Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/YOmzYuKtkS_IB32pnbb12AGAv5A.roa
File:                     YOmzYuKtkS_IB32pnbb12AGAv5A.roa (raw, json)
Hash identifier:          vK7ZDbMpEvAARvt7FNimhfcZKXA9UzwWODOUgEqS4p0=
Subject key identifier:   60:E9:B3:62:E2:AD:91:2F:C8:07:7D:A9:9D:B6:F5:D8:01:80:BF:90
Certificate issuer:       /CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
Certificate serial:       01942369D651D02397431537386FEAB950AD
Authority key identifier: EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/YOmzYuKtkS_IB32pnbb12AGAv5A.roa
Signing time:             Wed 01 Jan 2025 19:48:46 +0000
ROA not before:           Wed 01 Jan 2025 19:48:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200088
IP address blocks:        185.159.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 12:00:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:69:d6:51:d0:23:97:43:15:37:38:6f:ea:b9:50:ad
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=eebbf317e5faf5ef02c9cce79527d5e74b8abcc5
        Validity
            Not Before: Jan  1 19:48:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60e9b362e2ad912fc8077da99db6f5d80180bf90
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:22:3a:be:42:f7:d5:4f:ef:db:eb:ac:a2:b0:
                    69:db:d6:cc:33:98:49:35:dd:99:4a:04:9b:5d:1b:
                    fe:9f:7e:79:90:5b:f2:6e:05:1a:48:d6:19:14:df:
                    ea:a2:39:ac:cc:93:17:42:0f:da:0a:43:6e:c1:c2:
                    b7:10:b8:cb:81:77:34:6d:a0:6f:b7:35:15:32:7f:
                    34:d2:64:3e:bc:a3:e6:58:8a:61:a4:84:16:a2:fa:
                    c2:c7:cd:1e:61:d0:f5:71:ea:29:52:40:78:20:7a:
                    b8:f8:fd:a1:aa:90:05:ca:29:64:6e:8d:15:d7:74:
                    ef:1d:97:94:ca:9d:17:38:a3:b4:5d:ae:d1:bf:3a:
                    46:c1:33:cf:32:e5:27:96:19:21:8c:6a:ad:a5:7a:
                    b8:04:b4:32:ad:ff:c7:97:cb:ab:9c:c7:1b:07:5f:
                    f4:5e:0b:5e:ff:3a:a0:82:f2:ad:a0:67:4a:99:96:
                    2a:00:3e:a4:6e:6b:e5:38:f1:22:04:60:4b:92:61:
                    97:b1:33:23:21:f0:bb:27:d0:60:df:95:69:fd:d1:
                    5d:57:a8:af:66:5a:78:f7:04:4b:33:73:b6:1d:7b:
                    0c:b6:e0:f8:c2:2d:a2:ad:3e:02:9e:a1:c9:05:6f:
                    1b:fb:86:08:93:e9:83:ae:5b:ae:71:69:fd:6e:44:
                    17:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:E9:B3:62:E2:AD:91:2F:C8:07:7D:A9:9D:B6:F5:D8:01:80:BF:90
            X509v3 Authority Key Identifier:
