Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/Yjrt4HsK8wh6pJI81KOUWlnSEwg.roa
File:                     Yjrt4HsK8wh6pJI81KOUWlnSEwg.roa (raw, json)
Hash identifier:          XmuwPChIn1UvgMab/4oMWsQTN7bkJ51y5zUd1xVolH0=
Subject key identifier:   62:3A:ED:E0:7B:0A:F3:08:7A:A4:92:3C:D4:A3:94:5A:59:D2:13:08
Certificate issuer:       /CN=85d0e763f935c171694f172056eb44209db2e2cd
Certificate serial:       019425FC3B736E2D0D74F33E8A070258F364
Authority key identifier: 85:D0:E7:63:F9:35:C1:71:69:4F:17:20:56:EB:44:20:9D:B2:E2:CD
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/Yjrt4HsK8wh6pJI81KOUWlnSEwg.roa
Signing time:             Thu 02 Jan 2025 07:47:54 +0000
ROA not before:           Thu 02 Jan 2025 07:47:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     12321
IP address blocks:        212.7.32.0/19 maxlen: 19
                          212.166.64.0/19 maxlen: 19
                          213.129.160.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 15 Apr 2025 23:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:fc:3b:73:6e:2d:0d:74:f3:3e:8a:07:02:58:f3:64
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85d0e763f935c171694f172056eb44209db2e2cd
        Validity
            Not Before: Jan  2 07:47:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=623aede07b0af3087aa4923cd4a3945a59d21308
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:60:f1:e6:9a:b2:e8:78:ea:28:84:f8:82:cd:
                    74:20:4e:d9:94:18:df:33:88:7a:13:93:20:6b:10:
                    98:f6:12:c7:75:f7:14:c5:79:d3:71:39:a9:d0:61:
                    5f:2b:2c:88:e3:7d:6d:5e:98:db:3d:77:7d:31:01:
                    4e:36:e0:60:0c:cd:cd:b2:f8:48:04:7b:d4:53:5e:
                    2f:c5:38:9d:0b:81:03:99:34:e2:d9:11:86:c6:66:
                    e9:5b:cf:b8:41:2e:c8:15:9a:59:bf:08:c5:41:75:
                    b8:89:90:53:a2:0d:88:07:53:4f:e5:c3:be:24:44:
                    77:46:2d:b1:5e:e6:dd:1d:dc:d5:3e:52:04:49:77:
                    7c:e7:1d:fd:8e:5a:be:bb:d0:02:7d:db:19:9c:25:
                    3f:75:95:55:37:3e:91:70:10:40:af:22:a9:c6:78:
                    cd:0d:8f:22:47:b1:1c:59:1c:83:7d:69:cc:12:14:
                    e7:71:65:d6:fd:6f:56:5b:3d:da:70:e1:ee:3d:d2:
                    2c:1e:ad:99:0a:0c:ab:bf:02:d5:4f:c1:ad:12:a4:
                    73:65:d5:cc:5c:5c:5e:46:2c:ac:37:f1:22:9f:67:
                    c4:51:f0:26:13:e5:5c:98:4c:32:4e:23:7d:02:93:
                    c3:50:1f:a6:15:8d:01:7c:de:48:f9:5f:41:bb:48:
                    78:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:3A:ED:E0:7B:0A:F3:08:7A:A4:92:3C:D4:A3:94:5A:59:D2:13:08
            X509v3 Authority Key Identifier:
                keyid:85:D0:E7:63:F9:35:C1:71:69:4F:17:20:56:EB:44:20:9D:B2:E2:CD

