Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7a/7ac37b-020b-49ae-ac9b-f98ec74abfd5/1/yfiu2M8plrtU3UaE1tSWQlOfqzM.roa
File:                     yfiu2M8plrtU3UaE1tSWQlOfqzM.roa (raw, json)
Hash identifier:          LGvgYonneT46G/xf4FgiBrT7VrnKx0OUEEnLR8etqrg=
Subject key identifier:   C9:F8:AE:D8:CF:29:96:BB:54:DD:46:84:D6:D4:96:42:53:9F:AB:33
Certificate issuer:       /CN=bbb314d7e36901f6dea7c0291a51533bb224f3b3
Certificate serial:       019427B5447183D1655800D123887B6770FC
Authority key identifier: BB:B3:14:D7:E3:69:01:F6:DE:A7:C0:29:1A:51:53:3B:B2:24:F3:B3
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/u7MU1-NpAfbep8ApGlFTO7Ik87M.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7a/7ac37b-020b-49ae-ac9b-f98ec74abfd5/1/yfiu2M8plrtU3UaE1tSWQlOfqzM.roa
Signing time:             Thu 02 Jan 2025 15:49:38 +0000
ROA not before:           Thu 02 Jan 2025 15:49:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200157
IP address blocks:        185.159.190.0/24 maxlen: 24
                          2a12:86c0::/32 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7a/7ac37b-020b-49ae-ac9b-f98ec74abfd5/1/u7MU1-NpAfbep8ApGlFTO7Ik87M.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7a/7ac37b-020b-49ae-ac9b-f98ec74abfd5/1/u7MU1-NpAfbep8ApGlFTO7Ik87M.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/u7MU1-NpAfbep8ApGlFTO7Ik87M.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b5:44:71:83:d1:65:58:00:d1:23:88:7b:67:70:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bbb314d7e36901f6dea7c0291a51533bb224f3b3
        Validity
            Not Before: Jan  2 15:49:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9f8aed8cf2996bb54dd4684d6d49642539fab33
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:20:c6:89:3b:37:57:a4:f8:05:71:4e:12:c9:
                    23:74:62:94:46:0d:0e:0a:5a:55:38:3b:e9:22:af:
                    bd:dd:35:75:1e:07:e6:11:3a:e8:03:95:16:f1:41:
                    e7:93:70:70:b0:56:85:5c:4a:ab:fd:e9:85:77:a2:
                    97:ec:4d:8d:66:e3:aa:f1:b2:ac:4c:9a:51:c9:1b:
                    35:d5:b5:7d:9e:41:35:c6:d4:5d:ac:8b:98:9e:56:
                    97:73:17:7c:69:b8:1d:e3:fe:82:91:5e:2a:c9:ec:
                    f5:08:01:7a:e5:7f:56:28:05:66:cb:27:03:4b:1f:
                    65:c6:aa:db:c8:96:3d:05:90:66:3a:29:d6:7a:53:
                    9d:6f:ba:06:7d:97:17:07:3e:53:ca:5f:73:75:9a:
                    ab:15:49:ab:0f:2b:c5:a5:3e:64:e8:3c:ba:37:93:
                    c0:24:14:b7:f6:6c:60:17:05:75:fa:fb:21:bd:ff:
                    20:a8:5a:8f:d0:a5:8b:df:e0:e2:7d:8b:47:18:5c:
                    28:ca:d6:14:eb:a8:0a:42:0d:2c:b8:7f:8a:b6:00:
                    bf:85:2c:f3:78:78:84:b8:8f:f4:b9:e3:91:28:65:
                    33:53:b9:1f:bb:cb:3e:2d:47:3f:fa:dc:9d:7e:92:
                    72:67:b2:84:27:05:e1:9d:c9:80:09:9b:1f:d0:76:
                    80:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:F8:AE:D8:CF:29:96:BB:54:DD:46:84:D6:D4:96:42:53:9F:AB:33
            X509v3 Authority Key Identifier:
                keyid:BB:B3:14:D7:E3:69:01:F6:DE:A7:C0:29:1A:51:53:3B:B2:24:F3:B3

