Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/0a97f1-7bf5-4368-8260-8d715ac217e2/1/YBpkKYl7hf_TRzIQKlqwjzGdNXQ.roa
File:                     YBpkKYl7hf_TRzIQKlqwjzGdNXQ.roa (raw, json)
Hash identifier:          h+D2pJlFj/niq8kSK086wec9+0ZFE38ysN0VslreY9A=
Subject key identifier:   60:1A:64:29:89:7B:85:FF:D3:47:32:10:2A:5A:B0:8F:31:9D:35:74
Certificate issuer:       /CN=cf5567122a88ca9889a1798b6c942dcc0cbc753b
Certificate serial:       019427B660D25A92691C57B023566F217FB3
Authority key identifier: CF:55:67:12:2A:88:CA:98:89:A1:79:8B:6C:94:2D:CC:0C:BC:75:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/z1VnEiqIypiJoXmLbJQtzAy8dTs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/0a97f1-7bf5-4368-8260-8d715ac217e2/1/YBpkKYl7hf_TRzIQKlqwjzGdNXQ.roa
Signing time:             Thu 02 Jan 2025 15:50:51 +0000
ROA not before:           Thu 02 Jan 2025 15:50:51 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58224
IP address blocks:        185.115.76.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/0a97f1-7bf5-4368-8260-8d715ac217e2/1/z1VnEiqIypiJoXmLbJQtzAy8dTs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/0a97f1-7bf5-4368-8260-8d715ac217e2/1/z1VnEiqIypiJoXmLbJQtzAy8dTs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/z1VnEiqIypiJoXmLbJQtzAy8dTs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 22 Apr 2025 06:00:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:27:b6:60:d2:5a:92:69:1c:57:b0:23:56:6f:21:7f:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=cf5567122a88ca9889a1798b6c942dcc0cbc753b
        Validity
            Not Before: Jan  2 15:50:51 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=601a6429897b85ffd34732102a5ab08f319d3574
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:e3:4f:9b:7f:ea:9c:33:70:d6:ef:95:d5:2d:
                    eb:e0:a8:23:50:54:39:71:83:1d:7a:80:88:7d:16:
                    4b:e4:c0:fd:64:2b:dc:f7:36:56:1b:40:8b:41:88:
                    44:a0:7a:c2:eb:3b:1e:39:9b:af:ec:d2:d4:63:54:
                    ce:8b:f3:d3:e1:d7:3e:bc:24:f1:a8:23:7c:fd:f2:
                    9e:37:83:a5:86:10:22:67:87:4d:9f:d3:8d:68:85:
                    be:39:4a:a7:7d:87:df:c0:05:9d:6b:ba:01:75:c9:
                    83:da:6b:b7:8d:1e:bc:30:6c:42:55:fa:46:af:7c:
                    a5:6b:f9:95:a1:21:22:86:b1:51:6f:b1:2d:45:2c:
                    ba:61:b5:23:c4:33:ba:a2:e8:29:52:01:68:65:50:
                    33:73:59:4d:05:dd:46:da:1a:9c:4b:6e:43:7c:ac:
                    46:3f:a3:43:0f:4c:7a:01:34:91:38:e9:eb:27:f1:
                    b1:de:fa:f8:dc:d3:15:31:b4:63:4b:ac:ed:0a:08:
                    46:af:c1:25:0c:9c:9a:21:5e:5e:54:04:66:2b:a4:
                    37:11:8a:91:26:93:91:72:ab:42:ba:87:69:79:1b:
                    28:2d:53:0a:0c:de:39:82:c1:f1:8f:92:ec:3a:e2:
                    92:39:a0:33:dc:02:cf:c1:83:f4:59:6f:83:48:1e:
                    3a:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:1A:64:29:89:7B:85:FF:D3:47:32:10:2A:5A:B0:8F:31:9D:35:74
            X509v3 Authority Key Identifier:
                keyid:CF:55:67:12:2A:88:CA:98:89:A1:79:8B:6C:94:2D:CC:0C:BC:75:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/z1VnEiqIypiJoXmLbJQtzAy8dTs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/0a97f1-7bf5-4368-8260-8d715ac217e2/1/YBpkKYl7hf_TRzIQKlqwjzGdNXQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/0a97f1-7bf5-4368-8260-8d715ac217e2/1/z1VnEiqIypiJoXmLbJQtzAy8dTs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.115.76.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1d:b1:27:83:cb:99:33:d8:35:11:4e:37:45:83:c0:72:e6:2e:
         a2:64:b6:5d:d0:a3:d9:29:e0:2e:4e:2a:40:77:f2:32:c1:80:
         a6:ae:45:32:e4:bd:65:6b:79:f4:f8:6f:5e:ac:43:07:11:45:
         d2:42:a9:09:8c:27:e9:66:7f:48:fa:ca:1d:5f:04:db:a8:f2:
         9d:b0:15:d0:ca:9a:6a:5c:9b:e4:2f:d7:91:c0:fd:95:63:df:
         54:93:a9:fe:8a:07:ee:95:78:02:a2:f6:93:58:bb:09:d7:84:
         a1:43:38:12:99:0c:8c:5a:ff:79:44:3e:06:18:71:5a:ed:39:
         b6:0d:9e:ad:8f:40:17:f2:f5:67:bd:13:ec:72:1f:f6:48:42:
         36:e0:ad:83:02:f1:f7:32:cc:3f:e2:8e:27:12:f0:e7:96:c1:
         1b:fe:b6:f7:69:b5:25:80:6f:38:0d:0a:11:5a:61:42:a9:a5:
         b5:c9:0d:2d:45:e9:75:6a:07:a4:0b:46:33:1d:46:21:c7:b4:
         32:c5:4e:2b:5f:ef:18:e5:4e:83:e2:0a:fc:71:41:89:53:35:
         7e:38:5c:53:cd:2f:a0:37:8e:7a:04:93:10:06:ca:b6:92:d0:
         45:7d:47:62:73:f3:2d:11:a2:94:f4:b1:25:36:04:8f:56:95:
         43:24:b0:68
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQntmDSWpJpHFewI1ZvIX+zMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNmNTU2NzEyMmE4OGNhOTg4OWExNzk4YjZjOTQyZGNjMGNi
Yzc1M2IwHhcNMjUwMTAyMTU1MDUxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDFhNjQyOTg5N2I4NWZmZDM0NzMyMTAyYTVhYjA4ZjMxOWQzNTc0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtuNPm3/qnDNw1u+V1S3r4KgjUFQ5
cYMdeoCIfRZL5MD9ZCvc9zZWG0CLQYhEoHrC6zseOZuv7NLUY1TOi/PT4dc+vCTx
qCN8/fKeN4OlhhAiZ4dNn9ONaIW+OUqnfYffwAWda7oBdcmD2mu3jR68MGxCVfpG
r3yla/mVoSEihrFRb7EtRSy6YbUjxDO6ougpUgFoZVAzc1lNBd1G2hqcS25DfKxG
P6NDD0x6ATSROOnrJ/Gx3vr43NMVMbRjS6ztCghGr8ElDJyaIV5eVARmK6Q3EYqR
JpORcqtCuodpeRsoLVMKDN45gsHxj5LsOuKSOaAz3ALPwYP0WW+DSB46kwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGAaZCmJe4X/00cyECpasI8xnTV0MB8GA1UdIwQY
MBaAFM9VZxIqiMqYiaF5i2yULcwMvHU7MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvejFWbkVpcUl5cGlKb1htTGJKUXR6QXk4ZFRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8wYTk3ZjEtN2JmNS00MzY4LTgyNjAt
OGQ3MTVhYzIxN2UyLzEvWUJwa0tZbDdoZl9UUnpJUUtscXdqekdkTlhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8wYTk3ZjEtN2JmNS00MzY4LTgyNjAtOGQ3MTVhYzIxN2Uy
LzEvejFWbkVpcUl5cGlKb1htTGJKUXR6QXk4ZFRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuXNMMA0G
CSqGSIb3DQEBCwUAA4IBAQAdsSeDy5kz2DURTjdFg8By5i6iZLZd0KPZKeAuTipA
d/IywYCmrkUy5L1la3n0+G9erEMHEUXSQqkJjCfpZn9I+sodXwTbqPKdsBXQyppq
XJvkL9eRwP2VY99Uk6n+igfulXgCovaTWLsJ14ShQzgSmQyMWv95RD4GGHFa7Tm2
DZ6tj0AX8vVnvRPsch/2SEI24K2DAvH3Msw/4o4nEvDnlsEb/rb3abUlgG84DQoR
WmFCqaW1yQ0tRel1agekC0YzHUYhx7QyxU4rX+8Y5U6D4gr8cUGJUzV+OFxTzS+g
N456BJMQBsq2ktBFfUdic/MtEaKU9LElNgSPVpVDJLBo
-----END CERTIFICATE-----