Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/6bf528-bd34-40ee-b0dc-45f60f414ff7/1/jYwiLy6C8PrH1zmVRebb5xoCcHg.roa
File:                     jYwiLy6C8PrH1zmVRebb5xoCcHg.roa (raw, json)
Hash identifier:          B/91TwKxBsOKKHQE6s1Ydkjq/nj0hd3T+71Ppy1e7kI=
Subject key identifier:   8D:8C:22:2F:2E:82:F0:FA:C7:D7:39:95:45:E6:DB:E7:1A:02:70:78
Certificate issuer:       /CN=f69f07210b2884b4fea507bde227795b264062ed
Certificate serial:       019421B2093110052B8D3EB89A917307A9A7
Authority key identifier: F6:9F:07:21:0B:28:84:B4:FE:A5:07:BD:E2:27:79:5B:26:40:62:ED
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9p8HIQsohLT-pQe94id5WyZAYu0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/d5/6bf528-bd34-40ee-b0dc-45f60f414ff7/1/jYwiLy6C8PrH1zmVRebb5xoCcHg.roa
Signing time:             Wed 01 Jan 2025 11:48:23 +0000
ROA not before:           Wed 01 Jan 2025 11:48:23 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     214700
IP address blocks:        185.255.31.0/24 maxlen: 24
                          2a11:e0c0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/d5/6bf528-bd34-40ee-b0dc-45f60f414ff7/1/9p8HIQsohLT-pQe94id5WyZAYu0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/d5/6bf528-bd34-40ee-b0dc-45f60f414ff7/1/9p8HIQsohLT-pQe94id5WyZAYu0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9p8HIQsohLT-pQe94id5WyZAYu0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 23:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:09:31:10:05:2b:8d:3e:b8:9a:91:73:07:a9:a7
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f69f07210b2884b4fea507bde227795b264062ed
        Validity
            Not Before: Jan  1 11:48:23 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=8d8c222f2e82f0fac7d7399545e6dbe71a027078
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:df:c7:06:15:0b:69:c8:38:80:ea:37:c1:65:
                    b4:fc:91:a2:f5:b6:32:8a:77:81:55:77:2b:63:62:
                    18:c6:b5:fe:d1:b4:ae:cf:7c:b9:44:86:bf:d8:12:
                    c0:50:60:c7:7b:16:42:13:41:69:b3:e5:3b:e1:b4:
                    06:1c:f4:a3:19:b9:3a:43:b5:d3:1e:7e:a0:a4:54:
                    82:76:d0:d3:e6:f7:55:30:90:d7:7f:2f:98:95:b5:
                    b7:75:3b:76:06:e4:61:bd:2d:b2:d0:3a:3d:ee:11:
                    39:aa:36:48:03:df:6f:8d:f2:8e:76:df:6c:f4:d6:
                    ae:ba:da:cd:f2:13:8e:cb:e5:0a:77:50:c0:c7:46:
                    cf:17:4d:4a:ed:4e:19:af:5c:fe:cd:a4:2d:cc:0a:
                    cb:a4:16:04:fb:d1:59:d0:03:72:78:30:8c:9a:a0:
                    55:54:13:2f:05:17:34:72:12:50:db:b9:bb:b6:6d:
                    7c:7f:98:81:7e:80:3e:f8:17:5c:4b:a1:47:25:db:
                    79:de:2b:bd:22:ca:3a:46:a1:6b:aa:e5:44:9c:37:
                    55:04:5e:f5:7a:c9:0b:cd:42:b6:d4:f9:7d:13:23:
                    7b:3c:1b:1d:c1:0b:08:59:71:2f:b8:53:e1:ee:a4:
                    09:c8:27:9e:5e:59:a6:b3:ad:de:69:c6:3b:84:c3:
                    c3:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8D:8C:22:2F:2E:82:F0:FA:C7:D7:39:95:45:E6:DB:E7:1A:02:70:78
            X509v3 Authority Key Identifier:
                keyid:F6:9F:07:21:0B:28:84:B4:FE:A5:07:BD:E2:27:79:5B:26:40:62:ED

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9p8HIQsohLT-pQe94id5WyZAYu0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/6bf528-bd34-40ee-b0dc-45f60f414ff7/1/jYwiLy6C8PrH1zmVRebb5xoCcHg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/6bf528-bd34-40ee-b0dc-45f60f414ff7/1/9p8HIQsohLT-pQe94id5WyZAYu0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.255.31.0/24
                IPv6:
                  2a11:e0c0::/29

    Signature Algorithm: sha256WithRSAEncryption
         c0:82:05:7b:8a:5e:87:a8:6e:18:0b:e8:12:c0:90:f0:81:9b:
         c9:cd:fc:67:04:1c:52:e5:87:2a:bb:11:0c:bc:7f:9d:14:15:
         da:ea:1e:3e:c1:2d:5f:d3:57:06:28:fe:60:a2:93:e6:c0:9c:
         6e:13:37:e9:e9:e1:9c:a9:e7:0b:d9:1b:e2:7b:b9:60:fd:15:
         92:dc:d9:39:6f:55:75:ad:05:6d:0f:72:33:27:94:5d:aa:20:
         5d:05:c1:d9:5b:86:9f:21:66:44:64:75:79:1b:c7:f9:d2:e2:
         db:61:4e:fb:26:74:6a:9f:7d:86:32:a9:ea:0b:a8:95:a0:df:
         62:85:39:24:63:12:ba:8d:89:cf:a9:38:e4:bb:a1:a1:9b:d1:
         b0:0b:d9:dd:57:d3:9a:8e:1c:ff:40:af:97:25:bb:6f:d8:03:
         4e:f7:39:ee:83:5b:0f:8e:72:f9:fc:2c:17:47:57:59:13:93:
         86:19:54:6f:ed:aa:e7:00:8a:f5:8b:c8:32:8a:1b:12:81:b4:
         05:73:36:2b:2a:29:54:ef:a6:f6:f0:54:16:a1:0e:6c:3d:93:
         b2:ae:6c:ea:9e:4f:02:7e:b3:33:b4:41:1d:d7:cf:2a:6f:ff:
         d5:e9:1a:ca:db:c9:0f:75:5c:a1:29:6f:3f:a8:dc:be:f9:bb:
         5b:ae:1b:ec
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQhsgkxEAUrjT64mpFzB6mnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2OWYwNzIxMGIyODg0YjRmZWE1MDdiZGUyMjc3OTViMjY0
MDYyZWQwHhcNMjUwMTAxMTE0ODIzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZDhjMjIyZjJlODJmMGZhYzdkNzM5OTU0NWU2ZGJlNzFhMDI3MDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2N/HBhULacg4gOo3wWW0/JGi9bYy
ineBVXcrY2IYxrX+0bSuz3y5RIa/2BLAUGDHexZCE0Fps+U74bQGHPSjGbk6Q7XT
Hn6gpFSCdtDT5vdVMJDXfy+YlbW3dTt2BuRhvS2y0Do97hE5qjZIA99vjfKOdt9s
9NauutrN8hOOy+UKd1DAx0bPF01K7U4Zr1z+zaQtzArLpBYE+9FZ0ANyeDCMmqBV
VBMvBRc0chJQ27m7tm18f5iBfoA++BdcS6FHJdt53iu9Iso6RqFrquVEnDdVBF71
eskLzUK21Pl9EyN7PBsdwQsIWXEvuFPh7qQJyCeeXlmms63eacY7hMPD8QIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFI2MIi8ugvD6x9c5lUXm2+caAnB4MB8GA1UdIwQY
MBaAFPafByELKIS0/qUHveIneVsmQGLtMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXA4SElRc29oTFQtcFFlOTRpZDVXeVpBWXUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS82YmY1MjgtYmQzNC00MGVlLWIwZGMt
NDVmNjBmNDE0ZmY3LzEvall3aUx5NkM4UHJIMXptVlJlYmI1eG9DY0hnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS82YmY1MjgtYmQzNC00MGVlLWIwZGMtNDVmNjBmNDE0ZmY3
LzEvOXA4SElRc29oTFQtcFFlOTRpZDVXeVpBWXUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuf8fMA0E
AgACMAcDBQMqEeDAMA0GCSqGSIb3DQEBCwUAA4IBAQDAggV7il6HqG4YC+gSwJDw
gZvJzfxnBBxS5YcquxEMvH+dFBXa6h4+wS1f01cGKP5gopPmwJxuEzfp6eGcqecL
2Rvie7lg/RWS3Nk5b1V1rQVtD3IzJ5RdqiBdBcHZW4afIWZEZHV5G8f50uLbYU77
JnRqn32GMqnqC6iVoN9ihTkkYxK6jYnPqTjku6Ghm9GwC9ndV9Oajhz/QK+XJbtv
2ANO9znug1sPjnL5/CwXR1dZE5OGGVRv7arnAIr1i8gyihsSgbQFczYrKilU76b2
8FQWoQ5sPZOyrmzqnk8CfrMztEEd188qb//V6RrK28kPdVyhKW8/qNy++btbrhvs
-----END CERTIFICATE-----