Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/500a8c-6a2d-434b-96f1-18eb779a6497/1/Y18PuvKbRb3I33NFZERrmAggZBw.roa
File:                     Y18PuvKbRb3I33NFZERrmAggZBw.roa (raw, json)
Hash identifier:          ulNop87p1OPj11wBSOeR/0XOStdPoDj14N+Cgskicec=
Subject key identifier:   63:5F:0F:BA:F2:9B:45:BD:C8:DF:73:45:64:44:6B:98:08:20:64:1C
Certificate issuer:       /CN=a88ad546f1a0ef8cf75c92a748bd5c86362e209b
Certificate serial:       019427B4808AE914BBE8CA64D209DCF0DF2B
Authority key identifier: A8:8A:D5:46:F1:A0:EF:8C:F7:5C:92:A7:48:BD:5C:86:36:2E:20:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/qIrVRvGg74z3XJKnSL1chjYuIJs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/85/500a8c-6a2d-434b-96f1-18eb779a6497/1/Y18PuvKbRb3I33NFZERrmAggZBw.roa
Signing time:             Thu 02 Jan 2025 15:48:48 +0000
ROA not before:           Thu 02 Jan 2025 15:48:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50794
IP address blocks:        37.0.24.0/21 maxlen: 21
                          178.21.240.0/21 maxlen: 21
                          2a04:7e80::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/85/500a8c-6a2d-434b-96f1-18eb779a6497/1/qIrVRvGg74z3XJKnSL1chjYuIJs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/85/500a8c-6a2d-434b-96f1-18eb779a6497/1/qIrVRvGg74z3XJKnSL1chjYuIJs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/qIrVRvGg74z3XJKnSL1chjYuIJs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 14:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b4:80:8a:e9:14:bb:e8:ca:64:d2:09:dc:f0:df:2b
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a88ad546f1a0ef8cf75c92a748bd5c86362e209b
        Validity
            Not Before: Jan  2 15:48:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=635f0fbaf29b45bdc8df734564446b980820641c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:13:1f:46:b8:80:18:a3:67:0b:2d:c2:23:1d:
                    34:ff:2d:45:e7:40:8e:31:75:68:cb:fa:d0:da:6a:
                    9a:99:33:73:fc:2a:23:e3:cc:c6:83:22:ba:a4:ba:
                    ad:39:a0:90:c9:d4:9d:ad:d2:44:b9:e2:76:21:97:
                    d6:d5:77:dc:f5:74:e0:b0:14:5b:ff:d0:b7:a1:6e:
                    91:5b:b9:31:ff:24:7b:d4:de:15:bd:1f:7a:3f:7b:
                    c1:47:44:b7:f9:92:df:46:66:29:85:53:99:4a:99:
                    d1:bb:95:bd:8a:30:11:99:ea:3d:0a:05:8a:34:a7:
                    3a:90:92:87:61:ab:d3:66:a4:9e:a5:b9:54:57:8b:
                    30:50:f4:45:60:4a:d4:56:02:12:8a:4a:94:62:4e:
                    3a:aa:d0:98:de:7c:a9:da:84:b8:27:5d:29:71:f2:
                    a3:0a:c3:d4:e9:6e:62:84:78:e7:03:6a:4d:5b:93:
                    3d:ec:5a:eb:3f:e5:5f:c6:13:1b:9e:0c:8f:30:97:
                    5a:69:92:a8:84:25:2b:d5:91:16:c4:a7:3c:29:31:
                    0f:3f:3a:24:10:d6:2a:86:72:ce:f0:4c:a0:c2:8a:
                    69:61:70:be:e5:9e:d3:d0:ec:37:a4:a4:b6:2a:9e:
                    29:af:16:6d:5c:16:2b:38:cb:8b:72:b5:56:5c:1d:
                    29:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:5F:0F:BA:F2:9B:45:BD:C8:DF:73:45:64:44:6B:98:08:20:64:1C
            X509v3 Authority Key Identifier:
                keyid:A8:8A:D5:46:F1:A0:EF:8C:F7:5C:92:A7:48:BD:5C:86:36:2E:20:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qIrVRvGg74z3XJKnSL1chjYuIJs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/500a8c-6a2d-434b-96f1-18eb779a6497/1/Y18PuvKbRb3I33NFZERrmAggZBw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/85/500a8c-6a2d-434b-96f1-18eb779a6497/1/qIrVRvGg74z3XJKnSL1chjYuIJs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.0.24.0/21
                  178.21.240.0/21
                IPv6:
                  2a04:7e80::/29

    Signature Algorithm: sha256WithRSAEncryption
         21:db:cb:b7:91:7e:21:89:02:12:4c:f4:12:0c:5c:a8:30:61:
         93:f8:06:84:f3:75:39:f9:26:cc:99:39:38:2a:c6:eb:ef:36:
         6b:d1:42:4d:e7:d4:d1:59:8e:a3:77:86:b0:65:ef:eb:97:ae:
         11:57:29:c0:cd:70:dd:4f:9d:53:e8:d7:42:e6:6f:34:0d:6c:
         1f:b8:9d:ae:69:7a:09:11:e6:ae:75:23:1a:3c:8b:a9:cf:a8:
         df:57:60:05:b0:8a:44:90:b9:e5:a8:9a:69:63:87:dd:2b:a9:
         16:ad:9b:3f:a2:0d:c0:bf:d8:66:e9:87:c6:39:5c:89:eb:12:
         b8:4b:57:60:1c:88:e7:c9:58:19:f2:0e:f4:a2:00:c9:96:ad:
         7a:88:9f:63:70:ce:20:7d:f8:cd:55:c5:2e:b5:67:13:75:5f:
         24:a9:f6:9f:61:74:43:a6:ab:cf:b3:cd:dd:91:12:5b:fb:12:
         03:58:2d:55:bd:a3:74:6e:0e:3e:b9:e8:7b:eb:fc:92:a4:fe:
         02:67:20:1d:63:d7:b6:1e:44:4c:a1:2c:c0:fd:36:c2:fb:67:
         6e:04:47:a5:98:78:3d:d0:1f:15:40:5c:7a:32:58:76:40:46:
         6c:32:6f:16:7f:7e:28:b9:c4:60:39:53:55:8f:5e:49:00:10:
         ee:2c:e0:5c
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQntICK6RS76Mpk0gnc8N8rMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE4OGFkNTQ2ZjFhMGVmOGNmNzVjOTJhNzQ4YmQ1Yzg2MzYy
ZTIwOWIwHhcNMjUwMTAyMTU0ODQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzVmMGZiYWYyOWI0NWJkYzhkZjczNDU2NDQ0NmI5ODA4MjA2NDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyxMfRriAGKNnCy3CIx00/y1F50CO
MXVoy/rQ2mqamTNz/Coj48zGgyK6pLqtOaCQydSdrdJEueJ2IZfW1Xfc9XTgsBRb
/9C3oW6RW7kx/yR71N4VvR96P3vBR0S3+ZLfRmYphVOZSpnRu5W9ijARmeo9CgWK
NKc6kJKHYavTZqSepblUV4swUPRFYErUVgISikqUYk46qtCY3nyp2oS4J10pcfKj
CsPU6W5ihHjnA2pNW5M97FrrP+VfxhMbngyPMJdaaZKohCUr1ZEWxKc8KTEPPzok
ENYqhnLO8EygwoppYXC+5Z7T0Ow3pKS2Kp4prxZtXBYrOMuLcrVWXB0pCwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGNfD7rym0W9yN9zRWREa5gIIGQcMB8GA1UdIwQY
MBaAFKiK1UbxoO+M91ySp0i9XIY2LiCbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcUlyVlJ2R2c3NHozWEpLblNMMWNoall1SUpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS81MDBhOGMtNmEyZC00MzRiLTk2ZjEt
MThlYjc3OWE2NDk3LzEvWTE4UHV2S2JSYjNJMzNORlpFUnJtQWdnWkJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS81MDBhOGMtNmEyZC00MzRiLTk2ZjEtMThlYjc3OWE2NDk3
LzEvcUlyVlJ2R2c3NHozWEpLblNMMWNoall1SUpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDJQAYAwQD
shXwMA0EAgACMAcDBQMqBH6AMA0GCSqGSIb3DQEBCwUAA4IBAQAh28u3kX4hiQIS
TPQSDFyoMGGT+AaE83U5+SbMmTk4Ksbr7zZr0UJN59TRWY6jd4awZe/rl64RVynA
zXDdT51T6NdC5m80DWwfuJ2uaXoJEeaudSMaPIupz6jfV2AFsIpEkLnlqJppY4fd
K6kWrZs/og3Av9hm6YfGOVyJ6xK4S1dgHIjnyVgZ8g70ogDJlq16iJ9jcM4gffjN
VcUutWcTdV8kqfafYXRDpqvPs83dkRJb+xIDWC1VvaN0bg4+ueh76/ySpP4CZyAd
Y9e2HkRMoSzA/TbC+2duBEelmHg90B8VQFx6Mlh2QEZsMm8Wf34oucRgOVNVj15J
ABDuLOBc
-----END CERTIFICATE-----