Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/yX38jt3vI8i36FvJ3E_-UlmiSxQ.roa
File:                     yX38jt3vI8i36FvJ3E_-UlmiSxQ.roa (raw, json)
Hash identifier:          stQu9DFDxjZu1F/qyBAVnzlmn5IHuu+7EIChhkt6oKg=
Subject key identifier:   C9:7D:FC:8E:DD:EF:23:C8:B7:E8:5B:C9:DC:4F:FE:52:59:A2:4B:14
Certificate issuer:       /CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
Certificate serial:       0195517DEDB7B167DF89102694F100D31302
Authority key identifier: 06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/yX38jt3vI8i36FvJ3E_-UlmiSxQ.roa
Signing time:             Sat 01 Mar 2025 11:36:02 +0000
ROA not before:           Sat 01 Mar 2025 11:36:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     200131
IP address blocks:        194.143.206.0/24 maxlen: 24
                          213.220.3.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 22:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:51:7d:ed:b7:b1:67:df:89:10:26:94:f1:00:d3:13:02
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0671dcc7a9ac7351c71e0bc2278cf45fd020ae2e
        Validity
            Not Before: Mar  1 11:36:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c97dfc8eddef23c8b7e85bc9dc4ffe5259a24b14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:fd:73:a9:88:62:b9:5b:cb:cc:6c:6a:23:5d:
                    fa:a5:4b:20:8d:7e:fc:4e:7a:94:f6:52:e0:8b:31:
                    49:85:eb:62:61:1b:cb:0a:d6:15:af:3a:38:ae:cc:
                    3e:2c:36:b7:1b:29:29:9d:d8:d5:8f:b5:7b:7c:c2:
                    9d:98:dc:29:00:ce:8e:42:27:46:02:22:6a:3e:d0:
                    e7:8d:55:92:86:98:cc:89:4d:68:a6:3d:16:f6:1f:
                    f3:1d:38:2f:18:bc:80:f8:e9:7a:9a:8f:35:e0:5d:
                    f7:60:e8:fe:8d:1d:16:79:69:1c:ff:9b:5f:11:75:
                    1a:0a:28:57:27:11:38:31:49:b4:9f:49:72:77:6f:
                    3e:1e:0d:53:c5:7e:e2:49:04:a0:1b:d1:f0:c6:a8:
                    5d:b8:9b:b7:70:ba:7f:40:3e:d5:50:61:1a:ae:72:
                    77:61:6e:78:c0:e6:6e:2f:48:5c:f2:96:36:6a:83:
                    9f:18:dc:da:83:a1:1a:98:e4:6d:44:f2:ee:be:b2:
                    49:25:72:ea:18:83:fd:ec:42:82:17:e9:a0:8b:05:
                    b9:ad:b5:9b:7c:fe:82:98:ed:35:bb:cc:3d:3b:9c:
                    19:d8:0f:0d:3c:81:c3:77:35:55:22:fa:5b:5e:09:
                    c4:63:07:88:4d:00:e1:a4:46:14:21:7e:66:f2:ec:
                    3c:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:7D:FC:8E:DD:EF:23:C8:B7:E8:5B:C9:DC:4F:FE:52:59:A2:4B:14
            X509v3 Authority Key Identifier:
                keyid:06:71:DC:C7:A9:AC:73:51:C7:1E:0B:C2:27:8C:F4:5F:D0:20:AE:2E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BnHcx6msc1HHHgvCJ4z0X9Agri4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/yX38jt3vI8i36FvJ3E_-UlmiSxQ.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ea/1f9493-d468-4a7c-8c4b-1ddec4cce24c/1/BnHcx6msc1HHHgvCJ4z0X9Agri4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.143.206.0/24
                  213.220.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1e:3b:cb:61:23:32:7b:47:2b:e1:fb:ed:7b:28:ba:62:4c:cc:
         14:db:0c:2b:e1:f2:8a:03:04:43:62:48:c5:35:3d:ae:75:d9:
         e7:3c:76:5d:0d:3a:8c:8d:01:38:5b:4e:b6:91:7a:b3:6f:03:
         46:44:cd:de:7f:e9:25:d4:91:44:40:79:b9:8a:ca:38:5b:01:
         ca:57:c1:d7:92:3b:4d:a9:72:12:3d:61:d2:fc:b0:17:48:ae:
         fd:56:63:cc:c3:f9:c7:0a:c7:1b:ce:ed:7f:d0:db:96:6b:ac:
         ef:59:bd:58:be:f0:53:3a:63:9c:b0:38:4c:d5:3d:0d:f3:0d:
         c1:e1:50:35:21:de:20:f7:99:ef:1a:67:1e:d1:95:f8:73:5a:
         c9:c2:3f:c6:40:09:eb:ba:42:40:16:7f:4a:45:ce:8d:b5:0f:
         81:d2:ac:3d:50:4f:e0:95:73:d5:24:1e:e8:e8:d4:08:38:01:
         74:1f:b5:d3:d4:6b:17:8d:2d:f4:cc:85:f7:34:af:3e:3b:6f:
         a7:f6:a1:65:d7:1d:f2:36:f2:b3:d9:19:b4:06:a5:d5:59:61:
         4d:89:d0:21:f4:4e:c3:bd:21:96:dd:a8:14:9d:01:43:17:2d:
         ea:55:78:40:9e:19:b5:06:16:2c:35:7e:44:5a:0b:4b:d9:0c:
         78:a5:f3:24
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZVRfe23sWffiRAmlPEA0xMCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2NzFkY2M3YTlhYzczNTFjNzFlMGJjMjI3OGNmNDVmZDAy
MGFlMmUwHhcNMjUwMzAxMTEzNjAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTdkZmM4ZWRkZWYyM2M4YjdlODViYzlkYzRmZmU1MjU5YTI0YjE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2f1zqYhiuVvLzGxqI136pUsgjX78
TnqU9lLgizFJhetiYRvLCtYVrzo4rsw+LDa3GykpndjVj7V7fMKdmNwpAM6OQidG
AiJqPtDnjVWShpjMiU1opj0W9h/zHTgvGLyA+Ol6mo814F33YOj+jR0WeWkc/5tf
EXUaCihXJxE4MUm0n0lyd28+Hg1TxX7iSQSgG9HwxqhduJu3cLp/QD7VUGEarnJ3
YW54wOZuL0hc8pY2aoOfGNzag6EamORtRPLuvrJJJXLqGIP97EKCF+mgiwW5rbWb
fP6CmO01u8w9O5wZ2A8NPIHDdzVVIvpbXgnEYweITQDhpEYUIX5m8uw8dwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMl9/I7d7yPIt+hbydxP/lJZoksUMB8GA1UdIwQY
MBaAFAZx3MeprHNRxx4LwieM9F/QIK4uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGIt
MWRkZWM0Y2NlMjRjLzEveVgzOGp0M3ZJOGkzNkZ2SjNFXy1VbG1pU3hRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lYS8xZjk0OTMtZDQ2OC00YTdjLThjNGItMWRkZWM0Y2NlMjRj
LzEvQm5IY3g2bXNjMUhISGd2Q0o0ejBYOUFncmk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwo/OAwQA
1dwDMA0GCSqGSIb3DQEBCwUAA4IBAQAeO8thIzJ7Ryvh++17KLpiTMwU2wwr4fKK
AwRDYkjFNT2uddnnPHZdDTqMjQE4W062kXqzbwNGRM3ef+kl1JFEQHm5iso4WwHK
V8HXkjtNqXISPWHS/LAXSK79VmPMw/nHCscbzu1/0NuWa6zvWb1YvvBTOmOcsDhM
1T0N8w3B4VA1Id4g95nvGmce0ZX4c1rJwj/GQAnrukJAFn9KRc6NtQ+B0qw9UE/g
lXPVJB7o6NQIOAF0H7XT1GsXjS30zIX3NK8+O2+n9qFl1x3yNvKz2Rm0BqXVWWFN
idAh9E7DvSGW3agUnQFDFy3qVXhAnhm1BhYsNX5EWgtL2Qx4pfMk
-----END CERTIFICATE-----