Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/Y9EA5qNwxjnGSuNlYu8MW_sAqfg.roa
File:                     Y9EA5qNwxjnGSuNlYu8MW_sAqfg.roa (raw, json)
Hash identifier:          9tjneUBI1IqZkERd+CYv/tdo/sGmFKuRSbI/V3h2qBU=
Subject key identifier:   63:D1:00:E6:A3:70:C6:39:C6:4A:E3:65:62:EF:0C:5B:FB:00:A9:F8
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       019585F39107A0F4C512C42E74AE06899A40
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/Y9EA5qNwxjnGSuNlYu8MW_sAqfg.roa
Signing time:             Tue 11 Mar 2025 16:04:46 +0000
ROA not before:           Tue 11 Mar 2025 16:04:46 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     213021
IP address blocks:        80.64.19.0/24 maxlen: 24
                          185.39.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 09 Apr 2025 19:01:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:85:f3:91:07:a0:f4:c5:12:c4:2e:74:ae:06:89:9a:40
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Mar 11 16:04:46 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=63d100e6a370c639c64ae36562ef0c5bfb00a9f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:f9:d3:6c:f9:34:78:fe:e5:4b:c1:02:32:f3:
                    1e:10:46:00:72:37:d8:dd:23:c0:be:18:13:6d:d9:
                    44:a9:5c:9f:30:b4:b8:49:29:5b:7b:b8:4a:55:9f:
                    44:eb:7d:96:c3:48:93:4a:e3:ef:35:f6:9c:99:7e:
                    7a:cf:1a:75:36:dc:17:d3:ca:88:f3:26:a3:aa:76:
                    01:59:82:d5:27:32:fc:ca:cb:f8:a2:80:33:82:97:
                    7f:52:03:f5:5d:b5:c3:1a:2f:ea:e5:84:37:65:1f:
                    27:37:06:e7:a2:3a:b4:91:64:84:7d:75:6c:68:66:
                    da:cc:c9:b0:42:2d:39:58:e8:2e:39:b1:dc:57:8c:
                    05:c5:3f:e3:c0:1e:d2:c7:d0:a1:88:d9:c9:d6:93:
                    be:5e:11:b2:0b:2e:64:78:03:02:de:86:87:42:b1:
                    8d:c2:55:86:e6:d9:6c:f5:3e:d1:39:b3:0a:0d:71:
                    fc:d4:6a:6e:b9:15:e5:c6:c7:f0:ec:d2:4c:4a:eb:
                    e5:23:21:4e:c4:ec:71:38:44:b6:ca:93:bb:eb:3f:
                    ad:6c:8b:bf:9e:62:6d:24:c7:ac:c3:b7:6b:a4:4c:
                    b5:35:a0:6d:a9:41:5f:c9:50:a4:cf:05:d7:d8:71:
                    c0:4b:77:7a:34:51:bb:af:9d:db:d3:14:f1:20:e5:
                    0a:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:D1:00:E6:A3:70:C6:39:C6:4A:E3:65:62:EF:0C:5B:FB:00:A9:F8
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/Y9EA5qNwxjnGSuNlYu8MW_sAqfg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.64.19.0/24
                  185.39.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:12:e7:2d:88:4c:7c:b2:a9:57:4b:40:de:ad:9a:59:97:16:
         c2:15:35:40:38:d3:10:c6:4c:06:b4:75:a9:72:a3:93:6e:01:
         d9:62:85:78:f7:d2:8e:81:0e:ac:f2:34:b7:be:4e:e7:59:76:
         e4:f4:1f:9d:56:89:7e:c9:bf:9e:82:a5:6d:90:6d:4f:33:b6:
         50:2d:88:38:9e:49:d4:83:b4:14:89:f1:df:d7:ee:22:33:f2:
         4a:39:b7:53:59:92:cc:f9:41:bd:fb:18:f1:2a:f4:cc:e9:90:
         38:2f:22:20:e0:17:f7:64:f5:76:5a:54:16:18:d6:a7:fa:00:
         29:4b:4c:c1:9f:19:db:b4:33:58:73:c7:e8:37:02:2f:6d:d6:
         3e:23:dd:8b:cb:67:bd:98:c6:53:c8:7b:82:90:10:28:14:b8:
         02:e0:5c:86:2e:fe:af:cb:30:a6:e5:7f:4c:65:8a:6a:56:7e:
         c6:b9:9e:8b:a0:1b:48:63:b6:53:0b:42:31:cc:fd:61:39:d6:
         65:e3:7d:a9:cd:fc:d2:01:a0:05:79:04:83:19:01:d9:74:ea:
         5f:10:cb:0f:9b:2e:21:0e:d2:75:90:82:3d:58:ea:4f:81:43:
         1a:c0:32:04:89:81:d5:6b:5c:54:45:44:58:c8:cb:f8:39:d2:
         5b:17:98:53
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZWF85EHoPTFEsQudK4GiZpAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwMzExMTYwNDQ2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2M2QxMDBlNmEzNzBjNjM5YzY0YWUzNjU2MmVmMGM1YmZiMDBhOWY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwPnTbPk0eP7lS8ECMvMeEEYAcjfY
3SPAvhgTbdlEqVyfMLS4SSlbe7hKVZ9E632Ww0iTSuPvNfacmX56zxp1NtwX08qI
8yajqnYBWYLVJzL8ysv4ooAzgpd/UgP1XbXDGi/q5YQ3ZR8nNwbnojq0kWSEfXVs
aGbazMmwQi05WOguObHcV4wFxT/jwB7Sx9ChiNnJ1pO+XhGyCy5keAMC3oaHQrGN
wlWG5tls9T7RObMKDXH81GpuuRXlxsfw7NJMSuvlIyFOxOxxOES2ypO76z+tbIu/
nmJtJMesw7drpEy1NaBtqUFfyVCkzwXX2HHAS3d6NFG7r53b0xTxIOUKYwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFGPRAOajcMY5xkrjZWLvDFv7AKn4MB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEvWTlFQTVxTnd4am5HU3VObFl1OE1XX3NBcWZnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAUEATAwQA
uScTMA0GCSqGSIb3DQEBCwUAA4IBAQCZEuctiEx8sqlXS0DerZpZlxbCFTVAONMQ
xkwGtHWpcqOTbgHZYoV499KOgQ6s8jS3vk7nWXbk9B+dVol+yb+egqVtkG1PM7ZQ
LYg4nknUg7QUifHf1+4iM/JKObdTWZLM+UG9+xjxKvTM6ZA4LyIg4Bf3ZPV2WlQW
GNan+gApS0zBnxnbtDNYc8foNwIvbdY+I92Ly2e9mMZTyHuCkBAoFLgC4FyGLv6v
yzCm5X9MZYpqVn7GuZ6LoBtIY7ZTC0IxzP1hOdZl432pzfzSAaAFeQSDGQHZdOpf
EMsPmy4hDtJ1kII9WOpPgUMawDIEiYHVa1xURURYyMv4OdJbF5hT
-----END CERTIFICATE-----