Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/79/1922c9-4949-4055-a66e-15d32709bd0f/1/YUvzYRFbDZwpo5_LDw6OQYXrOWU.roa
File:                     YUvzYRFbDZwpo5_LDw6OQYXrOWU.roa (raw, json)
Hash identifier:          A9tNEkwBv00N9f8wPpHIeu7SSAIiBzAHZmfokT+2re4=
Subject key identifier:   61:4B:F3:61:11:5B:0D:9C:29:A3:9F:CB:0F:0E:8E:41:85:EB:39:65
Certificate issuer:       /CN=1a5a22dbc8dbd2d7248deaff47e3390f77fb4b0b
Certificate serial:       019423D76E971902CB1A2DB4EF22CBE48525
Authority key identifier: 1A:5A:22:DB:C8:DB:D2:D7:24:8D:EA:FF:47:E3:39:0F:77:FB:4B:0B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Gloi28jb0tckjer_R-M5D3f7Sws.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/79/1922c9-4949-4055-a66e-15d32709bd0f/1/YUvzYRFbDZwpo5_LDw6OQYXrOWU.roa
Signing time:             Wed 01 Jan 2025 21:48:28 +0000
ROA not before:           Wed 01 Jan 2025 21:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     3292
IP address blocks:        80.73.48.0/20 maxlen: 20
                          95.130.64.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/79/1922c9-4949-4055-a66e-15d32709bd0f/1/Gloi28jb0tckjer_R-M5D3f7Sws.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/79/1922c9-4949-4055-a66e-15d32709bd0f/1/Gloi28jb0tckjer_R-M5D3f7Sws.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Gloi28jb0tckjer_R-M5D3f7Sws.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 06:00:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:6e:97:19:02:cb:1a:2d:b4:ef:22:cb:e4:85:25
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1a5a22dbc8dbd2d7248deaff47e3390f77fb4b0b
        Validity
            Not Before: Jan  1 21:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=614bf361115b0d9c29a39fcb0f0e8e4185eb3965
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:61:2d:6c:ef:eb:96:15:75:f6:fc:0e:a8:73:
                    86:5e:5e:ec:fe:33:52:a9:11:c0:96:88:17:19:ab:
                    f3:2c:27:47:f1:3e:81:67:34:67:62:b6:d5:77:b5:
                    9d:7f:6c:94:af:69:c8:82:22:1b:b7:35:08:96:15:
                    d0:22:87:bd:06:62:16:d4:95:5f:13:0c:0c:a3:b1:
                    dd:43:89:70:d0:fe:6c:f5:bb:d1:30:1f:9b:67:26:
                    e8:14:65:ff:e6:55:ad:62:93:21:86:29:86:ff:a1:
                    57:5d:e9:98:65:81:3b:b4:47:d2:81:57:47:6a:3d:
                    6b:dc:4a:51:8a:8d:c2:fd:c3:9d:f2:71:cb:6b:05:
                    5f:b3:c5:bd:d0:ea:44:53:df:a6:57:16:e9:6c:1b:
                    de:1b:db:ab:07:08:00:25:ed:d1:78:fa:70:fe:97:
                    87:ce:23:cd:86:fe:d1:6b:8c:4d:a8:b2:eb:18:56:
                    06:c3:13:87:3d:0b:74:ae:c6:6f:c3:16:4d:54:ed:
                    13:2e:64:c7:c0:b0:ec:88:7f:c1:07:07:e5:19:af:
                    42:78:22:9b:8a:d8:e4:5f:4f:b8:79:79:0e:cf:b9:
                    50:98:88:ea:5c:2a:6d:00:95:c9:7e:55:9d:be:01:
                    18:32:dd:c0:6d:9b:bc:ef:d4:a4:12:01:34:de:84:
                    ed:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:4B:F3:61:11:5B:0D:9C:29:A3:9F:CB:0F:0E:8E:41:85:EB:39:65
            X509v3 Authority Key Identifier:
                keyid:1A:5A:22:DB:C8:DB:D2:D7:24:8D:EA:FF:47:E3:39:0F:77:FB:4B:0B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Gloi28jb0tckjer_R-M5D3f7Sws.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/79/1922c9-4949-4055-a66e-15d32709bd0f/1/YUvzYRFbDZwpo5_LDw6OQYXrOWU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/79/1922c9-4949-4055-a66e-15d32709bd0f/1/Gloi28jb0tckjer_R-M5D3f7Sws.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.73.48.0/20
                  95.130.64.0/21

    Signature Algorithm: sha256WithRSAEncryption
         3d:5c:e7:23:38:04:c4:31:37:dc:99:f5:79:82:81:07:25:be:
         05:c9:d0:cf:f5:6b:6b:41:3e:b2:8a:8a:9a:0a:63:11:62:d6:
         ec:5e:36:b7:10:30:c8:66:c4:ee:02:e7:23:72:2d:49:5e:0d:
         18:39:04:f7:d0:75:16:b9:c9:84:41:e1:02:16:05:86:d3:24:
         3f:8c:77:82:e2:aa:92:c6:ef:25:31:fc:73:21:52:1e:02:c8:
         c7:64:82:4c:fc:0e:8d:04:29:a8:5b:08:67:90:d0:3d:20:97:
         68:fb:dc:a5:ed:06:da:6f:85:08:b7:ab:93:84:a7:62:8f:33:
         11:9c:1b:76:58:40:23:48:92:2e:a7:da:5a:f7:93:72:89:5b:
         76:24:a6:d9:f4:99:17:49:51:24:b7:53:32:0f:bb:14:d9:e8:
         b4:39:67:22:83:9c:28:6b:70:5b:07:8d:1b:44:29:3f:b2:d7:
         64:dd:96:6f:09:07:12:8f:4d:b3:6b:08:fc:97:e3:98:78:e1:
         b8:ec:27:19:de:14:88:e8:5f:a1:dd:f9:a6:03:37:4c:7b:41:
         c1:6b:88:cb:14:20:ee:22:93:27:2c:17:b6:77:a4:f4:90:b2:
         d4:5f:41:8e:78:b9:2b:5e:af:62:5b:49:f0:6a:9f:89:a1:6d:
         25:f5:af:86
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQj126XGQLLGi207yLL5IUlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhNWEyMmRiYzhkYmQyZDcyNDhkZWFmZjQ3ZTMzOTBmNzdm
YjRiMGIwHhcNMjUwMTAxMjE0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTRiZjM2MTExNWIwZDljMjlhMzlmY2IwZjBlOGU0MTg1ZWIzOTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuGEtbO/rlhV19vwOqHOGXl7s/jNS
qRHAlogXGavzLCdH8T6BZzRnYrbVd7Wdf2yUr2nIgiIbtzUIlhXQIoe9BmIW1JVf
EwwMo7HdQ4lw0P5s9bvRMB+bZyboFGX/5lWtYpMhhimG/6FXXemYZYE7tEfSgVdH
aj1r3EpRio3C/cOd8nHLawVfs8W90OpEU9+mVxbpbBveG9urBwgAJe3RePpw/peH
ziPNhv7Ra4xNqLLrGFYGwxOHPQt0rsZvwxZNVO0TLmTHwLDsiH/BBwflGa9CeCKb
itjkX0+4eXkOz7lQmIjqXCptAJXJflWdvgEYMt3AbZu879SkEgE03oTtQwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGFL82ERWw2cKaOfyw8OjkGF6zllMB8GA1UdIwQY
MBaAFBpaItvI29LXJI3q/0fjOQ93+0sLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR2xvaTI4amIwdGNramVyX1ItTTVEM2Y3U3dzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83OS8xOTIyYzktNDk0OS00MDU1LWE2NmUt
MTVkMzI3MDliZDBmLzEvWVV2ellSRmJEWndwbzVfTER3Nk9RWVhyT1dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83OS8xOTIyYzktNDk0OS00MDU1LWE2NmUtMTVkMzI3MDliZDBm
LzEvR2xvaTI4amIwdGNramVyX1ItTTVEM2Y3U3dzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEUEkwAwQD
X4JAMA0GCSqGSIb3DQEBCwUAA4IBAQA9XOcjOATEMTfcmfV5goEHJb4FydDP9Wtr
QT6yioqaCmMRYtbsXja3EDDIZsTuAucjci1JXg0YOQT30HUWucmEQeECFgWG0yQ/
jHeC4qqSxu8lMfxzIVIeAsjHZIJM/A6NBCmoWwhnkNA9IJdo+9yl7Qbab4UIt6uT
hKdijzMRnBt2WEAjSJIup9pa95NyiVt2JKbZ9JkXSVEkt1MyD7sU2ei0OWcig5wo
a3BbB40bRCk/stdk3ZZvCQcSj02zawj8l+OYeOG47CcZ3hSI6F+h3fmmAzdMe0HB
a4jLFCDuIpMnLBe2d6T0kLLUX0GOeLkrXq9iW0nwap+JoW0l9a+G
-----END CERTIFICATE-----