Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/95f320-c7d3-41dd-b125-b79d08fa1747/1/YRQ4mvsGwzil4hFVAUOAk6dNVCU.roa
File:                     YRQ4mvsGwzil4hFVAUOAk6dNVCU.roa (raw, json)
Hash identifier:          X5eaS1qa/k5JOAN5WxaVK8Rkr/iQxPqJC1ctHVNkj8M=
Subject key identifier:   61:14:38:9A:FB:06:C3:38:A5:E2:11:55:01:43:80:93:A7:4D:54:25
Certificate issuer:       /CN=2457027e3a087b65f968b535e415f67432695876
Certificate serial:       0194266AF136DAC662888ED2C3807113F886
Authority key identifier: 24:57:02:7E:3A:08:7B:65:F9:68:B5:35:E4:15:F6:74:32:69:58:76
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/JFcCfjoIe2X5aLU15BX2dDJpWHY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/dc/95f320-c7d3-41dd-b125-b79d08fa1747/1/YRQ4mvsGwzil4hFVAUOAk6dNVCU.roa
Signing time:             Thu 02 Jan 2025 09:48:50 +0000
ROA not before:           Thu 02 Jan 2025 09:48:50 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     20792
IP address blocks:        185.95.192.0/22 maxlen: 22
                          213.216.0.0/19 maxlen: 19
                          2a02:13c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/dc/95f320-c7d3-41dd-b125-b79d08fa1747/1/JFcCfjoIe2X5aLU15BX2dDJpWHY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/dc/95f320-c7d3-41dd-b125-b79d08fa1747/1/JFcCfjoIe2X5aLU15BX2dDJpWHY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/JFcCfjoIe2X5aLU15BX2dDJpWHY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6a:f1:36:da:c6:62:88:8e:d2:c3:80:71:13:f8:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2457027e3a087b65f968b535e415f67432695876
        Validity
            Not Before: Jan  2 09:48:50 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6114389afb06c338a5e2115501438093a74d5425
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:54:ae:eb:7b:fe:78:f7:aa:78:77:44:dd:94:
                    df:c3:ea:f9:77:9a:15:8c:8f:5a:4a:e6:bf:81:2b:
                    fa:9e:6c:ae:cd:c9:e9:1a:5b:b6:14:da:d2:c0:4b:
                    7e:79:a6:f0:8f:55:63:4a:94:99:ad:90:b7:44:c2:
                    3f:20:a7:ac:43:b5:fa:f0:4f:be:8d:67:96:2a:20:
                    48:17:b0:c8:0c:db:e8:1e:47:90:82:35:79:52:4a:
                    8e:d4:e4:a3:7f:a6:f5:dd:b9:b4:b9:cf:3f:dc:ca:
                    2e:ee:40:b9:69:60:19:ae:4f:0f:1e:85:22:e9:ad:
                    81:f2:88:30:41:69:36:e3:df:9a:53:cd:ec:f9:41:
                    b1:b4:c7:da:92:21:2a:40:38:55:54:b8:7d:40:fa:
                    53:e3:74:b5:f9:4c:15:00:f7:f8:5a:40:a4:f1:40:
                    35:e4:16:58:7a:25:01:3f:6c:56:de:2e:3b:3d:01:
                    5b:8a:ee:55:90:5f:2c:94:2d:d4:f1:0c:c2:de:8f:
                    2f:91:18:25:fd:a9:0d:43:de:93:a6:5e:86:a9:4d:
                    3e:45:f9:34:5e:7d:48:41:9c:fa:64:6c:5f:66:e1:
                    9f:3b:70:a3:a4:90:c5:75:01:27:b6:45:92:cc:c8:
                    50:1a:f7:fe:80:ff:13:87:9c:4a:51:5c:ce:e7:54:
                    e0:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:14:38:9A:FB:06:C3:38:A5:E2:11:55:01:43:80:93:A7:4D:54:25
            X509v3 Authority Key Identifier:
                keyid:24:57:02:7E:3A:08:7B:65:F9:68:B5:35:E4:15:F6:74:32:69:58:76

