Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fe/ab36a0-04ec-4190-b59d-2a0e45862c03/1/YlLGMMGfzp4BFnoZ0HiHBmcAlqs.roa
File:                     YlLGMMGfzp4BFnoZ0HiHBmcAlqs.roa (raw, json)
Hash identifier:          imBK0lUnHzFl1op2tHfNsjuMR3mqpTEborDSGd19hUM=
Subject key identifier:   62:52:C6:30:C1:9F:CE:9E:01:16:7A:19:D0:78:87:06:67:00:96:AB
Certificate issuer:       /CN=47119a205683167925b9f04174312637b1600c07
Certificate serial:       01941F8C6650FF9C43EF575713793F571198
Authority key identifier: 47:11:9A:20:56:83:16:79:25:B9:F0:41:74:31:26:37:B1:60:0C:07
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RxGaIFaDFnklufBBdDEmN7FgDAc.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fe/ab36a0-04ec-4190-b59d-2a0e45862c03/1/YlLGMMGfzp4BFnoZ0HiHBmcAlqs.roa
Signing time:             Wed 01 Jan 2025 01:48:02 +0000
ROA not before:           Wed 01 Jan 2025 01:48:02 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     15600
IP address blocks:        5.144.0.0/19 maxlen: 24
                          185.74.124.0/22 maxlen: 24
                          2a00:d4a0::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fe/ab36a0-04ec-4190-b59d-2a0e45862c03/1/RxGaIFaDFnklufBBdDEmN7FgDAc.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fe/ab36a0-04ec-4190-b59d-2a0e45862c03/1/RxGaIFaDFnklufBBdDEmN7FgDAc.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RxGaIFaDFnklufBBdDEmN7FgDAc.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 12 Apr 2025 11:00:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:1f:8c:66:50:ff:9c:43:ef:57:57:13:79:3f:57:11:98
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=47119a205683167925b9f04174312637b1600c07
        Validity
            Not Before: Jan  1 01:48:02 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6252c630c19fce9e01167a19d0788706670096ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8f:a5:e0:4f:59:12:cb:9f:37:fa:6d:0a:a2:28:
                    05:6c:cf:02:7a:34:c2:93:a7:40:e9:8c:a7:6b:cf:
                    51:d7:01:09:47:7c:5e:49:01:55:96:27:46:5e:d8:
                    38:5f:be:a5:8d:3a:25:0d:70:b3:d0:a0:6a:e2:b0:
                    ec:eb:eb:d6:f9:78:b2:51:cf:8e:b2:93:b8:35:8c:
                    a8:0f:ee:ff:37:84:4d:77:64:69:24:39:38:b3:7c:
                    d6:b8:f3:0c:e8:3c:8c:e2:f1:31:e2:ab:04:47:79:
                    bc:88:e6:34:14:dc:e8:8f:69:dd:f5:00:98:29:41:
                    c8:20:91:c3:46:af:26:5a:d5:62:3e:55:c2:8a:56:
                    f4:08:88:47:e0:73:75:d6:8b:10:58:fb:5b:6d:c2:
                    5c:82:92:d9:c4:5b:1e:c6:5d:f8:69:1d:e8:0d:7e:
                    cf:d4:5a:b2:4a:eb:da:91:ff:36:a6:2f:a0:06:ca:
                    f4:ab:23:69:24:77:0b:3f:59:3f:d6:ab:c4:ba:d3:
                    ba:87:85:2f:c0:7e:a0:35:90:6d:23:c7:52:8a:36:
                    b7:3f:a8:bb:ab:0c:cd:df:c0:41:57:fb:3f:a7:61:
                    de:4a:90:d5:27:b9:06:f1:9e:32:60:ab:ec:3f:61:
                    25:7e:6d:02:3d:fe:06:bb:5f:79:a3:22:8a:11:39:
                    aa:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                62:52:C6:30:C1:9F:CE:9E:01:16:7A:19:D0:78:87:06:67:00:96:AB
            X509v3 Authority Key Identifier:
                keyid:47:11:9A:20:56:83:16:79:25:B9:F0:41:74:31:26:37:B1:60:0C:07

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RxGaIFaDFnklufBBdDEmN7FgDAc.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/ab36a0-04ec-4190-b59d-2a0e45862c03/1/YlLGMMGfzp4BFnoZ0HiHBmcAlqs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fe/ab36a0-04ec-4190-b59d-2a0e45862c03/1/RxGaIFaDFnklufBBdDEmN7FgDAc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.144.0.0/19
                  185.74.124.0/22
                IPv6:
                  2a00:d4a0::/29

    Signature Algorithm: sha256WithRSAEncryption
         be:bf:4e:4d:6c:26:51:52:cb:51:e3:df:14:f4:d6:da:07:47:
         65:79:2e:54:80:42:8f:a0:53:15:be:74:27:37:c3:ef:71:2b:
         d4:e3:d3:95:a5:89:9b:60:26:39:c4:47:01:8a:8a:e7:f0:03:
         fc:c4:93:b8:ff:6f:52:d4:a2:bc:fa:71:fb:22:bb:44:89:c2:
         bc:a3:47:46:2e:7b:8c:bc:8c:ee:2a:e2:24:1c:3c:82:d4:44:
         af:61:ea:64:2c:83:39:44:05:e8:cf:6e:a2:01:17:52:1d:b5:
         2c:73:1d:2b:82:18:6b:2c:4d:a4:75:98:3b:cf:38:8e:01:ce:
         f0:ca:75:f1:8f:9b:18:06:12:ea:74:d9:fd:49:51:4a:ed:d0:
         32:cb:9e:98:e8:77:19:01:af:d8:a1:4f:e2:cd:d9:1c:5f:00:
         c5:a6:35:09:7d:d5:7d:8d:5b:4c:a2:82:42:b1:57:a2:39:28:
         17:01:6d:83:ad:3f:60:0d:fd:ba:65:96:ad:8e:52:0e:dc:ab:
         a2:26:cb:5b:cf:f9:c1:e9:70:9d:43:09:c3:9e:ee:40:2e:ab:
         0e:bb:88:84:6b:2c:cd:ae:c0:2c:d3:61:b1:6d:54:c9:50:bb:
         cf:40:2a:10:48:19:9d:e4:ee:f0:0c:22:df:fd:fa:9a:ab:4a:
         af:0f:8c:03
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZQfjGZQ/5xD71dXE3k/VxGYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ3MTE5YTIwNTY4MzE2NzkyNWI5ZjA0MTc0MzEyNjM3YjE2
MDBjMDcwHhcNMjUwMTAxMDE0ODAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjUyYzYzMGMxOWZjZTllMDExNjdhMTlkMDc4ODcwNjY3MDA5NmFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6XgT1kSy583+m0KoigFbM8CejTC
k6dA6Yyna89R1wEJR3xeSQFVlidGXtg4X76ljTolDXCz0KBq4rDs6+vW+XiyUc+O
spO4NYyoD+7/N4RNd2RpJDk4s3zWuPMM6DyM4vEx4qsER3m8iOY0FNzoj2nd9QCY
KUHIIJHDRq8mWtViPlXCilb0CIhH4HN11osQWPtbbcJcgpLZxFsexl34aR3oDX7P
1FqySuvakf82pi+gBsr0qyNpJHcLP1k/1qvEutO6h4UvwH6gNZBtI8dSija3P6i7
qwzN38BBV/s/p2HeSpDVJ7kG8Z4yYKvsP2Elfm0CPf4Gu195oyKKETmqaQIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFGJSxjDBn86eARZ6GdB4hwZnAJarMB8GA1UdIwQY
MBaAFEcRmiBWgxZ5JbnwQXQxJjexYAwHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUnhHYUlGYURGbmtsdWZCQmRERW1ON0ZnREFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZS9hYjM2YTAtMDRlYy00MTkwLWI1OWQt
MmEwZTQ1ODYyYzAzLzEvWWxMR01NR2Z6cDRCRm5vWjBIaUhCbWNBbHFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZS9hYjM2YTAtMDRlYy00MTkwLWI1OWQtMmEwZTQ1ODYyYzAz
LzEvUnhHYUlGYURGbmtsdWZCQmRERW1ON0ZnREFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQFBZAAAwQC
uUp8MA0EAgACMAcDBQMqANSgMA0GCSqGSIb3DQEBCwUAA4IBAQC+v05NbCZRUstR
498U9NbaB0dleS5UgEKPoFMVvnQnN8PvcSvU49OVpYmbYCY5xEcBiorn8AP8xJO4
/29S1KK8+nH7IrtEicK8o0dGLnuMvIzuKuIkHDyC1ESvYepkLIM5RAXoz26iARdS
HbUscx0rghhrLE2kdZg7zziOAc7wynXxj5sYBhLqdNn9SVFK7dAyy56Y6HcZAa/Y
oU/izdkcXwDFpjUJfdV9jVtMooJCsVeiOSgXAW2DrT9gDf26ZZatjlIO3KuiJstb
z/nB6XCdQwnDnu5ALqsOu4iEayzNrsAs02GxbVTJULvPQCoQSBmd5O7wDCLf/fqa
q0qvD4wD
-----END CERTIFICATE-----