Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/070032-0bb3-4352-89eb-4913a0ca7409/1/yTZlHlMAE_3YBA7oQmF4fIZqHOM.roa
File:                     yTZlHlMAE_3YBA7oQmF4fIZqHOM.roa (raw, json)
Hash identifier:          lfCvg73z+0fvdagtNm9IPM2kVoIfwTGx2gcIBEuq7Qk=
Subject key identifier:   C9:36:65:1E:53:00:13:FD:D8:04:0E:E8:42:61:78:7C:86:6A:1C:E3
Certificate issuer:       /CN=a5c106023c495904b040acb9978f4fa3b0c5e2dc
Certificate serial:       01941F8C9CDC81D21614FF3CE8C8827B8CE4
Authority key identifier: A5:C1:06:02:3C:49:59:04:B0:40:AC:B9:97:8F:4F:A3:B0:C5:E2:DC
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pcEGAjxJWQSwQKy5l49Po7DF4tw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/070032-0bb3-4352-89eb-4913a0ca7409/1/yTZlHlMAE_3YBA7oQmF4fIZqHOM.roa
Signing time:             Wed 01 Jan 2025 01:48:16 +0000
ROA not before:           Wed 01 Jan 2025 01:48:16 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41345
IP address blocks:        193.37.153.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/070032-0bb3-4352-89eb-4913a0ca7409/1/pcEGAjxJWQSwQKy5l49Po7DF4tw.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/070032-0bb3-4352-89eb-4913a0ca7409/1/pcEGAjxJWQSwQKy5l49Po7DF4tw.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pcEGAjxJWQSwQKy5l49Po7DF4tw.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 03 Feb 2025 00:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:9c:dc:81:d2:16:14:ff:3c:e8:c8:82:7b:8c:e4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a5c106023c495904b040acb9978f4fa3b0c5e2dc
        Validity
            Not Before: Jan  1 01:48:16 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c936651e530013fdd8040ee84261787c866a1ce3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:3a:ee:4d:6b:d0:6d:00:c4:17:f0:02:2a:67:
                    d8:3b:23:70:02:26:50:26:a1:e1:2f:a8:31:a9:32:
                    c4:58:b5:35:5f:76:ca:6d:b6:8a:71:a0:29:d4:84:
                    0a:55:f8:26:ca:2f:40:75:ee:fa:ce:63:ae:55:78:
                    11:a5:7b:b3:83:56:bb:56:85:b6:c8:3d:27:8e:eb:
                    5c:02:75:c4:58:cb:b9:09:76:0f:d6:43:b0:4e:02:
                    24:c8:3a:4f:2a:4e:8b:d1:2b:69:a4:71:ae:09:cb:
                    b6:8b:29:d4:b1:21:83:db:e5:a5:13:87:5f:7a:9c:
                    61:0f:2b:16:a7:c7:dc:8e:cc:b7:e9:53:09:09:cc:
                    af:95:d1:c0:ce:d6:23:87:f6:2b:27:b6:28:05:64:
                    05:65:25:0e:d2:4a:6b:9a:29:9a:62:75:b6:70:82:
                    f8:70:27:91:b0:0e:d2:1f:46:37:88:79:fe:bc:0c:
                    d4:b3:59:9f:59:a8:d3:13:ea:df:19:ee:be:24:34:
                    45:b0:58:26:e2:89:75:29:cc:f6:2e:b7:6f:3c:2a:
                    66:2b:ad:9f:fc:ae:93:cc:9e:a8:0b:19:51:66:4f:
                    30:f1:d2:2b:1f:f2:d6:98:b6:25:76:ba:ad:0d:8e:
                    97:9b:62:1f:ce:37:fa:ce:4c:e4:5c:8c:e7:6b:56:
                    36:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:36:65:1E:53:00:13:FD:D8:04:0E:E8:42:61:78:7C:86:6A:1C:E3
            X509v3 Authority Key Identifier:
                keyid:A5:C1:06:02:3C:49:59:04:B0:40:AC:B9:97:8F:4F:A3:B0:C5:E2:DC

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pcEGAjxJWQSwQKy5l49Po7DF4tw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/070032-0bb3-4352-89eb-4913a0ca7409/1/yTZlHlMAE_3YBA7oQmF4fIZqHOM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/070032-0bb3-4352-89eb-4913a0ca7409/1/pcEGAjxJWQSwQKy5l49Po7DF4tw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.37.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:11:5b:7e:fe:38:e9:87:43:3e:fe:e7:2b:07:62:5e:54:a1:
         1d:a1:28:cf:ed:8d:a8:83:df:e7:72:24:5b:5c:09:e1:5e:05:
         76:e2:ee:f2:ad:9f:1e:81:3c:82:06:50:34:e9:85:88:70:89:
         3e:ff:db:aa:d5:c0:9a:1e:16:cb:07:d1:d2:d1:cc:66:7b:aa:
         4f:13:a9:f0:75:5c:5c:42:43:b1:32:f1:5b:18:e8:c4:f4:1a:
         46:94:41:37:ce:87:eb:ab:cc:3c:6f:2f:cd:e6:c6:62:66:e4:
         8e:3c:8d:b7:67:39:bc:ef:81:7e:2a:a6:d5:67:4f:ba:a3:e3:
         8a:a3:5b:aa:8e:36:4d:04:e7:5e:bb:9e:66:0e:77:f9:47:96:
         40:83:13:db:5c:33:dc:c2:2f:17:17:cb:81:1e:45:ca:c4:e9:
         74:79:99:ed:4f:15:e3:f1:d4:e6:08:b5:d2:9d:95:33:c0:0d:
         72:8d:34:44:3a:c5:08:5f:24:c1:44:d7:9d:41:4a:96:b9:5c:
         50:b5:64:42:a9:b5:1d:c4:92:29:7e:71:d2:6f:68:8f:38:5c:
         10:bc:01:9a:2e:35:5c:5c:0c:23:22:c2:3d:aa:e7:fb:5c:9d:
         9f:0c:ab:b4:c1:f6:75:d3:e9:75:d8:50:51:34:fe:0d:15:95:
         81:49:5e:9f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQfjJzcgdIWFP886MiCe4zkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE1YzEwNjAyM2M0OTU5MDRiMDQwYWNiOTk3OGY0ZmEzYjBj
NWUyZGMwHhcNMjUwMTAxMDE0ODE2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTM2NjUxZTUzMDAxM2ZkZDgwNDBlZTg0MjYxNzg3Yzg2NmExY2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszruTWvQbQDEF/ACKmfYOyNwAiZQ
JqHhL6gxqTLEWLU1X3bKbbaKcaAp1IQKVfgmyi9Ade76zmOuVXgRpXuzg1a7VoW2
yD0njutcAnXEWMu5CXYP1kOwTgIkyDpPKk6L0StppHGuCcu2iynUsSGD2+WlE4df
epxhDysWp8fcjsy36VMJCcyvldHAztYjh/YrJ7YoBWQFZSUO0kprmimaYnW2cIL4
cCeRsA7SH0Y3iHn+vAzUs1mfWajTE+rfGe6+JDRFsFgm4ol1Kcz2LrdvPCpmK62f
/K6TzJ6oCxlRZk8w8dIrH/LWmLYldrqtDY6Xm2Ifzjf6zkzkXIzna1Y2AwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMk2ZR5TABP92AQO6EJheHyGahzjMB8GA1UdIwQY
MBaAFKXBBgI8SVkEsECsuZePT6OwxeLcMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcGNFR0FqeEpXUVN3UUt5NWw0OVBvN0RGNHR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8wNzAwMzItMGJiMy00MzUyLTg5ZWIt
NDkxM2EwY2E3NDA5LzEveVRabEhsTUFFXzNZQkE3b1FtRjRmSVpxSE9NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8wNzAwMzItMGJiMy00MzUyLTg5ZWItNDkxM2EwY2E3NDA5
LzEvcGNFR0FqeEpXUVN3UUt5NWw0OVBvN0RGNHR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwSWZMA0G
CSqGSIb3DQEBCwUAA4IBAQACEVt+/jjph0M+/ucrB2JeVKEdoSjP7Y2og9/nciRb
XAnhXgV24u7yrZ8egTyCBlA06YWIcIk+/9uq1cCaHhbLB9HS0cxme6pPE6nwdVxc
QkOxMvFbGOjE9BpGlEE3zofrq8w8by/N5sZiZuSOPI23Zzm874F+KqbVZ0+6o+OK
o1uqjjZNBOdeu55mDnf5R5ZAgxPbXDPcwi8XF8uBHkXKxOl0eZntTxXj8dTmCLXS
nZUzwA1yjTREOsUIXyTBRNedQUqWuVxQtWRCqbUdxJIpfnHSb2iPOFwQvAGaLjVc
XAwjIsI9quf7XJ2fDKu0wfZ10+l12FBRNP4NFZWBSV6f
-----END CERTIFICATE-----