Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/YfG3Zer9S1-dTwVZ058bt2jGz7A.roa
File:                     YfG3Zer9S1-dTwVZ058bt2jGz7A.roa (raw, json)
Hash identifier:          2aerzGz5WDeQmLCPvnO2oE90pi2KsboywKSSiTQQgEI=
Subject key identifier:   61:F1:B7:65:EA:FD:4B:5F:9D:4F:05:59:D3:9F:1B:B7:68:C6:CF:B0
Certificate issuer:       /CN=86cb742a03bc9c85507217a25204dfff82fccdf9
Certificate serial:       019421B23B012E25BB89CAFE4BD821B15550
Authority key identifier: 86:CB:74:2A:03:BC:9C:85:50:72:17:A2:52:04:DF:FF:82:FC:CD:F9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/hst0KgO8nIVQcheiUgTf_4L8zfk.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/YfG3Zer9S1-dTwVZ058bt2jGz7A.roa
Signing time:             Wed 01 Jan 2025 11:48:36 +0000
ROA not before:           Wed 01 Jan 2025 11:48:36 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     50867
IP address blocks:        80.85.155.0/24 maxlen: 24
                          2a0a:eec0:1::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/hst0KgO8nIVQcheiUgTf_4L8zfk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/hst0KgO8nIVQcheiUgTf_4L8zfk.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/hst0KgO8nIVQcheiUgTf_4L8zfk.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 01:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:21:b2:3b:01:2e:25:bb:89:ca:fe:4b:d8:21:b1:55:50
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=86cb742a03bc9c85507217a25204dfff82fccdf9
        Validity
            Not Before: Jan  1 11:48:36 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61f1b765eafd4b5f9d4f0559d39f1bb768c6cfb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b2:54:23:f8:70:63:20:52:b3:6c:7f:c8:08:
                    82:47:1d:20:13:81:c3:18:77:d9:f2:63:4c:ec:c9:
                    ba:0d:f4:2d:81:46:87:b1:5d:51:57:40:e2:95:95:
                    aa:22:4c:de:38:c9:dc:ee:00:73:8d:37:c5:e3:62:
                    3a:03:eb:5b:7e:0e:a8:11:1b:5a:cc:d2:88:09:54:
                    7f:49:d5:18:c2:cb:44:5e:79:d0:78:b4:77:ed:cb:
                    1a:cc:36:8b:6e:6f:a9:b5:c6:05:67:57:c6:2d:77:
                    eb:f7:02:5a:64:b0:a6:e3:e3:49:e7:df:7b:ee:12:
                    55:0d:b8:8d:7f:2d:03:80:74:85:ef:e1:ef:c7:3a:
                    f7:95:f1:36:85:47:53:20:8f:5f:e1:a7:61:bc:05:
                    9c:19:4c:da:05:50:84:8a:7f:30:80:f2:96:03:5e:
                    ab:1a:8c:8d:9f:66:06:18:d9:ac:3d:5b:1b:d5:cb:
                    08:86:a4:99:a4:18:57:15:e4:00:37:33:bb:b8:5e:
                    7c:c1:18:dd:1d:14:46:ad:1a:75:20:23:5a:35:21:
                    a6:a1:6c:5d:64:01:ed:20:d7:f9:27:18:ff:90:33:
                    15:9e:38:8e:a4:5e:7b:be:fb:c4:f7:de:b4:da:e3:
                    8d:2c:12:8d:85:a6:f0:72:3a:7e:9d:18:49:29:47:
                    f4:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:F1:B7:65:EA:FD:4B:5F:9D:4F:05:59:D3:9F:1B:B7:68:C6:CF:B0
            X509v3 Authority Key Identifier:
                keyid:86:CB:74:2A:03:BC:9C:85:50:72:17:A2:52:04:DF:FF:82:FC:CD:F9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/hst0KgO8nIVQcheiUgTf_4L8zfk.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/YfG3Zer9S1-dTwVZ058bt2jGz7A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f9/767ae5-b9a2-4993-81a8-05f18fc212a7/1/hst0KgO8nIVQcheiUgTf_4L8zfk.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  80.85.155.0/24
                IPv6:
                  2a0a:eec0:1::/48

    Signature Algorithm: sha256WithRSAEncryption
         c5:22:01:62:1a:7f:a0:92:2e:c5:db:a9:90:a4:77:a5:04:82:
         fc:15:43:7f:56:b8:ad:49:90:c7:a6:a5:7c:26:bc:7d:a6:e4:
         b3:48:6f:36:8f:5c:50:91:e4:9c:36:a5:b5:5b:0a:a9:1f:12:
         9d:f7:22:d6:8a:f2:68:e5:77:43:7c:cf:50:31:71:88:fe:56:
         0e:d7:43:b8:0f:f1:d1:58:95:f6:1a:65:5e:8f:d2:a2:81:14:
         84:f8:b1:45:1c:65:a2:c1:3f:80:41:a3:86:96:1d:73:e9:1a:
         fa:38:ef:da:65:c7:d8:66:3c:62:8f:4c:ca:c6:ea:ac:62:df:
         5c:c7:fe:dd:02:c2:fd:a1:b6:36:dc:dc:02:48:7d:47:05:56:
         ea:4f:ff:2c:e8:20:3e:88:c5:15:ad:59:07:88:48:0d:12:e7:
         d3:64:d9:f6:62:ac:c1:3d:f0:27:46:66:c7:48:6e:74:cf:a1:
         d6:33:16:0f:3a:ea:ef:7f:02:bf:e4:23:c4:91:8a:2f:48:33:
         85:14:28:ea:cc:4f:ea:c4:63:6b:90:cb:f2:b9:85:ec:dc:42:
         83:47:c6:5d:99:dc:b5:a2:c4:85:48:8d:a2:2e:ac:c3:72:78:
         e7:71:db:87:ef:7b:b0:ce:69:7d:cc:da:b0:a7:b3:79:b8:58:
         97:71:dc:61
-----BEGIN CERTIFICATE-----
MIIFDjCCA/agAwIBAgISAZQhsjsBLiW7icr+S9ghsVVQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDg2Y2I3NDJhMDNiYzljODU1MDcyMTdhMjUyMDRkZmZmODJm
Y2NkZjkwHhcNMjUwMTAxMTE0ODM2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWYxYjc2NWVhZmQ0YjVmOWQ0ZjA1NTlkMzlmMWJiNzY4YzZjZmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnLJUI/hwYyBSs2x/yAiCRx0gE4HD
GHfZ8mNM7Mm6DfQtgUaHsV1RV0DilZWqIkzeOMnc7gBzjTfF42I6A+tbfg6oERta
zNKICVR/SdUYwstEXnnQeLR37csazDaLbm+ptcYFZ1fGLXfr9wJaZLCm4+NJ5997
7hJVDbiNfy0DgHSF7+Hvxzr3lfE2hUdTII9f4adhvAWcGUzaBVCEin8wgPKWA16r
GoyNn2YGGNmsPVsb1csIhqSZpBhXFeQANzO7uF58wRjdHRRGrRp1ICNaNSGmoWxd
ZAHtINf5Jxj/kDMVnjiOpF57vvvE99602uONLBKNhabwcjp+nRhJKUf0owIDAQAB
o4ICGjCCAhYwHQYDVR0OBBYEFGHxt2Xq/UtfnU8FWdOfG7doxs+wMB8GA1UdIwQY
MBaAFIbLdCoDvJyFUHIXolIE3/+C/M35MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaHN0MEtnTzhuSVZRY2hlaVVnVGZfNEw4emZrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOS83NjdhZTUtYjlhMi00OTkzLTgxYTgt
MDVmMThmYzIxMmE3LzEvWWZHM1plcjlTMS1kVHdWWjA1OGJ0MmpHejdBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOS83NjdhZTUtYjlhMi00OTkzLTgxYTgtMDVmMThmYzIxMmE3
LzEvaHN0MEtnTzhuSVZRY2hlaVVnVGZfNEw4emZrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDAGCCsGAQUFBwEHAQH/BCEwHzAMBAIAATAGAwQAUFWbMA8E
AgACMAkDBwAqCu7AAAEwDQYJKoZIhvcNAQELBQADggEBAMUiAWIaf6CSLsXbqZCk
d6UEgvwVQ39WuK1JkMempXwmvH2m5LNIbzaPXFCR5Jw2pbVbCqkfEp33ItaK8mjl
d0N8z1AxcYj+Vg7XQ7gP8dFYlfYaZV6P0qKBFIT4sUUcZaLBP4BBo4aWHXPpGvo4
79plx9hmPGKPTMrG6qxi31zH/t0Cwv2htjbc3AJIfUcFVupP/yzoID6IxRWtWQeI
SA0S59Nk2fZirME98CdGZsdIbnTPodYzFg866u9/Ar/kI8SRii9IM4UUKOrMT+rE
Y2uQy/K5hezcQoNHxl2Z3LWixIVIjaIurMNyeOdx24fve7DOaX3M2rCns3m4WJdx
3GE=
-----END CERTIFICATE-----