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JFcCfjoIe2X5aLU15BX2dDJpWHY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/95f320-c7d3-41dd-b125-b79d08fa1747/1/YRQ4mvsGwzil4hFVAUOAk6dNVCU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/95f320-c7d3-41dd-b125-b79d08fa1747/1/JFcCfjoIe2X5aLU15BX2dDJpWHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.95.192.0/22
                  213.216.0.0/19
                IPv6:
                  2a02:13c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:14:d0:f0:36:96:6c:8d:34:45:f0:7b:e9:ca:06:20:85:b6:
         3b:52:1c:da:fb:7f:df:6c:bd:13:2e:b6:53:12:79:16:56:b8:
         aa:92:f7:c4:1c:27:c2:8d:84:08:b2:71:5d:a7:c5:03:a3:54:
         df:57:14:56:f7:c4:90:b2:7f:af:c0:e8:36:ee:4e:59:6b:81:
         3b:e7:cf:a6:5a:19:b6:5d:a3:3c:73:97:9f:e5:63:36:65:fe:
         d9:68:78:b1:90:33:ef:06:a3:91:f8:6a:ac:a9:96:74:d5:90:
         bf:ec:51:67:e0:56:32:12:22:b8:d0:61:2c:44:bf:f1:69:77:
         c0:93:65:c9:12:d4:4c:72:7f:1b:56:71:68:b8:c0:9c:29:75:
         c5:3e:54:7f:d8:df:a8:5f:22:b3:8d:fa:0f:6e:da:e6:53:04:
         90:7c:44:9d:9f:24:01:0e:19:1c:87:d5:b5:65:19:2f:7f:22:
         d4:6c:5a:07:8b:34:16:76:7c:48:44:cb:40:4f:3e:d1:73:49:
         13:ec:b1:28:f7:23:a5:48:4e:43:39:6c:4b:0d:7e:b5:0e:50:
         4b:8d:34:46:f1:01:fe:97:fb:e7:72:cf:7b:6e:c2:b5:70:42:
         f9:f5:0a:52:9f:b3:e1:56:af:97:13:0d:15:10:21:e6:c9:1f:
         b8:c6:6f:58
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQmavE22sZiiI7Sw4BxE/iGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI0NTcwMjdlM2EwODdiNjVmOTY4YjUzNWU0MTVmNjc0MzI2
OTU4NzYwHhcNMjUwMTAyMDk0ODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTE0Mzg5YWZiMDZjMzM4YTVlMjExNTUwMTQzODA5M2E3NGQ1NDI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArlSu63v+ePeqeHdE3ZTfw+r5d5oV
jI9aSua/gSv6nmyuzcnpGlu2FNrSwEt+eabwj1VjSpSZrZC3RMI/IKesQ7X68E++
jWeWKiBIF7DIDNvoHkeQgjV5UkqO1OSjf6b13bm0uc8/3Mou7kC5aWAZrk8PHoUi
6a2B8ogwQWk249+aU83s+UGxtMfakiEqQDhVVLh9QPpT43S1+UwVAPf4WkCk8UA1
5BZYeiUBP2xW3i47PQFbiu5VkF8slC3U8QzC3o8vkRgl/akNQ96Tpl6GqU0+Rfk0
Xn1IQZz6ZGxfZuGfO3CjpJDFdQEntkWSzMhQGvf+gP8Th5xKUVzO51TgTQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGEUOJr7BsM4peIRVQFDgJOnTVQlMB8GA1UdIwQY
MBaAFCRXAn46CHtl+Wi1NeQV9nQyaVh2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSkZjQ2Zqb0llMlg1YUxVMTVCWDJkREpwV0hZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy85NWYzMjAtYzdkMy00MWRkLWIxMjUt
Yjc5ZDA4ZmExNzQ3LzEvWVJRNG12c0d3emlsNGhGVkFVT0FrNmROVkNVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy85NWYzMjAtYzdkMy00MWRkLWIxMjUtYjc5ZDA4ZmExNzQ3
LzEvSkZjQ2Zqb0llMlg1YUxVMTVCWDJkREpwV0hZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQCuV/AAwQF
1dgAMA0EAgACMAcDBQAqAhPAMA0GCSqGSIb3DQEBCwUAA4IBAQBAFNDwNpZsjTRF
8HvpygYghbY7Uhza+3/fbL0TLrZTEnkWVriqkvfEHCfCjYQIsnFdp8UDo1TfVxRW
98SQsn+vwOg27k5Za4E758+mWhm2XaM8c5ef5WM2Zf7ZaHixkDPvBqOR+GqsqZZ0
1ZC/7FFn4FYyEiK40GEsRL/xaXfAk2XJEtRMcn8bVnFouMCcKXXFPlR/2N+oXyKz
jfoPbtrmUwSQfESdnyQBDhkch9W1ZRkvfyLUbFoHizQWdnxIRMtATz7Rc0kT7LEo
9yOlSE5DOWxLDX61DlBLjTRG8QH+l/vncs97bsK1cEL59QpSn7PhVq+XEw0VECHm
yR+4xm9Y
-----END CERTIFICATE-----