Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/yXjHrq-s43_JYr0rLELUWWQUfRw.roa
File:                     yXjHrq-s43_JYr0rLELUWWQUfRw.roa (raw, json)
Hash identifier:          4zzMUSCqPCS+1DFvUjbQidVA6cErC1SxAP7lBmahGck=
Subject key identifier:   C9:78:C7:AE:AF:AC:E3:7F:C9:62:BD:2B:2C:42:D4:59:64:14:7D:1C
Certificate issuer:       /CN=85dc9c55e1597e88564daf567e5a4665978c7b85
Certificate serial:       019422FB777503AB9E80C12073F592A8B3F5
Authority key identifier: 85:DC:9C:55:E1:59:7E:88:56:4D:AF:56:7E:5A:46:65:97:8C:7B:85
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/yXjHrq-s43_JYr0rLELUWWQUfRw.roa
Signing time:             Wed 01 Jan 2025 17:48:12 +0000
ROA not before:           Wed 01 Jan 2025 17:48:12 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50935
IP address blocks:        194.15.115.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/hdycVeFZfohWTa9WflpGZZeMe4U.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/hdycVeFZfohWTa9WflpGZZeMe4U.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 17 Apr 2025 13:16:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:fb:77:75:03:ab:9e:80:c1:20:73:f5:92:a8:b3:f5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=85dc9c55e1597e88564daf567e5a4665978c7b85
        Validity
            Not Before: Jan  1 17:48:12 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c978c7aeaface37fc962bd2b2c42d45964147d1c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:7c:24:7c:55:50:2e:55:f9:88:f8:0d:54:b8:
                    f2:2e:85:33:a0:fe:67:7b:03:4d:2d:bc:3b:4b:35:
                    01:56:04:18:de:3a:cc:fe:f0:bc:3e:a7:8f:e5:e1:
                    4c:94:24:ff:a5:14:07:31:3e:29:e5:f5:34:30:26:
                    1c:49:57:7d:94:6c:5d:95:4b:bb:27:24:36:b6:73:
                    5e:a8:0c:37:18:7d:99:35:ca:27:6d:bf:77:a3:95:
                    e6:32:b5:be:88:18:40:66:13:e2:b6:7e:f3:55:d5:
                    af:87:49:64:0d:d7:37:00:ae:e7:7a:d0:d6:84:21:
                    44:03:fa:ae:e3:b4:56:4f:3f:26:81:95:fc:07:5c:
                    94:37:92:a5:17:45:37:20:47:9f:9d:ab:ff:28:f3:
                    e5:9d:12:21:48:84:3c:7e:1d:ce:bc:56:99:87:8d:
                    2f:70:cc:84:e1:13:8f:6a:af:75:83:6e:6a:36:be:
                    c8:db:1e:8a:9f:47:29:ee:0a:f7:b2:b8:1f:12:ea:
                    f1:cc:a0:43:cb:3a:34:c6:8e:21:c5:97:91:c2:d3:
                    2b:c2:45:b5:68:51:22:a1:55:c4:30:96:b2:e9:55:
                    c5:06:74:00:f0:1a:49:b7:02:0e:c0:18:ba:7f:84:
                    e6:6f:e1:88:99:e6:43:ae:92:33:7b:11:6f:62:52:
                    6c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:78:C7:AE:AF:AC:E3:7F:C9:62:BD:2B:2C:42:D4:59:64:14:7D:1C
            X509v3 Authority Key Identifier:
                keyid:85:DC:9C:55:E1:59:7E:88:56:4D:AF:56:7E:5A:46:65:97:8C:7B:85

