Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e2/8d1cea-4d9d-4906-98d7-7188d91a6ca9/1/yqAKtMjQr06lqjkgV4xVRo64daM.roa
File:                     yqAKtMjQr06lqjkgV4xVRo64daM.roa (raw, json)
Hash identifier:          x/Jj/C/0x92hbipjJNdh/WcznLtF4AoIFg/Jhn39tzA=
Subject key identifier:   CA:A0:0A:B4:C8:D0:AF:4E:A5:AA:39:20:57:8C:55:46:8E:B8:75:A3
Certificate issuer:       /CN=a4dd79707124b20672e69c38e17b666b7fae7c1d
Certificate serial:       0194266C1C649D7F345358608FC2018D33A6
Authority key identifier: A4:DD:79:70:71:24:B2:06:72:E6:9C:38:E1:7B:66:6B:7F:AE:7C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pN15cHEksgZy5pw44Xtma3-ufB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e2/8d1cea-4d9d-4906-98d7-7188d91a6ca9/1/yqAKtMjQr06lqjkgV4xVRo64daM.roa
Signing time:             Thu 02 Jan 2025 09:50:06 +0000
ROA not before:           Thu 02 Jan 2025 09:50:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     51933
IP address blocks:        46.183.32.0/21 maxlen: 21
                          194.125.228.0/22 maxlen: 22
                          2a0b:2a00::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e2/8d1cea-4d9d-4906-98d7-7188d91a6ca9/1/pN15cHEksgZy5pw44Xtma3-ufB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e2/8d1cea-4d9d-4906-98d7-7188d91a6ca9/1/pN15cHEksgZy5pw44Xtma3-ufB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pN15cHEksgZy5pw44Xtma3-ufB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 17:00:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:6c:1c:64:9d:7f:34:53:58:60:8f:c2:01:8d:33:a6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a4dd79707124b20672e69c38e17b666b7fae7c1d
        Validity
            Not Before: Jan  2 09:50:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=caa00ab4c8d0af4ea5aa3920578c55468eb875a3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:0d:57:4b:49:b3:37:7d:b3:3a:48:6a:c0:6a:
                    56:de:a8:8e:9a:d3:52:4b:e3:75:14:6e:47:86:58:
                    01:7c:1f:fe:e4:4a:17:53:58:d1:fd:f2:a8:d4:b4:
                    71:a2:be:a3:33:6f:5d:e3:b4:8f:bb:3f:1f:ed:dc:
                    cf:8f:43:83:4b:1c:b6:72:4a:56:6f:46:05:69:5a:
                    38:c2:72:a9:fd:fb:aa:1c:b1:d9:b3:c2:92:4e:cd:
                    c7:99:93:78:a1:49:da:cb:df:c3:a3:0b:21:0a:a0:
                    fd:87:05:f7:50:a5:cd:ff:25:43:f9:30:90:92:ff:
                    5c:d3:be:de:2d:4d:23:14:d1:1e:ff:1b:09:37:7a:
                    aa:b2:c2:8c:c9:dc:0f:bb:8f:32:df:c4:29:ba:a9:
                    c0:61:c3:96:6a:e8:15:fc:90:99:36:07:fb:3c:34:
                    3b:1c:ed:dc:0c:3e:cb:99:1e:0a:87:55:7d:57:5f:
                    5b:85:49:93:18:47:31:2f:78:ad:32:e0:96:fa:52:
                    ab:47:ff:31:a9:40:40:16:1d:33:6c:d3:f9:24:bb:
                    0a:31:fa:67:c7:4e:c5:87:a9:0c:b6:be:4b:e4:d6:
                    c0:f6:f9:ce:b7:36:2e:49:72:dc:71:81:45:19:27:
                    06:ff:36:0c:45:ec:eb:8c:4d:c0:fa:3b:98:a6:f3:
                    88:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:A0:0A:B4:C8:D0:AF:4E:A5:AA:39:20:57:8C:55:46:8E:B8:75:A3
            X509v3 Authority Key Identifier:
                keyid:A4:DD:79:70:71:24:B2:06:72:E6:9C:38:E1:7B:66:6B:7F:AE:7C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pN15cHEksgZy5pw44Xtma3-ufB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/8d1cea-4d9d-4906-98d7-7188d91a6ca9/1/yqAKtMjQr06lqjkgV4xVRo64daM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e2/8d1cea-4d9d-4906-98d7-7188d91a6ca9/1/pN15cHEksgZy5pw44Xtma3-ufB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.183.32.0/21
                  194.125.228.0/22
                IPv6:
                  2a0b:2a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         6a:8a:7e:6f:a9:8d:4f:70:b1:29:a9:c3:67:57:c0:75:d9:bb:
         2f:b6:5b:5c:96:39:29:b0:3d:06:42:b9:b1:06:e4:37:45:58:
         a4:c8:0a:a0:6e:6c:06:2d:e9:ee:c1:37:c8:fa:92:f4:5a:4a:
         78:a4:89:b4:2b:8c:95:47:b4:bc:52:d7:da:b5:f6:05:51:c0:
         6e:8b:c0:ae:db:69:98:84:22:bd:41:ee:7a:f8:4d:eb:34:6b:
         1d:1f:03:ff:ae:c7:79:9d:29:12:21:7f:f3:d6:92:cd:a8:8f:
         f8:08:40:b4:d9:77:4a:7c:ac:ac:87:2e:1c:9a:4c:df:cd:9b:
         d7:ac:f7:ad:bb:3b:78:dd:6b:6d:74:d0:55:67:75:60:ff:58:
         46:ca:ee:3a:90:ea:62:f9:87:4d:23:2a:66:0f:01:c4:9c:a6:
         c6:73:3a:6f:cf:1e:5e:0a:a3:08:e6:ef:0f:58:35:a2:a0:c9:
         f5:7b:6e:b9:3e:b2:47:ce:8b:0e:ce:74:7a:b0:0b:af:47:da:
         90:fa:d4:b7:f6:89:02:b0:4d:50:02:83:94:65:67:e4:7a:38:
         f1:ac:49:f0:28:c1:e7:5e:e5:60:b3:a0:3d:17:89:63:cd:18:
         bc:b1:1a:5a:ab:ee:a2:15:e0:32:c7:1b:7c:7c:40:8d:5c:97:
         e9:12:01:68
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQmbBxknX80U1hgj8IBjTOmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ZGQ3OTcwNzEyNGIyMDY3MmU2OWMzOGUxN2I2NjZiN2Zh
ZTdjMWQwHhcNMjUwMTAyMDk1MDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWEwMGFiNGM4ZDBhZjRlYTVhYTM5MjA1NzhjNTU0NjhlYjg3NWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsA1XS0mzN32zOkhqwGpW3qiOmtNS
S+N1FG5HhlgBfB/+5EoXU1jR/fKo1LRxor6jM29d47SPuz8f7dzPj0ODSxy2ckpW
b0YFaVo4wnKp/fuqHLHZs8KSTs3HmZN4oUnay9/DowshCqD9hwX3UKXN/yVD+TCQ
kv9c077eLU0jFNEe/xsJN3qqssKMydwPu48y38QpuqnAYcOWaugV/JCZNgf7PDQ7
HO3cDD7LmR4Kh1V9V19bhUmTGEcxL3itMuCW+lKrR/8xqUBAFh0zbNP5JLsKMfpn
x07Fh6kMtr5L5NbA9vnOtzYuSXLccYFFGScG/zYMRezrjE3A+juYpvOIyQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMqgCrTI0K9Opao5IFeMVUaOuHWjMB8GA1UdIwQY
MBaAFKTdeXBxJLIGcuacOOF7Zmt/rnwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcE4xNWNIRWtzZ1p5NXB3NDRYdG1hMy11ZkIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lMi84ZDFjZWEtNGQ5ZC00OTA2LTk4ZDct
NzE4OGQ5MWE2Y2E5LzEveXFBS3RNalFyMDZscWprZ1Y0eFZSbzY0ZGFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lMi84ZDFjZWEtNGQ5ZC00OTA2LTk4ZDctNzE4OGQ5MWE2Y2E5
LzEvcE4xNWNIRWtzZ1p5NXB3NDRYdG1hMy11ZkIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQDLrcgAwQC
wn3kMA0EAgACMAcDBQAqCyoAMA0GCSqGSIb3DQEBCwUAA4IBAQBqin5vqY1PcLEp
qcNnV8B12bsvtltcljkpsD0GQrmxBuQ3RVikyAqgbmwGLenuwTfI+pL0Wkp4pIm0
K4yVR7S8UtfatfYFUcBui8Cu22mYhCK9Qe56+E3rNGsdHwP/rsd5nSkSIX/z1pLN
qI/4CEC02XdKfKyshy4cmkzfzZvXrPetuzt43WttdNBVZ3Vg/1hGyu46kOpi+YdN
IypmDwHEnKbGczpvzx5eCqMI5u8PWDWioMn1e265PrJHzosOznR6sAuvR9qQ+tS3
9okCsE1QAoOUZWfkejjxrEnwKMHnXuVgs6A9F4ljzRi8sRpaq+6iFeAyxxt8fECN
XJfpEgFo
-----END CERTIFICATE-----