Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/yX3DBjXpBgBIVCauewfD4amHBC4.roa
File:                     yX3DBjXpBgBIVCauewfD4amHBC4.roa (raw, json)
Hash identifier:          96YBJCUgs7jasxneMjfamn23nni132li47WVvP8NWR0=
Subject key identifier:   C9:7D:C3:06:35:E9:06:00:48:54:26:AE:7B:07:C3:E1:A9:87:04:2E
Certificate issuer:       /CN=618478f198fe569010c3df6219142f530c4f5e56
Certificate serial:       0194258F88B81027B9EE3F4206F670EBF67A
Authority key identifier: 61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/yX3DBjXpBgBIVCauewfD4amHBC4.roa
Signing time:             Thu 02 Jan 2025 05:49:11 +0000
ROA not before:           Thu 02 Jan 2025 05:49:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     35608
IP address blocks:        192.144.17.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 13:02:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:8f:88:b8:10:27:b9:ee:3f:42:06:f6:70:eb:f6:7a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=618478f198fe569010c3df6219142f530c4f5e56
        Validity
            Not Before: Jan  2 05:49:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c97dc30635e90600485426ae7b07c3e1a987042e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:9d:8d:e7:0f:95:6d:57:3d:05:42:b7:63:77:
                    6f:29:d3:4e:56:1f:88:92:55:66:3e:9e:de:d8:5e:
                    d6:81:f9:8f:fd:4f:14:6e:cc:8c:e0:1d:e1:07:9e:
                    a9:b8:16:70:df:ed:69:a1:ee:a4:73:72:92:b6:32:
                    32:4d:3d:86:f5:ed:e8:b0:67:ed:ad:7f:b5:d9:30:
                    35:40:72:a7:3b:ec:7f:92:42:9a:92:05:55:a6:fc:
                    37:66:50:7e:63:29:41:8a:8a:47:06:27:81:84:9a:
                    51:24:aa:c6:24:e3:43:88:1f:2e:74:cb:d6:3b:a4:
                    ab:b1:c5:dd:0b:7c:75:f8:53:8b:b1:d1:7b:37:41:
                    77:06:9b:71:e1:11:ec:b1:cb:da:09:53:95:e6:81:
                    1c:38:74:f0:60:91:db:d0:85:fd:2e:15:26:89:f3:
                    29:45:83:f4:67:2e:5a:e2:ae:9a:0b:34:96:b6:e0:
                    5a:92:9e:76:75:16:6f:bb:85:f9:28:15:b0:95:05:
                    9b:92:5c:73:b4:48:aa:49:2f:cf:5a:ff:06:61:38:
                    a8:ca:62:b1:10:c9:7f:5b:00:14:14:f0:91:ee:42:
                    49:54:6e:9b:c1:9c:b4:3a:ea:08:bc:48:b9:36:4e:
                    dc:35:5f:0b:e0:7a:24:7e:6d:e6:06:fa:26:ac:87:
                    d4:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:7D:C3:06:35:E9:06:00:48:54:26:AE:7B:07:C3:E1:A9:87:04:2E
            X509v3 Authority Key Identifier:
                keyid:61:84:78:F1:98:FE:56:90:10:C3:DF:62:19:14:2F:53:0C:4F:5E:56

