Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9b/d983cd-3f8e-4d6e-a38c-4d8d62b18e89/1/YJycfGdeJ164QrjQ89Pquxal_pc.roa
File:                     YJycfGdeJ164QrjQ89Pquxal_pc.roa (raw, json)
Hash identifier:          fDEXe9y2Vppryd4ojiqVG2aN2es1Vh/q/2xftzkXWbQ=
Subject key identifier:   60:9C:9C:7C:67:5E:27:5E:B8:42:B8:D0:F3:D3:EA:BB:16:A5:FE:97
Certificate issuer:       /CN=6c5311a57ccfcb5135261ff39bd19a115ef3e7cf
Certificate serial:       019425FC2372BB9158223702BC1935846065
Authority key identifier: 6C:53:11:A5:7C:CF:CB:51:35:26:1F:F3:9B:D1:9A:11:5E:F3:E7:CF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bFMRpXzPy1E1Jh_zm9GaEV7z588.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9b/d983cd-3f8e-4d6e-a38c-4d8d62b18e89/1/YJycfGdeJ164QrjQ89Pquxal_pc.roa
Signing time:             Thu 02 Jan 2025 07:47:48 +0000
ROA not before:           Thu 02 Jan 2025 07:47:48 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     205187
IP address blocks:        185.226.248.0/22 maxlen: 24
                          2a0c:7e00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9b/d983cd-3f8e-4d6e-a38c-4d8d62b18e89/1/bFMRpXzPy1E1Jh_zm9GaEV7z588.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9b/d983cd-3f8e-4d6e-a38c-4d8d62b18e89/1/bFMRpXzPy1E1Jh_zm9GaEV7z588.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/bFMRpXzPy1E1Jh_zm9GaEV7z588.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:23:72:bb:91:58:22:37:02:bc:19:35:84:60:65
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c5311a57ccfcb5135261ff39bd19a115ef3e7cf
        Validity
            Not Before: Jan  2 07:47:48 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=609c9c7c675e275eb842b8d0f3d3eabb16a5fe97
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:28:34:34:76:f9:63:7d:95:1a:5e:2b:d0:ed:
                    13:c4:ac:75:6f:48:13:33:f6:20:ef:d4:3a:7f:67:
                    3b:d8:8e:80:cb:83:ef:0e:9d:53:6e:fc:8a:d3:dd:
                    14:df:09:94:7f:88:7a:7c:5d:7d:e6:a2:6c:65:ad:
                    9b:48:1e:d2:07:17:6b:e5:4f:4e:e0:4e:e9:e7:4a:
                    a4:66:5f:5e:57:6f:b9:6b:b5:8a:2f:65:e8:0e:97:
                    e9:50:1d:9c:07:e9:90:31:02:f1:29:c4:02:03:70:
                    e3:3f:fc:e0:ea:3e:fd:ff:ff:bc:c2:7a:f8:a9:4e:
                    0c:05:2d:8a:c6:4e:a9:2d:34:0b:9b:d4:e5:06:52:
                    53:65:9b:07:18:28:93:00:ad:0f:36:a7:b4:5c:64:
                    2c:2f:44:51:2f:62:a3:3d:52:f1:62:2c:9f:e1:e5:
                    d2:45:0e:c4:81:fb:04:8f:41:af:14:2a:d7:db:e5:
                    b8:19:ed:fb:07:2b:7b:48:b9:65:21:f9:d9:0e:c2:
                    96:61:03:d1:72:26:85:43:6a:c0:f4:2a:41:af:2b:
                    9c:1d:a3:78:d9:9e:52:f1:f6:6f:67:ad:8c:ee:8e:
                    a6:dc:a2:d1:4d:05:c5:f8:79:e6:4d:d6:50:54:fa:
                    4c:6d:44:1c:93:fc:1f:31:bd:91:62:47:bf:e2:d6:
                    26:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:9C:9C:7C:67:5E:27:5E:B8:42:B8:D0:F3:D3:EA:BB:16:A5:FE:97
            X509v3 Authority Key Identifier:
                keyid:6C:53:11:A5:7C:CF:CB:51:35:26:1F:F3:9B:D1:9A:11:5E:F3:E7:CF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bFMRpXzPy1E1Jh_zm9GaEV7z588.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/d983cd-3f8e-4d6e-a38c-4d8d62b18e89/1/YJycfGdeJ164QrjQ89Pquxal_pc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9b/d983cd-3f8e-4d6e-a38c-4d8d62b18e89/1/bFMRpXzPy1E1Jh_zm9GaEV7z588.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.226.248.0/22
                IPv6:
                  2a0c:7e00::/29

    Signature Algorithm: sha256WithRSAEncryption
         18:74:e9:ad:bf:10:e5:77:2f:44:5c:22:22:68:9b:7d:73:91:
         4a:9b:59:29:9d:fc:83:a4:97:c0:69:23:f2:67:06:50:ee:16:
         61:23:4e:e3:af:e5:51:a5:db:b0:60:3f:4f:3a:97:ac:58:c9:
         39:4a:9e:57:12:a9:da:09:e8:a8:84:cc:06:7e:ba:fb:36:69:
         87:00:b8:a7:cf:d2:30:da:9c:46:4f:ae:e5:d2:fa:0b:b0:79:
         39:69:5f:00:9d:16:23:92:8c:aa:60:a1:0f:0c:8e:66:69:3b:
         a7:9f:10:00:b5:cb:19:10:91:64:47:55:11:bb:d4:98:57:36:
         ee:4f:6a:74:ef:3b:d7:b6:a7:2a:dc:43:b9:b4:c1:94:15:80:
         34:a8:ac:95:a5:48:d9:30:9c:9b:cc:6a:23:e0:32:b8:23:d8:
         d9:d2:12:f1:3c:7d:c9:bf:19:00:c4:e6:dd:ce:b9:7a:d8:0f:
         55:55:f7:a0:6a:7c:65:8e:6e:4d:e7:8e:13:9b:f9:68:59:28:
         c0:b7:e6:c9:dc:19:1a:49:f8:ba:5b:ce:71:87:d9:4d:5d:d0:
         eb:34:27:40:5a:ff:0f:fb:04:88:69:d3:a1:76:9d:57:ea:d0:
         b5:5f:1c:4b:21:15:9c:d8:05:16:53:48:8c:9c:4e:32:c4:1a:
         50:1d:69:94
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQl/CNyu5FYIjcCvBk1hGBlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjNTMxMWE1N2NjZmNiNTEzNTI2MWZmMzliZDE5YTExNWVm
M2U3Y2YwHhcNMjUwMTAyMDc0NzQ4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDljOWM3YzY3NWUyNzVlYjg0MmI4ZDBmM2QzZWFiYjE2YTVmZTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvCg0NHb5Y32VGl4r0O0TxKx1b0gT
M/Yg79Q6f2c72I6Ay4PvDp1TbvyK090U3wmUf4h6fF195qJsZa2bSB7SBxdr5U9O
4E7p50qkZl9eV2+5a7WKL2XoDpfpUB2cB+mQMQLxKcQCA3DjP/zg6j79//+8wnr4
qU4MBS2Kxk6pLTQLm9TlBlJTZZsHGCiTAK0PNqe0XGQsL0RRL2KjPVLxYiyf4eXS
RQ7EgfsEj0GvFCrX2+W4Ge37Byt7SLllIfnZDsKWYQPRciaFQ2rA9CpBryucHaN4
2Z5S8fZvZ62M7o6m3KLRTQXF+HnmTdZQVPpMbUQck/wfMb2RYke/4tYmnwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFGCcnHxnXideuEK40PPT6rsWpf6XMB8GA1UdIwQY
MBaAFGxTEaV8z8tRNSYf85vRmhFe8+fPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkZNUnBYelB5MUUxSmhfem05R2FFVjd6NTg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yi9kOTgzY2QtM2Y4ZS00ZDZlLWEzOGMt
NGQ4ZDYyYjE4ZTg5LzEvWUp5Y2ZHZGVKMTY0UXJqUTg5UHF1eGFsX3BjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yi9kOTgzY2QtM2Y4ZS00ZDZlLWEzOGMtNGQ4ZDYyYjE4ZTg5
LzEvYkZNUnBYelB5MUUxSmhfem05R2FFVjd6NTg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCueL4MA0E
AgACMAcDBQMqDH4AMA0GCSqGSIb3DQEBCwUAA4IBAQAYdOmtvxDldy9EXCIiaJt9
c5FKm1kpnfyDpJfAaSPyZwZQ7hZhI07jr+VRpduwYD9POpesWMk5Sp5XEqnaCeio
hMwGfrr7NmmHALinz9Iw2pxGT67l0voLsHk5aV8AnRYjkoyqYKEPDI5maTunnxAA
tcsZEJFkR1URu9SYVzbuT2p07zvXtqcq3EO5tMGUFYA0qKyVpUjZMJybzGoj4DK4
I9jZ0hLxPH3JvxkAxObdzrl62A9VVfeganxljm5N544Tm/loWSjAt+bJ3BkaSfi6
W85xh9lNXdDrNCdAWv8P+wSIadOhdp1X6tC1XxxLIRWc2AUWU0iMnE4yxBpQHWmU
-----END CERTIFICATE-----