Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/P_YLDNHbr_IyGBxY7EJ2hSKv9Us.roa
File:                     P_YLDNHbr_IyGBxY7EJ2hSKv9Us.roa (raw, json)
Hash identifier:          FpTTUREL451OenPx32RNLHMbOycXdJhjOd2v1Is6e1k=
Subject key identifier:   3F:F6:0B:0C:D1:DB:AF:F2:32:18:1C:58:EC:42:76:85:22:AF:F5:4B
Certificate issuer:       /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial:       0196C9184018B79594450E66760CD94B92F4
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/P_YLDNHbr_IyGBxY7EJ2hSKv9Us.roa
Signing time:             Tue 13 May 2025 10:02:11 +0000
ROA not before:           Tue 13 May 2025 10:02:11 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     58061
IP address blocks:        185.106.95.0/24 maxlen: 24
                          185.109.21.0/24 maxlen: 24
                          213.108.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 15 Jun 2025 19:00:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:c9:18:40:18:b7:95:94:45:0e:66:76:0c:d9:4b:92:f4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
        Validity
            Not Before: May 13 10:02:11 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=3ff60b0cd1dbaff232181c58ec42768522aff54b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:ed:8d:ab:8e:83:cb:85:6a:32:34:71:b9:eb:
                    df:85:37:1c:ac:39:f9:71:86:22:a0:29:f6:78:ba:
                    b0:55:0c:e3:c7:75:4d:a2:f6:72:a9:cc:e1:1a:ae:
                    7c:76:14:69:6b:81:f7:98:cb:fd:dd:5a:ef:eb:b0:
                    71:f8:2f:c3:f0:89:ce:04:8d:71:c9:4a:f5:46:ad:
                    80:37:af:97:77:bb:13:22:1a:d6:d4:19:5d:9d:79:
                    b1:43:c8:95:fc:2c:da:64:06:cd:3d:2a:b4:a8:05:
                    4e:c7:5c:61:14:04:cd:bd:1f:50:54:4d:06:bd:7b:
                    f9:32:bb:09:53:f5:81:82:4d:bf:5a:45:8d:77:b9:
                    ef:25:7d:03:b4:1b:f4:74:0a:e3:8f:6e:4e:73:d4:
                    0e:e0:41:6c:e6:d6:26:40:38:c3:30:33:41:23:64:
                    03:f2:bd:3a:e4:42:2b:37:57:6f:00:e1:de:15:7f:
                    20:f9:72:2b:bd:bf:27:b4:d3:46:ec:8d:14:25:c8:
                    f4:3d:86:39:d7:0d:93:03:47:f6:82:82:8a:54:39:
                    18:6c:3f:91:af:87:5e:73:03:71:4f:8e:8f:2f:63:
                    d5:3e:92:ae:e6:53:1f:c5:6e:ab:c1:e1:38:0b:05:
                    91:87:15:24:ce:62:14:cf:b7:74:48:cd:71:5c:12:
                    b9:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:F6:0B:0C:D1:DB:AF:F2:32:18:1C:58:EC:42:76:85:22:AF:F5:4B
            X509v3 Authority Key Identifier:
                keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/P_YLDNHbr_IyGBxY7EJ2hSKv9Us.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.106.95.0/24
                  185.109.21.0/24
                  213.108.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         55:65:2c:f7:81:9a:50:2d:e3:c1:6b:5b:9b:2d:2d:50:7b:44:
         b6:0e:e2:58:6f:79:b7:e9:90:2c:f1:c1:51:6d:09:ce:59:85:
         23:7f:c5:28:6c:3a:22:f5:0b:fb:3a:f9:ec:3c:62:de:d7:81:
         9b:de:a7:a5:4d:eb:30:eb:ca:30:23:d8:5d:20:61:ad:ba:a5:
         6a:1a:17:a2:a8:1c:1b:98:22:a2:1b:62:97:94:00:e2:b9:ce:
         21:4d:14:8c:f7:22:99:8a:eb:0e:63:19:cc:1f:79:02:22:81:
         93:e9:73:0a:9e:63:46:21:03:fe:96:70:32:10:27:fc:2e:36:
         5f:82:7f:ca:28:a8:0e:7f:56:95:6a:47:05:a1:55:b2:13:8a:
         31:a3:22:bd:60:58:87:a4:5d:e8:d2:74:d8:15:32:2d:22:c7:
         60:b7:79:18:92:c2:0f:9c:7d:e0:ea:1d:c8:7c:a5:b8:08:e6:
         40:f8:c8:4e:fa:6a:eb:c8:b3:75:08:66:b9:20:c2:54:76:d7:
         48:fb:35:d1:6f:ae:52:0e:32:6b:4d:87:9c:91:9c:e5:85:25:
         54:58:4a:2b:99:20:9c:32:93:dc:ec:4d:3f:cd:49:53:ba:10:
         ae:6d:44:f7:da:b2:a7:f3:2e:a4:82:1f:a5:83:96:d9:59:80:
         5f:5d:92:19
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZbJGEAYt5WURQ5mdgzZS5L0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjUwNTEzMTAwMjExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmY2MGIwY2QxZGJhZmYyMzIxODFjNThlYzQyNzY4NTIyYWZmNTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+2Nq46Dy4VqMjRxuevfhTccrDn5
cYYioCn2eLqwVQzjx3VNovZyqczhGq58dhRpa4H3mMv93Vrv67Bx+C/D8InOBI1x
yUr1Rq2AN6+Xd7sTIhrW1BldnXmxQ8iV/CzaZAbNPSq0qAVOx1xhFATNvR9QVE0G
vXv5MrsJU/WBgk2/WkWNd7nvJX0DtBv0dArjj25Oc9QO4EFs5tYmQDjDMDNBI2QD
8r065EIrN1dvAOHeFX8g+XIrvb8ntNNG7I0UJcj0PYY51w2TA0f2goKKVDkYbD+R
r4decwNxT46PL2PVPpKu5lMfxW6rweE4CwWRhxUkzmIUz7d0SM1xXBK5jwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFD/2CwzR26/yMhgcWOxCdoUir/VLMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvUF9ZTEROSGJyX0l5R0J4WTdFSjJoU0t2OVVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuWpfAwQA
uW0VAwQA1WzHMA0GCSqGSIb3DQEBCwUAA4IBAQBVZSz3gZpQLePBa1ubLS1Qe0S2
DuJYb3m36ZAs8cFRbQnOWYUjf8UobDoi9Qv7OvnsPGLe14Gb3qelTesw68owI9hd
IGGtuqVqGheiqBwbmCKiG2KXlADiuc4hTRSM9yKZiusOYxnMH3kCIoGT6XMKnmNG
IQP+lnAyECf8LjZfgn/KKKgOf1aVakcFoVWyE4oxoyK9YFiHpF3o0nTYFTItIsdg
t3kYksIPnH3g6h3IfKW4COZA+MhO+mrryLN1CGa5IMJUdtdI+zXRb65SDjJrTYec
kZzlhSVUWEormSCcMpPc7E0/zUlTuhCubUT32rKn8y6kgh+lg5bZWYBfXZIZ
-----END CERTIFICATE-----