Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/YZc7E-Pi1-HqwTzBTXPEwMo10ow.roa
File:                     YZc7E-Pi1-HqwTzBTXPEwMo10ow.roa (raw, json)
Hash identifier:          eRCfIEAiODqxSFWTae6bCGEKxja/mJ0cdxQQXhEkbgQ=
Subject key identifier:   61:97:3B:13:E3:E2:D7:E1:EA:C1:3C:C1:4D:73:C4:C0:CA:35:D2:8C
Certificate issuer:       /CN=411dea53467b6c7143eb23d284569a8183b2e82f
Certificate serial:       019421B1E17DE3FCC068F207BF3586A61AAC
Authority key identifier: 41:1D:EA:53:46:7B:6C:71:43:EB:23:D2:84:56:9A:81:83:B2:E8:2F
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/YZc7E-Pi1-HqwTzBTXPEwMo10ow.roa
Signing time:             Wed 01 Jan 2025 11:48:13 +0000
ROA not before:           Wed 01 Jan 2025 11:48:13 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     60118
IP address blocks:        176.126.236.0/22 maxlen: 22
                          2a02:59e0::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 14:00:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:e1:7d:e3:fc:c0:68:f2:07:bf:35:86:a6:1a:ac
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=411dea53467b6c7143eb23d284569a8183b2e82f
        Validity
            Not Before: Jan  1 11:48:13 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61973b13e3e2d7e1eac13cc14d73c4c0ca35d28c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:46:bf:ac:1c:ca:f2:32:4e:a3:8c:29:04:23:
                    52:ec:32:9f:4d:c7:c0:69:7e:ff:86:fc:8d:dd:41:
                    66:71:71:a4:b3:ec:e5:6a:04:29:fd:c7:40:f8:55:
                    c4:4b:13:5b:39:53:bd:7b:8e:90:87:06:6f:53:55:
                    46:d4:a8:b1:a2:6c:ad:df:cf:7b:32:32:c6:89:b6:
                    25:b3:52:bc:97:f1:43:83:ef:1e:59:f0:a6:75:c0:
                    5d:1e:b7:37:5f:5d:71:e8:cc:6a:1b:d6:00:dc:b7:
                    22:b1:30:79:cf:c1:92:51:e2:dc:25:57:78:87:80:
                    fa:df:eb:9c:57:be:86:96:f4:d8:ac:4a:9a:69:4d:
                    d5:09:b9:b3:13:e9:e3:8b:cb:e7:b0:be:2a:f5:bf:
                    9b:48:b4:30:38:9d:0a:36:11:cc:bb:6c:9b:8b:b0:
                    36:db:d4:ab:05:4e:29:e9:81:96:d4:8c:2a:72:2d:
                    b1:fb:fd:40:66:66:dd:09:f4:21:c4:98:a0:72:43:
                    1c:c8:26:c7:be:3b:8d:64:f7:b2:f6:42:3d:08:44:
                    b0:0b:07:12:c2:34:df:1d:bd:0c:e5:8b:b6:3a:7a:
                    cf:24:e7:bb:4b:bb:82:cc:86:30:b4:dd:7c:f2:0a:
                    cf:74:dc:1c:a4:0b:df:32:32:fd:5c:52:3b:23:d9:
                    37:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:97:3B:13:E3:E2:D7:E1:EA:C1:3C:C1:4D:73:C4:C0:CA:35:D2:8C
            X509v3 Authority Key Identifier:
                keyid:41:1D:EA:53:46:7B:6C:71:43:EB:23:D2:84:56:9A:81:83:B2:E8:2F

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QR3qU0Z7bHFD6yPShFaagYOy6C8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/YZc7E-Pi1-HqwTzBTXPEwMo10ow.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e1/eacce5-e4dd-4d9f-8ec1-47120b9069b7/1/QR3qU0Z7bHFD6yPShFaagYOy6C8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  176.126.236.0/22
