Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/YIr3E_d8xjFFjCfVVE2xSLJ0-QI.roa
File:                     YIr3E_d8xjFFjCfVVE2xSLJ0-QI.roa (raw, json)
Hash identifier:          mEm19hWHY9ASBemN4SZReP3DohObdxjngjK7Zv6yXiM=
Subject key identifier:   60:8A:F7:13:F7:7C:C6:31:45:8C:27:D5:54:4D:B1:48:B2:74:F9:02
Certificate issuer:       /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial:       019420D6629AE6A5A83E4EE9A19064A39EA4
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/YIr3E_d8xjFFjCfVVE2xSLJ0-QI.roa
Signing time:             Wed 01 Jan 2025 07:48:28 +0000
ROA not before:           Wed 01 Jan 2025 07:48:28 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214979
IP address blocks:        86.106.108.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 06 Feb 2025 02:00:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d6:62:9a:e6:a5:a8:3e:4e:e9:a1:90:64:a3:9e:a4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
        Validity
            Not Before: Jan  1 07:48:28 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=608af713f77cc631458c27d5544db148b274f902
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:8f:02:7b:89:ff:79:db:c9:04:e6:01:32:a2:
                    3e:45:8a:a3:db:53:3e:ae:00:92:8d:02:09:bb:05:
                    c4:d7:6f:c9:34:b0:cc:6e:66:14:7e:ce:65:ed:ed:
                    f9:2a:9b:f5:bd:28:e4:04:fe:25:bf:33:d2:be:24:
                    f5:16:80:c9:05:ed:45:57:e7:42:f6:63:96:7e:d6:
                    06:4c:3d:ea:af:f5:f5:de:01:63:f8:ac:05:a5:dd:
                    10:b3:fe:97:e9:d9:e4:dd:79:0a:51:6a:26:7e:75:
                    a9:72:c3:6d:48:a9:59:ab:65:15:ff:64:5a:cf:15:
                    c9:e8:8e:8f:d3:e2:95:aa:7c:c4:b3:fc:0f:74:57:
                    de:35:96:50:ef:da:a6:cf:c7:57:d5:68:6e:e2:0a:
                    98:d4:10:df:3a:61:43:f6:8b:45:dd:6f:da:60:0d:
                    9d:9b:3a:a9:c6:8c:c4:df:19:5a:ba:d5:7d:c8:2f:
                    18:66:2e:af:4f:84:1b:13:f7:56:0c:d9:03:a8:92:
                    a0:74:64:ae:60:20:e6:08:4a:e5:7d:bf:f1:cb:f8:
                    46:45:dc:b5:e9:1f:c3:6c:39:7e:95:3f:1c:ae:0c:
                    54:e1:1a:33:ff:9f:58:b3:08:9b:4c:97:70:10:59:
                    11:13:8e:48:a5:9b:5b:8f:09:40:50:83:c0:7a:19:
                    97:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:8A:F7:13:F7:7C:C6:31:45:8C:27:D5:54:4D:B1:48:B2:74:F9:02
            X509v3 Authority Key Identifier:
                keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/YIr3E_d8xjFFjCfVVE2xSLJ0-QI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  86.106.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8a:ae:a0:f8:03:44:93:24:50:61:e8:9d:ee:77:1d:70:31:3a:
         3b:f5:95:be:3a:70:c6:49:37:78:6b:7f:a6:cc:fc:c1:91:7b:
         95:be:dc:4e:93:30:e0:13:25:29:5f:1c:e1:da:32:90:51:44:
         72:27:27:25:68:c3:c5:3d:06:3a:91:5c:eb:bd:18:94:75:00:
         39:ce:d4:1f:3f:f7:4f:d9:35:4c:6d:be:67:62:2b:5c:2f:27:
         18:e5:15:ad:e6:0e:ec:ef:9d:aa:bd:17:3b:0e:e0:f7:9a:e7:
         98:b5:08:e4:80:0c:38:03:d0:75:94:e2:6c:a6:4c:3c:f9:90:
         7b:4e:54:ce:9d:bc:42:77:ab:0c:62:ac:8a:5d:83:0c:a9:0c:
         46:82:c1:ba:12:ab:a2:eb:6f:01:0b:47:22:5f:03:60:24:b2:
         4a:a6:8d:57:6d:fe:d8:36:52:3b:a2:e6:09:6e:5d:82:e8:79:
         2f:69:06:ad:c3:0f:85:ba:4f:41:d6:e7:12:1d:15:1f:ec:16:
         21:58:2a:c5:cb:bd:c1:df:96:05:d6:73:85:77:cc:52:41:d4:
         cc:f9:93:c0:65:03:f6:e7:30:74:55:84:8d:75:9d:0d:05:0b:
         6e:0b:70:91:43:be:94:92:33:61:c3:3f:99:f3:9f:d9:05:1b:
         ed:68:19:e5
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1mKa5qWoPk7poZBko56kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjUwMTAxMDc0ODI4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDhhZjcxM2Y3N2NjNjMxNDU4YzI3ZDU1NDRkYjE0OGIyNzRmOTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqY8Ce4n/edvJBOYBMqI+RYqj21M+
rgCSjQIJuwXE12/JNLDMbmYUfs5l7e35Kpv1vSjkBP4lvzPSviT1FoDJBe1FV+dC
9mOWftYGTD3qr/X13gFj+KwFpd0Qs/6X6dnk3XkKUWomfnWpcsNtSKlZq2UV/2Ra
zxXJ6I6P0+KVqnzEs/wPdFfeNZZQ79qmz8dX1Whu4gqY1BDfOmFD9otF3W/aYA2d
mzqpxozE3xlautV9yC8YZi6vT4QbE/dWDNkDqJKgdGSuYCDmCErlfb/xy/hGRdy1
6R/DbDl+lT8crgxU4Roz/59YswibTJdwEFkRE45IpZtbjwlAUIPAehmXQwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGCK9xP3fMYxRYwn1VRNsUiydPkCMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvWUlyM0VfZDh4akZGakNmVlZFMnhTTEowLVFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAVmpsMA0G
CSqGSIb3DQEBCwUAA4IBAQCKrqD4A0STJFBh6J3udx1wMTo79ZW+OnDGSTd4a3+m
zPzBkXuVvtxOkzDgEyUpXxzh2jKQUURyJyclaMPFPQY6kVzrvRiUdQA5ztQfP/dP
2TVMbb5nYitcLycY5RWt5g7s752qvRc7DuD3mueYtQjkgAw4A9B1lOJspkw8+ZB7
TlTOnbxCd6sMYqyKXYMMqQxGgsG6Equi628BC0ciXwNgJLJKpo1Xbf7YNlI7ouYJ
bl2C6HkvaQatww+Fuk9B1ucSHRUf7BYhWCrFy73B35YF1nOFd8xSQdTM+ZPAZQP2
5zB0VYSNdZ0NBQtuC3CRQ76UkjNhwz+Z85/ZBRvtaBnl
-----END CERTIFICATE-----