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hdycVeFZfohWTa9WflpGZZeMe4U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/yXjHrq-s43_JYr0rLELUWWQUfRw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/df/f07fbc-4c32-4d87-a429-86ea19d29163/1/hdycVeFZfohWTa9WflpGZZeMe4U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.15.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:71:29:af:b6:90:56:d2:2b:6c:0f:a8:fa:f2:64:76:28:85:
         83:87:3a:20:82:aa:5c:db:3d:6f:43:2a:5d:b7:05:56:84:c7:
         d0:bb:a7:65:f3:75:1d:be:3b:24:b0:00:7f:cf:fe:c2:63:c3:
         9a:d7:fb:ba:f1:9f:73:0b:e8:32:6d:e4:63:fa:bc:11:03:5c:
         a4:d7:12:bf:c7:bb:f9:ab:89:99:26:ea:87:97:8c:48:6e:4f:
         a1:09:98:a5:2b:1a:ab:48:06:d7:88:4c:4a:6b:45:41:b3:01:
         c1:25:64:a4:4a:87:19:02:c7:8f:eb:34:c8:6a:08:5d:54:01:
         89:52:32:17:19:a8:62:6c:4b:4c:c0:cb:86:f6:32:cc:5f:30:
         5b:9d:ae:fe:34:85:14:b0:e0:9e:2d:7d:8e:49:d3:71:f9:e4:
         0c:57:4a:8b:54:ee:a9:1c:5b:ec:91:f0:2f:81:c0:f9:30:85:
         13:e2:49:0f:48:bd:b1:a7:f3:c6:4a:3f:71:3d:7e:8d:b3:56:
         93:63:59:e2:97:6a:d1:eb:2c:28:cd:bb:1b:06:88:b4:30:79:
         9c:a8:d4:61:3c:7c:81:15:5c:1c:2d:8b:a1:d7:c9:31:1a:1e:
         61:f0:d9:65:e5:03:5f:1e:bd:1d:21:14:bc:76:03:58:b7:c2:
         7e:3c:de:73
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQi+3d1A6uegMEgc/WSqLP1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg1ZGM5YzU1ZTE1OTdlODg1NjRkYWY1NjdlNWE0NjY1OTc4
YzdiODUwHhcNMjUwMTAxMTc0ODEyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTc4YzdhZWFmYWNlMzdmYzk2MmJkMmIyYzQyZDQ1OTY0MTQ3ZDFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA33wkfFVQLlX5iPgNVLjyLoUzoP5n
ewNNLbw7SzUBVgQY3jrM/vC8PqeP5eFMlCT/pRQHMT4p5fU0MCYcSVd9lGxdlUu7
JyQ2tnNeqAw3GH2ZNconbb93o5XmMrW+iBhAZhPitn7zVdWvh0lkDdc3AK7netDW
hCFEA/qu47RWTz8mgZX8B1yUN5KlF0U3IEefnav/KPPlnRIhSIQ8fh3OvFaZh40v
cMyE4ROPaq91g25qNr7I2x6Kn0cp7gr3srgfEurxzKBDyzo0xo4hxZeRwtMrwkW1
aFEioVXEMJay6VXFBnQA8BpJtwIOwBi6f4Tmb+GImeZDrpIzexFvYlJs7QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMl4x66vrON/yWK9KyxC1FlkFH0cMB8GA1UdIwQY
MBaAFIXcnFXhWX6IVk2vVn5aRmWXjHuFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaGR5Y1ZlRlpmb2hXVGE5V2ZscEdaWmVNZTRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZi9mMDdmYmMtNGMzMi00ZDg3LWE0Mjkt
ODZlYTE5ZDI5MTYzLzEveVhqSHJxLXM0M19KWXIwckxFTFVXV1FVZlJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZi9mMDdmYmMtNGMzMi00ZDg3LWE0MjktODZlYTE5ZDI5MTYz
LzEvaGR5Y1ZlRlpmb2hXVGE5V2ZscEdaWmVNZTRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg9zMA0G
CSqGSIb3DQEBCwUAA4IBAQBmcSmvtpBW0itsD6j68mR2KIWDhzoggqpc2z1vQypd
twVWhMfQu6dl83UdvjsksAB/z/7CY8Oa1/u68Z9zC+gybeRj+rwRA1yk1xK/x7v5
q4mZJuqHl4xIbk+hCZilKxqrSAbXiExKa0VBswHBJWSkSocZAseP6zTIaghdVAGJ
UjIXGahibEtMwMuG9jLMXzBbna7+NIUUsOCeLX2OSdNx+eQMV0qLVO6pHFvskfAv
gcD5MIUT4kkPSL2xp/PGSj9xPX6Ns1aTY1nil2rR6ywozbsbBoi0MHmcqNRhPHyB
FVwcLYuh18kxGh5h8Nll5QNfHr0dIRS8dgNYt8J+PN5z
-----END CERTIFICATE-----