                IPv6:
                  2a02:59e0::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:99:68:59:9f:34:25:5f:ca:46:be:81:5a:9b:61:e6:53:24:
         a1:12:94:5e:2f:e7:eb:28:c5:96:fc:3c:db:9a:21:a0:13:8f:
         22:95:fa:de:ca:cf:2c:f7:fc:cc:c0:d9:de:81:05:f3:01:3c:
         0e:a3:4c:b1:04:ce:b4:b1:4d:67:4c:a6:ca:ab:c0:60:9a:8e:
         1a:2c:a2:8f:d7:28:54:3a:74:54:7f:d8:67:ef:30:b6:53:88:
         8a:5a:13:7e:2e:ec:e0:b8:01:12:8f:2d:b5:1d:93:a4:be:5a:
         3a:08:61:71:c8:d3:a3:93:78:d8:dc:b2:7c:bc:6d:22:f9:26:
         bd:b4:59:f0:c3:14:fa:1a:02:53:6c:7c:df:81:07:11:e0:b3:
         bb:c5:d1:85:13:45:42:70:68:e9:e9:c1:3c:8c:c6:31:ac:b2:
         77:7c:94:50:ef:ef:82:dd:c7:12:09:ea:1b:69:75:ed:87:a5:
         26:c7:06:2b:9f:e4:d3:75:a9:ca:f7:25:99:37:8c:9d:c2:7a:
         d1:f8:c8:48:36:dd:81:14:a8:c9:d0:70:9a:c7:53:08:32:9c:
         db:e7:af:f8:66:a7:69:1b:fa:fd:7f:93:cc:01:7d:96:96:6f:
         9f:e3:8b:7b:7e:ec:3a:03:7c:98:bc:10:8c:90:c5:df:ca:34:
         03:da:3f:19
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhseF94/zAaPIHvzWGphqsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQxMWRlYTUzNDY3YjZjNzE0M2ViMjNkMjg0NTY5YTgxODNi
MmU4MmYwHhcNMjUwMTAxMTE0ODEzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTk3M2IxM2UzZTJkN2UxZWFjMTNjYzE0ZDczYzRjMGNhMzVkMjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1Ua/rBzK8jJOo4wpBCNS7DKfTcfA
aX7/hvyN3UFmcXGks+zlagQp/cdA+FXESxNbOVO9e46QhwZvU1VG1Kixomyt3897
MjLGibYls1K8l/FDg+8eWfCmdcBdHrc3X11x6MxqG9YA3LcisTB5z8GSUeLcJVd4
h4D63+ucV76GlvTYrEqaaU3VCbmzE+nji8vnsL4q9b+bSLQwOJ0KNhHMu2ybi7A2
29SrBU4p6YGW1Iwqci2x+/1AZmbdCfQhxJigckMcyCbHvjuNZPey9kI9CESwCwcS
wjTfHb0M5Yu2OnrPJOe7S7uCzIYwtN188grPdNwcpAvfMjL9XFI7I9k3QwIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGGXOxPj4tfh6sE8wU1zxMDKNdKMMB8GA1UdIwQY
MBaAFEEd6lNGe2xxQ+sj0oRWmoGDsugvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUVIzcVUwWjdiSEZENnlQU2hGYWFnWU95NkM4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMS9lYWNjZTUtZTRkZC00ZDlmLThlYzEt
NDcxMjBiOTA2OWI3LzEvWVpjN0UtUGkxLUhxd1R6QlRYUEV3TW8xMG93LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMS9lYWNjZTUtZTRkZC00ZDlmLThlYzEtNDcxMjBiOTA2OWI3
LzEvUVIzcVUwWjdiSEZENnlQU2hGYWFnWU95NkM4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQCsH7sMA8E
AgACMAkDBwAqAlngAAAwDQYJKoZIhvcNAQELBQADggEBAFmZaFmfNCVfyka+gVqb
YeZTJKESlF4v5+soxZb8PNuaIaATjyKV+t7Kzyz3/MzA2d6BBfMBPA6jTLEEzrSx
TWdMpsqrwGCajhosoo/XKFQ6dFR/2GfvMLZTiIpaE34u7OC4ARKPLbUdk6S+WjoI
YXHI06OTeNjcsny8bSL5Jr20WfDDFPoaAlNsfN+BBxHgs7vF0YUTRUJwaOnpwTyM
xjGssnd8lFDv74LdxxIJ6htpde2HpSbHBiuf5NN1qcr3JZk3jJ3CetH4yEg23YEU
qMnQcJrHUwgynNvnr/hmp2kb+v1/k8wBfZaWb5/ji3t+7DoDfJi8EIyQxd/KNAPa
Pxk=
-----END CERTIFICATE-----