Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/yUZufN98w9b0b4D_jtkhYykoa2w.roa
File:                     yUZufN98w9b0b4D_jtkhYykoa2w.roa (raw, json)
Hash identifier:          pdlQcCca6OW9QqS1LivN9H5nAFTKyKPwdoQnRa00At0=
Subject key identifier:   C9:46:6E:7C:DF:7C:C3:D6:F4:6F:80:FF:8E:D9:21:63:29:28:6B:6C
Certificate issuer:       /CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
Certificate serial:       018CC9BC6C3E5FD44150655CEE2583B645AE
Authority key identifier: C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/yUZufN98w9b0b4D_jtkhYykoa2w.roa
Signing time:             Tue 02 Jan 2024 10:33:37 +0000
ROA not before:           Tue 02 Jan 2024 10:33:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     44024
IP address blocks:        185.225.207.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 02 Jun 2024 01:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:bc:6c:3e:5f:d4:41:50:65:5c:ee:25:83:b6:45:ae
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66d9d50b3b89d51c8aa2493e7ef4701d6251dad
        Validity
            Not Before: Jan  2 10:33:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=c9466e7cdf7cc3d6f46f80ff8ed9216329286b6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:a1:b5:ee:36:9f:3a:00:8a:39:b7:f6:5d:96:
                    cb:05:b7:21:78:2c:b1:db:67:4d:5d:95:e3:ff:a3:
                    b0:05:57:9e:85:7b:49:ee:6f:b0:82:48:52:40:29:
                    5a:2a:c9:ac:35:c5:e6:1d:50:b6:aa:0d:98:97:b5:
                    14:76:d6:25:ba:0a:c3:79:ae:a5:37:10:43:8c:0f:
                    ac:d3:d5:4b:32:53:73:36:09:67:35:bd:15:84:00:
                    23:aa:da:27:be:74:f0:22:cc:99:83:1a:5e:de:1f:
                    b2:65:61:9f:3f:f4:64:ba:30:6d:a8:e4:5a:0a:67:
                    83:09:47:f3:bf:fd:7f:00:fe:0d:86:da:e4:bf:30:
                    f1:46:ad:10:40:da:a5:6a:b1:bd:c0:c6:70:0f:ad:
                    05:da:30:a1:94:fb:da:6c:a0:f8:46:b9:71:bf:5c:
                    be:81:71:5c:47:92:a3:99:58:b4:15:fc:92:9d:df:
                    a1:20:0e:73:d9:bd:8a:69:15:c2:9a:1d:39:c8:e5:
                    40:2f:73:c9:53:45:97:13:65:04:c0:a3:1c:a0:42:
                    91:55:e0:c4:70:76:03:8d:fc:46:4d:9b:14:17:bf:
                    7e:2e:a4:97:99:24:95:7b:fa:cc:91:29:65:ec:82:
                    d5:e4:9e:f0:28:14:73:38:e4:ab:de:43:ef:56:fb:
                    44:11
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:46:6E:7C:DF:7C:C3:D6:F4:6F:80:FF:8E:D9:21:63:29:28:6B:6C
            X509v3 Authority Key Identifier:
                keyid:C6:6D:9D:50:B3:B8:9D:51:C8:AA:24:93:E7:EF:47:01:D6:25:1D:AD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xm2dULO4nVHIqiST5-9HAdYlHa0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/yUZufN98w9b0b4D_jtkhYykoa2w.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/a5/4bb74b-8d6d-4514-a39c-b7c578b74e35/1/xm2dULO4nVHIqiST5-9HAdYlHa0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.225.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         08:24:67:2a:e6:03:df:08:a0:7a:2f:5f:d1:cb:b5:c8:48:cf:
         93:2a:53:35:9c:fa:dc:43:19:9c:8c:cd:51:8f:6e:bb:a0:70:
         cd:51:76:d5:ee:e9:e8:73:3e:53:a2:6f:17:b1:6c:3e:4f:c9:
         25:2c:a6:58:b6:e6:19:4b:32:5f:40:08:ef:86:d3:30:59:5b:
         86:e5:aa:c5:79:74:df:02:54:b7:cf:09:7b:99:dd:96:f7:22:
         00:6f:07:07:b3:3d:f0:82:83:bd:1f:5a:c5:e8:13:98:b6:3a:
         7a:6f:47:39:b9:0f:92:a0:bf:b5:cd:6d:3f:df:86:cd:77:37:
         bd:28:61:00:c0:a3:a5:b4:bf:cc:f9:cc:a6:ac:ca:fe:5d:5a:
         db:48:8b:0d:76:49:ae:b7:64:29:7c:f6:1f:08:5d:0e:fd:15:
         f7:b4:81:f9:f4:fc:a0:6a:b7:eb:0a:cc:ed:6b:2b:ac:7b:cf:
         6f:c6:fd:cc:4d:48:b6:a3:c0:6c:7b:7f:18:87:ea:80:4d:86:
         aa:f4:8e:4e:02:7b:5a:cf:e8:a5:20:0d:b7:0e:71:d2:c1:60:
         73:ff:2d:3f:be:8d:7a:34:00:5e:60:b1:9e:43:b4:de:00:a5:
         01:d3:00:62:b5:2a:cd:3b:35:1a:56:bb:7a:d0:03:50:c3:97:
         45:d0:b9:1f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJvGw+X9RBUGVc7iWDtkWuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NmQ5ZDUwYjNiODlkNTFjOGFhMjQ5M2U3ZWY0NzAxZDYy
NTFkYWQwHhcNMjQwMTAyMTAzMzM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTQ2NmU3Y2RmN2NjM2Q2ZjQ2ZjgwZmY4ZWQ5MjE2MzI5Mjg2YjZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlaG17jafOgCKObf2XZbLBbcheCyx
22dNXZXj/6OwBVeehXtJ7m+wgkhSQClaKsmsNcXmHVC2qg2Yl7UUdtYlugrDea6l
NxBDjA+s09VLMlNzNglnNb0VhAAjqtonvnTwIsyZgxpe3h+yZWGfP/RkujBtqORa
CmeDCUfzv/1/AP4NhtrkvzDxRq0QQNqlarG9wMZwD60F2jChlPvabKD4Rrlxv1y+
gXFcR5KjmVi0FfySnd+hIA5z2b2KaRXCmh05yOVAL3PJU0WXE2UEwKMcoEKRVeDE
cHYDjfxGTZsUF79+LqSXmSSVe/rMkSll7ILV5J7wKBRzOOSr3kPvVvtEEQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMlGbnzffMPW9G+A/47ZIWMpKGtsMB8GA1UdIwQY
MBaAFMZtnVCzuJ1RyKokk+fvRwHWJR2tMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMt
YjdjNTc4Yjc0ZTM1LzEveVVadWZOOTh3OWIwYjREX2p0a2hZeWtvYTJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNS80YmI3NGItOGQ2ZC00NTE0LWEzOWMtYjdjNTc4Yjc0ZTM1
LzEveG0yZFVMTzRuVkhJcWlTVDUtOUhBZFlsSGEwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueHPMA0G
CSqGSIb3DQEBCwUAA4IBAQAIJGcq5gPfCKB6L1/Ry7XISM+TKlM1nPrcQxmcjM1R
j267oHDNUXbV7unocz5Tom8XsWw+T8klLKZYtuYZSzJfQAjvhtMwWVuG5arFeXTf
AlS3zwl7md2W9yIAbwcHsz3wgoO9H1rF6BOYtjp6b0c5uQ+SoL+1zW0/34bNdze9
KGEAwKOltL/M+cymrMr+XVrbSIsNdkmut2QpfPYfCF0O/RX3tIH59PygarfrCszt
ayuse89vxv3MTUi2o8Bse38Yh+qATYaq9I5OAntaz+ilIA23DnHSwWBz/y0/vo16
NABeYLGeQ7TeAKUB0wBitSrNOzUaVrt60ANQw5dF0Lkf
-----END CERTIFICATE-----