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/u7MU1-NpAfbep8ApGlFTO7Ik87M.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/7ac37b-020b-49ae-ac9b-f98ec74abfd5/1/yfiu2M8plrtU3UaE1tSWQlOfqzM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7a/7ac37b-020b-49ae-ac9b-f98ec74abfd5/1/u7MU1-NpAfbep8ApGlFTO7Ik87M.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.190.0/24
                IPv6:
                  2a12:86c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:49:28:69:b7:53:3a:29:75:52:90:39:6f:0a:80:88:61:8c:
         bb:60:02:ce:f0:a0:19:a1:39:5b:f3:00:0b:43:4c:dd:7b:77:
         a7:95:f1:7f:3a:85:dc:ff:eb:8c:45:97:b3:65:e8:f6:87:45:
         60:4c:d3:4d:b6:ad:03:f3:61:55:24:81:e2:37:60:96:bb:c7:
         57:c2:24:c5:c9:2b:89:f3:bc:f0:51:1a:a0:78:ca:d3:8c:8a:
         f7:04:7d:9a:11:5e:12:24:de:71:0a:28:55:21:88:50:d6:e4:
         ba:77:06:28:66:c7:90:83:56:a8:2b:95:ef:ad:e9:59:9e:bc:
         4a:b5:b4:21:93:44:d8:7a:de:a2:31:48:00:e1:66:c6:63:2e:
         30:e2:10:d4:03:f9:63:d8:00:2c:14:c5:b0:68:0a:9c:d4:97:
         1d:e6:67:26:64:76:4c:9f:f3:3e:a4:3c:cb:50:6a:82:44:f0:
         52:65:ef:80:81:3e:b8:5c:6b:7b:43:af:4a:aa:08:ad:2b:1c:
         da:62:5e:6a:9f:8a:bc:88:78:a1:ed:13:c4:b4:3f:dc:40:7f:
         70:21:3f:51:b5:26:d8:00:f0:db:be:6b:0b:d7:7c:e0:55:ca:
         e0:0c:7d:66:96:cc:ed:1b:66:4d:43:e6:c1:fd:b1:61:30:95:
         ab:cc:0f:f2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQntURxg9FlWADRI4h7Z3D8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJiYjMxNGQ3ZTM2OTAxZjZkZWE3YzAyOTFhNTE1MzNiYjIy
NGYzYjMwHhcNMjUwMTAyMTU0OTM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWY4YWVkOGNmMjk5NmJiNTRkZDQ2ODRkNmQ0OTY0MjUzOWZhYjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3iDGiTs3V6T4BXFOEskjdGKURg0O
ClpVODvpIq+93TV1HgfmETroA5UW8UHnk3BwsFaFXEqr/emFd6KX7E2NZuOq8bKs
TJpRyRs11bV9nkE1xtRdrIuYnlaXcxd8abgd4/6CkV4qyez1CAF65X9WKAVmyycD
Sx9lxqrbyJY9BZBmOinWelOdb7oGfZcXBz5Tyl9zdZqrFUmrDyvFpT5k6Dy6N5PA
JBS39mxgFwV1+vshvf8gqFqP0KWL3+DifYtHGFwoytYU66gKQg0suH+KtgC/hSzz
eHiEuI/0ueORKGUzU7kfu8s+LUc/+tydfpJyZ7KEJwXhncmACZsf0HaA2wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMn4rtjPKZa7VN1GhNbUlkJTn6szMB8GA1UdIwQY
MBaAFLuzFNfjaQH23qfAKRpRUzuyJPOzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdTdNVTEtTnBBZmJlcDhBcEdsRlRPN0lrODdNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83YS83YWMzN2ItMDIwYi00OWFlLWFjOWIt
Zjk4ZWM3NGFiZmQ1LzEveWZpdTJNOHBscnRVM1VhRTF0U1dRbE9mcXpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83YS83YWMzN2ItMDIwYi00OWFlLWFjOWItZjk4ZWM3NGFiZmQ1
LzEvdTdNVTEtTnBBZmJlcDhBcEdsRlRPN0lrODdNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuZ++MA0E
AgACMAcDBQAqEobAMA0GCSqGSIb3DQEBCwUAA4IBAQApSShpt1M6KXVSkDlvCoCI
YYy7YALO8KAZoTlb8wALQ0zde3enlfF/OoXc/+uMRZezZej2h0VgTNNNtq0D82FV
JIHiN2CWu8dXwiTFySuJ87zwURqgeMrTjIr3BH2aEV4SJN5xCihVIYhQ1uS6dwYo
ZseQg1aoK5XvrelZnrxKtbQhk0TYet6iMUgA4WbGYy4w4hDUA/lj2AAsFMWwaAqc
1Jcd5mcmZHZMn/M+pDzLUGqCRPBSZe+AgT64XGt7Q69KqgitKxzaYl5qn4q8iHih
7RPEtD/cQH9wIT9RtSbYAPDbvmsL13zgVcrgDH1mlsztG2ZNQ+bB/bFhMJWrzA/y
-----END CERTIFICATE-----