Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/bd431a-9706-4f38-800b-2a685f78b29d/1/ye296n7TFw2U7qCSerBkbo7SsH0.roa
File:                     ye296n7TFw2U7qCSerBkbo7SsH0.roa (raw, json)
Hash identifier:          m5pP+tHttyj1Oj+JBIbSiGDkTJLLn21rUnR9Ptw/3e0=
Subject key identifier:   C9:ED:BD:EA:7E:D3:17:0D:94:EE:A0:92:7A:B0:64:6E:8E:D2:B0:7D
Certificate issuer:       /CN=d02013f3548be3dcb3dca18d4fc93789f44f03bf
Certificate serial:       019426D9E8709D6DBF679053B60022BBE926
Authority key identifier: D0:20:13:F3:54:8B:E3:DC:B3:DC:A1:8D:4F:C9:37:89:F4:4F:03:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0CAT81SL49yz3KGNT8k3ifRPA78.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f6/bd431a-9706-4f38-800b-2a685f78b29d/1/ye296n7TFw2U7qCSerBkbo7SsH0.roa
Signing time:             Thu 02 Jan 2025 11:50:02 +0000
ROA not before:           Thu 02 Jan 2025 11:50:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     47896
IP address blocks:        185.143.116.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f6/bd431a-9706-4f38-800b-2a685f78b29d/1/0CAT81SL49yz3KGNT8k3ifRPA78.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f6/bd431a-9706-4f38-800b-2a685f78b29d/1/0CAT81SL49yz3KGNT8k3ifRPA78.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0CAT81SL49yz3KGNT8k3ifRPA78.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 18 Apr 2025 16:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:26:d9:e8:70:9d:6d:bf:67:90:53:b6:00:22:bb:e9:26
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d02013f3548be3dcb3dca18d4fc93789f44f03bf
        Validity
            Not Before: Jan  2 11:50:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9edbdea7ed3170d94eea0927ab0646e8ed2b07d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:1a:b4:e6:97:dd:d1:cd:4d:01:a8:ec:0b:be:
                    d8:56:cc:d6:25:d6:4f:4c:f2:45:62:20:89:d4:70:
                    26:f5:ae:d2:54:7f:37:83:51:2c:68:da:ed:9b:8a:
                    65:18:41:33:9f:f2:5e:56:ba:60:3f:5b:a4:d5:28:
                    ca:ef:41:ed:ea:5e:58:ae:22:d9:2d:8d:86:2e:4b:
                    dc:c3:fb:14:05:50:40:27:b3:3c:fb:14:38:d4:2b:
                    c5:ed:d6:a1:5b:26:be:53:3b:a0:a0:60:38:5a:49:
                    f0:d4:00:e3:81:60:94:58:30:e9:a8:0f:e0:bd:e1:
                    37:93:a9:fd:be:19:59:aa:37:f6:fa:4b:30:70:8c:
                    63:8d:ec:f8:19:da:f4:09:35:61:4f:5f:f1:74:dd:
                    59:80:c5:8c:72:40:5f:88:5c:9b:e8:da:70:d4:57:
                    31:1d:c9:70:cc:c6:1e:f2:68:5b:9d:69:fa:d8:16:
                    56:f4:12:ec:b9:40:81:64:2d:9b:ec:25:40:2a:08:
                    9e:96:d8:db:35:dc:de:c4:32:26:f0:4f:17:1b:08:
                    a9:d5:3a:4b:13:12:43:03:3d:f1:14:e4:2a:a5:ae:
                    00:32:c2:10:8d:76:11:51:94:6a:36:7c:d7:34:cf:
                    de:c5:2d:50:96:ac:c3:32:0a:49:43:f2:70:d0:8f:
                    3d:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:ED:BD:EA:7E:D3:17:0D:94:EE:A0:92:7A:B0:64:6E:8E:D2:B0:7D
            X509v3 Authority Key Identifier:
                keyid:D0:20:13:F3:54:8B:E3:DC:B3:DC:A1:8D:4F:C9:37:89:F4:4F:03:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0CAT81SL49yz3KGNT8k3ifRPA78.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/bd431a-9706-4f38-800b-2a685f78b29d/1/ye296n7TFw2U7qCSerBkbo7SsH0.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/bd431a-9706-4f38-800b-2a685f78b29d/1/0CAT81SL49yz3KGNT8k3ifRPA78.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.143.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9a:1f:96:17:66:a0:6f:1f:c6:b3:e4:ce:de:31:54:e4:45:1e:
         53:41:1e:fd:b0:11:26:aa:c5:0f:4e:e3:ea:a5:d7:1f:b9:d5:
         4a:f5:75:cc:93:0b:47:61:96:f2:12:b0:5d:c3:34:95:e9:6b:
         f5:92:aa:f0:17:9c:d1:22:c0:e4:d0:92:60:f7:da:19:0b:ab:
         2f:af:d2:87:db:2b:39:55:73:b4:9a:1c:5c:bc:11:dd:90:f1:
         b0:bd:fa:2a:0e:72:88:c3:50:11:2d:cd:1b:3c:4b:da:0f:a0:
         cb:d0:3a:2c:34:9d:b7:76:59:86:fa:24:d7:85:ab:aa:87:bc:
         d3:2b:6d:f7:c7:55:8c:d5:8c:7c:57:d5:60:72:cf:bc:59:bb:
         07:7f:74:ec:15:f1:14:e2:e1:97:aa:19:b1:d6:86:d6:55:64:
         e7:a2:63:a8:6d:2f:38:4a:bc:51:e6:64:de:e7:9b:78:72:65:
         ee:3a:ed:6c:f4:e3:e3:fd:30:61:60:96:87:38:4d:4d:27:59:
         e2:94:63:55:94:ea:60:87:e4:2b:33:ca:04:4c:89:47:12:58:
         b5:00:29:74:a7:8f:d5:34:a5:45:e5:96:90:eb:a8:6b:c6:d9:
         e7:55:6d:91:39:bb:6f:c7:75:4b:57:c0:0f:5b:3a:93:62:a4:
         19:10:9a:67
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZQm2ehwnW2/Z5BTtgAiu+kmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMjAxM2YzNTQ4YmUzZGNiM2RjYTE4ZDRmYzkzNzg5ZjQ0
ZjAzYmYwHhcNMjUwMTAyMTE1MDAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWVkYmRlYTdlZDMxNzBkOTRlZWEwOTI3YWIwNjQ2ZThlZDJiMDdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhq05pfd0c1NAajsC77YVszWJdZP
TPJFYiCJ1HAm9a7SVH83g1EsaNrtm4plGEEzn/JeVrpgP1uk1SjK70Ht6l5YriLZ
LY2GLkvcw/sUBVBAJ7M8+xQ41CvF7dahWya+UzugoGA4Wknw1ADjgWCUWDDpqA/g
veE3k6n9vhlZqjf2+kswcIxjjez4Gdr0CTVhT1/xdN1ZgMWMckBfiFyb6Npw1Fcx
HclwzMYe8mhbnWn62BZW9BLsuUCBZC2b7CVAKgieltjbNdzexDIm8E8XGwip1TpL
ExJDAz3xFOQqpa4AMsIQjXYRUZRqNnzXNM/exS1QlqzDMgpJQ/Jw0I89nwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMntvep+0xcNlO6gknqwZG6O0rB9MB8GA1UdIwQY
MBaAFNAgE/NUi+Pcs9yhjU/JN4n0TwO/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMENBVDgxU0w0OXl6M0tHTlQ4azNpZlJQQTc4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi9iZDQzMWEtOTcwNi00ZjM4LTgwMGIt
MmE2ODVmNzhiMjlkLzEveWUyOTZuN1RGdzJVN3FDU2VyQmtibzdTc0gwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi9iZDQzMWEtOTcwNi00ZjM4LTgwMGItMmE2ODVmNzhiMjlk
LzEvMENBVDgxU0w0OXl6M0tHTlQ4azNpZlJQQTc4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuY90MA0G
CSqGSIb3DQEBCwUAA4IBAQCaH5YXZqBvH8az5M7eMVTkRR5TQR79sBEmqsUPTuPq
pdcfudVK9XXMkwtHYZbyErBdwzSV6Wv1kqrwF5zRIsDk0JJg99oZC6svr9KH2ys5
VXO0mhxcvBHdkPGwvfoqDnKIw1ARLc0bPEvaD6DL0DosNJ23dlmG+iTXhauqh7zT
K233x1WM1Yx8V9Vgcs+8WbsHf3TsFfEU4uGXqhmx1obWVWTnomOobS84SrxR5mTe
55t4cmXuOu1s9OPj/TBhYJaHOE1NJ1nilGNVlOpgh+QrM8oETIlHEli1ACl0p4/V
NKVF5ZaQ66hrxtnnVW2RObtvx3VLV8APWzqTYqQZEJpn
-----END CERTIFICATE-----