Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/42cfae-e29d-4d94-ba52-c41d99f17fda/1/Ylfj2CG1V0DaK4f8uH_BBUtoGWA.roa
File:                     Ylfj2CG1V0DaK4f8uH_BBUtoGWA.roa (raw, json)
Hash identifier:          CAUuMYHSplNovMOYBe0Qjx/057sd/Jrw0wK6ui3RBo4=
Subject key identifier:   62:57:E3:D8:21:B5:57:40:DA:2B:87:FC:B8:7F:C1:05:4B:68:19:60
Certificate issuer:       /CN=e7564d0cc7da05fa58cfbd8c2a9435cb3362cde2
Certificate serial:       019420D5C3032FDAC1483CA5E0029752334F
Authority key identifier: E7:56:4D:0C:C7:DA:05:FA:58:CF:BD:8C:2A:94:35:CB:33:62:CD:E2
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/51ZNDMfaBfpYz72MKpQ1yzNizeI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/42cfae-e29d-4d94-ba52-c41d99f17fda/1/Ylfj2CG1V0DaK4f8uH_BBUtoGWA.roa
Signing time:             Wed 01 Jan 2025 07:47:47 +0000
ROA not before:           Wed 01 Jan 2025 07:47:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214870
IP address blocks:        193.151.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/42cfae-e29d-4d94-ba52-c41d99f17fda/1/51ZNDMfaBfpYz72MKpQ1yzNizeI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/42cfae-e29d-4d94-ba52-c41d99f17fda/1/51ZNDMfaBfpYz72MKpQ1yzNizeI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/51ZNDMfaBfpYz72MKpQ1yzNizeI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 19:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:20:d5:c3:03:2f:da:c1:48:3c:a5:e0:02:97:52:33:4f
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e7564d0cc7da05fa58cfbd8c2a9435cb3362cde2
        Validity
            Not Before: Jan  1 07:47:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6257e3d821b55740da2b87fcb87fc1054b681960
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:51:d7:16:bf:29:47:90:9b:c3:c6:66:9a:94:
                    17:a0:3d:1f:0d:3f:58:99:c5:ce:35:b0:a1:d9:95:
                    0c:10:52:b6:ea:fd:67:71:de:59:d6:05:36:6e:fb:
                    77:2a:16:34:af:fb:83:d7:3b:b6:50:78:3b:ae:ef:
                    5a:fb:55:e9:f1:92:f8:c5:31:72:4a:a9:99:ab:3e:
                    b0:f3:00:d4:62:45:60:5a:d8:1d:11:dc:77:04:48:
                    ed:8c:5d:79:d2:de:5b:36:31:6c:09:49:1a:d7:b0:
                    bb:39:48:4e:24:3b:8c:e5:a2:5b:17:15:a9:5a:98:
                    bb:1f:ca:4a:c9:9c:3a:e2:0f:2f:20:9d:06:e1:f5:
                    0c:9d:d8:d3:72:c5:29:ba:c8:02:62:67:3a:20:bf:
                    dd:a6:f0:70:e7:0b:85:6b:50:29:a1:86:2c:76:17:
                    78:f0:76:3c:9e:ae:e4:82:fe:ae:7c:41:0f:e1:0c:
                    24:44:f0:13:d4:47:1c:10:2c:da:66:23:7b:ef:02:
                    f7:7c:76:9d:cf:e6:90:31:8d:5c:5c:cd:0a:95:82:
                    81:41:d2:75:5a:48:15:b3:7d:8b:c9:59:a7:89:1b:
                    52:02:16:b5:69:e5:82:8b:82:c6:cc:28:6a:34:f2:
                    22:7a:22:b9:fd:42:3f:e5:a9:0e:e1:0d:27:bd:e0:
                    c4:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:57:E3:D8:21:B5:57:40:DA:2B:87:FC:B8:7F:C1:05:4B:68:19:60
            X509v3 Authority Key Identifier:
                keyid:E7:56:4D:0C:C7:DA:05:FA:58:CF:BD:8C:2A:94:35:CB:33:62:CD:E2

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/51ZNDMfaBfpYz72MKpQ1yzNizeI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/42cfae-e29d-4d94-ba52-c41d99f17fda/1/Ylfj2CG1V0DaK4f8uH_BBUtoGWA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/42cfae-e29d-4d94-ba52-c41d99f17fda/1/51ZNDMfaBfpYz72MKpQ1yzNizeI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.151.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:9d:4e:b7:ea:6e:dc:fc:d6:f0:7b:16:3b:c2:0b:93:1c:bd:
         85:dd:39:e6:7e:30:04:e3:62:bb:4b:ea:f1:d8:d8:87:da:32:
         05:97:50:0a:57:1f:9e:cf:dc:d8:ef:c5:9c:d4:ef:f2:de:c6:
         f0:db:96:e3:b2:33:13:30:92:5d:9a:c9:3c:ab:af:4a:e7:68:
         a2:d9:4c:94:a7:b6:81:eb:67:be:51:cf:83:f6:b1:82:49:47:
         2c:83:10:e0:5f:10:ce:e9:1d:97:0e:f1:f3:21:09:3c:63:fc:
         22:2d:b2:45:af:bc:ff:41:54:34:29:ca:26:50:33:a6:7d:6b:
         c9:ea:31:a7:e4:70:4e:05:8a:1c:36:dc:bb:b0:65:b5:2f:88:
         4b:21:e9:68:38:b6:c3:c5:6c:03:0d:f1:08:e7:6d:c1:1a:62:
         1d:45:27:a2:7e:62:ad:af:cb:27:78:cd:68:13:50:67:e2:54:
         0c:ef:d9:a8:97:ba:09:35:0f:ff:c7:d2:f5:43:a4:3f:8d:30:
         8e:59:de:df:15:8e:41:c3:22:47:2e:2c:c3:59:cb:f5:7e:94:
         89:29:c3:05:0c:21:c6:65:81:b6:c6:30:30:7b:75:05:b7:3c:
         59:c6:5b:42:4d:c5:19:ab:77:2c:83:9e:f2:07:99:29:0d:f6:
         db:c7:05:da
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQg1cMDL9rBSDyl4AKXUjNPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU3NTY0ZDBjYzdkYTA1ZmE1OGNmYmQ4YzJhOTQzNWNiMzM2
MmNkZTIwHhcNMjUwMTAxMDc0NzQ3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjU3ZTNkODIxYjU1NzQwZGEyYjg3ZmNiODdmYzEwNTRiNjgxOTYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk1HXFr8pR5Cbw8ZmmpQXoD0fDT9Y
mcXONbCh2ZUMEFK26v1ncd5Z1gU2bvt3KhY0r/uD1zu2UHg7ru9a+1Xp8ZL4xTFy
SqmZqz6w8wDUYkVgWtgdEdx3BEjtjF150t5bNjFsCUka17C7OUhOJDuM5aJbFxWp
Wpi7H8pKyZw64g8vIJ0G4fUMndjTcsUpusgCYmc6IL/dpvBw5wuFa1ApoYYsdhd4
8HY8nq7kgv6ufEEP4QwkRPAT1EccECzaZiN77wL3fHadz+aQMY1cXM0KlYKBQdJ1
WkgVs32LyVmniRtSAha1aeWCi4LGzChqNPIieiK5/UI/5akO4Q0nveDE1wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGJX49ghtVdA2iuH/Lh/wQVLaBlgMB8GA1UdIwQY
MBaAFOdWTQzH2gX6WM+9jCqUNcszYs3iMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNTFaTkRNZmFCZnBZejcyTUtwUTF5ek5pemVJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi80MmNmYWUtZTI5ZC00ZDk0LWJhNTIt
YzQxZDk5ZjE3ZmRhLzEvWWxmajJDRzFWMERhSzRmOHVIX0JCVXRvR1dBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi80MmNmYWUtZTI5ZC00ZDk0LWJhNTItYzQxZDk5ZjE3ZmRh
LzEvNTFaTkRNZmFCZnBZejcyTUtwUTF5ek5pemVJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwZf1MA0G
CSqGSIb3DQEBCwUAA4IBAQBpnU636m7c/NbwexY7wguTHL2F3TnmfjAE42K7S+rx
2NiH2jIFl1AKVx+ez9zY78Wc1O/y3sbw25bjsjMTMJJdmsk8q69K52ii2UyUp7aB
62e+Uc+D9rGCSUcsgxDgXxDO6R2XDvHzIQk8Y/wiLbJFr7z/QVQ0KcomUDOmfWvJ
6jGn5HBOBYocNty7sGW1L4hLIeloOLbDxWwDDfEI523BGmIdRSeifmKtr8sneM1o
E1Bn4lQM79mol7oJNQ//x9L1Q6Q/jTCOWd7fFY5BwyJHLizDWcv1fpSJKcMFDCHG
ZYG2xjAwe3UFtzxZxltCTcUZq3csg57yB5kpDfbbxwXa
-----END CERTIFICATE-----