Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/5afc37-0909-4d54-bcef-bd34e0a95a1e/1/yawZ00_1T1Sp8kgBpRr9kJDLMKE.roa
File:                     yawZ00_1T1Sp8kgBpRr9kJDLMKE.roa (raw, json)
Hash identifier:          a+4sT7IhaHQCrsjdIym/2JOKSsvSh3sX6W3E1vUrWYE=
Subject key identifier:   C9:AC:19:D3:4F:F5:4F:54:A9:F2:48:01:A5:1A:FD:90:90:CB:30:A1
Certificate issuer:       /CN=90a03b68f87da71c271c9cf5c82e955dbc65c104
Certificate serial:       01967C4134DDB3D0F2D00D84F0276EEC44BA
Authority key identifier: 90:A0:3B:68:F8:7D:A7:1C:27:1C:9C:F5:C8:2E:95:5D:BC:65:C1:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/kKA7aPh9pxwnHJz1yC6VXbxlwQQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/6a/5afc37-0909-4d54-bcef-bd34e0a95a1e/1/yawZ00_1T1Sp8kgBpRr9kJDLMKE.roa
Signing time:             Mon 28 Apr 2025 11:56:10 +0000
ROA not before:           Mon 28 Apr 2025 11:56:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     48062
IP address blocks:        185.197.180.0/24 maxlen: 26
                          2a10:f000::/32 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/6a/5afc37-0909-4d54-bcef-bd34e0a95a1e/1/kKA7aPh9pxwnHJz1yC6VXbxlwQQ.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/6a/5afc37-0909-4d54-bcef-bd34e0a95a1e/1/kKA7aPh9pxwnHJz1yC6VXbxlwQQ.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/kKA7aPh9pxwnHJz1yC6VXbxlwQQ.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 03:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:7c:41:34:dd:b3:d0:f2:d0:0d:84:f0:27:6e:ec:44:ba
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=90a03b68f87da71c271c9cf5c82e955dbc65c104
        Validity
            Not Before: Apr 28 11:56:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9ac19d34ff54f54a9f24801a51afd9090cb30a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:fa:69:f3:60:50:98:5e:c8:ec:01:be:aa:31:
                    aa:35:0b:bb:17:b0:f6:fe:80:36:99:00:ce:b7:16:
                    c4:53:be:f0:96:9e:34:7f:69:ab:02:8a:fd:c7:1e:
                    4c:44:8d:bb:bc:00:39:b8:31:0e:b8:b2:b0:8a:47:
                    c7:21:94:b1:fb:ae:c6:03:42:e8:25:04:9c:df:63:
                    4d:6c:c8:a6:d1:5d:61:25:6c:0b:de:2c:7b:5e:86:
                    77:fe:db:9c:ee:9d:06:b5:80:3e:d9:15:c4:ca:20:
                    1f:d3:69:7e:5f:b4:72:50:72:fc:66:c0:b0:4a:be:
                    13:ac:d3:84:5c:15:84:fe:5f:b3:15:9f:d5:90:c5:
                    e1:b1:2d:87:3c:b5:c9:a0:f1:61:de:37:58:40:85:
                    3d:aa:67:30:48:fe:08:a8:34:82:de:ba:bf:74:43:
                    a8:81:fd:cf:ce:fc:f7:a6:ce:cf:a9:2b:0d:6b:4d:
                    43:53:0f:98:48:f9:f6:49:24:09:f5:11:a2:af:fb:
                    8c:1b:7d:32:5d:c2:9a:11:bd:2c:5c:96:1d:9f:84:
                    4e:ac:3d:5d:d3:ed:c5:22:0f:15:bc:d2:10:c0:73:
                    f3:0f:f7:bd:70:76:36:50:5a:98:ed:52:c9:7b:9d:
                    61:9e:52:81:fb:1d:9f:30:48:0e:72:ab:e1:78:d8:
                    b6:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:AC:19:D3:4F:F5:4F:54:A9:F2:48:01:A5:1A:FD:90:90:CB:30:A1
            X509v3 Authority Key Identifier:
                keyid:90:A0:3B:68:F8:7D:A7:1C:27:1C:9C:F5:C8:2E:95:5D:BC:65:C1:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kKA7aPh9pxwnHJz1yC6VXbxlwQQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5afc37-0909-4d54-bcef-bd34e0a95a1e/1/yawZ00_1T1Sp8kgBpRr9kJDLMKE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/5afc37-0909-4d54-bcef-bd34e0a95a1e/1/kKA7aPh9pxwnHJz1yC6VXbxlwQQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.197.180.0/24
                IPv6:
                  2a10:f000::/32

    Signature Algorithm: sha256WithRSAEncryption
         0d:7a:63:3b:20:0c:ce:3e:c0:b2:0b:32:75:bf:56:a2:55:d4:
         74:a1:03:87:55:c7:bd:20:c9:f3:8f:60:09:4a:16:b9:ef:5f:
         1b:98:33:8f:1f:3f:e6:6d:23:23:d8:11:6e:d2:e7:7d:1d:35:
         33:12:16:35:4c:4c:43:ff:82:37:1d:60:fc:59:21:c5:c7:3c:
         9d:a0:1e:b1:86:94:47:98:11:32:80:98:14:ac:c0:c9:a9:50:
         15:25:a2:f2:88:f9:a0:12:8c:1d:17:92:ce:f1:9b:c1:ae:3c:
         5a:80:ca:b8:f9:2f:d0:21:aa:5e:fd:fc:44:ab:d1:10:b2:fb:
         a7:2a:27:db:4c:01:d8:79:01:05:fb:f0:aa:5e:8f:92:fa:99:
         f2:f3:0f:60:11:9d:56:89:a3:fd:0b:0b:fb:50:9d:3c:a0:65:
         a5:a1:41:5e:7f:23:37:6a:b6:a8:79:ef:60:87:6f:f4:bc:8f:
         63:f1:0b:e6:d1:39:e2:fd:a4:70:ac:5e:68:6f:78:de:7f:1d:
         90:ee:65:0e:83:fd:90:ae:f8:56:19:25:3f:cd:0f:0d:00:67:
         3c:7b:17:32:be:5b:5a:0b:3c:c9:24:6d:d9:c7:dc:18:0e:58:
         13:eb:ca:61:ba:19:72:81:3d:40:ec:18:d2:92:57:87:72:e4:
         bc:38:6a:2c
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZZ8QTTds9Dy0A2E8Cdu7ES6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkwYTAzYjY4Zjg3ZGE3MWMyNzFjOWNmNWM4MmU5NTVkYmM2
NWMxMDQwHhcNMjUwNDI4MTE1NjEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWFjMTlkMzRmZjU0ZjU0YTlmMjQ4MDFhNTFhZmQ5MDkwY2IzMGExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsfpp82BQmF7I7AG+qjGqNQu7F7D2
/oA2mQDOtxbEU77wlp40f2mrAor9xx5MRI27vAA5uDEOuLKwikfHIZSx+67GA0Lo
JQSc32NNbMim0V1hJWwL3ix7XoZ3/tuc7p0GtYA+2RXEyiAf02l+X7RyUHL8ZsCw
Sr4TrNOEXBWE/l+zFZ/VkMXhsS2HPLXJoPFh3jdYQIU9qmcwSP4IqDSC3rq/dEOo
gf3Pzvz3ps7PqSsNa01DUw+YSPn2SSQJ9RGir/uMG30yXcKaEb0sXJYdn4ROrD1d
0+3FIg8VvNIQwHPzD/e9cHY2UFqY7VLJe51hnlKB+x2fMEgOcqvheNi22wIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFMmsGdNP9U9UqfJIAaUa/ZCQyzChMB8GA1UdIwQY
MBaAFJCgO2j4faccJxyc9cgulV28ZcEEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva0tBN2FQaDlweHduSEp6MXlDNlZYYnhsd1FRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS81YWZjMzctMDkwOS00ZDU0LWJjZWYt
YmQzNGUwYTk1YTFlLzEveWF3WjAwXzFUMVNwOGtnQnBScjlrSkRMTUtFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS81YWZjMzctMDkwOS00ZDU0LWJjZWYtYmQzNGUwYTk1YTFl
LzEva0tBN2FQaDlweHduSEp6MXlDNlZYYnhsd1FRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAucW0MA0E
AgACMAcDBQAqEPAAMA0GCSqGSIb3DQEBCwUAA4IBAQANemM7IAzOPsCyCzJ1v1ai
VdR0oQOHVce9IMnzj2AJSha5718bmDOPHz/mbSMj2BFu0ud9HTUzEhY1TExD/4I3
HWD8WSHFxzydoB6xhpRHmBEygJgUrMDJqVAVJaLyiPmgEowdF5LO8ZvBrjxagMq4
+S/QIape/fxEq9EQsvunKifbTAHYeQEF+/CqXo+S+pny8w9gEZ1WiaP9Cwv7UJ08
oGWloUFefyM3araoee9gh2/0vI9j8Qvm0Tni/aRwrF5ob3jefx2Q7mUOg/2QrvhW
GSU/zQ8NAGc8excyvltaCzzJJG3Zx9wYDlgT68phuhlygT1A7BjSkleHcuS8OGos
-----END CERTIFICATE-----