Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/yp6VXJ9ttEuEqrWfh1dI64LQkQ8.roa
File:                     yp6VXJ9ttEuEqrWfh1dI64LQkQ8.roa (raw, json)
Hash identifier:          Mr06/vk6uaXb+ILhJfXZxgC4nSBWLm8yARcjAKzBYPQ=
Subject key identifier:   CA:9E:95:5C:9F:6D:B4:4B:84:AA:B5:9F:87:57:48:EB:82:D0:91:0F
Certificate issuer:       /CN=841f36fcbf7334eff6b91e80297ea5b25c4ecfd2
Certificate serial:       019426D9F3AD5DFD6C49D12C5914805DA447
Authority key identifier: 84:1F:36:FC:BF:73:34:EF:F6:B9:1E:80:29:7E:A5:B2:5C:4E:CF:D2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hB82_L9zNO_2uR6AKX6lslxOz9I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/yp6VXJ9ttEuEqrWfh1dI64LQkQ8.roa
Signing time:             Thu 02 Jan 2025 11:50:05 +0000
ROA not before:           Thu 02 Jan 2025 11:50:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     30781
IP address blocks:        185.106.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hB82_L9zNO_2uR6AKX6lslxOz9I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hB82_L9zNO_2uR6AKX6lslxOz9I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hB82_L9zNO_2uR6AKX6lslxOz9I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 20:00:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:f3:ad:5d:fd:6c:49:d1:2c:59:14:80:5d:a4:47
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=841f36fcbf7334eff6b91e80297ea5b25c4ecfd2
        Validity
            Not Before: Jan  2 11:50:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=ca9e955c9f6db44b84aab59f875748eb82d0910f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:32:da:6f:00:aa:28:65:c6:fa:e2:73:87:7b:
                    b5:7c:e9:a7:5b:4d:16:02:6c:5d:09:1c:70:d8:be:
                    78:5f:5c:63:ab:ac:c9:f4:bc:b1:ac:e3:bb:54:7a:
                    77:53:42:58:3f:23:ba:70:d8:4b:9d:0e:ad:e5:31:
                    39:41:f8:e5:45:c3:17:26:be:4d:98:fd:dd:30:28:
                    4f:66:aa:5a:51:c9:4c:eb:9e:f8:7b:8e:87:14:f9:
                    ca:48:71:92:7b:ce:ca:40:63:65:82:4e:21:26:31:
                    a5:8e:12:52:cf:53:a0:b9:4d:bc:ad:32:54:4b:6b:
                    60:fb:89:7e:68:63:b3:13:ab:7d:50:69:8f:55:26:
                    f4:e9:1f:20:db:e3:f3:8c:01:31:ea:8c:89:20:32:
                    05:bd:62:87:b9:60:d6:27:6f:72:dc:ef:78:e8:59:
                    34:38:a4:ad:19:b1:9c:73:8e:c2:80:81:3f:11:71:
                    f2:be:e2:da:e1:b5:a0:27:d9:9d:06:27:10:a0:16:
                    f5:98:b2:1c:fe:51:12:7d:5d:9b:a1:ba:8e:f6:b9:
                    47:6f:ab:60:99:2a:c7:53:8e:71:83:de:15:92:39:
                    4d:b0:f7:c9:53:f5:74:07:ea:0e:c1:b4:92:a9:a1:
                    7f:20:41:66:e6:cf:99:03:26:c9:ab:65:b0:2a:e8:
                    d8:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:9E:95:5C:9F:6D:B4:4B:84:AA:B5:9F:87:57:48:EB:82:D0:91:0F
            X509v3 Authority Key Identifier:
                keyid:84:1F:36:FC:BF:73:34:EF:F6:B9:1E:80:29:7E:A5:B2:5C:4E:CF:D2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hB82_L9zNO_2uR6AKX6lslxOz9I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/yp6VXJ9ttEuEqrWfh1dI64LQkQ8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/81/c37c16-0603-4845-b4d4-95ddb0974e4b/1/hB82_L9zNO_2uR6AKX6lslxOz9I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.106.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:67:ac:4b:c0:da:26:25:3b:f7:09:d6:52:8c:84:1f:5e:28:
         75:85:d1:a1:26:33:5c:6c:5b:1a:11:53:9b:40:ae:39:e6:ac:
         4f:6d:dc:28:80:a7:47:bc:af:74:68:3f:85:1a:e1:2e:87:bb:
         55:a1:1f:e1:d3:c9:57:51:06:30:ce:4c:01:83:22:24:46:18:
         49:c1:b3:f3:17:aa:40:4b:aa:6e:54:0f:41:c5:b0:b7:52:a5:
         01:b1:6d:12:56:b4:3e:38:d3:58:9c:13:cb:86:5e:78:76:c4:
         fa:2e:ec:ee:3f:26:b2:af:5e:d3:cb:cb:8e:6a:84:82:c3:33:
         41:35:8d:e2:10:b3:95:5c:00:7c:ef:3e:c3:cd:1d:35:90:fd:
         ef:2c:07:5d:f2:75:ab:91:c7:02:37:17:e5:63:d9:a1:5f:c5:
         98:f7:c9:8f:d2:1a:ca:40:1d:d2:fd:f3:87:d3:fc:cc:0e:44:
         7c:37:f3:f3:d1:be:5b:88:97:e0:6e:f1:68:52:dc:f3:9a:6b:
         4b:e4:2f:8c:8b:5a:57:8c:c9:42:89:15:32:bc:64:e1:65:1c:
         b8:e6:ce:57:16:ae:af:17:aa:73:a5:51:a1:a7:e4:71:31:dc:
         f2:0e:e3:d7:9a:66:a2:43:f7:20:11:ac:e3:50:f0:fa:17:05:
         5f:bb:bb:88
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2fOtXf1sSdEsWRSAXaRHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg0MWYzNmZjYmY3MzM0ZWZmNmI5MWU4MDI5N2VhNWIyNWM0
ZWNmZDIwHhcNMjUwMTAyMTE1MDA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTllOTU1YzlmNmRiNDRiODRhYWI1OWY4NzU3NDhlYjgyZDA5MTBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnjLabwCqKGXG+uJzh3u1fOmnW00W
AmxdCRxw2L54X1xjq6zJ9LyxrOO7VHp3U0JYPyO6cNhLnQ6t5TE5QfjlRcMXJr5N
mP3dMChPZqpaUclM6574e46HFPnKSHGSe87KQGNlgk4hJjGljhJSz1OguU28rTJU
S2tg+4l+aGOzE6t9UGmPVSb06R8g2+PzjAEx6oyJIDIFvWKHuWDWJ29y3O946Fk0
OKStGbGcc47CgIE/EXHyvuLa4bWgJ9mdBicQoBb1mLIc/lESfV2bobqO9rlHb6tg
mSrHU45xg94VkjlNsPfJU/V0B+oOwbSSqaF/IEFm5s+ZAybJq2WwKujYGwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMqelVyfbbRLhKq1n4dXSOuC0JEPMB8GA1UdIwQY
MBaAFIQfNvy/czTv9rkegCl+pbJcTs/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaEI4Ml9MOXpOT18ydVI2QUtYNmxzbHhPejlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MS9jMzdjMTYtMDYwMy00ODQ1LWI0ZDQt
OTVkZGIwOTc0ZTRiLzEveXA2VlhKOXR0RXVFcXJXZmgxZEk2NExRa1E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MS9jMzdjMTYtMDYwMy00ODQ1LWI0ZDQtOTVkZGIwOTc0ZTRi
LzEvaEI4Ml9MOXpOT18ydVI2QUtYNmxzbHhPejlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuWqHMA0G
CSqGSIb3DQEBCwUAA4IBAQCNZ6xLwNomJTv3CdZSjIQfXih1hdGhJjNcbFsaEVOb
QK455qxPbdwogKdHvK90aD+FGuEuh7tVoR/h08lXUQYwzkwBgyIkRhhJwbPzF6pA
S6puVA9BxbC3UqUBsW0SVrQ+ONNYnBPLhl54dsT6LuzuPyayr17Ty8uOaoSCwzNB
NY3iELOVXAB87z7DzR01kP3vLAdd8nWrkccCNxflY9mhX8WY98mP0hrKQB3S/fOH
0/zMDkR8N/Pz0b5biJfgbvFoUtzzmmtL5C+Mi1pXjMlCiRUyvGThZRy45s5XFq6v
F6pzpVGhp+RxMdzyDuPXmmaiQ/cgEazjUPD6FwVfu7uI
-----END CERTIFICATE-----