Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b4/a5b2d1-cba0-4a54-b438-0d44c04a8448/1/YAQOG7HS14oLGl_AE__5KljKQek.roa
File:                     YAQOG7HS14oLGl_AE__5KljKQek.roa (raw, json)
Hash identifier:          vYFfnqVBOtNvOIxvJDmuRRaUo+YW3T+OADCuratSdoU=
Subject key identifier:   60:04:0E:1B:B1:D2:D7:8A:0B:1A:5F:C0:13:FF:F9:2A:58:CA:41:E9
Certificate issuer:       /CN=a0d3216cccc863eca0c3dd189941b1b9ea37cacd
Certificate serial:       019427481736DF1E9B2423EBA4D4094E8706
Authority key identifier: A0:D3:21:6C:CC:C8:63:EC:A0:C3:DD:18:99:41:B1:B9:EA:37:CA:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/oNMhbMzIY-ygw90YmUGxueo3ys0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b4/a5b2d1-cba0-4a54-b438-0d44c04a8448/1/YAQOG7HS14oLGl_AE__5KljKQek.roa
Signing time:             Thu 02 Jan 2025 13:50:23 +0000
ROA not before:           Thu 02 Jan 2025 13:50:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     16347
IP address blocks:        185.98.130.0/24 maxlen: 24
                          185.135.132.0/23 maxlen: 24
                          185.135.133.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b4/a5b2d1-cba0-4a54-b438-0d44c04a8448/1/oNMhbMzIY-ygw90YmUGxueo3ys0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b4/a5b2d1-cba0-4a54-b438-0d44c04a8448/1/oNMhbMzIY-ygw90YmUGxueo3ys0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/oNMhbMzIY-ygw90YmUGxueo3ys0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:48:17:36:df:1e:9b:24:23:eb:a4:d4:09:4e:87:06
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a0d3216cccc863eca0c3dd189941b1b9ea37cacd
        Validity
            Not Before: Jan  2 13:50:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60040e1bb1d2d78a0b1a5fc013fff92a58ca41e9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7e:7d:5d:1a:2c:da:39:d9:79:6d:01:78:68:
                    64:95:9b:1b:dd:70:0d:f7:86:e7:2a:4d:dd:4d:ee:
                    31:13:ac:ec:8c:0a:a1:61:90:93:81:50:85:04:43:
                    48:60:b1:71:06:e2:bb:69:a6:ce:e4:fb:21:95:49:
                    68:41:f1:07:06:65:b7:59:9b:eb:21:5f:b9:34:52:
                    d5:3a:9e:55:4e:de:8b:00:47:45:94:ae:e5:ae:99:
                    25:48:81:4c:f2:44:f6:20:db:50:cc:76:a4:47:51:
                    27:1e:4d:78:34:ea:3a:54:81:b2:70:26:e4:96:f1:
                    31:9e:f9:70:e4:10:3b:4d:b7:6a:21:e0:c7:36:de:
                    ff:04:1f:fc:d0:f0:cb:a5:03:65:7e:5b:b0:a6:e5:
                    a0:03:c8:58:fd:5a:6b:b6:35:2a:f0:f4:a2:6a:ff:
                    8c:2d:b3:ed:17:0f:07:9d:52:df:b1:71:d0:62:3e:
                    e9:b3:99:08:72:65:fb:f4:9d:fb:ed:57:0b:d3:00:
                    a7:10:c4:7b:de:66:74:b9:f7:34:91:cb:d2:4e:6c:
                    7c:29:e6:2b:f3:92:de:87:95:d6:a7:1e:3b:d2:a8:
                    b5:4a:de:4d:3d:fe:82:43:49:78:97:fa:d4:49:b2:
                    e4:f7:8d:14:77:85:a1:d6:cb:f0:79:f6:a1:19:9b:
                    d4:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:04:0E:1B:B1:D2:D7:8A:0B:1A:5F:C0:13:FF:F9:2A:58:CA:41:E9
            X509v3 Authority Key Identifier:
                keyid:A0:D3:21:6C:CC:C8:63:EC:A0:C3:DD:18:99:41:B1:B9:EA:37:CA:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oNMhbMzIY-ygw90YmUGxueo3ys0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/a5b2d1-cba0-4a54-b438-0d44c04a8448/1/YAQOG7HS14oLGl_AE__5KljKQek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b4/a5b2d1-cba0-4a54-b438-0d44c04a8448/1/oNMhbMzIY-ygw90YmUGxueo3ys0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.98.130.0/24
                  185.135.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:15:20:e1:01:5e:33:d1:e6:59:d4:62:97:71:7b:96:6f:75:
         62:db:bf:b5:02:88:f0:61:0d:ae:7b:62:27:93:b6:c4:ac:5d:
         f3:42:68:7c:e9:4d:f2:12:18:2a:f1:49:b0:cc:32:dd:29:14:
         4d:0a:bd:bb:eb:c0:9d:5d:94:d1:f8:e2:02:33:d5:61:61:ba:
         b6:de:01:84:f8:82:83:98:5f:f5:7c:9f:a5:30:00:e8:86:74:
         d0:27:c8:4e:02:b3:77:f8:f9:e9:c7:1c:7a:e6:37:9d:f9:4c:
         9e:fa:24:36:39:c6:d4:57:86:6b:5f:44:43:ce:df:c8:8f:33:
         20:69:02:94:47:8d:37:ae:ae:86:bc:c9:63:46:cf:da:85:ca:
         97:f5:4b:72:c4:ac:11:53:dd:5b:c9:5f:aa:66:47:46:32:34:
         98:31:8f:9f:52:87:7d:6c:1d:43:7f:3c:43:19:36:24:4d:50:
         8c:6c:b2:c6:8d:00:8d:43:87:aa:3d:6a:b3:9e:33:50:8c:82:
         8a:2c:f7:29:c2:bb:78:fb:6b:55:92:da:f6:14:69:c2:43:98:
         1f:c7:26:63:c3:4e:4e:62:2e:6b:0d:e8:b1:b3:e2:15:84:dd:
         f3:b4:72:92:e3:69:1a:a4:13:0f:e6:86:1f:88:8f:90:a6:4a:
         2b:85:fb:c2
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZQnSBc23x6bJCPrpNQJTocGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGEwZDMyMTZjY2NjODYzZWNhMGMzZGQxODk5NDFiMWI5ZWEz
N2NhY2QwHhcNMjUwMTAyMTM1MDIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDA0MGUxYmIxZDJkNzhhMGIxYTVmYzAxM2ZmZjkyYTU4Y2E0MWU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAun59XRos2jnZeW0BeGhklZsb3XAN
94bnKk3dTe4xE6zsjAqhYZCTgVCFBENIYLFxBuK7aabO5PshlUloQfEHBmW3WZvr
IV+5NFLVOp5VTt6LAEdFlK7lrpklSIFM8kT2INtQzHakR1EnHk14NOo6VIGycCbk
lvExnvlw5BA7TbdqIeDHNt7/BB/80PDLpQNlfluwpuWgA8hY/VprtjUq8PSiav+M
LbPtFw8HnVLfsXHQYj7ps5kIcmX79J377VcL0wCnEMR73mZ0ufc0kcvSTmx8KeYr
85Leh5XWpx470qi1St5NPf6CQ0l4l/rUSbLk940Ud4Wh1svwefahGZvUNwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGAEDhux0teKCxpfwBP/+SpYykHpMB8GA1UdIwQY
MBaAFKDTIWzMyGPsoMPdGJlBsbnqN8rNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb05NaGJNeklZLXlndzkwWW1VR3h1ZW8zeXMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNC9hNWIyZDEtY2JhMC00YTU0LWI0Mzgt
MGQ0NGMwNGE4NDQ4LzEvWUFRT0c3SFMxNG9MR2xfQUVfXzVLbGpLUWVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNC9hNWIyZDEtY2JhMC00YTU0LWI0MzgtMGQ0NGMwNGE4NDQ4
LzEvb05NaGJNeklZLXlndzkwWW1VR3h1ZW8zeXMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAuWKCAwQB
uYeEMA0GCSqGSIb3DQEBCwUAA4IBAQCbFSDhAV4z0eZZ1GKXcXuWb3Vi27+1Aojw
YQ2ue2Ink7bErF3zQmh86U3yEhgq8UmwzDLdKRRNCr2768CdXZTR+OICM9VhYbq2
3gGE+IKDmF/1fJ+lMADohnTQJ8hOArN3+Pnpxxx65jed+Uye+iQ2OcbUV4ZrX0RD
zt/IjzMgaQKUR403rq6GvMljRs/ahcqX9UtyxKwRU91byV+qZkdGMjSYMY+fUod9
bB1DfzxDGTYkTVCMbLLGjQCNQ4eqPWqznjNQjIKKLPcpwrt4+2tVktr2FGnCQ5gf
xyZjw05OYi5rDeixs+IVhN3ztHKS42kapBMP5oYfiI+QpkorhfvC
-----END CERTIFICATE-----