Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/yse4x5lO63CR6pnQTmWm_FeSQP8.roa
File:                     yse4x5lO63CR6pnQTmWm_FeSQP8.roa (raw, json)
Hash identifier:          luMCBm9mt8DAtQ3qNsyVx47z4YduvHqj6QZf+B1e0AY=
Subject key identifier:   CA:C7:B8:C7:99:4E:EB:70:91:EA:99:D0:4E:65:A6:FC:57:92:40:FF
Certificate issuer:       /CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
Certificate serial:       0194266ABA2589ED99005B8171421664CE08
Authority key identifier: FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/yse4x5lO63CR6pnQTmWm_FeSQP8.roa
Signing time:             Thu 02 Jan 2025 09:48:36 +0000
ROA not before:           Thu 02 Jan 2025 09:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214515
IP address blocks:        185.49.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 23:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:ba:25:89:ed:99:00:5b:81:71:42:16:64:ce:08
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=fa3d0bc11b29da44ad57304c3f8568870a019c24
        Validity
            Not Before: Jan  2 09:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=cac7b8c7994eeb7091ea99d04e65a6fc579240ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:d6:59:11:32:1a:56:bf:11:bf:76:e2:ec:62:
                    3f:c9:fc:26:ad:08:e6:57:50:a6:67:53:19:61:1d:
                    0e:0c:57:2e:32:55:83:83:b7:28:3e:f7:34:8d:6f:
                    44:71:c4:18:3e:49:88:f5:80:2f:14:3f:de:24:41:
                    d2:1e:42:6d:d3:8b:d4:0d:12:3d:34:ca:24:fc:48:
                    3f:89:6d:7f:df:ef:64:55:ac:50:03:fd:2c:56:60:
                    8e:9c:cc:7d:2f:e7:4c:da:87:38:75:82:f4:f9:0f:
                    4c:3f:0b:08:1c:66:ae:08:c4:96:4a:e0:fb:d4:82:
                    42:84:b5:9b:4f:a8:fc:27:04:30:63:32:d9:de:09:
                    4f:ff:a6:c7:f0:b9:df:79:87:cd:51:ff:c7:a2:22:
                    36:70:1a:31:a6:0b:12:65:2c:1b:f9:98:19:b4:ed:
                    a2:7c:12:17:a5:f4:36:9c:40:29:92:87:a7:86:b2:
                    28:95:dd:44:ef:44:df:81:90:8f:ac:e1:9e:7d:d0:
                    d8:6a:f1:d4:c7:56:c2:a6:05:73:66:5e:04:de:cf:
                    3a:99:49:89:68:f4:6f:f9:b5:70:f9:c1:0e:f7:dd:
                    78:61:1d:c6:e9:6e:19:c6:02:8f:91:6c:30:62:44:
                    87:d0:37:ad:fa:b0:ca:6a:25:09:6b:74:6a:1c:ee:
                    c0:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:C7:B8:C7:99:4E:EB:70:91:EA:99:D0:4E:65:A6:FC:57:92:40:FF
            X509v3 Authority Key Identifier:
                keyid:FA:3D:0B:C1:1B:29:DA:44:AD:57:30:4C:3F:85:68:87:0A:01:9C:24

