Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/yAX7kXvWm92680l11R9uBAFGQnY.roa
File:                     yAX7kXvWm92680l11R9uBAFGQnY.roa (raw, json)
Hash identifier:          PzHY/wJJLxlCCbW9yVair3ky9z1XDsrY5r4NVGBKmjU=
Subject key identifier:   C8:05:FB:91:7B:D6:9B:DD:BA:F3:49:75:D5:1F:6E:04:01:46:42:76
Certificate issuer:       /CN=0f2f8b2b94721e928f6188b5cf15053144dedf8c
Certificate serial:       0196AF2E51ABD14AFD5F1268C40B7089A8B3
Authority key identifier: 0F:2F:8B:2B:94:72:1E:92:8F:61:88:B5:CF:15:05:31:44:DE:DF:8C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Dy-LK5RyHpKPYYi1zxUFMUTe34w.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/yAX7kXvWm92680l11R9uBAFGQnY.roa
Signing time:             Thu 08 May 2025 09:16:10 +0000
ROA not before:           Thu 08 May 2025 09:16:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     202777
IP address blocks:        185.235.141.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/Dy-LK5RyHpKPYYi1zxUFMUTe34w.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/Dy-LK5RyHpKPYYi1zxUFMUTe34w.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/Dy-LK5RyHpKPYYi1zxUFMUTe34w.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 13 May 2025 10:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:af:2e:51:ab:d1:4a:fd:5f:12:68:c4:0b:70:89:a8:b3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=0f2f8b2b94721e928f6188b5cf15053144dedf8c
        Validity
            Not Before: May  8 09:16:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c805fb917bd69bddbaf34975d51f6e0401464276
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:0d:bb:76:4a:8e:6e:53:f5:9b:15:2a:2f:2a:
                    40:e8:ab:58:86:88:a2:7b:72:ab:64:cb:3c:31:2f:
                    53:f1:51:2e:68:ad:e2:19:9a:21:59:fa:59:b9:44:
                    e9:1c:a4:b6:93:ba:26:fe:23:85:5b:68:c0:18:f8:
                    b4:8c:8c:cf:5b:50:24:3c:69:73:3d:6b:39:7e:47:
                    aa:df:58:35:65:2d:05:a9:56:2a:0c:b5:47:c0:4b:
                    0f:60:c6:ad:1c:6c:4a:b4:4f:96:4d:c9:3e:70:39:
                    e3:21:4e:be:3e:dc:a1:24:bf:c4:a7:9d:77:34:10:
                    0b:48:63:e6:08:24:ab:d2:b9:05:53:86:2a:2e:93:
                    a7:cd:2b:fa:c6:84:db:f0:ae:9b:37:e4:8f:09:71:
                    7b:8a:15:fc:df:65:32:4d:5d:d2:aa:5d:eb:da:81:
                    62:08:3e:86:cb:26:3f:19:65:41:5e:55:03:0a:f2:
                    1f:04:65:0e:b2:1f:77:97:5d:45:eb:57:0a:f4:e4:
                    f0:7d:2d:56:87:96:09:11:e7:04:d8:48:d3:9d:a1:
                    b8:87:78:d9:a9:b0:08:db:08:16:69:9c:7d:be:aa:
                    7a:d3:c7:a9:de:b7:40:df:d5:bd:d6:6d:39:b1:b8:
                    77:2e:d4:47:3a:59:7a:d9:ed:4b:49:3b:2e:00:49:
                    9e:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C8:05:FB:91:7B:D6:9B:DD:BA:F3:49:75:D5:1F:6E:04:01:46:42:76
            X509v3 Authority Key Identifier:
                keyid:0F:2F:8B:2B:94:72:1E:92:8F:61:88:B5:CF:15:05:31:44:DE:DF:8C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Dy-LK5RyHpKPYYi1zxUFMUTe34w.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/yAX7kXvWm92680l11R9uBAFGQnY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/7b/4e5902-e283-4916-a33c-7226a8845e01/1/Dy-LK5RyHpKPYYi1zxUFMUTe34w.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.235.141.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:9d:d2:d9:24:19:47:16:07:1e:8e:de:9a:91:b9:8e:dc:ab:
         b5:bb:4c:7b:ba:a3:7f:30:18:7b:c1:7a:11:e1:2e:68:55:49:
         85:64:af:67:c8:99:87:f1:dd:58:4f:45:45:8f:52:56:5a:a0:
         81:10:be:c2:dc:fe:20:52:ff:4c:ae:43:38:9b:8f:f7:f5:e8:
         15:d8:25:94:05:5d:ec:b2:ed:fa:b8:27:88:ae:9f:93:97:11:
         c9:f2:f8:a4:6c:ac:2b:d2:e5:36:81:73:b5:d6:7c:6a:eb:27:
         18:a0:0c:26:96:2e:d1:14:2e:a9:85:32:a5:13:dc:be:2b:17:
         a3:bd:75:3e:2c:6d:77:2b:5e:ff:45:05:ee:d5:ae:ae:e1:4b:
         55:b8:0e:80:2c:5c:bf:57:40:9d:cb:e1:bb:54:25:c9:83:e9:
         f0:b5:87:5f:d4:c9:23:11:cc:3c:af:06:89:5e:ea:5e:6e:97:
         eb:70:d0:3a:c1:fd:05:59:62:46:26:ad:9b:d3:71:5b:4e:f5:
         e9:a2:49:bd:f2:e8:ef:a8:94:2e:69:f9:14:2a:c9:57:f3:9b:
         13:2b:2f:71:77:2c:fa:87:84:24:68:34:58:77:a8:0e:2b:4e:
         2f:26:fb:27:38:ec:5f:e5:df:f9:77:02:9f:74:cc:46:47:ff:
         40:34:88:06
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZavLlGr0Ur9XxJoxAtwiaizMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBmMmY4YjJiOTQ3MjFlOTI4ZjYxODhiNWNmMTUwNTMxNDRk
ZWRmOGMwHhcNMjUwNTA4MDkxNjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODA1ZmI5MTdiZDY5YmRkYmFmMzQ5NzVkNTFmNmUwNDAxNDY0Mjc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6A27dkqOblP1mxUqLypA6KtYhoii
e3KrZMs8MS9T8VEuaK3iGZohWfpZuUTpHKS2k7om/iOFW2jAGPi0jIzPW1AkPGlz
PWs5fkeq31g1ZS0FqVYqDLVHwEsPYMatHGxKtE+WTck+cDnjIU6+PtyhJL/Ep513
NBALSGPmCCSr0rkFU4YqLpOnzSv6xoTb8K6bN+SPCXF7ihX832UyTV3Sql3r2oFi
CD6GyyY/GWVBXlUDCvIfBGUOsh93l11F61cK9OTwfS1Wh5YJEecE2EjTnaG4h3jZ
qbAI2wgWaZx9vqp608ep3rdA39W91m05sbh3LtRHOll62e1LSTsuAEmegwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMgF+5F71pvduvNJddUfbgQBRkJ2MB8GA1UdIwQY
MBaAFA8viyuUch6Sj2GItc8VBTFE3t+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRHktTEs1UnlIcEtQWVlpMXp4VUZNVVRlMzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yi80ZTU5MDItZTI4My00OTE2LWEzM2Mt
NzIyNmE4ODQ1ZTAxLzEveUFYN2tYdldtOTI2ODBsMTFSOXVCQUZHUW5ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yi80ZTU5MDItZTI4My00OTE2LWEzM2MtNzIyNmE4ODQ1ZTAx
LzEvRHktTEs1UnlIcEtQWVlpMXp4VUZNVVRlMzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAueuNMA0G
CSqGSIb3DQEBCwUAA4IBAQAandLZJBlHFgcejt6akbmO3Ku1u0x7uqN/MBh7wXoR
4S5oVUmFZK9nyJmH8d1YT0VFj1JWWqCBEL7C3P4gUv9MrkM4m4/39egV2CWUBV3s
su36uCeIrp+TlxHJ8vikbKwr0uU2gXO11nxq6ycYoAwmli7RFC6phTKlE9y+Kxej
vXU+LG13K17/RQXu1a6u4UtVuA6ALFy/V0Cdy+G7VCXJg+nwtYdf1MkjEcw8rwaJ
XupebpfrcNA6wf0FWWJGJq2b03FbTvXpokm98ujvqJQuafkUKslX85sTKy9xdyz6
h4QkaDRYd6gOK04vJvsnOOxf5d/5dwKfdMxGR/9ANIgG
-----END CERTIFICATE-----