Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/91/e3ada2-c9df-44e2-8b0f-8ff1611e8bb4/1/ytHgJTSko6lE6q80ot6eCy_M1Uw.roa
File:                     ytHgJTSko6lE6q80ot6eCy_M1Uw.roa (raw, json)
Hash identifier:          pUNQ4etbz9JSqETlm90fA/PxT0T+M8EEPtzIOUXQbV4=
Subject key identifier:   CA:D1:E0:25:34:A4:A3:A9:44:EA:AF:34:A2:DE:9E:0B:2F:CC:D5:4C
Certificate issuer:       /CN=bd6fa37a2483cf579fa86250119ac0133475aad8
Certificate serial:       019423D74429785DF8A5D56BF07CC7A65A62
Authority key identifier: BD:6F:A3:7A:24:83:CF:57:9F:A8:62:50:11:9A:C0:13:34:75:AA:D8
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/vW-jeiSDz1efqGJQEZrAEzR1qtg.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/91/e3ada2-c9df-44e2-8b0f-8ff1611e8bb4/1/ytHgJTSko6lE6q80ot6eCy_M1Uw.roa
Signing time:             Wed 01 Jan 2025 21:48:17 +0000
ROA not before:           Wed 01 Jan 2025 21:48:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     134835
IP address blocks:        185.239.224.0/22 maxlen: 24
                          185.239.225.0/24 maxlen: 24
                          185.239.226.0/24 maxlen: 24
                          185.239.227.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/91/e3ada2-c9df-44e2-8b0f-8ff1611e8bb4/1/vW-jeiSDz1efqGJQEZrAEzR1qtg.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/91/e3ada2-c9df-44e2-8b0f-8ff1611e8bb4/1/vW-jeiSDz1efqGJQEZrAEzR1qtg.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/vW-jeiSDz1efqGJQEZrAEzR1qtg.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:d7:44:29:78:5d:f8:a5:d5:6b:f0:7c:c7:a6:5a:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=bd6fa37a2483cf579fa86250119ac0133475aad8
        Validity
            Not Before: Jan  1 21:48:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cad1e02534a4a3a944eaaf34a2de9e0b2fccd54c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:41:b8:8f:fb:38:bb:21:bb:f0:15:47:58:06:
                    4c:6d:af:bb:c0:03:32:cc:04:60:04:39:7c:4d:c4:
                    e2:68:6e:64:4c:2e:86:a5:a3:85:16:14:92:17:79:
                    ee:37:23:9b:80:85:84:64:ee:20:89:0b:f9:39:71:
                    c1:dd:a7:fa:a7:ce:b7:a2:99:f7:bf:43:6d:6e:bf:
                    4d:5c:47:33:ca:7e:b1:b4:44:0f:14:4f:a1:06:49:
                    fb:eb:83:79:ee:24:e1:15:84:6a:f3:d0:47:ff:c9:
                    06:a4:86:03:40:39:a3:24:d5:52:88:1e:2f:fd:c7:
                    4a:ca:26:d9:75:b4:35:d3:1e:42:46:9a:59:a9:18:
                    0e:25:92:e9:20:c1:67:20:59:07:42:19:47:13:0d:
                    f4:84:f5:d4:7a:ed:3b:25:73:28:6e:2b:3e:f6:38:
                    99:e1:6b:15:81:83:23:b9:1b:51:ed:4b:b3:77:90:
                    17:f7:35:f3:18:ca:5e:a1:e2:18:33:69:57:54:d5:
                    5d:6e:ab:d4:09:90:09:d7:99:32:1f:10:b7:6c:d2:
                    7d:49:5b:16:ce:b5:94:71:ed:4a:af:6b:f4:60:55:
                    3c:84:40:2b:42:75:7f:9f:18:be:6e:c0:4f:f2:ff:
                    2d:c2:c9:e2:97:cf:76:a7:df:22:30:45:83:3b:58:
                    72:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:D1:E0:25:34:A4:A3:A9:44:EA:AF:34:A2:DE:9E:0B:2F:CC:D5:4C
            X509v3 Authority Key Identifier:
                keyid:BD:6F:A3:7A:24:83:CF:57:9F:A8:62:50:11:9A:C0:13:34:75:AA:D8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/vW-jeiSDz1efqGJQEZrAEzR1qtg.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/91/e3ada2-c9df-44e2-8b0f-8ff1611e8bb4/1/ytHgJTSko6lE6q80ot6eCy_M1Uw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/91/e3ada2-c9df-44e2-8b0f-8ff1611e8bb4/1/vW-jeiSDz1efqGJQEZrAEzR1qtg.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.239.224.0/22

    Signature Algorithm: sha256WithRSAEncryption
         60:e5:32:67:69:d8:28:15:df:8a:59:75:c7:d9:d8:d2:85:66:
         6a:2c:14:36:38:ef:bc:ac:f9:68:e2:83:e2:0a:c3:24:ce:25:
         97:0f:55:29:e3:4b:aa:07:2e:45:87:09:ed:47:5b:e8:25:51:
         4e:52:07:3a:14:0b:29:d9:cc:f2:f3:ff:de:22:d0:92:63:c4:
         73:36:8a:6e:47:74:5f:3b:ba:9d:35:8b:94:18:59:2c:d2:e6:
         1e:8c:7e:00:a7:1f:a3:8c:be:95:0a:bd:bc:70:ae:1f:f9:8f:
         ab:cb:8f:18:50:76:e8:d4:1d:ec:c5:ea:32:64:d3:3e:7a:e3:
         d4:05:65:1d:5e:2b:18:75:95:0d:59:ef:e5:ee:42:b5:1d:16:
         06:7c:bc:0a:c7:14:d5:7d:ca:96:9e:63:51:2c:68:65:cc:4b:
         bf:57:f9:8e:e4:65:dd:2e:32:01:97:44:ba:c0:ba:6e:61:9b:
         cf:85:86:fa:55:1e:45:f9:46:ea:d9:2c:e1:ff:c9:8b:68:8c:
         66:7c:50:fd:2d:17:e8:c9:34:f6:0e:ef:b4:d7:c4:e9:71:1e:
         22:d8:42:37:3d:d3:80:c7:0f:84:8d:96:cd:de:c8:2a:d2:e0:
         6c:65:c4:a5:0a:9b:a3:97:ea:2a:17:66:40:99:cb:29:6c:64:
         a5:68:50:2d
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQj10QpeF34pdVr8HzHplpiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJkNmZhMzdhMjQ4M2NmNTc5ZmE4NjI1MDExOWFjMDEzMzQ3
NWFhZDgwHhcNMjUwMTAxMjE0ODE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWQxZTAyNTM0YTRhM2E5NDRlYWFmMzRhMmRlOWUwYjJmY2NkNTRjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwkG4j/s4uyG78BVHWAZMba+7wAMy
zARgBDl8TcTiaG5kTC6GpaOFFhSSF3nuNyObgIWEZO4giQv5OXHB3af6p863opn3
v0Ntbr9NXEczyn6xtEQPFE+hBkn764N57iThFYRq89BH/8kGpIYDQDmjJNVSiB4v
/cdKyibZdbQ10x5CRppZqRgOJZLpIMFnIFkHQhlHEw30hPXUeu07JXMobis+9jiZ
4WsVgYMjuRtR7Uuzd5AX9zXzGMpeoeIYM2lXVNVdbqvUCZAJ15kyHxC3bNJ9SVsW
zrWUce1Kr2v0YFU8hEArQnV/nxi+bsBP8v8twsnil892p98iMEWDO1hy3QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMrR4CU0pKOpROqvNKLengsvzNVMMB8GA1UdIwQY
MBaAFL1vo3okg89Xn6hiUBGawBM0darYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdlctamVpU0R6MWVmcUdKUUVackFFelIxcXRnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85MS9lM2FkYTItYzlkZi00NGUyLThiMGYt
OGZmMTYxMWU4YmI0LzEveXRIZ0pUU2tvNmxFNnE4MG90NmVDeV9NMVV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85MS9lM2FkYTItYzlkZi00NGUyLThiMGYtOGZmMTYxMWU4YmI0
LzEvdlctamVpU0R6MWVmcUdKUUVackFFelIxcXRnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCue/gMA0G
CSqGSIb3DQEBCwUAA4IBAQBg5TJnadgoFd+KWXXH2djShWZqLBQ2OO+8rPlo4oPi
CsMkziWXD1Up40uqBy5FhwntR1voJVFOUgc6FAsp2czy8//eItCSY8RzNopuR3Rf
O7qdNYuUGFks0uYejH4Apx+jjL6VCr28cK4f+Y+ry48YUHbo1B3sxeoyZNM+euPU
BWUdXisYdZUNWe/l7kK1HRYGfLwKxxTVfcqWnmNRLGhlzEu/V/mO5GXdLjIBl0S6
wLpuYZvPhYb6VR5F+Ubq2Szh/8mLaIxmfFD9LRfoyTT2Du+018TpcR4i2EI3PdOA
xw+EjZbN3sgq0uBsZcSlCpujl+oqF2ZAmcspbGSlaFAt
-----END CERTIFICATE-----