Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/ySMfV76exq091KBkzteS4wbjDRI.roa
File:                     ySMfV76exq091KBkzteS4wbjDRI.roa (raw, json)
Hash identifier:          yqmRUwariHrpevG/CUduCKeII5YG/LbAiP31WII353g=
Subject key identifier:   C9:23:1F:57:BE:9E:C6:AD:3D:D4:A0:64:CE:D7:92:E3:06:E3:0D:12
Certificate issuer:       /CN=c98adafb1f31f9889aa4735792b6e3db46931bb9
Certificate serial:       019668CDA838CA3F23000CC5653115E1FED6
Authority key identifier: C9:8A:DA:FB:1F:31:F9:88:9A:A4:73:57:92:B6:E3:DB:46:93:1B:B9
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/yYra-x8x-YiapHNXkrbj20aTG7k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/ySMfV76exq091KBkzteS4wbjDRI.roa
Signing time:             Thu 24 Apr 2025 17:17:10 +0000
ROA not before:           Thu 24 Apr 2025 17:17:10 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9304
IP address blocks:        141.138.74.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/yYra-x8x-YiapHNXkrbj20aTG7k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/yYra-x8x-YiapHNXkrbj20aTG7k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/yYra-x8x-YiapHNXkrbj20aTG7k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 27 Apr 2025 05:00:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:96:68:cd:a8:38:ca:3f:23:00:0c:c5:65:31:15:e1:fe:d6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c98adafb1f31f9889aa4735792b6e3db46931bb9
        Validity
            Not Before: Apr 24 17:17:10 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9231f57be9ec6ad3dd4a064ced792e306e30d12
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:74:8c:8d:f2:3d:76:22:18:45:e2:48:fa:48:
                    cb:de:d7:71:9f:87:7a:c9:7b:9a:76:d3:63:6e:69:
                    cc:0e:53:b4:01:b7:8a:9d:76:5c:8b:a3:b9:1e:75:
                    61:5f:52:fd:d3:8a:3f:83:a1:57:6e:74:a4:ed:1d:
                    1e:66:4d:95:da:3e:90:ed:89:15:02:0c:f8:90:bd:
                    49:66:8c:f4:5a:20:d4:11:bf:f4:e0:4e:31:fc:44:
                    ec:1c:55:ee:4e:3c:da:40:3e:21:f6:fe:78:60:f2:
                    15:26:b2:6a:db:e5:fa:13:ab:b0:31:fd:0a:b7:b2:
                    cb:ac:2b:53:d9:9e:3b:23:33:0f:0a:72:a1:1e:49:
                    d1:22:9f:9b:43:3c:a5:91:c9:76:f5:16:8e:51:07:
                    ee:3d:eb:83:11:5e:90:dd:5a:65:98:49:b6:37:8d:
                    04:d6:16:02:72:20:83:2c:36:2f:dd:b9:cb:be:ea:
                    2f:fc:9c:c4:a6:69:43:73:13:ab:ff:13:1e:f2:a0:
                    0c:9b:3b:f4:72:4d:f8:28:04:ce:88:c9:f5:dc:83:
                    0e:f3:c6:92:81:24:5c:08:1d:d0:f4:46:ae:82:51:
                    66:f0:56:60:35:27:f7:3d:35:79:86:17:df:b4:7b:
                    b8:a7:f3:67:ad:5f:16:8a:2a:d9:4c:35:4f:9e:18:
                    15:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:23:1F:57:BE:9E:C6:AD:3D:D4:A0:64:CE:D7:92:E3:06:E3:0D:12
            X509v3 Authority Key Identifier:
                keyid:C9:8A:DA:FB:1F:31:F9:88:9A:A4:73:57:92:B6:E3:DB:46:93:1B:B9

