Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/e61614-ebc5-4731-8560-9d1812999a35/1/v1Ryzz_N409NzbmRAuen4MQjOWo.roa
File:                     v1Ryzz_N409NzbmRAuen4MQjOWo.roa (raw, json)
Hash identifier:          nCjeo/lqPblEWttxGqrN/iF+J58uOtYvtP5cDeaC0E8=
Subject key identifier:   BF:54:72:CF:3F:CD:E3:4F:4D:CD:B9:91:02:E7:A7:E0:C4:23:39:6A
Certificate issuer:       /CN=b4a90f6896678442afaee1baaaa6b2a2decacd3b
Certificate serial:       019421B1EAF2E817C26F0323F26B8F807D4A
Authority key identifier: B4:A9:0F:68:96:67:84:42:AF:AE:E1:BA:AA:A6:B2:A2:DE:CA:CD:3B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tKkPaJZnhEKvruG6qqayot7KzTs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f1/e61614-ebc5-4731-8560-9d1812999a35/1/v1Ryzz_N409NzbmRAuen4MQjOWo.roa
Signing time:             Wed 01 Jan 2025 11:48:15 +0000
ROA not before:           Wed 01 Jan 2025 11:48:15 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     19905
IP address blocks:        185.150.60.0/24 maxlen: 24
                          185.150.61.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f1/e61614-ebc5-4731-8560-9d1812999a35/1/tKkPaJZnhEKvruG6qqayot7KzTs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f1/e61614-ebc5-4731-8560-9d1812999a35/1/tKkPaJZnhEKvruG6qqayot7KzTs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tKkPaJZnhEKvruG6qqayot7KzTs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 13 Apr 2025 08:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b1:ea:f2:e8:17:c2:6f:03:23:f2:6b:8f:80:7d:4a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4a90f6896678442afaee1baaaa6b2a2decacd3b
        Validity
            Not Before: Jan  1 11:48:15 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=bf5472cf3fcde34f4dcdb99102e7a7e0c423396a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:ba:81:e6:70:cb:06:f4:20:10:8e:3a:d0:4e:
                    a9:16:96:75:84:69:5f:0b:2d:aa:a5:1a:a8:ed:a0:
                    45:39:08:b2:2c:86:6b:f2:d9:a9:78:4c:00:e6:c8:
                    81:d1:d1:bd:6b:e8:e4:c6:4a:cc:8a:9a:27:f4:bd:
                    3a:3e:48:54:4c:07:0e:24:eb:a0:21:5b:b2:98:1d:
                    7c:59:31:ed:9d:93:ea:71:48:4a:7a:95:d4:a5:9c:
                    bd:5e:10:8a:6d:1c:8d:59:1a:96:6f:24:c2:01:94:
                    fa:e8:5c:8f:3a:eb:fa:07:6c:96:e5:91:5f:f3:f4:
                    b3:ec:04:46:78:8d:38:47:b4:fd:03:67:f4:5f:a9:
                    34:d4:db:ca:9b:16:c5:d8:6a:b5:5a:9f:bd:7d:10:
                    c3:83:db:08:13:b5:be:e2:5c:41:88:c7:00:f2:07:
                    11:c6:b0:26:c6:5b:14:ae:67:e2:43:3b:3a:1c:dc:
                    71:d9:98:7f:16:d8:62:5a:4e:2d:c8:b1:6f:35:3c:
                    1d:84:b9:8f:05:9d:26:50:1b:3d:9a:10:2b:8b:65:
                    4c:ca:a1:32:59:61:c0:18:90:b4:18:36:a6:23:68:
                    19:e8:9f:84:19:8d:f6:d6:16:a0:e4:76:80:ab:b9:
                    cb:86:cb:99:ef:79:0f:70:4a:8a:d9:c0:d9:51:ea:
                    1f:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:54:72:CF:3F:CD:E3:4F:4D:CD:B9:91:02:E7:A7:E0:C4:23:39:6A
            X509v3 Authority Key Identifier:
                keyid:B4:A9:0F:68:96:67:84:42:AF:AE:E1:BA:AA:A6:B2:A2:DE:CA:CD:3B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tKkPaJZnhEKvruG6qqayot7KzTs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/e61614-ebc5-4731-8560-9d1812999a35/1/v1Ryzz_N409NzbmRAuen4MQjOWo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/e61614-ebc5-4731-8560-9d1812999a35/1/tKkPaJZnhEKvruG6qqayot7KzTs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.150.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7c:a0:46:6e:05:f1:9b:4a:c0:d1:44:32:b0:6e:59:33:2e:df:
         94:4b:2b:e8:69:17:cb:62:70:9f:db:4e:44:05:52:81:08:7d:
         8e:b6:84:d4:e8:d0:41:8b:9f:35:d0:2f:9e:26:19:d5:5f:82:
         ab:a7:b7:53:16:a1:65:35:7e:5f:7c:a4:24:ea:a6:76:5a:a8:
         7d:99:e5:e0:fd:6f:4c:d0:c2:b2:58:65:7e:32:44:e9:34:1a:
         ed:fa:68:a2:ce:c1:6f:fb:b7:d9:0f:6c:28:99:8b:ac:2f:d6:
         80:bc:d9:a2:5b:5e:2d:67:e6:31:c1:ec:1b:d5:82:6a:b4:1c:
         c0:c2:46:29:7b:07:6e:7e:b4:7d:30:76:55:8c:d3:54:c0:2b:
         98:0a:14:3f:65:4d:09:15:a7:65:bf:8d:63:53:3f:2f:2f:10:
         ed:f1:3b:30:fd:65:9f:a8:41:38:8c:52:d7:e2:e5:d4:5b:ad:
         16:5d:0f:d7:83:04:a7:a3:f0:e7:f2:6e:87:19:50:d1:20:ee:
         72:80:e3:40:64:d5:4b:db:7a:5e:92:be:51:2a:7d:56:04:c7:
         3a:2f:5c:f5:16:64:37:5a:3f:48:f1:bc:31:b8:06:49:79:9c:
         2d:a5:6d:02:fa:ee:fa:54:f9:84:86:7f:74:d7:23:25:f3:a9:
         2e:03:71:24
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQhsery6BfCbwMj8muPgH1KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0YTkwZjY4OTY2Nzg0NDJhZmFlZTFiYWFhYTZiMmEyZGVj
YWNkM2IwHhcNMjUwMTAxMTE0ODE1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZjU0NzJjZjNmY2RlMzRmNGRjZGI5OTEwMmU3YTdlMGM0MjMzOTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArLqB5nDLBvQgEI460E6pFpZ1hGlf
Cy2qpRqo7aBFOQiyLIZr8tmpeEwA5siB0dG9a+jkxkrMipon9L06PkhUTAcOJOug
IVuymB18WTHtnZPqcUhKepXUpZy9XhCKbRyNWRqWbyTCAZT66FyPOuv6B2yW5ZFf
8/Sz7ARGeI04R7T9A2f0X6k01NvKmxbF2Gq1Wp+9fRDDg9sIE7W+4lxBiMcA8gcR
xrAmxlsUrmfiQzs6HNxx2Zh/FthiWk4tyLFvNTwdhLmPBZ0mUBs9mhAri2VMyqEy
WWHAGJC0GDamI2gZ6J+EGY321hag5HaAq7nLhsuZ73kPcEqK2cDZUeofZwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFL9Ucs8/zeNPTc25kQLnp+DEIzlqMB8GA1UdIwQY
MBaAFLSpD2iWZ4RCr67huqqmsqLeys07MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdEtrUGFKWm5oRUt2cnVHNnFxYXlvdDdLelRzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9lNjE2MTQtZWJjNS00NzMxLTg1NjAt
OWQxODEyOTk5YTM1LzEvdjFSeXp6X040MDlOemJtUkF1ZW40TVFqT1dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9lNjE2MTQtZWJjNS00NzMxLTg1NjAtOWQxODEyOTk5YTM1
LzEvdEtrUGFKWm5oRUt2cnVHNnFxYXlvdDdLelRzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQBuZY8MA0G
CSqGSIb3DQEBCwUAA4IBAQB8oEZuBfGbSsDRRDKwblkzLt+USyvoaRfLYnCf205E
BVKBCH2OtoTU6NBBi5810C+eJhnVX4Krp7dTFqFlNX5ffKQk6qZ2Wqh9meXg/W9M
0MKyWGV+MkTpNBrt+miizsFv+7fZD2womYusL9aAvNmiW14tZ+Yxwewb1YJqtBzA
wkYpewdufrR9MHZVjNNUwCuYChQ/ZU0JFadlv41jUz8vLxDt8Tsw/WWfqEE4jFLX
4uXUW60WXQ/XgwSno/Dn8m6HGVDRIO5ygONAZNVL23pekr5RKn1WBMc6L1z1FmQ3
Wj9I8bwxuAZJeZwtpW0C+u76VPmEhn901yMl86kuA3Ek
-----END CERTIFICATE-----