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hdDnY_k1wXFpTxcgVutEIJ2y4s0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/Yjrt4HsK8wh6pJI81KOUWlnSEwg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/bf/746410-026b-45c9-81cd-f12835f0247b/1/hdDnY_k1wXFpTxcgVutEIJ2y4s0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.7.32.0/19
                  212.166.64.0/19
                  213.129.160.0/19

    Signature Algorithm: sha256WithRSAEncryption
         50:7f:8a:74:2c:2a:c2:47:f0:a4:03:74:2d:26:f0:36:17:c1:
         b0:a7:ef:e8:f2:f4:83:6d:91:b2:ee:9f:18:af:f0:9d:46:70:
         00:b9:51:4c:07:08:67:6d:40:61:e6:b1:36:24:68:f6:59:f2:
         f6:80:dc:c4:96:a8:64:6b:d6:58:c8:9b:07:cc:78:b6:ff:b8:
         5d:09:46:85:f4:16:72:9a:00:d9:8d:ec:f0:da:32:c5:69:f3:
         24:a7:98:5a:28:f1:a3:75:74:94:56:37:16:e4:35:00:77:79:
         82:91:d1:1e:50:86:2e:4d:0f:5f:cd:76:54:59:9d:55:63:17:
         3d:c6:f3:bb:8f:7c:4c:67:11:17:f5:39:02:95:0d:02:15:64:
         94:65:ad:ae:52:d0:e3:45:cc:0c:63:94:da:26:f9:09:d6:fc:
         dd:a7:94:c1:7b:53:a4:87:71:21:9c:04:87:56:d6:72:69:31:
         1b:a3:f0:7c:5f:72:33:38:2f:fe:44:c5:06:6c:74:16:05:28:
         05:0a:8c:0a:8b:78:e6:9b:7d:47:c2:92:c2:da:db:20:b9:3c:
         6e:6c:df:4d:89:d0:10:99:1a:c6:ab:0b:39:17:fb:81:8f:45:
         ee:c8:52:1d:e9:99:d4:7a:5a:bf:ff:7b:a9:f6:b6:56:9c:91:
         8c:53:7d:03
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZQl/Dtzbi0NdPM+igcCWPNkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZDBlNzYzZjkzNWMxNzE2OTRmMTcyMDU2ZWI0NDIwOWRi
MmUyY2QwHhcNMjUwMTAyMDc0NzU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjNhZWRlMDdiMGFmMzA4N2FhNDkyM2NkNGEzOTQ1YTU5ZDIxMzA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA12Dx5pqy6HjqKIT4gs10IE7ZlBjf
M4h6E5MgaxCY9hLHdfcUxXnTcTmp0GFfKyyI431tXpjbPXd9MQFONuBgDM3NsvhI
BHvUU14vxTidC4EDmTTi2RGGxmbpW8+4QS7IFZpZvwjFQXW4iZBTog2IB1NP5cO+
JER3Ri2xXubdHdzVPlIESXd85x39jlq+u9ACfdsZnCU/dZVVNz6RcBBAryKpxnjN
DY8iR7EcWRyDfWnMEhTncWXW/W9WWz3acOHuPdIsHq2ZCgyrvwLVT8GtEqRzZdXM
XFxeRiysN/Ein2fEUfAmE+VcmEwyTiN9ApPDUB+mFY0BfN5I+V9Bu0h4pQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGI67eB7CvMIeqSSPNSjlFpZ0hMIMB8GA1UdIwQY
MBaAFIXQ52P5NcFxaU8XIFbrRCCdsuLNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGREbllfazF3WEZwVHhjZ1Z1dEVJSjJ5NHMwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZi83NDY0MTAtMDI2Yi00NWM5LTgxY2Qt
ZjEyODM1ZjAyNDdiLzEvWWpydDRIc0s4d2g2cEpJODFLT1VXbG5TRXdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZi83NDY0MTAtMDI2Yi00NWM5LTgxY2QtZjEyODM1ZjAyNDdi
LzEvaGREbllfazF3WEZwVHhjZ1Z1dEVJSjJ5NHMwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQF1AcgAwQF
1KZAAwQF1YGgMA0GCSqGSIb3DQEBCwUAA4IBAQBQf4p0LCrCR/CkA3QtJvA2F8Gw
p+/o8vSDbZGy7p8Yr/CdRnAAuVFMBwhnbUBh5rE2JGj2WfL2gNzElqhka9ZYyJsH
zHi2/7hdCUaF9BZymgDZjezw2jLFafMkp5haKPGjdXSUVjcW5DUAd3mCkdEeUIYu
TQ9fzXZUWZ1VYxc9xvO7j3xMZxEX9TkClQ0CFWSUZa2uUtDjRcwMY5TaJvkJ1vzd
p5TBe1Okh3EhnASHVtZyaTEbo/B8X3IzOC/+RMUGbHQWBSgFCowKi3jmm31HwpLC
2tsguTxubN9NidAQmRrGqws5F/uBj0XuyFId6ZnUelq//3up9rZWnJGMU30D
-----END CERTIFICATE-----