Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/YMnqUNriuyHwDIFQ2C9-qRlCJR8.roa
File:                     YMnqUNriuyHwDIFQ2C9-qRlCJR8.roa (raw, json)
Hash identifier:          7P6ibgHSOBZ2856ayilvwRq//XNJeWi8k+T7BYGGld4=
Subject key identifier:   60:C9:EA:50:DA:E2:BB:21:F0:0C:81:50:D8:2F:7E:A9:19:42:25:1F
Certificate issuer:       /CN=99ce569a14c2db3772f23187ce68e6541ec0048e
Certificate serial:       018ECB8711AFD1C427F22C4886221FEE6B7E
Authority key identifier: 99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/YMnqUNriuyHwDIFQ2C9-qRlCJR8.roa
Signing time:             Thu 11 Apr 2024 05:00:10 +0000
ROA not before:           Thu 11 Apr 2024 05:00:10 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3320
IP address blocks:        185.149.25.0/24 maxlen: 24
                          185.149.26.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 23 Nov 2024 12:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8e:cb:87:11:af:d1:c4:27:f2:2c:48:86:22:1f:ee:6b:7e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=99ce569a14c2db3772f23187ce68e6541ec0048e
        Validity
            Not Before: Apr 11 05:00:10 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=60c9ea50dae2bb21f00c8150d82f7ea91942251f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:93:46:9d:fb:d9:9c:3a:01:e2:1e:c9:0a:9a:71:
                    30:ce:07:12:57:79:8b:de:a4:6e:94:7c:3e:83:d8:
                    7c:cb:6d:2e:44:26:09:d8:59:83:2f:10:68:fa:82:
                    12:75:da:7a:ba:53:f8:a0:a8:42:76:9c:02:7d:48:
                    c1:02:64:69:9f:a1:c6:c5:f4:0a:d6:8a:17:1a:e8:
                    c7:ca:9d:6b:57:87:2c:46:1f:5d:84:bd:eb:4d:44:
                    51:82:6e:a5:0a:ff:f3:bd:ca:5d:c0:ec:4f:97:44:
                    b5:4f:8c:7a:8a:63:0a:cf:b7:8a:48:d9:c9:81:44:
                    a4:6a:65:be:d2:1f:bb:89:27:17:9d:a0:bb:62:ee:
                    29:4b:3b:9d:e3:b5:0b:21:4b:9a:3d:ef:e0:e0:6f:
                    0a:5a:59:99:75:57:98:ed:08:c9:92:42:24:9d:e6:
                    c3:7b:ff:30:fa:cf:19:ac:a7:31:24:8e:ef:f1:0e:
                    a6:f3:86:1f:24:d4:69:23:34:7c:0f:96:f0:dd:ce:
                    10:62:6d:e7:3e:fe:f5:d9:8b:6c:38:a5:fe:16:0a:
                    2b:89:f1:1c:8e:b3:36:e0:69:8d:0c:ca:34:ec:5e:
                    81:0f:e9:38:3f:0c:af:98:65:f4:e8:cb:65:45:2c:
                    a5:d8:4d:96:18:ba:3d:0f:bb:9c:e2:f1:6a:49:6c:
                    8c:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:C9:EA:50:DA:E2:BB:21:F0:0C:81:50:D8:2F:7E:A9:19:42:25:1F
            X509v3 Authority Key Identifier:
                keyid:99:CE:56:9A:14:C2:DB:37:72:F2:31:87:CE:68:E6:54:1E:C0:04:8E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/mc5WmhTC2zdy8jGHzmjmVB7ABI4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/YMnqUNriuyHwDIFQ2C9-qRlCJR8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/cc6e99-6e5f-401b-912d-1095544c6c50/1/mc5WmhTC2zdy8jGHzmjmVB7ABI4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.149.25.0-185.149.27.255

    Signature Algorithm: sha256WithRSAEncryption
         2c:5b:97:a0:bb:99:0e:99:af:66:0b:c3:18:ab:33:e5:67:6e:
         7f:20:c3:f4:64:22:c8:ea:d5:a4:f5:3a:f8:2f:17:af:4f:72:
         9e:5c:62:d5:73:75:b7:0a:ae:b5:22:88:77:b3:ba:7c:7a:7b:
         9a:82:26:aa:c5:71:35:27:21:39:e6:2b:1f:64:a5:a3:08:d8:
         60:2e:a2:80:c0:bd:0a:87:40:bc:1b:cb:e8:61:2f:1c:32:de:
         6b:db:84:b3:c8:08:f0:53:59:e0:13:6a:63:0b:94:64:42:61:
         4c:39:af:df:1b:6d:20:f1:2c:14:2d:ad:82:d0:39:7d:9b:90:
         49:a2:7a:54:2f:39:18:30:59:e4:a4:dc:6a:51:e3:d1:c5:6c:
         ee:8f:1e:ab:25:f6:7a:66:13:31:5e:96:35:60:b7:c4:60:56:
         dd:0b:37:52:b5:b4:2d:53:af:7f:24:8f:c7:29:58:3e:52:f3:
         9a:84:4a:35:a4:ca:5a:9e:27:b0:15:2a:71:4f:c1:6e:0f:48:
         53:b8:52:a0:a7:40:44:b8:37:26:a7:0c:13:1a:1b:a2:37:28:
         88:1f:8e:02:aa:d7:c5:ce:c6:11:ca:9b:48:f8:a7:42:18:37:
         d6:a9:9a:37:b5:99:d4:98:69:31:0a:cf:d9:45:4e:75:03:be:
         e9:f0:25:ea
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY7LhxGv0cQn8ixIhiIf7mt+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk5Y2U1NjlhMTRjMmRiMzc3MmYyMzE4N2NlNjhlNjU0MWVj
MDA0OGUwHhcNMjQwNDExMDUwMDEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MGM5ZWE1MGRhZTJiYjIxZjAwYzgxNTBkODJmN2VhOTE5NDIyNTFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0ad+9mcOgHiHskKmnEwzgcSV3mL
3qRulHw+g9h8y20uRCYJ2FmDLxBo+oISddp6ulP4oKhCdpwCfUjBAmRpn6HGxfQK
1ooXGujHyp1rV4csRh9dhL3rTURRgm6lCv/zvcpdwOxPl0S1T4x6imMKz7eKSNnJ
gUSkamW+0h+7iScXnaC7Yu4pSzud47ULIUuaPe/g4G8KWlmZdVeY7QjJkkIknebD
e/8w+s8ZrKcxJI7v8Q6m84YfJNRpIzR8D5bw3c4QYm3nPv712YtsOKX+FgorifEc
jrM24GmNDMo07F6BD+k4PwyvmGX06MtlRSyl2E2WGLo9D7uc4vFqSWyMlQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGDJ6lDa4rsh8AyBUNgvfqkZQiUfMB8GA1UdIwQY
MBaAFJnOVpoUwts3cvIxh85o5lQewASOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQt
MTA5NTU0NGM2YzUwLzEvWU1ucVVOcml1eUh3RElGUTJDOS1xUmxDSlI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMi9jYzZlOTktNmU1Zi00MDFiLTkxMmQtMTA5NTU0NGM2YzUw
LzEvbWM1V21oVEMyemR5OGpHSHptam1WQjdBQkk0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAC5lRkD
BAK5lRgwDQYJKoZIhvcNAQELBQADggEBACxbl6C7mQ6Zr2YLwxirM+Vnbn8gw/Rk
Isjq1aT1OvgvF69Pcp5cYtVzdbcKrrUiiHezunx6e5qCJqrFcTUnITnmKx9kpaMI
2GAuooDAvQqHQLwby+hhLxwy3mvbhLPICPBTWeATamMLlGRCYUw5r98bbSDxLBQt
rYLQOX2bkEmielQvORgwWeSk3GpR49HFbO6PHqsl9npmEzFeljVgt8RgVt0LN1K1
tC1Tr38kj8cpWD5S85qESjWkylqeJ7AVKnFPwW4PSFO4UqCnQES4NyanDBMaG6I3
KIgfjgKq18XOxhHKm0j4p0IYN9apmje1mdSYaTEKz9lFTnUDvunwJeo=
-----END CERTIFICATE-----