Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/yUoBCuAM3eeeS5PJtpm_h3BonbI.roa
File:                     yUoBCuAM3eeeS5PJtpm_h3BonbI.roa (raw, json)
Hash identifier:          Yanbkga/qe67IvnuSRaM/Q9sdhNyEQ9ebYUC/TCNJFQ=
Subject key identifier:   C9:4A:01:0A:E0:0C:DD:E7:9E:4B:93:C9:B6:99:BF:87:70:68:9D:B2
Certificate issuer:       /CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
Certificate serial:       0194CCDBD52D78A486712A466A353AAF26A3
Authority key identifier: 95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/yUoBCuAM3eeeS5PJtpm_h3BonbI.roa
Signing time:             Mon 03 Feb 2025 17:29:06 +0000
ROA not before:           Mon 03 Feb 2025 17:29:06 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     7029
IP address blocks:        185.37.103.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 06 Apr 2025 13:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:cc:db:d5:2d:78:a4:86:71:2a:46:6a:35:3a:af:26:a3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=9522ab67922ce0275e8c61abfa82d2a754af6dc4
        Validity
            Not Before: Feb  3 17:29:06 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c94a010ae00cdde79e4b93c9b699bf8770689db2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:1e:11:b8:29:75:aa:32:6b:77:4c:ce:c3:ba:
                    19:6d:c7:fb:6f:c6:6d:e2:54:49:39:62:a9:ae:fa:
                    88:33:61:68:e1:76:06:2b:47:9f:31:db:f0:fd:41:
                    67:01:47:ab:dd:ac:ae:ee:d7:62:3d:b6:86:0a:a2:
                    93:47:d5:13:ef:5d:0d:bb:ab:1b:46:10:60:1e:0d:
                    74:2f:f6:85:4a:a1:9b:4b:e9:3d:fe:1c:9e:38:99:
                    ef:39:61:ba:74:c2:a2:14:42:9e:01:51:3b:5b:e7:
                    5a:33:77:32:75:eb:78:ff:62:90:05:8c:33:e5:1c:
                    da:0f:19:dc:9c:57:1b:12:45:b1:6d:c9:92:7e:2f:
                    d8:20:4d:8e:99:13:a5:cf:56:4a:a8:60:ee:17:94:
                    85:c1:76:6b:af:74:76:f0:55:4c:00:10:32:ca:a1:
                    8e:fc:41:d6:60:ea:0c:ae:38:c5:cd:f7:44:98:74:
                    04:4a:33:fc:70:d6:19:2a:e1:5a:40:b5:ff:29:be:
                    65:da:17:43:b0:28:c5:3b:50:a3:a1:79:44:3c:72:
                    a8:82:52:7a:43:93:f9:0b:61:d8:f7:4e:04:0e:0b:
                    fc:18:1e:0a:14:d1:bc:f3:9b:01:e8:d9:17:42:2c:
                    65:45:97:d3:86:ca:cf:c8:e4:0b:e4:c8:19:64:90:
                    06:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:4A:01:0A:E0:0C:DD:E7:9E:4B:93:C9:B6:99:BF:87:70:68:9D:B2
            X509v3 Authority Key Identifier:
                keyid:95:22:AB:67:92:2C:E0:27:5E:8C:61:AB:FA:82:D2:A7:54:AF:6D:C4