                keyid:EE:BB:F3:17:E5:FA:F5:EF:02:C9:CC:E7:95:27:D5:E7:4B:8A:BC:C5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7rvzF-X69e8CycznlSfV50uKvMU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/YOmzYuKtkS_IB32pnbb12AGAv5A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/6dec63-b9d9-480b-aeb3-6fe9bf60561c/1/7rvzF-X69e8CycznlSfV50uKvMU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.159.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:42:93:aa:12:c4:af:94:11:eb:34:0b:82:09:6f:0c:99:ac:
         50:b7:9b:f7:ea:0d:1d:4c:d5:24:8f:43:a8:e8:8f:0e:26:88:
         f7:bd:ed:e7:6d:af:ee:2a:74:5b:60:f6:27:ce:9f:ba:ec:36:
         51:78:33:a3:72:12:48:92:86:d3:d0:45:b6:cd:a2:32:2d:ad:
         f0:a7:74:0d:23:d4:ed:9d:c5:bf:94:72:e5:bc:db:1b:af:86:
         ea:57:d0:49:94:f9:2a:b5:c0:58:c2:35:f2:a6:b4:4d:18:b9:
         3a:07:3b:0a:db:3c:10:83:ac:68:89:97:d3:62:42:65:85:9e:
         e5:52:12:3e:6c:55:27:47:f7:d8:19:d8:92:df:0d:07:0d:57:
         c6:b2:a9:d4:dd:f2:5b:12:74:0a:28:d8:20:86:92:c9:d3:6c:
         f7:16:39:7e:62:e3:31:f6:06:c3:20:23:e2:c8:12:c8:d3:d1:
         3c:00:41:c0:23:7f:de:e5:75:f7:9f:8f:e6:af:3a:90:bc:27:
         d4:a3:7a:86:b3:53:f0:c6:5a:2f:b7:56:d9:83:3e:2a:2d:dc:
         f1:60:78:30:86:a0:dc:df:82:4c:48:51:50:da:43:72:9f:1c:
         51:d6:ed:91:2f:36:f6:1d:eb:b2:5c:56:68:1c:8d:6f:0f:64:
         16:9f:a6:31
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQjadZR0COXQxU3OG/quVCtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlYmJmMzE3ZTVmYWY1ZWYwMmM5Y2NlNzk1MjdkNWU3NGI4
YWJjYzUwHhcNMjUwMTAxMTk0ODQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGU5YjM2MmUyYWQ5MTJmYzgwNzdkYTk5ZGI2ZjVkODAxODBiZjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3SI6vkL31U/v2+usorBp29bMM5hJ
Nd2ZSgSbXRv+n355kFvybgUaSNYZFN/qojmszJMXQg/aCkNuwcK3ELjLgXc0baBv
tzUVMn800mQ+vKPmWIphpIQWovrCx80eYdD1ceopUkB4IHq4+P2hqpAFyilkbo0V
13TvHZeUyp0XOKO0Xa7RvzpGwTPPMuUnlhkhjGqtpXq4BLQyrf/Hl8urnMcbB1/0
Xgte/zqggvKtoGdKmZYqAD6kbmvlOPEiBGBLkmGXsTMjIfC7J9Bg35Vp/dFdV6iv
Zlp49wRLM3O2HXsMtuD4wi2irT4CnqHJBW8b+4YIk+mDrluucWn9bkQXhQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGDps2LirZEvyAd9qZ229dgBgL+QMB8GA1UdIwQY
MBaAFO678xfl+vXvAsnM55Un1edLirzFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMt
NmZlOWJmNjA1NjFjLzEvWU9tell1S3RrU19JQjMycG5iYjEyQUdBdjVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi82ZGVjNjMtYjlkOS00ODBiLWFlYjMtNmZlOWJmNjA1NjFj
LzEvN3J2ekYtWDY5ZThDeWN6bmxTZlY1MHVLdk1VLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuZ9UMA0G
CSqGSIb3DQEBCwUAA4IBAQABQpOqEsSvlBHrNAuCCW8MmaxQt5v36g0dTNUkj0Oo
6I8OJoj3ve3nba/uKnRbYPYnzp+67DZReDOjchJIkobT0EW2zaIyLa3wp3QNI9Tt
ncW/lHLlvNsbr4bqV9BJlPkqtcBYwjXyprRNGLk6BzsK2zwQg6xoiZfTYkJlhZ7l
UhI+bFUnR/fYGdiS3w0HDVfGsqnU3fJbEnQKKNgghpLJ02z3Fjl+YuMx9gbDICPi
yBLI09E8AEHAI3/e5XX3n4/mrzqQvCfUo3qGs1Pwxlovt1bZgz4qLdzxYHgwhqDc
34JMSFFQ2kNynxxR1u2RLzb2HeuyXFZoHI1vD2QWn6Yx
-----END CERTIFICATE-----