Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/43/a86dfb-1204-47e3-ad76-ae7727949445/1/YFJicIZOsKffrZlgqGfXDM6-Vko.roa
File:                     YFJicIZOsKffrZlgqGfXDM6-Vko.roa (raw, json)
Hash identifier:          clBAf9+wIJJTmEssFM2b37Ghk44VkYVJfz08MTSBlTw=
Subject key identifier:   60:52:62:70:86:4E:B0:A7:DF:AD:99:60:A8:67:D7:0C:CE:BE:56:4A
Certificate issuer:       /CN=44a31be35b3274f2cb857e5af3568b685a89127d
Certificate serial:       019759899349768A4CA921E29081CE0B4886
Authority key identifier: 44:A3:1B:E3:5B:32:74:F2:CB:85:7E:5A:F3:56:8B:68:5A:89:12:7D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/RKMb41sydPLLhX5a81aLaFqJEn0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/43/a86dfb-1204-47e3-ad76-ae7727949445/1/YFJicIZOsKffrZlgqGfXDM6-Vko.roa
Signing time:             Tue 10 Jun 2025 11:11:17 +0000
ROA not before:           Tue 10 Jun 2025 11:11:17 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     25191
IP address blocks:        195.26.24.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/43/a86dfb-1204-47e3-ad76-ae7727949445/1/RKMb41sydPLLhX5a81aLaFqJEn0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/43/a86dfb-1204-47e3-ad76-ae7727949445/1/RKMb41sydPLLhX5a81aLaFqJEn0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/RKMb41sydPLLhX5a81aLaFqJEn0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 22:19:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:59:89:93:49:76:8a:4c:a9:21:e2:90:81:ce:0b:48:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=44a31be35b3274f2cb857e5af3568b685a89127d
        Validity
            Not Before: Jun 10 11:11:17 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=60526270864eb0a7dfad9960a867d70ccebe564a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:18:21:86:c4:51:05:8a:fe:43:4c:8d:4a:b4:
                    13:df:ef:1c:4e:74:bc:a6:54:11:31:f3:9a:b1:98:
                    5d:ea:ec:19:09:53:f2:4a:c6:93:1f:30:f2:2e:eb:
                    77:92:4d:11:57:54:68:9b:21:ec:c1:53:c0:70:b2:
                    9f:98:ed:43:fe:a9:90:0c:42:c7:97:5f:5c:2c:32:
                    ba:ca:5c:dc:74:1a:d9:54:50:e1:e9:f1:06:9f:58:
                    df:99:74:83:d0:c0:89:a6:21:56:6b:de:e2:f7:f1:
                    4e:03:5b:f9:ee:6a:12:b9:5f:70:a8:b4:1b:2b:84:
                    ec:54:03:30:fa:0e:a0:73:57:62:14:f7:52:24:e0:
                    df:a4:d0:51:16:85:ae:26:3b:fa:0a:9f:20:f7:2c:
                    04:86:23:9f:d3:5b:27:f7:b7:57:1b:66:95:cc:3b:
                    e0:f6:21:08:e5:4e:65:b6:fa:6a:df:02:2e:af:5a:
                    0f:82:d9:91:6f:91:23:15:a7:96:63:5a:ea:71:b4:
                    59:72:ef:d2:d4:4f:37:7c:cf:d6:64:1b:99:0e:fc:
                    6c:01:a8:d0:5e:2c:37:b2:c0:b2:62:37:bb:20:16:
                    4e:7f:e9:c0:25:c2:ab:04:5c:72:f6:6d:81:96:4f:
                    e7:29:1e:aa:a9:07:f3:91:f8:7e:a6:ee:3f:97:94:
                    ba:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:52:62:70:86:4E:B0:A7:DF:AD:99:60:A8:67:D7:0C:CE:BE:56:4A
            X509v3 Authority Key Identifier:
                keyid:44:A3:1B:E3:5B:32:74:F2:CB:85:7E:5A:F3:56:8B:68:5A:89:12:7D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RKMb41sydPLLhX5a81aLaFqJEn0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a86dfb-1204-47e3-ad76-ae7727949445/1/YFJicIZOsKffrZlgqGfXDM6-Vko.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/43/a86dfb-1204-47e3-ad76-ae7727949445/1/RKMb41sydPLLhX5a81aLaFqJEn0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.26.24.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:93:58:17:0d:49:d8:d0:5a:2a:ed:be:b8:61:72:2a:2e:c5:
         28:a3:39:39:a8:43:a0:5e:79:01:60:d2:27:f9:7b:24:7b:17:
         7e:1f:ce:3f:24:cc:76:6b:f6:57:a8:2e:93:b1:c6:f4:e2:b7:
         33:26:f9:98:8c:84:82:bb:33:f0:15:f4:a9:b0:85:c1:a7:5e:
         b2:88:63:0d:03:94:96:b6:da:3d:dc:4f:a2:0c:35:d0:fd:42:
         99:2e:3b:63:25:13:2f:4a:71:c3:23:68:fb:25:f9:00:e5:6a:
         3b:7a:57:9c:d1:76:bd:b9:1a:b8:60:ef:3a:2a:f8:7c:6e:b0:
         cc:4e:93:98:0d:58:ae:ad:a3:31:4c:cb:65:de:49:bd:36:a5:
         66:4c:12:a2:b2:24:ac:e9:6e:82:e6:49:44:a5:0f:f6:71:33:
         2e:91:b9:cd:41:28:cd:5a:36:8f:0c:8a:24:d7:4e:21:9e:fc:
         30:3b:de:60:63:89:2f:aa:7f:a7:36:ba:95:a1:b8:3c:25:2e:
         36:02:33:fb:c5:ad:59:c9:11:03:86:31:c8:1e:cc:e2:e7:de:
         e3:2f:ec:6e:e4:09:a1:b3:ce:bd:97:2b:68:ca:3c:bd:dd:38:
         12:20:b4:1b:0c:c0:f4:15:a3:f4:d1:a4:91:cf:f6:37:2e:aa:
         5b:b6:a3:3f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZdZiZNJdopMqSHikIHOC0iGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ0YTMxYmUzNWIzMjc0ZjJjYjg1N2U1YWYzNTY4YjY4NWE4
OTEyN2QwHhcNMjUwNjEwMTExMTE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDUyNjI3MDg2NGViMGE3ZGZhZDk5NjBhODY3ZDcwY2NlYmU1NjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyBghhsRRBYr+Q0yNSrQT3+8cTnS8
plQRMfOasZhd6uwZCVPySsaTHzDyLut3kk0RV1RomyHswVPAcLKfmO1D/qmQDELH
l19cLDK6ylzcdBrZVFDh6fEGn1jfmXSD0MCJpiFWa97i9/FOA1v57moSuV9wqLQb
K4TsVAMw+g6gc1diFPdSJODfpNBRFoWuJjv6Cp8g9ywEhiOf01sn97dXG2aVzDvg
9iEI5U5ltvpq3wIur1oPgtmRb5EjFaeWY1rqcbRZcu/S1E83fM/WZBuZDvxsAajQ
Xiw3ssCyYje7IBZOf+nAJcKrBFxy9m2Blk/nKR6qqQfzkfh+pu4/l5S6UwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGBSYnCGTrCn362ZYKhn1wzOvlZKMB8GA1UdIwQY
MBaAFESjG+NbMnTyy4V+WvNWi2haiRJ9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUktNYjQxc3lkUExMaFg1YTgxYUxhRnFKRW4wLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80My9hODZkZmItMTIwNC00N2UzLWFkNzYt
YWU3NzI3OTQ5NDQ1LzEvWUZKaWNJWk9zS2ZmclpsZ3FHZlhETTYtVmtvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80My9hODZkZmItMTIwNC00N2UzLWFkNzYtYWU3NzI3OTQ5NDQ1
LzEvUktNYjQxc3lkUExMaFg1YTgxYUxhRnFKRW4wLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwxoYMA0G
CSqGSIb3DQEBCwUAA4IBAQBvk1gXDUnY0Foq7b64YXIqLsUoozk5qEOgXnkBYNIn
+Xskexd+H84/JMx2a/ZXqC6Tscb04rczJvmYjISCuzPwFfSpsIXBp16yiGMNA5SW
tto93E+iDDXQ/UKZLjtjJRMvSnHDI2j7JfkA5Wo7elec0Xa9uRq4YO86Kvh8brDM
TpOYDViuraMxTMtl3km9NqVmTBKisiSs6W6C5klEpQ/2cTMukbnNQSjNWjaPDIok
104hnvwwO95gY4kvqn+nNrqVobg8JS42AjP7xa1ZyREDhjHIHszi597jL+xu5Amh
s869lytoyjy93TgSILQbDMD0FaP00aSRz/Y3LqpbtqM/
-----END CERTIFICATE-----