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yYra-x8x-YiapHNXkrbj20aTG7k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/ySMfV76exq091KBkzteS4wbjDRI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/e5/cd39be-3e25-4dbc-860f-3b103d5a690a/1/yYra-x8x-YiapHNXkrbj20aTG7k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  141.138.74.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:7e:33:6b:25:91:2a:85:96:d8:1f:6c:73:74:b9:12:02:59:
         4e:47:63:aa:0a:25:d3:1b:a5:6f:5e:5a:fe:81:11:4a:7a:b5:
         95:7f:9d:e6:b8:44:f0:9d:26:1b:39:10:e2:45:d4:40:4c:c3:
         ef:04:3c:70:2d:39:67:9d:d3:97:63:e7:a3:3b:f1:a0:2f:79:
         2f:ff:21:3f:1c:af:48:1a:5b:a0:c9:1a:ac:93:c0:01:c4:27:
         50:78:00:e1:ed:3b:2f:7f:83:48:a3:46:16:77:40:f6:c4:92:
         4c:9d:af:c5:f3:89:28:cf:81:f5:c5:a8:7d:af:02:cc:4c:ef:
         c1:27:df:d3:a0:41:4d:fa:aa:58:f3:cd:2c:56:4e:16:1c:34:
         49:6f:48:bb:ed:e3:a1:0d:09:b9:c5:a8:f8:3e:ac:c6:91:71:
         4e:df:c2:a5:5b:d4:1f:b9:44:f7:cb:e6:d2:cd:fd:1b:39:86:
         32:6c:64:e6:4b:05:15:ae:68:16:cd:c4:79:98:7a:f9:9a:9d:
         00:e8:b3:f3:34:ec:fc:da:c8:e4:52:fe:dd:d4:7b:89:b6:24:
         23:ae:9f:d5:7e:1b:b9:32:21:16:21:03:42:48:37:13:7f:70:
         67:89:20:30:b9:41:a9:62:d3:ab:58:81:e0:37:a6:8b:dd:79:
         dc:ea:03:00
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZZozag4yj8jAAzFZTEV4f7WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5OGFkYWZiMWYzMWY5ODg5YWE0NzM1NzkyYjZlM2RiNDY5
MzFiYjkwHhcNMjUwNDI0MTcxNzEwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOTIzMWY1N2JlOWVjNmFkM2RkNGEwNjRjZWQ3OTJlMzA2ZTMwZDEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvnSMjfI9diIYReJI+kjL3tdxn4d6
yXuadtNjbmnMDlO0AbeKnXZci6O5HnVhX1L904o/g6FXbnSk7R0eZk2V2j6Q7YkV
Agz4kL1JZoz0WiDUEb/04E4x/ETsHFXuTjzaQD4h9v54YPIVJrJq2+X6E6uwMf0K
t7LLrCtT2Z47IzMPCnKhHknRIp+bQzylkcl29RaOUQfuPeuDEV6Q3VplmEm2N40E
1hYCciCDLDYv3bnLvuov/JzEpmlDcxOr/xMe8qAMmzv0ck34KATOiMn13IMO88aS
gSRcCB3Q9EauglFm8FZgNSf3PTV5hhfftHu4p/NnrV8WiirZTDVPnhgVsQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFMkjH1e+nsatPdSgZM7XkuMG4w0SMB8GA1UdIwQY
MBaAFMmK2vsfMfmImqRzV5K249tGkxu5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveVlyYS14OHgtWWlhcEhOWGtyYmoyMGFURzdrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNS9jZDM5YmUtM2UyNS00ZGJjLTg2MGYt
M2IxMDNkNWE2OTBhLzEveVNNZlY3NmV4cTA5MUtCa3p0ZVM0d2JqRFJJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNS9jZDM5YmUtM2UyNS00ZGJjLTg2MGYtM2IxMDNkNWE2OTBh
LzEveVlyYS14OHgtWWlhcEhOWGtyYmoyMGFURzdrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAjYpKMA0G
CSqGSIb3DQEBCwUAA4IBAQBsfjNrJZEqhZbYH2xzdLkSAllOR2OqCiXTG6VvXlr+
gRFKerWVf53muETwnSYbORDiRdRATMPvBDxwLTlnndOXY+ejO/GgL3kv/yE/HK9I
GlugyRqsk8ABxCdQeADh7Tsvf4NIo0YWd0D2xJJMna/F84koz4H1xah9rwLMTO/B
J9/ToEFN+qpY880sVk4WHDRJb0i77eOhDQm5xaj4PqzGkXFO38KlW9QfuUT3y+bS
zf0bOYYybGTmSwUVrmgWzcR5mHr5mp0A6LPzNOz82sjkUv7d1HuJtiQjrp/Vfhu5
MiEWIQNCSDcTf3BniSAwuUGpYtOrWIHgN6aL3Xnc6gMA
-----END CERTIFICATE-----