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YYR48Zj-VpAQw99iGRQvUwxPXlY.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/yX3DBjXpBgBIVCauewfD4amHBC4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e0/53c7b8-5e4b-49fd-8c91-ba98f1122121/1/YYR48Zj-VpAQw99iGRQvUwxPXlY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.144.17.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a4:f0:b6:aa:bc:56:81:64:d6:5e:1c:a9:14:38:3e:9e:00:54:
         bd:5f:73:58:4b:3a:06:16:a6:68:03:04:09:1a:60:cd:09:9e:
         89:38:62:41:c3:89:c8:5f:e0:be:45:d4:0d:d5:21:dd:86:4a:
         32:37:9e:e4:ee:48:ee:6c:d3:5f:90:aa:65:e9:22:e8:d0:7a:
         ec:17:6a:cd:1d:ab:a9:9f:b7:55:e4:ff:1a:66:93:09:f3:1b:
         2d:fa:50:7a:75:a2:3e:64:68:89:02:d2:b5:34:08:4e:f8:11:
         d0:7c:f9:89:16:fc:42:7c:0a:24:9e:0f:3d:36:45:b1:70:6d:
         0f:de:c8:c4:c4:7f:5b:22:8e:ff:d9:84:b3:08:a9:a9:4f:74:
         81:27:90:45:c6:96:1a:5e:2b:06:02:40:9b:68:c1:a3:ca:1b:
         ee:80:e8:7c:6c:1f:c9:ad:a2:30:40:b7:c5:2c:54:4e:46:31:
         08:a9:b9:20:bd:28:b1:d7:bd:68:a0:b0:8e:3f:56:bc:b2:76:
         9e:cd:9e:17:12:f5:7a:c8:ba:8a:b2:cf:05:39:76:62:f1:d7:
         8c:a8:dd:6b:30:a1:60:e3:d7:b6:11:11:88:21:38:0d:28:90:
         39:ef:eb:db:31:62:18:e2:dd:8a:e7:ea:ff:a9:a9:8d:9f:da:
         8c:6b:3b:c9
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQlj4i4ECe57j9CBvZw6/Z6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxODQ3OGYxOThmZTU2OTAxMGMzZGY2MjE5MTQyZjUzMGM0
ZjVlNTYwHhcNMjUwMTAyMDU0OTExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTdkYzMwNjM1ZTkwNjAwNDg1NDI2YWU3YjA3YzNlMWE5ODcwNDJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkp2N5w+VbVc9BUK3Y3dvKdNOVh+I
klVmPp7e2F7WgfmP/U8UbsyM4B3hB56puBZw3+1poe6kc3KStjIyTT2G9e3osGft
rX+12TA1QHKnO+x/kkKakgVVpvw3ZlB+YylBiopHBieBhJpRJKrGJONDiB8udMvW
O6SrscXdC3x1+FOLsdF7N0F3Bptx4RHsscvaCVOV5oEcOHTwYJHb0IX9LhUmifMp
RYP0Zy5a4q6aCzSWtuBakp52dRZvu4X5KBWwlQWbklxztEiqSS/PWv8GYTioymKx
EMl/WwAUFPCR7kJJVG6bwZy0OuoIvEi5Nk7cNV8L4Hokfm3mBvomrIfUmwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMl9wwY16QYASFQmrnsHw+GphwQuMB8GA1UdIwQY
MBaAFGGEePGY/laQEMPfYhkUL1MMT15WMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEt
YmE5OGYxMTIyMTIxLzEveVgzREJqWHBCZ0JJVkNhdWV3ZkQ0YW1IQkM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMC81M2M3YjgtNWU0Yi00OWZkLThjOTEtYmE5OGYxMTIyMTIx
LzEvWVlSNDhaai1WcEFRdzk5aUdSUXZVd3hQWGxZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwJARMA0G
CSqGSIb3DQEBCwUAA4IBAQCk8LaqvFaBZNZeHKkUOD6eAFS9X3NYSzoGFqZoAwQJ
GmDNCZ6JOGJBw4nIX+C+RdQN1SHdhkoyN57k7kjubNNfkKpl6SLo0HrsF2rNHaup
n7dV5P8aZpMJ8xst+lB6daI+ZGiJAtK1NAhO+BHQfPmJFvxCfAokng89NkWxcG0P
3sjExH9bIo7/2YSzCKmpT3SBJ5BFxpYaXisGAkCbaMGjyhvugOh8bB/JraIwQLfF
LFRORjEIqbkgvSix171ooLCOP1a8snaezZ4XEvV6yLqKss8FOXZi8deMqN1rMKFg
49e2ERGIITgNKJA57+vbMWIY4t2K5+r/qamNn9qMazvJ
-----END CERTIFICATE-----