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-j0LwRsp2kStVzBMP4VohwoBnCQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/yse4x5lO63CR6pnQTmWm_FeSQP8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c3/aa6629-d149-4197-a315-d21071ef735b/1/1-j0LwRsp2kStVzBMP4VohwoBnCQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.49.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:85:f9:d1:7d:59:9e:a8:cd:d9:40:59:4b:1a:17:fe:c0:19:
         60:f8:3d:89:a5:1b:39:17:87:2c:ec:a9:38:d5:b7:8b:a8:15:
         a1:f9:b9:4b:0e:cd:4d:54:78:cb:03:c6:1a:7b:b7:72:65:6b:
         de:a5:0b:59:a2:a8:40:d2:89:5c:a0:74:96:47:04:86:a7:ef:
         a2:c2:9b:63:50:cb:0e:63:64:bc:89:e3:d3:e2:83:5f:09:10:
         7c:d5:12:90:9b:67:36:83:ea:2f:fa:09:f0:39:1b:8f:08:b8:
         42:98:c5:71:a0:de:7b:b8:b3:af:c9:02:30:74:90:66:90:06:
         f0:93:e6:1f:70:52:e5:7c:a7:c8:a8:cd:1e:0d:f5:17:46:46:
         80:68:10:37:c9:1f:ce:f9:1a:03:f5:de:5e:17:1d:fc:cc:78:
         b1:f7:cc:27:14:c9:f7:92:12:ef:d2:e2:47:e2:6b:b2:c9:f5:
         16:7f:37:58:24:42:dc:28:a1:0b:25:2f:47:38:89:7c:8d:bf:
         c3:23:44:0c:c7:1f:83:38:c6:1a:72:c4:f1:0e:73:e3:80:aa:
         e1:73:e1:36:9a:06:66:72:7d:b9:07:23:46:49:64:b8:77:09:
         dc:57:75:cf:b7:af:2b:1d:ef:7a:5a:85:e4:cd:cd:9c:72:99:
         16:1c:f1:89
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgISAZQmarolie2ZAFuBcUIWZM4IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGZhM2QwYmMxMWIyOWRhNDRhZDU3MzA0YzNmODU2ODg3MGEw
MTljMjQwHhcNMjUwMTAyMDk0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWM3YjhjNzk5NGVlYjcwOTFlYTk5ZDA0ZTY1YTZmYzU3OTI0MGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdZZETIaVr8Rv3bi7GI/yfwmrQjm
V1CmZ1MZYR0ODFcuMlWDg7coPvc0jW9EccQYPkmI9YAvFD/eJEHSHkJt04vUDRI9
NMok/Eg/iW1/3+9kVaxQA/0sVmCOnMx9L+dM2oc4dYL0+Q9MPwsIHGauCMSWSuD7
1IJChLWbT6j8JwQwYzLZ3glP/6bH8LnfeYfNUf/HoiI2cBoxpgsSZSwb+ZgZtO2i
fBIXpfQ2nEApkoenhrIold1E70TfgZCPrOGefdDYavHUx1bCpgVzZl4E3s86mUmJ
aPRv+bVw+cEO9914YR3G6W4ZxgKPkWwwYkSH0Det+rDKaiUJa3RqHO7AKQIDAQAB
o4ICCzCCAgcwHQYDVR0OBBYEFMrHuMeZTutwkeqZ0E5lpvxXkkD/MB8GA1UdIwQY
MBaAFPo9C8EbKdpErVcwTD+FaIcKAZwkMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1qMEx3UnNwMmtTdFZ6Qk1QNFZvaHdvQm5DUS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1
LWQyMTA3MWVmNzM1Yi8xL3lzZTR4NWxPNjNDUjZwblFUbVdtX0ZlU1FQOC5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYzMvYWE2NjI5LWQxNDktNDE5Ny1hMzE1LWQyMTA3MWVmNzM1
Yi8xLzEtajBMd1JzcDJrU3RWekJNUDRWb2h3b0JuQ1EuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC5MWsw
DQYJKoZIhvcNAQELBQADggEBAFmF+dF9WZ6ozdlAWUsaF/7AGWD4PYmlGzkXhyzs
qTjVt4uoFaH5uUsOzU1UeMsDxhp7t3Jla96lC1miqEDSiVygdJZHBIan76LCm2NQ
yw5jZLyJ49Pig18JEHzVEpCbZzaD6i/6CfA5G48IuEKYxXGg3nu4s6/JAjB0kGaQ
BvCT5h9wUuV8p8iozR4N9RdGRoBoEDfJH875GgP13l4XHfzMeLH3zCcUyfeSEu/S
4kfia7LJ9RZ/N1gkQtwooQslL0c4iXyNv8MjRAzHH4M4xhpyxPEOc+OAquFz4Taa
BmZyfbkHI0ZJZLh3CdxXdc+3rysd73paheTNzZxymRYc8Yk=
-----END CERTIFICATE-----