Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/yX0Sl7S1CDrX-G7aHHH7HF-0TIU.roa
File:                     yX0Sl7S1CDrX-G7aHHH7HF-0TIU.roa (raw, json)
Hash identifier:          Y4Ls4yPY2OiPCKdVraBwQCc1dEKhm1VWZBF9yLJSXfM=
Subject key identifier:   C9:7D:12:97:B4:B5:08:3A:D7:F8:6E:DA:1C:71:FB:1C:5F:B4:4C:85
Certificate issuer:       /CN=6aa6f9e3e2622a7815a259e58d552439c255a31b
Certificate serial:       01942521A0E246A3396806047F4951015399
Authority key identifier: 6A:A6:F9:E3:E2:62:2A:78:15:A2:59:E5:8D:55:24:39:C2:55:A3:1B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/aqb54-JiKngVolnljVUkOcJVoxs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/yX0Sl7S1CDrX-G7aHHH7HF-0TIU.roa
Signing time:             Thu 02 Jan 2025 03:49:08 +0000
ROA not before:           Thu 02 Jan 2025 03:49:08 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9121
IP address blocks:        185.157.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/aqb54-JiKngVolnljVUkOcJVoxs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/aqb54-JiKngVolnljVUkOcJVoxs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/aqb54-JiKngVolnljVUkOcJVoxs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 07 Apr 2025 19:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:a0:e2:46:a3:39:68:06:04:7f:49:51:01:53:99
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6aa6f9e3e2622a7815a259e58d552439c255a31b
        Validity
            Not Before: Jan  2 03:49:08 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c97d1297b4b5083ad7f86eda1c71fb1c5fb44c85
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:58:48:3f:04:36:61:b9:0d:85:6c:97:65:9b:
                    2f:ba:4e:b9:ae:75:39:bf:35:fc:da:96:5f:d3:3c:
                    b3:7e:b4:df:ff:50:3e:90:a2:ed:91:94:a7:41:18:
                    fe:f2:8c:b7:b7:58:95:f3:94:14:19:c0:d7:6a:e2:
                    0f:2c:c5:b0:c9:d8:19:e2:12:68:42:80:27:15:e1:
                    f0:81:f3:78:5c:c7:0f:82:8c:c6:78:31:1a:d6:1f:
                    0c:37:eb:56:87:74:ff:c2:a9:69:04:61:a3:fe:eb:
                    60:77:9a:9c:04:0e:e3:75:02:49:a8:9e:c8:c6:91:
                    b9:02:d1:cb:28:44:a2:51:44:67:81:2a:03:9c:94:
                    95:ed:22:20:12:7f:9c:c7:a0:28:76:ec:a3:bc:cf:
                    48:9d:e8:5d:40:f0:c0:42:23:10:7b:ae:2f:f7:7b:
                    67:5f:0d:ae:9f:e8:9e:8b:fc:ac:62:bf:29:9c:23:
                    d3:07:71:11:1f:88:43:92:55:31:52:a5:8a:7e:7b:
                    33:67:65:7f:d1:ee:d5:84:8f:c5:f0:e8:b1:d3:5b:
                    cf:76:f7:41:77:5b:0c:35:2c:b9:7e:09:6f:4c:4b:
                    4f:5f:36:12:9b:5e:0f:11:59:b3:aa:a5:2d:d8:20:
                    c2:62:a8:f5:7e:6a:ca:e1:4b:1e:b4:cb:25:97:d7:
                    5c:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:7D:12:97:B4:B5:08:3A:D7:F8:6E:DA:1C:71:FB:1C:5F:B4:4C:85
            X509v3 Authority Key Identifier:
                keyid:6A:A6:F9:E3:E2:62:2A:78:15:A2:59:E5:8D:55:24:39:C2:55:A3:1B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aqb54-JiKngVolnljVUkOcJVoxs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/yX0Sl7S1CDrX-G7aHHH7HF-0TIU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/936806-bb6d-45f3-8837-c50734d020f0/1/aqb54-JiKngVolnljVUkOcJVoxs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.157.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d0:bf:69:08:73:73:06:22:0c:d5:c3:fe:c5:98:1d:95:9f:32:
         10:ea:9e:b0:35:d6:dd:d9:0d:fb:c7:d2:62:fb:ac:5d:40:0f:
         57:6c:45:4e:8e:50:47:a5:68:75:da:f9:51:7b:73:8f:4b:7e:
         e9:1e:4a:43:8a:c7:bb:34:cc:fc:53:ed:b2:45:eb:1d:73:52:
         a1:06:55:31:52:f3:f7:f1:2e:45:ed:8a:b0:14:a4:f7:3c:e2:
         69:5a:62:3b:1c:72:db:3a:d5:ad:df:07:cf:62:07:21:f8:c5:
         d6:87:68:3b:d9:47:4b:27:25:48:5c:96:4c:b7:4d:5b:1b:e2:
         c7:69:c6:32:12:67:c8:3d:14:a1:5a:a1:10:c4:5a:b8:87:c2:
         66:a6:4c:39:71:49:ee:b4:af:56:b0:a9:7d:30:be:6d:62:0a:
         7c:3e:ad:9d:04:48:9e:46:e1:77:72:5a:08:96:04:89:e9:42:
         28:49:e6:de:26:82:21:fb:62:1f:be:9a:ed:71:68:32:b2:6d:
         76:29:bd:73:4f:50:d5:33:7e:c0:9b:47:f5:1b:60:a2:70:71:
         6a:3b:50:0a:52:a9:f9:52:6d:00:07:c7:28:6e:c3:c8:82:b0:
         24:b0:c2:dd:c0:1e:60:d3:b5:ff:a7:d2:5b:97:56:f2:6d:d5:
         63:b0:e8:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlIaDiRqM5aAYEf0lRAVOZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZhYTZmOWUzZTI2MjJhNzgxNWEyNTllNThkNTUyNDM5YzI1
NWEzMWIwHhcNMjUwMTAyMDM0OTA4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTdkMTI5N2I0YjUwODNhZDdmODZlZGExYzcxZmIxYzVmYjQ0Yzg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwlhIPwQ2YbkNhWyXZZsvuk65rnU5
vzX82pZf0zyzfrTf/1A+kKLtkZSnQRj+8oy3t1iV85QUGcDXauIPLMWwydgZ4hJo
QoAnFeHwgfN4XMcPgozGeDEa1h8MN+tWh3T/wqlpBGGj/utgd5qcBA7jdQJJqJ7I
xpG5AtHLKESiUURngSoDnJSV7SIgEn+cx6AoduyjvM9InehdQPDAQiMQe64v93tn
Xw2un+iei/ysYr8pnCPTB3ERH4hDklUxUqWKfnszZ2V/0e7VhI/F8Oix01vPdvdB
d1sMNSy5fglvTEtPXzYSm14PEVmzqqUt2CDCYqj1fmrK4UsetMsll9dc8QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMl9Epe0tQg61/hu2hxx+xxftEyFMB8GA1UdIwQY
MBaAFGqm+ePiYip4FaJZ5Y1VJDnCVaMbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYXFiNTQtSmlLbmdWb2xubGpWVWtPY0pWb3hzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS85MzY4MDYtYmI2ZC00NWYzLTg4Mzct
YzUwNzM0ZDAyMGYwLzEveVgwU2w3UzFDRHJYLUc3YUhISDdIRi0wVElVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS85MzY4MDYtYmI2ZC00NWYzLTg4MzctYzUwNzM0ZDAyMGYw
LzEvYXFiNTQtSmlLbmdWb2xubGpWVWtPY0pWb3hzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ3MMA0G
CSqGSIb3DQEBCwUAA4IBAQDQv2kIc3MGIgzVw/7FmB2VnzIQ6p6wNdbd2Q37x9Ji
+6xdQA9XbEVOjlBHpWh12vlRe3OPS37pHkpDise7NMz8U+2yResdc1KhBlUxUvP3
8S5F7YqwFKT3POJpWmI7HHLbOtWt3wfPYgch+MXWh2g72UdLJyVIXJZMt01bG+LH
acYyEmfIPRShWqEQxFq4h8Jmpkw5cUnutK9WsKl9ML5tYgp8Pq2dBEieRuF3cloI
lgSJ6UIoSebeJoIh+2IfvprtcWgysm12Kb1zT1DVM37Am0f1G2CicHFqO1AKUqn5
Um0AB8cobsPIgrAksMLdwB5g07X/p9Jbl1bybdVjsOgS
-----END CERTIFICATE-----