Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/YQQKKCuIreEBOajhrbHaE6kCoEA.roa
File:                     YQQKKCuIreEBOajhrbHaE6kCoEA.roa (raw, json)
Hash identifier:          hYCPYKTMdFl3VS4V4K2NKIMA0dTOlOoNyGrA84B6OGo=
Subject key identifier:   61:04:0A:28:2B:88:AD:E1:01:39:A8:E1:AD:B1:DA:13:A9:02:A0:40
Certificate issuer:       /CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
Certificate serial:       01941FFA08B3D0EAE8290558766825B05398
Authority key identifier: 1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/YQQKKCuIreEBOajhrbHaE6kCoEA.roa
Signing time:             Wed 01 Jan 2025 03:47:47 +0000
ROA not before:           Wed 01 Jan 2025 03:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58144
IP address blocks:        185.20.252.0/22 maxlen: 24
                          185.20.254.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 09:00:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:fa:08:b3:d0:ea:e8:29:05:58:76:68:25:b0:53:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=1c06a82bb115d7393e39fd58b73bbf20f6cd0b1f
        Validity
            Not Before: Jan  1 03:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61040a282b88ade10139a8e1adb1da13a902a040
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:9c:64:1c:81:58:b8:75:7e:cf:32:5d:b0:4a:
                    56:72:7a:e6:c5:b8:82:d1:d1:0a:fa:e0:54:da:11:
                    37:54:aa:03:5e:8b:ae:60:6c:9a:e7:63:7e:95:65:
                    06:83:4b:9b:14:1c:92:d3:3c:bc:c7:0c:c4:f6:43:
                    09:26:3b:75:b6:5e:06:65:43:36:3e:dd:4b:67:c8:
                    07:c0:a4:60:85:b8:a5:38:44:1d:e6:66:8d:98:88:
                    51:7f:65:b5:71:b1:c1:ee:f1:e4:1e:2e:85:98:75:
                    3c:f9:e3:8f:58:90:a1:3f:75:7f:33:be:27:89:c5:
                    b5:d9:1c:17:0b:88:32:1b:a8:93:ef:08:14:49:06:
                    d5:df:84:18:0d:6a:7c:84:6d:a3:c5:ae:36:25:3c:
                    39:71:e6:c6:73:c8:97:db:a8:99:c3:11:ce:d3:1a:
                    a7:a5:fb:c4:1d:54:c3:e4:34:d6:37:0a:01:92:fa:
                    21:54:47:7d:a2:94:d2:80:0c:96:8d:68:48:ce:78:
                    07:ec:91:02:8e:a6:ea:a4:20:52:7d:2f:06:ab:71:
                    ae:1e:91:a7:ba:61:d6:f0:a0:67:22:23:9b:7f:7d:
                    d3:e3:c3:b7:5f:d2:5d:cc:e7:26:bd:33:28:e8:a0:
                    ab:aa:c9:e8:7c:83:48:6e:5e:84:20:50:2c:ae:af:
                    7a:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:04:0A:28:2B:88:AD:E1:01:39:A8:E1:AD:B1:DA:13:A9:02:A0:40
            X509v3 Authority Key Identifier:
                keyid:1C:06:A8:2B:B1:15:D7:39:3E:39:FD:58:B7:3B:BF:20:F6:CD:0B:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/YQQKKCuIreEBOajhrbHaE6kCoEA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/9c/12eaad-8a45-4789-bab5-726057a1f2a4/1/HAaoK7EV1zk-Of1Ytzu_IPbNCx8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.20.252.0/22

    Signature Algorithm: sha256WithRSAEncryption
         6e:7a:50:0c:3c:a7:e2:6a:7d:ff:52:8c:78:91:56:aa:55:93:
         46:8a:54:af:80:a9:d0:2f:e1:6f:4c:ad:ac:2d:0f:e9:29:19:
         70:08:72:da:47:26:d7:cf:68:4d:67:73:c3:a8:ce:7e:4f:27:
         0f:ef:75:13:54:9d:97:39:71:50:ac:7a:75:cc:de:61:56:dc:
         69:a8:ee:1f:35:f4:14:b7:62:2a:03:c0:7c:ff:94:bf:28:4c:
         10:95:da:7b:ef:89:98:2c:e7:4f:6b:41:6c:df:93:60:9b:6f:
         4b:43:a8:4f:55:6a:a9:59:c0:6d:9c:aa:50:f4:56:7a:60:f7:
         64:ec:cc:65:48:0e:07:57:e4:7f:19:72:d4:e1:60:9b:a4:bb:
         f3:28:db:71:ec:b1:f9:c4:5e:29:56:95:4e:2f:81:8d:21:ac:
         34:60:41:b8:8d:44:18:94:99:09:84:bd:e4:e3:bb:ac:88:22:
         a9:f9:f7:a8:f6:e6:bc:f7:e7:a2:29:31:9a:d1:0d:a6:a7:f8:
         19:19:62:a8:fb:8e:36:65:4d:83:f9:46:59:e7:13:58:94:b8:
         b6:67:c7:a4:54:f4:0f:a9:6c:e0:25:73:87:ac:03:d5:9d:87:
         f2:a8:bf:c7:f7:e5:b7:01:69:4f:58:01:a2:4c:5f:e7:b7:20:
         f1:1e:1b:ce
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQf+giz0OroKQVYdmglsFOYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjMDZhODJiYjExNWQ3MzkzZTM5ZmQ1OGI3M2JiZjIwZjZj
ZDBiMWYwHhcNMjUwMTAxMDM0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTA0MGEyODJiODhhZGUxMDEzOWE4ZTFhZGIxZGExM2E5MDJhMDQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJxkHIFYuHV+zzJdsEpWcnrmxbiC
0dEK+uBU2hE3VKoDXouuYGya52N+lWUGg0ubFByS0zy8xwzE9kMJJjt1tl4GZUM2
Pt1LZ8gHwKRghbilOEQd5maNmIhRf2W1cbHB7vHkHi6FmHU8+eOPWJChP3V/M74n
icW12RwXC4gyG6iT7wgUSQbV34QYDWp8hG2jxa42JTw5cebGc8iX26iZwxHO0xqn
pfvEHVTD5DTWNwoBkvohVEd9opTSgAyWjWhIzngH7JECjqbqpCBSfS8Gq3GuHpGn
umHW8KBnIiObf33T48O3X9JdzOcmvTMo6KCrqsnofINIbl6EIFAsrq96EQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGEECigriK3hATmo4a2x2hOpAqBAMB8GA1UdIwQY
MBaAFBwGqCuxFdc5Pjn9WLc7vyD2zQsfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUt
NzI2MDU3YTFmMmE0LzEvWVFRS0tDdUlyZUVCT2FqaHJiSGFFNmtDb0VBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Yy8xMmVhYWQtOGE0NS00Nzg5LWJhYjUtNzI2MDU3YTFmMmE0
LzEvSEFhb0s3RVYxemstT2YxWXR6dV9JUGJOQ3g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuRT8MA0G
CSqGSIb3DQEBCwUAA4IBAQBuelAMPKfian3/Uox4kVaqVZNGilSvgKnQL+FvTK2s
LQ/pKRlwCHLaRybXz2hNZ3PDqM5+TycP73UTVJ2XOXFQrHp1zN5hVtxpqO4fNfQU
t2IqA8B8/5S/KEwQldp774mYLOdPa0Fs35Ngm29LQ6hPVWqpWcBtnKpQ9FZ6YPdk
7MxlSA4HV+R/GXLU4WCbpLvzKNtx7LH5xF4pVpVOL4GNIaw0YEG4jUQYlJkJhL3k
47usiCKp+feo9ua89+eiKTGa0Q2mp/gZGWKo+442ZU2D+UZZ5xNYlLi2Z8ekVPQP
qWzgJXOHrAPVnYfyqL/H9+W3AWlPWAGiTF/ntyDxHhvO
-----END CERTIFICATE-----