Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/x-ypFNam44Ex8bmMEi_YpNw0fuw.roa
File:                     x-ypFNam44Ex8bmMEi_YpNw0fuw.roa (raw, json)
Hash identifier:          tV3tXNlddvZJeiOgiT78kd/ynwSRXH2x5HrUpgSwbwc=
Subject key identifier:   C7:EC:A9:14:D6:A6:E3:81:31:F1:B9:8C:12:2F:D8:A4:DC:34:7E:EC
Certificate issuer:       /CN=8d89223c1f335c0cc569359fa2dda349a2236ccb
Certificate serial:       01969341E1EDA31ABEB1D117D23C98227D72
Authority key identifier: 8D:89:22:3C:1F:33:5C:0C:C5:69:35:9F:A2:DD:A3:49:A2:23:6C:CB
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/jYkiPB8zXAzFaTWfot2jSaIjbMs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/x-ypFNam44Ex8bmMEi_YpNw0fuw.roa
Signing time:             Fri 02 May 2025 23:08:10 +0000
ROA not before:           Fri 02 May 2025 23:08:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     206119
IP address blocks:        185.213.169.0/24 maxlen: 24
                          185.213.171.0/24 maxlen: 24
                          194.0.207.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/jYkiPB8zXAzFaTWfot2jSaIjbMs.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/jYkiPB8zXAzFaTWfot2jSaIjbMs.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/jYkiPB8zXAzFaTWfot2jSaIjbMs.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Fri 09 May 2025 07:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:93:41:e1:ed:a3:1a:be:b1:d1:17:d2:3c:98:22:7d:72
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=8d89223c1f335c0cc569359fa2dda349a2236ccb
        Validity
            Not Before: May  2 23:08:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c7eca914d6a6e38131f1b98c122fd8a4dc347eec
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:ec:bb:3b:f3:2c:a5:f3:30:69:2f:02:65:86:
                    2c:b6:bd:15:cc:97:82:ad:48:d6:38:58:df:cc:18:
                    0c:f5:20:07:47:93:dc:7f:bc:81:2b:c9:69:5b:da:
                    5a:ee:01:63:ef:bc:f2:a8:8f:7e:f8:18:25:b1:48:
                    b8:3b:cf:d7:06:a3:ce:68:38:72:53:50:5c:d5:1d:
                    15:22:9f:d8:52:f3:ef:1b:16:bc:42:5f:fd:e1:43:
                    71:a9:70:1a:68:a8:3e:f0:77:5e:81:b1:8a:28:26:
                    b5:81:94:99:29:9c:67:97:e9:06:52:6f:69:65:1c:
                    8e:78:0b:47:cb:3b:4d:4a:62:e8:9d:ee:12:9f:86:
                    11:ff:2d:b4:ce:5e:5a:28:de:e8:f4:7e:2d:dd:0c:
                    c2:5a:ae:15:95:a2:29:8b:cc:b2:9c:a1:c7:41:be:
                    a2:1e:e8:29:6b:fc:2f:92:08:18:0e:57:5a:5c:c7:
                    5f:0e:03:38:d2:85:b7:2d:d7:de:e5:27:c3:c4:4a:
                    49:cd:e2:d0:c3:e7:44:dd:94:e5:df:3e:ef:45:32:
                    54:34:32:c4:75:61:bb:c2:ca:f3:e3:75:4d:ea:0d:
                    23:4d:c8:0f:5f:42:39:e8:af:2f:f1:a4:08:c4:1f:
                    d7:38:ad:2a:55:af:cf:ba:59:67:59:78:13:e9:73:
                    0d:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:EC:A9:14:D6:A6:E3:81:31:F1:B9:8C:12:2F:D8:A4:DC:34:7E:EC
            X509v3 Authority Key Identifier:
                keyid:8D:89:22:3C:1F:33:5C:0C:C5:69:35:9F:A2:DD:A3:49:A2:23:6C:CB

