Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/b62439-7e47-42e1-8fdc-18e91296022d/1/ybs61exhN0sYw1YgpfqdbmCmhqk.roa
File:                     ybs61exhN0sYw1YgpfqdbmCmhqk.roa (raw, json)
Hash identifier:          PW/e8DJb4WqsNiI0ODBUiDNLr0vhf0OlyJoAR5NWnhE=
Subject key identifier:   C9:BB:3A:D5:EC:61:37:4B:18:C3:56:20:A5:FA:9D:6E:60:A6:86:A9
Certificate issuer:       /CN=40ea5e39f8635736e48df53822a5cacc10b43a1f
Certificate serial:       019426D8B1C7D9A23A62A2F89B86887CA01D
Authority key identifier: 40:EA:5E:39:F8:63:57:36:E4:8D:F5:38:22:A5:CA:CC:10:B4:3A:1F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QOpeOfhjVzbkjfU4IqXKzBC0Oh8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a4/b62439-7e47-42e1-8fdc-18e91296022d/1/ybs61exhN0sYw1YgpfqdbmCmhqk.roa
Signing time:             Thu 02 Jan 2025 11:48:43 +0000
ROA not before:           Thu 02 Jan 2025 11:48:43 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12985
IP address blocks:        31.41.136.0/21 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a4/b62439-7e47-42e1-8fdc-18e91296022d/1/QOpeOfhjVzbkjfU4IqXKzBC0Oh8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a4/b62439-7e47-42e1-8fdc-18e91296022d/1/QOpeOfhjVzbkjfU4IqXKzBC0Oh8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QOpeOfhjVzbkjfU4IqXKzBC0Oh8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 20:00:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d8:b1:c7:d9:a2:3a:62:a2:f8:9b:86:88:7c:a0:1d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=40ea5e39f8635736e48df53822a5cacc10b43a1f
        Validity
            Not Before: Jan  2 11:48:43 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9bb3ad5ec61374b18c35620a5fa9d6e60a686a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:a0:d2:ba:76:65:1a:fe:9f:c4:45:34:b7:13:
                    f7:ad:3c:31:aa:53:a6:65:94:cd:65:4e:cd:2e:de:
                    e7:44:4b:3d:20:05:4d:e0:52:94:b9:05:25:99:93:
                    ab:ca:fd:b3:91:6b:97:85:5e:5a:4f:19:8d:d5:4c:
                    83:11:73:85:6e:5e:83:a8:32:df:a0:24:97:fd:64:
                    e1:1f:39:a1:64:02:d8:48:ce:72:3d:23:cd:c1:dd:
                    7f:b0:b7:3e:ae:da:01:b5:79:fa:3a:aa:33:a9:f7:
                    a6:49:24:61:5b:f8:c1:ab:d5:06:2f:41:bc:65:cb:
                    73:15:35:2e:f1:59:8f:4d:05:02:e2:f1:1b:7c:d4:
                    47:75:f3:92:57:06:5f:95:49:c5:6d:0e:39:75:b6:
                    5e:df:fa:d3:25:3a:58:d5:71:7e:b3:c3:7d:df:7e:
                    2b:2a:4c:78:d0:5a:1e:44:39:7a:c1:ca:b3:7c:c1:
                    f4:42:c9:a9:b0:88:87:d1:0c:0a:cd:7b:ed:23:3e:
                    d5:3e:23:61:d0:e4:eb:20:04:64:f5:90:98:91:18:
                    dc:9f:86:01:1e:c9:10:41:34:03:ef:b5:02:0a:eb:
                    95:fb:d4:ff:30:8e:76:7a:8c:4e:e5:ba:8e:e1:7d:
                    18:1a:6d:ff:b6:47:d7:d0:30:be:d4:45:67:36:2f:
                    ed:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:BB:3A:D5:EC:61:37:4B:18:C3:56:20:A5:FA:9D:6E:60:A6:86:A9
            X509v3 Authority Key Identifier:
                keyid:40:EA:5E:39:F8:63:57:36:E4:8D:F5:38:22:A5:CA:CC:10:B4:3A:1F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QOpeOfhjVzbkjfU4IqXKzBC0Oh8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/b62439-7e47-42e1-8fdc-18e91296022d/1/ybs61exhN0sYw1YgpfqdbmCmhqk.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/b62439-7e47-42e1-8fdc-18e91296022d/1/QOpeOfhjVzbkjfU4IqXKzBC0Oh8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.41.136.0/21

    Signature Algorithm: sha256WithRSAEncryption
         41:c4:aa:d3:58:20:b7:81:2b:68:87:f1:06:1b:9a:98:90:0f:
         e2:2a:09:8e:c9:1c:28:31:76:25:03:bf:e1:bb:9b:a2:29:4f:
         85:c1:ab:e3:ff:8b:10:af:ed:97:cf:b6:a3:77:a3:6f:a2:5e:
         2e:72:ba:89:01:b0:c3:fc:aa:87:2a:5a:a4:94:b0:f1:8d:f6:
         9c:32:f0:a9:94:af:db:72:9f:44:e5:62:2a:d3:27:fb:af:d9:
         5f:e1:e6:21:9a:6a:72:12:62:80:d7:24:ec:ce:1b:e8:ed:02:
         4e:7b:cf:b9:69:bc:16:de:01:ab:d6:54:4e:67:9d:5c:6b:c9:
         83:3c:7f:94:d8:f2:44:85:fe:a2:48:b3:ec:96:7d:ee:ec:b2:
         2c:32:91:f1:62:ed:03:ee:08:7b:f0:d7:c3:11:75:d7:8b:c8:
         ea:1e:b7:37:c6:a3:38:25:d6:5a:a3:c1:06:17:2b:5a:cb:33:
         92:63:0a:0e:2f:1a:95:a8:d5:7a:8b:7e:25:e7:89:42:c5:07:
         ac:1e:57:6c:67:d7:7a:f4:4c:5c:35:19:88:31:d7:f4:96:17:
         b4:4c:22:8d:ad:d4:62:a5:a9:7f:25:1d:c1:0c:00:3f:25:f2:
         8a:17:7f:59:5d:fe:14:f6:21:31:c7:97:20:c9:02:0d:f5:6d:
         0a:a9:9b:3b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2LHH2aI6YqL4m4aIfKAdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZWE1ZTM5Zjg2MzU3MzZlNDhkZjUzODIyYTVjYWNjMTBi
NDNhMWYwHhcNMjUwMTAyMTE0ODQzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWJiM2FkNWVjNjEzNzRiMThjMzU2MjBhNWZhOWQ2ZTYwYTY4NmE5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuKDSunZlGv6fxEU0txP3rTwxqlOm
ZZTNZU7NLt7nREs9IAVN4FKUuQUlmZOryv2zkWuXhV5aTxmN1UyDEXOFbl6DqDLf
oCSX/WThHzmhZALYSM5yPSPNwd1/sLc+rtoBtXn6OqozqfemSSRhW/jBq9UGL0G8
ZctzFTUu8VmPTQUC4vEbfNRHdfOSVwZflUnFbQ45dbZe3/rTJTpY1XF+s8N9334r
Kkx40FoeRDl6wcqzfMH0QsmpsIiH0QwKzXvtIz7VPiNh0OTrIARk9ZCYkRjcn4YB
HskQQTQD77UCCuuV+9T/MI52eoxO5bqO4X0YGm3/tkfX0DC+1EVnNi/towIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMm7OtXsYTdLGMNWIKX6nW5gpoapMB8GA1UdIwQY
MBaAFEDqXjn4Y1c25I31OCKlyswQtDofMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU9wZU9maGpWemJramZVNElxWEt6QkMwT2g4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC9iNjI0MzktN2U0Ny00MmUxLThmZGMt
MThlOTEyOTYwMjJkLzEveWJzNjFleGhOMHNZdzFZZ3BmcWRibUNtaHFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC9iNjI0MzktN2U0Ny00MmUxLThmZGMtMThlOTEyOTYwMjJk
LzEvUU9wZU9maGpWemJramZVNElxWEt6QkMwT2g4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDHymIMA0G
CSqGSIb3DQEBCwUAA4IBAQBBxKrTWCC3gStoh/EGG5qYkA/iKgmOyRwoMXYlA7/h
u5uiKU+Fwavj/4sQr+2Xz7ajd6Nvol4ucrqJAbDD/KqHKlqklLDxjfacMvCplK/b
cp9E5WIq0yf7r9lf4eYhmmpyEmKA1yTszhvo7QJOe8+5abwW3gGr1lROZ51ca8mD
PH+U2PJEhf6iSLPsln3u7LIsMpHxYu0D7gh78NfDEXXXi8jqHrc3xqM4JdZao8EG
FytayzOSYwoOLxqVqNV6i34l54lCxQesHldsZ9d69ExcNRmIMdf0lhe0TCKNrdRi
pal/JR3BDAA/JfKKF39ZXf4U9iExx5cgyQIN9W0KqZs7
-----END CERTIFICATE-----