Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/e62cdd-6ff0-4391-8b82-13df75c0d9a3/1/yDB5GRHHAS-xe1GzTw2-ZinAODM.roa
File:                     yDB5GRHHAS-xe1GzTw2-ZinAODM.roa (raw, json)
Hash identifier:          fhKYPu+IotrC2SQI+fYAsjSkwcHk2X3TQ/wuBYgtCU0=
Subject key identifier:   C8:30:79:19:11:C7:01:2F:B1:7B:51:B3:4F:0D:BE:66:29:C0:38:33
Certificate issuer:       /CN=5730e2f703f698b9dceac63f1e8691d879c0b2a7
Certificate serial:       019422FB957F47065D6C51822DB4BAE9D988
Authority key identifier: 57:30:E2:F7:03:F6:98:B9:DC:EA:C6:3F:1E:86:91:D8:79:C0:B2:A7
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/VzDi9wP2mLnc6sY_HoaR2HnAsqc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c6/e62cdd-6ff0-4391-8b82-13df75c0d9a3/1/yDB5GRHHAS-xe1GzTw2-ZinAODM.roa
Signing time:             Wed 01 Jan 2025 17:48:20 +0000
ROA not before:           Wed 01 Jan 2025 17:48:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     196924
IP address blocks:        195.191.126.0/24 maxlen: 24
                          195.191.127.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c6/e62cdd-6ff0-4391-8b82-13df75c0d9a3/1/VzDi9wP2mLnc6sY_HoaR2HnAsqc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c6/e62cdd-6ff0-4391-8b82-13df75c0d9a3/1/VzDi9wP2mLnc6sY_HoaR2HnAsqc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/VzDi9wP2mLnc6sY_HoaR2HnAsqc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 22 Feb 2025 08:00:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:95:7f:47:06:5d:6c:51:82:2d:b4:ba:e9:d9:88
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=5730e2f703f698b9dceac63f1e8691d879c0b2a7
        Validity
            Not Before: Jan  1 17:48:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c830791911c7012fb17b51b34f0dbe6629c03833
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:48:99:7c:ff:06:7a:96:19:f0:28:37:1a:fa:
                    63:90:a6:8e:27:38:85:d7:b3:68:1b:6b:22:09:45:
                    e2:da:0f:9a:b3:92:e7:dd:78:1a:b5:f7:0d:fe:74:
                    29:9b:70:55:da:14:50:a5:a9:2b:d0:ae:60:77:2d:
                    7e:49:de:d3:2d:af:31:6d:92:3c:34:da:9e:d8:11:
                    a3:57:f9:d4:b0:6e:71:c8:f2:d2:36:d8:f4:21:c7:
                    5a:57:e1:cd:ed:01:f4:65:83:b8:56:32:c9:d6:94:
                    04:a2:e9:92:c0:49:bf:e2:1c:55:15:ae:b1:47:0e:
                    58:96:39:b4:c4:d4:bb:e4:67:ee:13:09:05:9c:5c:
                    a6:bd:78:8d:2f:d2:74:13:fc:c1:d2:87:50:aa:0c:
                    02:43:58:f8:e8:aa:c4:5a:79:8a:86:79:de:ba:8e:
                    89:a8:7b:5a:34:0c:d6:03:24:4a:d9:bc:6f:18:a5:
                    13:b6:d4:bd:8b:87:e4:d4:0c:3c:91:19:c2:8c:67:
                    c9:74:aa:84:62:3f:83:82:1f:76:c2:6e:2b:98:86:
                    65:1f:e3:28:c1:ca:86:da:86:0e:a1:a3:37:41:20:
                    d0:86:d6:87:4e:df:fa:c6:ae:b2:cb:5a:29:3e:da:
                    a3:f3:35:ea:b3:e4:a7:6e:e5:bb:72:d5:d8:92:43:
                    7b:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:30:79:19:11:C7:01:2F:B1:7B:51:B3:4F:0D:BE:66:29:C0:38:33
            X509v3 Authority Key Identifier:
                keyid:57:30:E2:F7:03:F6:98:B9:DC:EA:C6:3F:1E:86:91:D8:79:C0:B2:A7

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VzDi9wP2mLnc6sY_HoaR2HnAsqc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/e62cdd-6ff0-4391-8b82-13df75c0d9a3/1/yDB5GRHHAS-xe1GzTw2-ZinAODM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/e62cdd-6ff0-4391-8b82-13df75c0d9a3/1/VzDi9wP2mLnc6sY_HoaR2HnAsqc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.191.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         99:da:3d:96:e7:44:b3:74:ca:cc:e5:c9:07:6b:fb:5f:67:5f:
         56:fa:ae:24:72:02:28:12:c7:a8:8a:58:2f:b0:ad:34:18:8f:
         27:39:2e:ea:92:02:8d:e3:60:5f:51:b4:0c:d2:e0:31:da:b9:
         1c:2c:22:a2:39:74:91:e4:50:5b:cd:61:ac:05:b6:03:2f:aa:
         53:e8:9e:ae:91:ae:ab:d7:f8:28:7d:38:3a:db:8f:34:87:bb:
         b5:13:fd:57:87:f1:a1:6d:83:60:b8:25:54:28:98:51:d7:b5:
         4f:e9:a7:32:96:a5:52:fe:20:41:b9:23:2b:d0:4e:b1:86:72:
         2b:93:ca:22:df:e0:47:bf:32:e9:f8:d9:3d:56:bf:1f:84:0f:
         46:4a:5b:6f:f1:51:83:de:97:3e:be:bc:f7:37:06:f2:3d:ea:
         36:cf:ac:57:5f:49:65:96:b6:a8:f6:6c:79:94:0f:e5:b7:74:
         0b:a5:57:4b:a9:cd:64:46:e5:ea:45:06:cf:61:94:2e:0a:72:
         a6:68:81:89:ba:bb:e1:81:d1:db:0a:5f:0b:b2:1d:d2:28:f2:
         70:a6:c9:1f:b0:c0:e4:4c:39:58:4b:78:7f:36:ae:a6:7d:4b:
         e6:a1:9b:df:92:d2:93:f5:2e:b0:29:9e:f1:e7:d7:ef:f0:bd:
         7f:b3:51:e2
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+5V/RwZdbFGCLbS66dmIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU3MzBlMmY3MDNmNjk4YjlkY2VhYzYzZjFlODY5MWQ4Nzlj
MGIyYTcwHhcNMjUwMTAxMTc0ODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODMwNzkxOTExYzcwMTJmYjE3YjUxYjM0ZjBkYmU2NjI5YzAzODMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlkiZfP8GepYZ8Cg3GvpjkKaOJziF
17NoG2siCUXi2g+as5Ln3XgatfcN/nQpm3BV2hRQpakr0K5gdy1+Sd7TLa8xbZI8
NNqe2BGjV/nUsG5xyPLSNtj0IcdaV+HN7QH0ZYO4VjLJ1pQEoumSwEm/4hxVFa6x
Rw5Yljm0xNS75GfuEwkFnFymvXiNL9J0E/zB0odQqgwCQ1j46KrEWnmKhnneuo6J
qHtaNAzWAyRK2bxvGKUTttS9i4fk1Aw8kRnCjGfJdKqEYj+Dgh92wm4rmIZlH+Mo
wcqG2oYOoaM3QSDQhtaHTt/6xq6yy1opPtqj8zXqs+SnbuW7ctXYkkN7FwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgweRkRxwEvsXtRs08NvmYpwDgzMB8GA1UdIwQY
MBaAFFcw4vcD9pi53OrGPx6Gkdh5wLKnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVnpEaTl3UDJtTG5jNnNZX0hvYVIySG5Bc3FjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9lNjJjZGQtNmZmMC00MzkxLThiODIt
MTNkZjc1YzBkOWEzLzEveURCNUdSSEhBUy14ZTFHelR3Mi1aaW5BT0RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9lNjJjZGQtNmZmMC00MzkxLThiODItMTNkZjc1YzBkOWEz
LzEvVnpEaTl3UDJtTG5jNnNZX0hvYVIySG5Bc3FjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBw79+MA0G
CSqGSIb3DQEBCwUAA4IBAQCZ2j2W50SzdMrM5ckHa/tfZ19W+q4kcgIoEseoilgv
sK00GI8nOS7qkgKN42BfUbQM0uAx2rkcLCKiOXSR5FBbzWGsBbYDL6pT6J6uka6r
1/gofTg62480h7u1E/1Xh/GhbYNguCVUKJhR17VP6acylqVS/iBBuSMr0E6xhnIr
k8oi3+BHvzLp+Nk9Vr8fhA9GSltv8VGD3pc+vrz3NwbyPeo2z6xXX0lllrao9mx5
lA/lt3QLpVdLqc1kRuXqRQbPYZQuCnKmaIGJurvhgdHbCl8Lsh3SKPJwpskfsMDk
TDlYS3h/Nq6mfUvmoZvfktKT9S6wKZ7x59fv8L1/s1Hi
-----END CERTIFICATE-----