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jYkiPB8zXAzFaTWfot2jSaIjbMs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/x-ypFNam44Ex8bmMEi_YpNw0fuw.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/52a10d-d851-40ae-a8b0-a1028eda6383/1/jYkiPB8zXAzFaTWfot2jSaIjbMs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.213.169.0/24
                  185.213.171.0/24
                  194.0.207.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:ae:29:e7:cf:05:cd:1b:e7:4a:2e:75:15:01:4d:98:40:40:
         60:03:4f:99:97:f5:84:fd:6a:94:70:97:42:d6:f1:c9:f2:e6:
         f4:cb:53:aa:69:c3:7e:12:d8:15:0b:40:0c:84:c2:7f:b8:7a:
         95:56:c4:f9:06:aa:4c:37:14:76:bb:84:c8:85:43:89:be:b1:
         1c:d9:61:e0:64:1a:b2:0e:5e:c3:84:82:0d:50:35:57:af:22:
         f5:a0:88:e3:5b:c0:1c:61:78:27:18:a8:2d:33:a4:12:96:16:
         cd:b6:09:38:98:e6:fd:a1:b3:6d:1f:09:07:4b:cf:93:65:0a:
         c1:08:8a:f4:c6:10:04:3c:5c:aa:c6:c5:4d:49:92:10:29:18:
         60:79:27:1a:5f:21:01:8d:53:b7:e1:90:d9:c8:25:2f:b8:8a:
         a0:3c:f2:57:2f:96:ef:56:05:91:11:d6:16:85:7c:d0:20:c2:
         87:fd:b9:45:e8:e0:d9:1d:a6:2d:2e:2f:ca:b6:c1:b2:d6:8f:
         07:9d:6d:f9:ee:8b:18:0d:54:f7:1e:bf:f4:6b:2c:0e:ea:70:
         fe:7d:fd:f8:ee:25:78:fd:6e:2d:94:4f:eb:2e:fe:a7:15:2c:
         cd:91:cb:2a:81:c6:82:b1:37:93:05:a3:1f:05:bf:e4:43:0e:
         46:a3:3a:0b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZaTQeHtoxq+sdEX0jyYIn1yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkODkyMjNjMWYzMzVjMGNjNTY5MzU5ZmEyZGRhMzQ5YTIy
MzZjY2IwHhcNMjUwNTAyMjMwODEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2VjYTkxNGQ2YTZlMzgxMzFmMWI5OGMxMjJmZDhhNGRjMzQ3ZWVjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3ey7O/MspfMwaS8CZYYstr0VzJeC
rUjWOFjfzBgM9SAHR5Pcf7yBK8lpW9pa7gFj77zyqI9++BglsUi4O8/XBqPOaDhy
U1Bc1R0VIp/YUvPvGxa8Ql/94UNxqXAaaKg+8HdegbGKKCa1gZSZKZxnl+kGUm9p
ZRyOeAtHyztNSmLone4Sn4YR/y20zl5aKN7o9H4t3QzCWq4VlaIpi8yynKHHQb6i
Hugpa/wvkggYDldaXMdfDgM40oW3Ldfe5SfDxEpJzeLQw+dE3ZTl3z7vRTJUNDLE
dWG7wsrz43VN6g0jTcgPX0I56K8v8aQIxB/XOK0qVa/PullnWXgT6XMNfwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMfsqRTWpuOBMfG5jBIv2KTcNH7sMB8GA1UdIwQY
MBaAFI2JIjwfM1wMxWk1n6Ldo0miI2zLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvallraVBCOHpYQXpGYVRXZm90MmpTYUlqYk1zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy81MmExMGQtZDg1MS00MGFlLWE4YjAt
YTEwMjhlZGE2MzgzLzEveC15cEZOYW00NEV4OGJtTUVpX1lwTncwZnV3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy81MmExMGQtZDg1MS00MGFlLWE4YjAtYTEwMjhlZGE2Mzgz
LzEvallraVBCOHpYQXpGYVRXZm90MmpTYUlqYk1zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAudWpAwQA
udWrAwQAwgDPMA0GCSqGSIb3DQEBCwUAA4IBAQB/rinnzwXNG+dKLnUVAU2YQEBg
A0+Zl/WE/WqUcJdC1vHJ8ub0y1OqacN+EtgVC0AMhMJ/uHqVVsT5BqpMNxR2u4TI
hUOJvrEc2WHgZBqyDl7DhIINUDVXryL1oIjjW8AcYXgnGKgtM6QSlhbNtgk4mOb9
obNtHwkHS8+TZQrBCIr0xhAEPFyqxsVNSZIQKRhgeScaXyEBjVO34ZDZyCUvuIqg
PPJXL5bvVgWREdYWhXzQIMKH/blF6ODZHaYtLi/KtsGy1o8HnW357osYDVT3Hr/0
aywO6nD+ff347iV4/W4tlE/rLv6nFSzNkcsqgcaCsTeTBaMfBb/kQw5GozoL
-----END CERTIFICATE-----