Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/YcTIc32XZA-ghsWcGzLeleFcTdg.roa
File:                     YcTIc32XZA-ghsWcGzLeleFcTdg.roa (raw, json)
Hash identifier:          hArIQsrZH8U5ODHNwYYROkxmUYJ8DizJuV1l/Z6DTPE=
Subject key identifier:   61:C4:C8:73:7D:97:64:0F:A0:86:C5:9C:1B:32:DE:95:E1:5C:4D:D8
Certificate issuer:       /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial:       019680F6F54E72CC591233159B336F374279
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/YcTIc32XZA-ghsWcGzLeleFcTdg.roa
Signing time:             Tue 29 Apr 2025 09:53:10 +0000
ROA not before:           Tue 29 Apr 2025 09:53:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     41474
IP address blocks:        152.53.172.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 04 May 2025 13:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:80:f6:f5:4e:72:cc:59:12:33:15:9b:33:6f:37:42:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
        Validity
            Not Before: Apr 29 09:53:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=61c4c8737d97640fa086c59c1b32de95e15c4dd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d6:ce:cb:fd:18:ff:fd:d7:9e:99:3d:65:98:
                    9a:33:a8:70:36:ac:54:7a:63:22:7c:fc:20:7d:39:
                    f5:40:52:61:5b:6d:d0:4c:36:4f:40:5a:35:76:25:
                    ae:d6:ea:21:74:64:e4:0a:da:d0:e4:d2:10:8a:88:
                    45:b9:dc:8c:2a:3d:5c:ad:93:53:b6:7c:56:50:ab:
                    65:14:e0:e9:e6:37:73:88:46:84:50:03:29:f9:0f:
                    75:e3:8a:12:cf:65:93:45:d9:56:b3:a7:36:98:e9:
                    99:92:10:04:ca:4c:d4:bc:53:a5:dc:d5:4e:d8:72:
                    55:54:a1:d6:24:a9:ae:e9:e5:7d:fb:59:9d:1e:7d:
                    1f:8e:8a:d1:38:7e:aa:70:ae:64:ad:3c:c6:f8:ac:
                    21:d8:21:c3:6f:8c:cd:bb:92:c1:dc:ec:a6:5e:86:
                    4b:c2:23:b7:ff:a5:44:2b:28:b3:54:da:3e:5c:91:
                    da:4a:99:0c:7b:b1:83:f3:d9:5b:dd:83:ae:8f:7b:
                    93:a9:48:a3:05:c6:81:cc:95:00:4a:50:2b:6d:2d:
                    32:a4:8a:74:f3:02:17:4c:56:ac:e2:9a:de:25:ea:
                    a1:49:7e:28:7b:ff:86:f9:e0:dc:94:88:15:fd:19:
                    5a:c8:86:39:67:32:01:98:1c:e9:5c:7c:3b:fc:12:
                    7e:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:C4:C8:73:7D:97:64:0F:A0:86:C5:9C:1B:32:DE:95:E1:5C:4D:D8
            X509v3 Authority Key Identifier:
                keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/YcTIc32XZA-ghsWcGzLeleFcTdg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.53.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         23:7a:c9:66:63:f1:32:34:8f:38:df:71:8f:fe:90:a3:fa:e0:
         72:6d:8d:59:87:73:64:40:ad:58:2f:0d:50:e3:c1:56:31:a7:
         eb:90:f9:6b:e8:43:76:5a:dc:68:ca:52:e6:2f:ed:b8:f5:9b:
         2d:18:f1:c3:0e:c4:c7:ab:81:9b:4b:68:8b:46:d9:fa:e8:b6:
         ff:bc:46:ad:e1:8b:e0:a2:e0:ff:01:49:a1:4d:d2:fa:7f:dc:
         e2:88:d0:0d:2f:53:9c:70:10:9f:8f:4a:f8:46:c0:d0:55:7b:
         90:af:74:d9:87:96:db:c4:05:e3:a9:89:f3:fa:4c:1e:1a:0a:
         9c:25:63:7a:ab:21:4a:f3:a4:ac:38:a8:78:ec:e1:65:70:e3:
         bf:44:91:44:89:62:ec:9a:06:6c:f9:33:3e:5c:9f:f1:34:9f:
         a1:40:cc:d2:72:50:e9:15:27:4e:91:48:12:96:5f:04:19:d3:
         c2:67:8f:2c:f3:46:65:c0:cf:b7:4f:67:51:96:99:3f:a8:99:
         d0:ba:fc:75:06:6f:b8:ea:1b:26:fe:da:34:80:2d:bb:90:43:
         b1:e2:fe:88:f9:60:8c:0e:1b:11:34:a4:c2:8a:eb:f3:6a:7c:
         db:16:a6:5e:5d:51:d9:6b:fe:2c:39:92:5f:50:5f:7a:fd:73:
         bc:33:39:12
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZaA9vVOcsxZEjMVmzNvN0J5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjUwNDI5MDk1MzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MWM0Yzg3MzdkOTc2NDBmYTA4NmM1OWMxYjMyZGU5NWUxNWM0ZGQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9bOy/0Y//3Xnpk9ZZiaM6hwNqxU
emMifPwgfTn1QFJhW23QTDZPQFo1diWu1uohdGTkCtrQ5NIQiohFudyMKj1crZNT
tnxWUKtlFODp5jdziEaEUAMp+Q9144oSz2WTRdlWs6c2mOmZkhAEykzUvFOl3NVO
2HJVVKHWJKmu6eV9+1mdHn0fjorROH6qcK5krTzG+Kwh2CHDb4zNu5LB3OymXoZL
wiO3/6VEKyizVNo+XJHaSpkMe7GD89lb3YOuj3uTqUijBcaBzJUASlArbS0ypIp0
8wIXTFas4preJeqhSX4oe/+G+eDclIgV/RlayIY5ZzIBmBzpXHw7/BJ+yQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGHEyHN9l2QPoIbFnBsy3pXhXE3YMB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEvWWNUSWMzMlhaQS1naHNXY0d6TGVsZUZjVGRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCmDWsMA0G
CSqGSIb3DQEBCwUAA4IBAQAjeslmY/EyNI8433GP/pCj+uBybY1Zh3NkQK1YLw1Q
48FWMafrkPlr6EN2WtxoylLmL+249ZstGPHDDsTHq4GbS2iLRtn66Lb/vEat4Yvg
ouD/AUmhTdL6f9ziiNANL1OccBCfj0r4RsDQVXuQr3TZh5bbxAXjqYnz+kweGgqc
JWN6qyFK86SsOKh47OFlcOO/RJFEiWLsmgZs+TM+XJ/xNJ+hQMzSclDpFSdOkUgS
ll8EGdPCZ48s80ZlwM+3T2dRlpk/qJnQuvx1Bm+46hsm/to0gC27kEOx4v6I+WCM
DhsRNKTCiuvzanzbFqZeXVHZa/4sOZJfUF96/XO8MzkS
-----END CERTIFICATE-----