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/yUoBCuAM3eeeS5PJtpm_h3BonbI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/68918e-e9da-406b-9931-e526a9409fb8/1/lSKrZ5Is4CdejGGr-oLSp1SvbcQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.37.103.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0d:74:3f:c1:f0:16:ca:13:15:04:34:4e:59:38:38:2b:96:54:
         4b:7a:6d:74:a8:37:b9:ee:4c:05:de:e1:20:46:90:ec:94:6f:
         e1:ef:67:40:5b:89:d9:bf:05:09:cf:fd:12:e0:5a:32:c6:ca:
         85:94:6c:6e:9f:f8:f7:1f:13:8b:f8:6a:1b:4a:58:8c:cb:eb:
         bc:5a:70:6c:8f:c9:32:f0:66:48:78:43:76:e5:a0:00:4d:e3:
         6c:7e:7b:0c:f8:74:1e:5f:a3:a8:aa:b9:a8:35:39:ab:4a:c0:
         dc:82:ff:dd:59:51:6f:1b:61:6f:1f:28:57:c7:d1:63:73:b0:
         25:7f:02:16:39:80:0b:e5:02:97:af:a7:cf:ac:ec:15:34:53:
         6a:f7:c4:81:b5:8d:c5:4a:5d:05:68:2f:9d:e9:4b:0e:70:2b:
         2e:e8:af:8c:31:f4:f2:7f:9b:24:5c:c1:fc:dc:2f:12:50:a1:
         46:41:ac:09:5a:cc:99:72:54:07:9d:77:45:6e:dd:a9:24:fb:
         50:47:f4:a6:dd:d3:a3:72:1f:70:09:79:a8:58:7e:84:54:b9:
         f6:e4:f4:5c:39:3a:d9:b3:b5:ad:49:5b:53:ee:5c:e8:bb:e5:
         c1:34:b0:5d:ab:a1:75:84:8a:96:58:e8:c4:9b:f9:96:4d:6d:
         e2:5e:3c:59
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZTM29UteKSGcSpGajU6ryajMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1MjJhYjY3OTIyY2UwMjc1ZThjNjFhYmZhODJkMmE3NTRh
ZjZkYzQwHhcNMjUwMjAzMTcyOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTRhMDEwYWUwMGNkZGU3OWU0YjkzYzliNjk5YmY4NzcwNjg5ZGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuh4RuCl1qjJrd0zOw7oZbcf7b8Zt
4lRJOWKprvqIM2Fo4XYGK0efMdvw/UFnAUer3ayu7tdiPbaGCqKTR9UT710Nu6sb
RhBgHg10L/aFSqGbS+k9/hyeOJnvOWG6dMKiFEKeAVE7W+daM3cydet4/2KQBYwz
5RzaDxncnFcbEkWxbcmSfi/YIE2OmROlz1ZKqGDuF5SFwXZrr3R28FVMABAyyqGO
/EHWYOoMrjjFzfdEmHQESjP8cNYZKuFaQLX/Kb5l2hdDsCjFO1CjoXlEPHKoglJ6
Q5P5C2HY904EDgv8GB4KFNG885sB6NkXQixlRZfThsrPyOQL5MgZZJAG+wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMlKAQrgDN3nnkuTybaZv4dwaJ2yMB8GA1UdIwQY
MBaAFJUiq2eSLOAnXoxhq/qC0qdUr23EMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEt
ZTUyNmE5NDA5ZmI4LzEveVVvQkN1QU0zZWVlUzVQSnRwbV9oM0JvbmJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy82ODkxOGUtZTlkYS00MDZiLTk5MzEtZTUyNmE5NDA5ZmI4
LzEvbFNLclo1SXM0Q2RlakdHci1vTFNwMVN2YmNRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSVnMA0G
CSqGSIb3DQEBCwUAA4IBAQANdD/B8BbKExUENE5ZODgrllRLem10qDe57kwF3uEg
RpDslG/h72dAW4nZvwUJz/0S4FoyxsqFlGxun/j3HxOL+GobSliMy+u8WnBsj8ky
8GZIeEN25aAATeNsfnsM+HQeX6OoqrmoNTmrSsDcgv/dWVFvG2FvHyhXx9Fjc7Al
fwIWOYAL5QKXr6fPrOwVNFNq98SBtY3FSl0FaC+d6UsOcCsu6K+MMfTyf5skXMH8
3C8SUKFGQawJWsyZclQHnXdFbt2pJPtQR/Sm3dOjch9wCXmoWH6EVLn25PRcOTrZ
s7WtSVtT7lzou+XBNLBdq6F1hIqWWOjEm/mWTW3iXjxZ
-----END CERTIFICATE-----