Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/263447-0c80-4cda-b915-081a637f703e/1/YzWazfZkDmpS6lnGJouGiR4vMgw.roa
File:                     YzWazfZkDmpS6lnGJouGiR4vMgw.roa (raw, json)
Hash identifier:          g+4T1wjwDSXCQUkHT41UwModEGJm2ijdNXqnxLEPkqw=
Subject key identifier:   63:35:9A:CD:F6:64:0E:6A:52:EA:59:C6:26:8B:86:89:1E:2F:32:0C
Certificate issuer:       /CN=d342ab156d5ae153ad16528e87d9c8479dc0a4a5
Certificate serial:       0194258F3E9022DACF236B41F8D07E44DB98
Authority key identifier: D3:42:AB:15:6D:5A:E1:53:AD:16:52:8E:87:D9:C8:47:9D:C0:A4:A5
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/00KrFW1a4VOtFlKOh9nIR53ApKU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/263447-0c80-4cda-b915-081a637f703e/1/YzWazfZkDmpS6lnGJouGiR4vMgw.roa
Signing time:             Thu 02 Jan 2025 05:48:52 +0000
ROA not before:           Thu 02 Jan 2025 05:48:52 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     680
IP address blocks:        139.6.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/263447-0c80-4cda-b915-081a637f703e/1/00KrFW1a4VOtFlKOh9nIR53ApKU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/263447-0c80-4cda-b915-081a637f703e/1/00KrFW1a4VOtFlKOh9nIR53ApKU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/00KrFW1a4VOtFlKOh9nIR53ApKU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 05:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:3e:90:22:da:cf:23:6b:41:f8:d0:7e:44:db:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d342ab156d5ae153ad16528e87d9c8479dc0a4a5
        Validity
            Not Before: Jan  2 05:48:52 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63359acdf6640e6a52ea59c6268b86891e2f320c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:0f:23:22:18:9c:aa:61:73:6f:db:af:58:1e:
                    b4:72:4b:52:d7:73:33:9b:58:8d:85:ad:cd:3c:2c:
                    d8:e2:08:16:ce:f6:86:6e:6a:02:73:21:e7:57:0d:
                    50:04:41:fa:37:43:80:e2:69:58:27:ec:b6:bb:5e:
                    58:f8:02:84:ec:94:ae:8e:da:2b:f1:92:f9:46:3f:
                    55:30:20:cc:0d:ab:9a:6a:84:20:ec:09:21:6c:9a:
                    56:55:98:2a:25:3f:60:94:33:01:47:97:96:42:f6:
                    62:81:43:a2:04:d4:91:1f:0f:47:b0:91:a4:0f:0f:
                    5c:02:f9:62:8a:7d:20:fa:d7:9a:46:c1:f2:16:e8:
                    d0:1b:6f:4a:b7:62:5f:cd:cc:00:65:96:c7:16:e5:
                    f1:f1:4f:bd:79:24:3b:07:ff:56:5b:49:fb:5c:b0:
                    17:17:fb:89:d7:30:b6:b5:8c:c3:0b:d0:13:25:78:
                    5d:d6:8c:ec:27:ea:4b:23:09:36:7f:52:0e:83:61:
                    fb:82:4f:9e:73:cb:0a:66:89:7a:d2:0c:16:1d:7e:
                    88:db:df:74:31:c7:c3:18:d6:bc:d3:a3:ad:e5:02:
                    cf:d0:a8:8a:a7:5a:81:3f:cb:11:f9:06:9e:9b:34:
                    d4:c3:1a:d5:a1:c9:fd:c1:58:e6:d4:bb:d8:a3:4f:
                    48:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:35:9A:CD:F6:64:0E:6A:52:EA:59:C6:26:8B:86:89:1E:2F:32:0C
            X509v3 Authority Key Identifier:
                keyid:D3:42:AB:15:6D:5A:E1:53:AD:16:52:8E:87:D9:C8:47:9D:C0:A4:A5

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/00KrFW1a4VOtFlKOh9nIR53ApKU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/263447-0c80-4cda-b915-081a637f703e/1/YzWazfZkDmpS6lnGJouGiR4vMgw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/263447-0c80-4cda-b915-081a637f703e/1/00KrFW1a4VOtFlKOh9nIR53ApKU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.6.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         95:70:fe:ef:9d:6b:f8:8d:e8:b3:6b:9f:23:8c:ec:52:cb:ee:
         48:62:53:4e:43:79:58:82:0a:66:0a:f5:87:84:0a:c3:99:2a:
         f5:db:91:91:41:ec:cb:de:15:e6:8e:5c:f5:c7:21:6a:98:80:
         23:a2:36:61:ba:e1:1d:85:9c:06:57:a2:96:96:6d:d8:71:43:
         73:14:b1:dc:fb:ff:89:bd:28:5e:70:dc:7f:8a:31:29:7a:18:
         a1:02:3c:4e:5a:e1:62:92:71:fa:4f:a8:ce:d2:98:4d:2d:c3:
         60:06:62:8d:41:9d:30:21:51:14:98:5e:39:89:62:6a:6a:78:
         0d:c7:0d:3b:2c:fb:66:b0:22:c8:01:65:25:be:b1:16:fb:61:
         59:4b:a7:6b:ed:12:b1:e3:31:2c:85:40:e4:2a:dc:f3:98:ae:
         90:24:e7:09:9a:aa:20:56:03:e2:df:7e:87:b9:26:1f:f9:f3:
         5e:db:0f:37:ec:f7:88:87:c9:48:bf:1c:76:a0:c6:fd:28:b1:
         67:1f:88:94:a5:10:e7:bc:d3:b3:39:0b:b2:8a:42:57:2d:eb:
         15:a4:e3:f1:2c:6e:31:3b:cf:f2:7b:ad:ef:63:ae:cc:ce:b1:
         1d:2e:d7:69:18:dd:3b:05:66:34:c9:13:76:b6:f7:72:c9:34:
         d6:d4:d1:7f
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZQljz6QItrPI2tB+NB+RNuYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQzNDJhYjE1NmQ1YWUxNTNhZDE2NTI4ZTg3ZDljODQ3OWRj
MGE0YTUwHhcNMjUwMTAyMDU0ODUyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzM1OWFjZGY2NjQwZTZhNTJlYTU5YzYyNjhiODY4OTFlMmYzMjBjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtg8jIhicqmFzb9uvWB60cktS13Mz
m1iNha3NPCzY4ggWzvaGbmoCcyHnVw1QBEH6N0OA4mlYJ+y2u15Y+AKE7JSujtor
8ZL5Rj9VMCDMDauaaoQg7AkhbJpWVZgqJT9glDMBR5eWQvZigUOiBNSRHw9HsJGk
Dw9cAvliin0g+teaRsHyFujQG29Kt2JfzcwAZZbHFuXx8U+9eSQ7B/9WW0n7XLAX
F/uJ1zC2tYzDC9ATJXhd1ozsJ+pLIwk2f1IOg2H7gk+ec8sKZol60gwWHX6I2990
McfDGNa806Ot5QLP0KiKp1qBP8sR+QaemzTUwxrVocn9wVjm1LvYo09I/QIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFGM1ms32ZA5qUupZxiaLhokeLzIMMB8GA1UdIwQY
MBaAFNNCqxVtWuFTrRZSjofZyEedwKSlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMDBLckZXMWE0Vk90RmxLT2g5bklSNTNBcEtVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jMy8yNjM0NDctMGM4MC00Y2RhLWI5MTUt
MDgxYTYzN2Y3MDNlLzEvWXpXYXpmWmtEbXBTNmxuR0pvdUdpUjR2TWd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jMy8yNjM0NDctMGM4MC00Y2RhLWI5MTUtMDgxYTYzN2Y3MDNl
LzEvMDBLckZXMWE0Vk90RmxLT2g5bklSNTNBcEtVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAiwYwDQYJ
KoZIhvcNAQELBQADggEBAJVw/u+da/iN6LNrnyOM7FLL7khiU05DeViCCmYK9YeE
CsOZKvXbkZFB7MveFeaOXPXHIWqYgCOiNmG64R2FnAZXopaWbdhxQ3MUsdz7/4m9
KF5w3H+KMSl6GKECPE5a4WKScfpPqM7SmE0tw2AGYo1BnTAhURSYXjmJYmpqeA3H
DTss+2awIsgBZSW+sRb7YVlLp2vtErHjMSyFQOQq3POYrpAk5wmaqiBWA+Lffoe5
Jh/5817bDzfs94iHyUi/HHagxv0osWcfiJSlEOe807M5C7KKQlct6xWk4/EsbjE7
z/J7re9jrszOsR0u12kY3TsFZjTJE3a293LJNNbU0X8=
-----END CERTIFICATE-----