Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c4/21d663-6874-489c-ab9e-d9ca03e66ffb/1/yBgRtAUy9SDMB2oNfVg6DWBcxdo.roa
File:                     yBgRtAUy9SDMB2oNfVg6DWBcxdo.roa (raw, json)
Hash identifier:          th+et5jSmKPB56Gge2PfFSgmFKaHL/juuWVdT7KzSfo=
Subject key identifier:   C8:18:11:B4:05:32:F5:20:CC:07:6A:0D:7D:58:3A:0D:60:5C:C5:DA
Certificate issuer:       /CN=ba1cef6f9e9edc45e3cd28ef4025197952d460e9
Certificate serial:       0194236A236CD65C476793D06279B7208D76
Authority key identifier: BA:1C:EF:6F:9E:9E:DC:45:E3:CD:28:EF:40:25:19:79:52:D4:60:E9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/uhzvb56e3EXjzSjvQCUZeVLUYOk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c4/21d663-6874-489c-ab9e-d9ca03e66ffb/1/yBgRtAUy9SDMB2oNfVg6DWBcxdo.roa
Signing time:             Wed 01 Jan 2025 19:49:05 +0000
ROA not before:           Wed 01 Jan 2025 19:49:05 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60111
IP address blocks:        185.143.252.0/22 maxlen: 22
                          2a07:39c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c4/21d663-6874-489c-ab9e-d9ca03e66ffb/1/uhzvb56e3EXjzSjvQCUZeVLUYOk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c4/21d663-6874-489c-ab9e-d9ca03e66ffb/1/uhzvb56e3EXjzSjvQCUZeVLUYOk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/uhzvb56e3EXjzSjvQCUZeVLUYOk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 22:01:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:23:6a:23:6c:d6:5c:47:67:93:d0:62:79:b7:20:8d:76
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ba1cef6f9e9edc45e3cd28ef4025197952d460e9
        Validity
            Not Before: Jan  1 19:49:05 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c81811b40532f520cc076a0d7d583a0d605cc5da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:5f:2c:92:c8:4a:d8:88:4c:0c:f0:c7:6b:0d:
                    36:b8:69:15:eb:b0:c7:52:6f:a3:08:cd:e9:3d:39:
                    c9:71:7e:98:1b:83:d0:3d:f1:3f:3c:ca:04:ac:25:
                    a1:25:3b:96:59:db:da:41:6e:55:db:3f:b3:2c:f0:
                    80:13:fd:c9:2f:74:06:ad:0e:70:9b:0d:1e:7e:dc:
                    52:55:1e:6b:ea:d8:78:be:14:a2:45:6a:68:f7:2b:
                    8a:2d:51:62:51:b2:79:6a:47:ac:06:38:90:94:c5:
                    45:c2:08:d7:41:5d:24:97:e2:21:7a:b2:3e:24:8d:
                    87:82:9d:9f:8e:2f:09:e1:33:78:bf:fc:da:8a:dd:
                    8e:c3:9b:b8:39:c9:e5:3b:05:e8:de:6d:ed:6e:76:
                    44:1f:f5:5f:af:8e:60:0d:81:01:43:9f:86:a4:8a:
                    04:9f:14:17:6e:be:0d:78:66:04:04:4f:1f:57:44:
                    39:b8:3a:dc:e1:04:b4:38:4c:30:9b:23:72:b9:20:
                    eb:5a:ff:9c:f9:bf:18:5e:85:b7:d2:0c:09:8a:2d:
                    b2:e7:a4:41:d9:0d:2d:97:40:2b:2d:71:51:d6:43:
                    6e:77:5a:2f:ed:16:2b:17:e4:6f:c4:78:05:09:42:
                    ed:25:7a:e6:b5:95:20:31:a4:d3:4c:96:2f:7e:fe:
                    f1:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:18:11:B4:05:32:F5:20:CC:07:6A:0D:7D:58:3A:0D:60:5C:C5:DA
            X509v3 Authority Key Identifier:
                keyid:BA:1C:EF:6F:9E:9E:DC:45:E3:CD:28:EF:40:25:19:79:52:D4:60:E9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/uhzvb56e3EXjzSjvQCUZeVLUYOk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/21d663-6874-489c-ab9e-d9ca03e66ffb/1/yBgRtAUy9SDMB2oNfVg6DWBcxdo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c4/21d663-6874-489c-ab9e-d9ca03e66ffb/1/uhzvb56e3EXjzSjvQCUZeVLUYOk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.252.0/22
                IPv6:
                  2a07:39c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         86:79:0a:1b:73:2c:c5:98:fb:16:e5:e0:1d:b6:5f:3f:20:bc:
         2b:a7:53:96:bf:62:1b:e9:f3:b8:f7:d4:90:f6:a8:81:f2:70:
         f3:50:73:30:f1:7b:77:21:a0:6b:d0:51:52:10:97:16:b3:58:
         a2:19:a4:ee:5d:23:fc:83:f7:c5:bc:2c:e7:6b:9b:28:48:7c:
         b8:04:37:71:67:ac:64:06:d3:e5:4e:42:4d:0f:8d:8a:77:3c:
         43:e9:7d:e2:0b:8f:5a:df:76:60:5c:51:b8:22:85:99:8e:66:
         f8:90:2b:3b:36:63:2a:33:29:cf:48:44:9d:28:40:a4:82:4c:
         c7:cc:7d:dc:10:ef:4f:79:53:b5:11:51:18:86:02:b7:95:62:
         fc:47:14:99:d2:bf:d1:0b:02:22:27:30:70:d3:5c:a8:90:26:
         2c:4e:45:68:7f:e9:06:a7:32:57:a4:7b:96:8b:42:d5:7f:ab:
         3e:b9:3d:cc:b6:12:e9:6f:da:c4:82:80:79:e3:3c:a6:0b:1e:
         df:cf:32:a7:44:a3:d7:cc:a5:ae:26:0f:d5:64:27:8c:30:77:
         cb:4e:ea:76:75:e0:a5:16:85:40:b7:fe:26:58:19:44:76:2a:
         0b:42:66:a0:e8:ef:50:e5:01:f9:00:f7:de:93:8d:f5:41:d3:
         cd:60:8e:38
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQjaiNs1lxHZ5PQYnm3II12MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGJhMWNlZjZmOWU5ZWRjNDVlM2NkMjhlZjQwMjUxOTc5NTJk
NDYwZTkwHhcNMjUwMTAxMTk0OTA1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODE4MTFiNDA1MzJmNTIwY2MwNzZhMGQ3ZDU4M2EwZDYwNWNjNWRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9V8skshK2IhMDPDHaw02uGkV67DH
Um+jCM3pPTnJcX6YG4PQPfE/PMoErCWhJTuWWdvaQW5V2z+zLPCAE/3JL3QGrQ5w
mw0eftxSVR5r6th4vhSiRWpo9yuKLVFiUbJ5akesBjiQlMVFwgjXQV0kl+IherI+
JI2Hgp2fji8J4TN4v/zait2Ow5u4OcnlOwXo3m3tbnZEH/Vfr45gDYEBQ5+GpIoE
nxQXbr4NeGYEBE8fV0Q5uDrc4QS0OEwwmyNyuSDrWv+c+b8YXoW30gwJii2y56RB
2Q0tl0ArLXFR1kNud1ov7RYrF+RvxHgFCULtJXrmtZUgMaTTTJYvfv7x+QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMgYEbQFMvUgzAdqDX1YOg1gXMXaMB8GA1UdIwQY
MBaAFLoc72+entxF480o70AlGXlS1GDpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWh6dmI1NmUzRVhqelNqdlFDVVplVkxVWU9rLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNC8yMWQ2NjMtNjg3NC00ODljLWFiOWUt
ZDljYTAzZTY2ZmZiLzEveUJnUnRBVXk5U0RNQjJvTmZWZzZEV0JjeGRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNC8yMWQ2NjMtNjg3NC00ODljLWFiOWUtZDljYTAzZTY2ZmZi
LzEvdWh6dmI1NmUzRVhqelNqdlFDVVplVkxVWU9rLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQCuY/8MA0E
AgACMAcDBQMqBznAMA0GCSqGSIb3DQEBCwUAA4IBAQCGeQobcyzFmPsW5eAdtl8/
ILwrp1OWv2Ib6fO499SQ9qiB8nDzUHMw8Xt3IaBr0FFSEJcWs1iiGaTuXSP8g/fF
vCzna5soSHy4BDdxZ6xkBtPlTkJND42KdzxD6X3iC49a33ZgXFG4IoWZjmb4kCs7
NmMqMynPSESdKECkgkzHzH3cEO9PeVO1EVEYhgK3lWL8RxSZ0r/RCwIiJzBw01yo
kCYsTkVof+kGpzJXpHuWi0LVf6s+uT3MthLpb9rEgoB54zymCx7fzzKnRKPXzKWu
Jg/VZCeMMHfLTup2deClFoVAt/4mWBlEdioLQmag6O9Q5QH5APfek431QdPNYI44
-----END CERTIFICATE-----