Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/b5d809-2db0-4fbf-8a0d-9d3167831934/1/DYi7F6e5pGT8BUg7LPKGmN6_EDw.roa
File:                     DYi7F6e5pGT8BUg7LPKGmN6_EDw.roa (raw, json)
Hash identifier:          i4XKBDV9uWZ8rdo9xvJHenErvD+Z3AjDvUvgRz1NJaY=
Subject key identifier:   0D:88:BB:17:A7:B9:A4:64:FC:05:48:3B:2C:F2:86:98:DE:BF:10:3C
Certificate issuer:       /CN=f050a20e30ec915ded1df20055af6b5f26672ea9
Certificate serial:       019425FD6FB95795E8BC9A2C4BDB40C988EF
Authority key identifier: F0:50:A2:0E:30:EC:91:5D:ED:1D:F2:00:55:AF:6B:5F:26:67:2E:A9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8FCiDjDskV3tHfIAVa9rXyZnLqk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b1/b5d809-2db0-4fbf-8a0d-9d3167831934/1/DYi7F6e5pGT8BUg7LPKGmN6_EDw.roa
Signing time:             Thu 02 Jan 2025 07:49:13 +0000
ROA not before:           Thu 02 Jan 2025 07:49:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     8478
IP address blocks:        109.74.176.0/20 maxlen: 20
                          185.90.212.0/22 maxlen: 22
                          2a00:17a8::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b1/b5d809-2db0-4fbf-8a0d-9d3167831934/1/8FCiDjDskV3tHfIAVa9rXyZnLqk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b1/b5d809-2db0-4fbf-8a0d-9d3167831934/1/8FCiDjDskV3tHfIAVa9rXyZnLqk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8FCiDjDskV3tHfIAVa9rXyZnLqk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 18:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fd:6f:b9:57:95:e8:bc:9a:2c:4b:db:40:c9:88:ef
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f050a20e30ec915ded1df20055af6b5f26672ea9
        Validity
            Not Before: Jan  2 07:49:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0d88bb17a7b9a464fc05483b2cf28698debf103c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e5:7b:c7:9b:60:f5:23:05:0a:c6:16:bd:b0:
                    4e:31:3d:ec:1d:1a:44:0c:72:fe:a6:99:91:e2:a0:
                    e4:16:ec:da:52:f9:04:73:75:f9:f3:ec:b9:72:d4:
                    0f:94:50:b3:3d:7b:e0:c9:33:78:4b:80:e7:31:85:
                    8f:d5:d4:b6:e8:05:77:14:98:c9:b1:4b:49:2c:aa:
                    aa:50:a2:51:7d:57:01:b1:6c:c8:08:54:db:1d:a4:
                    7c:04:5d:99:35:29:83:ca:10:c5:23:ad:f3:e8:d4:
                    13:6c:b9:e0:25:1c:f9:89:89:59:48:f9:83:f6:88:
                    9e:af:ba:47:ad:21:e0:7c:1e:78:51:76:70:df:f5:
                    9c:40:bc:c3:93:35:7c:4b:4e:c4:38:b3:60:cf:6c:
                    e0:57:a7:4c:b8:57:f6:0d:00:cd:d0:f7:94:bb:9a:
                    84:cf:a7:6f:6b:14:6e:0f:a3:db:a8:cc:50:11:ac:
                    05:40:76:88:71:e1:e2:77:8a:fb:1f:35:08:61:ad:
                    81:7e:9d:f7:2f:e4:20:74:9d:5a:33:cc:fc:0e:fa:
                    d7:89:17:15:a5:77:82:16:a0:2b:cc:90:cc:20:78:
                    07:3c:21:d1:8d:cc:db:fa:8e:bb:00:20:be:2b:14:
                    a5:53:92:98:e9:49:01:36:fe:57:97:cd:74:9a:09:
                    f2:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:88:BB:17:A7:B9:A4:64:FC:05:48:3B:2C:F2:86:98:DE:BF:10:3C
            X509v3 Authority Key Identifier:
                keyid:F0:50:A2:0E:30:EC:91:5D:ED:1D:F2:00:55:AF:6B:5F:26:67:2E:A9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8FCiDjDskV3tHfIAVa9rXyZnLqk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/b5d809-2db0-4fbf-8a0d-9d3167831934/1/DYi7F6e5pGT8BUg7LPKGmN6_EDw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/b5d809-2db0-4fbf-8a0d-9d3167831934/1/8FCiDjDskV3tHfIAVa9rXyZnLqk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.74.176.0/20
                  185.90.212.0/22
                IPv6:
                  2a00:17a8::/32

    Signature Algorithm: sha256WithRSAEncryption
         93:cf:dc:6b:8a:28:a2:ef:81:3e:e7:ea:55:2f:11:d6:cd:f0:
         78:b8:dd:59:d3:c2:88:93:6a:e0:a0:5f:62:0f:ca:08:57:bd:
         1b:a0:fb:2c:36:c9:37:cb:8e:65:1c:82:c6:96:56:15:fb:5c:
         d2:77:58:92:be:ca:66:19:c9:c8:0a:56:e5:fe:d9:1c:56:64:
         e4:50:31:5d:3d:37:9a:f1:fb:bb:16:11:34:04:59:e1:13:cf:
         c1:35:e8:34:4e:84:40:96:42:0a:4a:bc:fc:af:ee:5e:47:2f:
         90:fc:48:7e:e4:8d:a7:7a:ee:45:89:26:26:ca:ed:a1:75:07:
         e4:43:6b:2f:0b:70:84:49:22:ad:4d:f1:69:45:02:e9:cc:0a:
         83:2c:29:f7:f1:45:16:97:9b:89:c3:5d:03:3d:36:27:85:0a:
         d2:eb:10:3a:ff:82:5d:b5:5c:35:f9:00:5c:6f:81:cb:56:c2:
         43:ec:9e:4c:36:8d:3e:06:6f:7a:40:2a:6d:d3:c3:4d:ee:b7:
         7f:3d:9e:24:12:70:79:a9:b2:1d:b5:e5:d6:87:c8:a0:30:58:
         a3:46:84:65:c2:9d:32:72:9b:ae:41:97:5b:9b:1e:a4:cb:46:
         3b:d9:69:99:d4:ee:6d:df:e8:d9:61:a0:6b:3e:a2:04:73:b8:
         aa:1f:44:62
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQl/W+5V5XovJosS9tAyYjvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYwNTBhMjBlMzBlYzkxNWRlZDFkZjIwMDU1YWY2YjVmMjY2
NzJlYTkwHhcNMjUwMTAyMDc0OTEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZDg4YmIxN2E3YjlhNDY0ZmMwNTQ4M2IyY2YyODY5OGRlYmYxMDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsOV7x5tg9SMFCsYWvbBOMT3sHRpE
DHL+ppmR4qDkFuzaUvkEc3X58+y5ctQPlFCzPXvgyTN4S4DnMYWP1dS26AV3FJjJ
sUtJLKqqUKJRfVcBsWzICFTbHaR8BF2ZNSmDyhDFI63z6NQTbLngJRz5iYlZSPmD
9oier7pHrSHgfB54UXZw3/WcQLzDkzV8S07EOLNgz2zgV6dMuFf2DQDN0PeUu5qE
z6dvaxRuD6PbqMxQEawFQHaIceHid4r7HzUIYa2Bfp33L+QgdJ1aM8z8DvrXiRcV
pXeCFqArzJDMIHgHPCHRjczb+o67ACC+KxSlU5KY6UkBNv5Xl810mgny6QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFA2IuxenuaRk/AVIOyzyhpjevxA8MB8GA1UdIwQY
MBaAFPBQog4w7JFd7R3yAFWva18mZy6pMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOEZDaURqRHNrVjN0SGZJQVZhOXJYeVpuTHFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9iNWQ4MDktMmRiMC00ZmJmLThhMGQt
OWQzMTY3ODMxOTM0LzEvRFlpN0Y2ZTVwR1Q4QlVnN0xQS0dtTjZfRUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9iNWQ4MDktMmRiMC00ZmJmLThhMGQtOWQzMTY3ODMxOTM0
LzEvOEZDaURqRHNrVjN0SGZJQVZhOXJYeVpuTHFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQEbUqwAwQC
uVrUMA0EAgACMAcDBQAqABeoMA0GCSqGSIb3DQEBCwUAA4IBAQCTz9xriiii74E+
5+pVLxHWzfB4uN1Z08KIk2rgoF9iD8oIV70boPssNsk3y45lHILGllYV+1zSd1iS
vspmGcnIClbl/tkcVmTkUDFdPTea8fu7FhE0BFnhE8/BNeg0ToRAlkIKSrz8r+5e
Ry+Q/Eh+5I2neu5FiSYmyu2hdQfkQ2svC3CESSKtTfFpRQLpzAqDLCn38UUWl5uJ
w10DPTYnhQrS6xA6/4JdtVw1+QBcb4HLVsJD7J5MNo0+Bm96QCpt08NN7rd/PZ4k
EnB5qbIdteXWh8igMFijRoRlwp0ycpuuQZdbmx6ky0Y72WmZ1O5t3+jZYaBrPqIE
c7iqH0Ri
-----END CERTIFICATE-----