTNDS3dyYjJ1dGtFMjhsMUdjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ny85OWRjY2EtOTYzYS00MDAzLWJmYWYt
YTExNjlhMjg5YzU0LzEveUNDaTY5Z0xOY1hLMjFPZVlpUUVjMGRKWWIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ny85OWRjY2EtOTYzYS00MDAzLWJmYWYtYTExNjlhMjg5YzU0
LzEvR2hybDVKcEVxOTNDS3dyYjJ1dGtFMjhsMUdjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue4MMA0G
CSqGSIb3DQEBCwUAA4IBAQCV4jhO/PRjcM6ZcvOmpiE2fuClWyu4yMkLn9HwhACp
Tdo3036PozV8aDfQ2v0NioEMZfufThtXibDa2jdMf/513oXRm+KDoWA9P4mUONok
WGCPBvd/7AYOcqJ2HaRbQ9//ySrptSR0Z2otvI1ZKcrRtzYkxGl+wvVYVF2VVf9g
JGbrTYFQmh/QC9viYK5PDPgGj4ldFREVOWezPwKgUjQcTU9zyQGsXSvYz9bUEguz
pAUoFG1cC0dtN/i11rEUyZabGtXQItbGL5NlD7eXFx/NAxnzsSx/pZ+ygOVfq6BX
Ep1fYs8rK/dmJbFlJHDUWLewNZCCHfuC5JQ+4CuYVkfJ
-----END CERTIFICATE-----