Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/yqtdEEtgM3EFaxI1zaDUepvHEZY.roa
File:                     yqtdEEtgM3EFaxI1zaDUepvHEZY.roa (raw, json)
Hash identifier:          1hGkMMEEtL9oO4wGZzULJyQngk/gmMmeSiz/bOTdit8=
Subject key identifier:   CA:AB:5D:10:4B:60:33:71:05:6B:12:35:CD:A0:D4:7A:9B:C7:11:96
Certificate issuer:       /CN=3e6097698686e1555f51f6c883bc5a58549b2362
Certificate serial:       0196572DF0C92EB71443EB9EA0A68C807AD5
Authority key identifier: 3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/yqtdEEtgM3EFaxI1zaDUepvHEZY.roa
Signing time:             Mon 21 Apr 2025 07:09:10 +0000
ROA not before:           Mon 21 Apr 2025 07:09:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211301
IP address blocks:        5.175.249.0/24 maxlen: 24
                          77.90.57.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 01 May 2025 13:16:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:57:2d:f0:c9:2e:b7:14:43:eb:9e:a0:a6:8c:80:7a:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3e6097698686e1555f51f6c883bc5a58549b2362
        Validity
            Not Before: Apr 21 07:09:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=caab5d104b603371056b1235cda0d47a9bc71196
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:ad:5d:c3:2f:59:e3:5a:7d:b7:c6:ea:5a:de:
                    15:a6:d5:40:e0:0a:dc:d7:29:7e:4a:ae:47:47:c3:
                    26:5d:80:f0:a6:1b:f7:fb:c2:97:5a:a5:be:54:f7:
                    4c:18:2a:f4:ce:b4:6e:3f:74:e0:a1:5e:f2:32:9f:
                    93:d3:66:85:d7:ee:d7:2e:5d:60:9c:94:68:e3:1d:
                    9d:98:6b:32:d4:cb:30:5c:79:72:39:88:75:7b:f2:
                    4b:39:7d:43:3f:74:43:b0:64:a9:57:75:f4:93:92:
                    18:28:42:ba:85:40:81:f2:0e:66:54:77:c6:9e:87:
                    0e:93:e0:0a:ca:01:22:1e:dd:d8:46:c8:03:6f:b5:
                    4a:56:c3:7e:50:02:78:5a:68:83:fa:f1:a6:d7:db:
                    fc:f4:62:de:05:6c:c9:76:1b:ee:f5:e8:bc:58:77:
                    cb:2a:7e:28:bf:ad:4e:04:d7:42:5b:86:8b:cb:b4:
                    7a:b7:3e:73:32:f9:3d:b0:f5:70:37:c6:a9:10:bf:
                    a3:67:e0:c7:7f:45:a6:32:8b:68:be:25:86:31:5e:
                    7a:3b:15:9d:20:f6:ce:17:13:2b:9b:fd:50:03:be:
                    ee:ce:89:d7:a5:68:27:84:67:d1:1d:4c:1c:07:15:
                    31:84:50:8d:5a:d6:3d:2e:8e:c1:11:4e:a4:09:4e:
                    0a:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:AB:5D:10:4B:60:33:71:05:6B:12:35:CD:A0:D4:7A:9B:C7:11:96
            X509v3 Authority Key Identifier:
                keyid:3E:60:97:69:86:86:E1:55:5F:51:F6:C8:83:BC:5A:58:54:9B:23:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PmCXaYaG4VVfUfbIg7xaWFSbI2I.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/yqtdEEtgM3EFaxI1zaDUepvHEZY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/10/965837-52cb-46b4-aedb-e1bd88d3fd07/1/PmCXaYaG4VVfUfbIg7xaWFSbI2I.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  5.175.249.0/24
                  77.90.57.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:09:23:be:0a:be:14:4e:ca:91:66:8c:ee:a8:4a:27:9f:79:
         13:0b:89:a0:d7:33:4f:8d:5d:f1:da:6d:50:d9:af:69:d8:f5:
         e2:d7:10:ef:df:37:41:4f:4c:39:63:1d:2a:16:bd:b1:ab:69:
         1b:83:6b:b5:cb:9a:3a:07:ad:5e:d4:79:24:6e:7e:3d:9e:a5:
         fd:07:02:15:28:e3:e0:25:fe:c8:ee:53:78:88:b8:46:39:13:
         ec:60:a6:8d:32:6f:62:68:1b:fc:bb:2c:71:2c:0e:d8:ad:e0:
         f8:dd:98:2e:ed:a8:4c:57:25:35:ad:03:38:b4:9a:d2:72:37:
         ea:58:38:e9:a4:9a:b9:68:af:0c:0a:8f:1d:44:18:42:b5:11:
         41:ad:1a:41:97:76:06:d8:bb:04:99:34:58:99:08:03:90:03:
         a6:19:6d:62:26:c1:c0:0a:7d:a4:77:02:02:5f:28:9a:b1:2d:
         62:f0:1c:88:66:53:45:27:13:b0:cc:61:cf:01:4e:df:db:9b:
         35:4a:8b:1b:73:9e:12:4c:a2:f7:7b:51:11:a9:fc:c3:c6:d9:
         e4:29:b5:e0:8b:f5:ef:ed:7b:40:b2:0a:bc:0b:7f:ee:c6:e7:
         7c:aa:95:d3:cd:0f:37:36:38:47:ac:b6:fe:52:59:f1:b6:fa:
         b2:71:82:e4
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZZXLfDJLrcUQ+ueoKaMgHrVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlNjA5NzY5ODY4NmUxNTU1ZjUxZjZjODgzYmM1YTU4NTQ5
YjIzNjIwHhcNMjUwNDIxMDcwOTEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWFiNWQxMDRiNjAzMzcxMDU2YjEyMzVjZGEwZDQ3YTliYzcxMTk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAta1dwy9Z41p9t8bqWt4VptVA4Arc
1yl+Sq5HR8MmXYDwphv3+8KXWqW+VPdMGCr0zrRuP3TgoV7yMp+T02aF1+7XLl1g
nJRo4x2dmGsy1MswXHlyOYh1e/JLOX1DP3RDsGSpV3X0k5IYKEK6hUCB8g5mVHfG
nocOk+AKygEiHt3YRsgDb7VKVsN+UAJ4WmiD+vGm19v89GLeBWzJdhvu9ei8WHfL
Kn4ov61OBNdCW4aLy7R6tz5zMvk9sPVwN8apEL+jZ+DHf0WmMotoviWGMV56OxWd
IPbOFxMrm/1QA77uzonXpWgnhGfRHUwcBxUxhFCNWtY9Lo7BEU6kCU4KvQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFMqrXRBLYDNxBWsSNc2g1HqbxxGWMB8GA1UdIwQY
MBaAFD5gl2mGhuFVX1H2yIO8WlhUmyNiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGIt
ZTFiZDg4ZDNmZDA3LzEveXF0ZEVFdGdNM0VGYXhJMXphRFVlcHZIRVpZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMC85NjU4MzctNTJjYi00NmI0LWFlZGItZTFiZDg4ZDNmZDA3
LzEvUG1DWGFZYUc0VlZmVWZiSWc3eGFXRlNiSTJJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABa/5AwQA
TVo5MA0GCSqGSIb3DQEBCwUAA4IBAQAMCSO+Cr4UTsqRZozuqEonn3kTC4mg1zNP
jV3x2m1Q2a9p2PXi1xDv3zdBT0w5Yx0qFr2xq2kbg2u1y5o6B61e1Hkkbn49nqX9
BwIVKOPgJf7I7lN4iLhGORPsYKaNMm9iaBv8uyxxLA7YreD43Zgu7ahMVyU1rQM4
tJrScjfqWDjppJq5aK8MCo8dRBhCtRFBrRpBl3YG2LsEmTRYmQgDkAOmGW1iJsHA
Cn2kdwICXyiasS1i8ByIZlNFJxOwzGHPAU7f25s1Sosbc54STKL3e1ERqfzDxtnk
KbXgi/Xv7XtAsgq8C3/uxud8qpXTzQ83NjhHrLb+UlnxtvqycYLk
-----END CERTIFICATE-----