Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/02kstygB_1Q-T4WpJF1fDwmJj7Y.roa
File:                     02kstygB_1Q-T4WpJF1fDwmJj7Y.roa (raw, json)
Hash identifier:          1yQLO6zXVi4jG2bubLFyNc7MiwNkUFoEG9KeznEMEp4=
Subject key identifier:   D3:69:2C:B7:28:01:FF:54:3E:4F:85:A9:24:5D:5F:0F:09:89:8F:B6
Certificate issuer:       /CN=66e92c341e769443fde1d27566044b4b65159060
Certificate serial:       01942521F4C0777A8D300B4E3567C50CDC44
Authority key identifier: 66:E9:2C:34:1E:76:94:43:FD:E1:D2:75:66:04:4B:4B:65:15:90:60
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/ZuksNB52lEP94dJ1ZgRLS2UVkGA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/02kstygB_1Q-T4WpJF1fDwmJj7Y.roa
Signing time:             Thu 02 Jan 2025 03:49:29 +0000
ROA not before:           Thu 02 Jan 2025 03:49:29 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     211675
IP address blocks:        104.219.72.0/23 maxlen: 23
                          2a0d:da06::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/ZuksNB52lEP94dJ1ZgRLS2UVkGA.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/ZuksNB52lEP94dJ1ZgRLS2UVkGA.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/ZuksNB52lEP94dJ1ZgRLS2UVkGA.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 08 Apr 2025 00:01:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:25:21:f4:c0:77:7a:8d:30:0b:4e:35:67:c5:0c:dc:44
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=66e92c341e769443fde1d27566044b4b65159060
        Validity
            Not Before: Jan  2 03:49:29 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d3692cb72801ff543e4f85a9245d5f0f09898fb6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:d0:98:53:49:2d:b1:4b:1f:c8:fc:c1:c9:35:
                    59:03:8c:ea:0d:aa:cc:2b:05:2c:e2:92:51:c8:17:
                    a7:9d:2a:69:36:af:e0:c5:ff:fd:c8:e6:cd:df:a5:
                    55:b7:79:b9:51:00:65:fa:e6:cb:7b:e0:58:5a:af:
                    cf:2d:4f:86:24:9c:bc:fc:1d:ca:5c:59:d7:f3:d6:
                    81:68:19:b9:e4:fd:a7:b5:b2:c8:00:b0:84:0c:83:
                    ad:23:a7:23:38:4e:24:c1:f0:85:23:7a:dc:48:82:
                    b6:41:ed:1d:48:1c:96:6c:0f:ea:3b:b3:54:6c:05:
                    5f:9e:f5:c5:7f:dc:12:0c:23:f6:66:e3:b1:84:c2:
                    4e:00:59:ac:4a:29:f0:32:a8:ef:b5:74:18:5a:a5:
                    f4:a6:a5:20:eb:4e:31:e5:96:f5:64:4d:79:32:8c:
                    d2:ae:5f:1c:95:5a:54:87:ae:4f:6f:75:e7:bb:07:
                    d4:fb:84:f3:c6:7d:7c:c6:f4:f6:dc:64:9d:81:82:
                    e8:20:8c:91:e5:1e:95:75:a4:ab:d2:c6:21:e7:16:
                    39:3d:01:6d:f6:6a:ce:03:df:95:8c:76:7e:cf:f7:
                    a1:1c:d6:e9:ab:5b:8a:2d:83:9c:36:5b:27:ee:73:
                    b2:15:0e:03:59:f3:00:2d:9f:72:df:73:31:27:9d:
                    ec:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:69:2C:B7:28:01:FF:54:3E:4F:85:A9:24:5D:5F:0F:09:89:8F:B6
            X509v3 Authority Key Identifier:
                keyid:66:E9:2C:34:1E:76:94:43:FD:E1:D2:75:66:04:4B:4B:65:15:90:60

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ZuksNB52lEP94dJ1ZgRLS2UVkGA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/02kstygB_1Q-T4WpJF1fDwmJj7Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/99/8f1968-a79a-4a07-ace6-c1d296f8fd07/1/ZuksNB52lEP94dJ1ZgRLS2UVkGA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.219.72.0/23
                IPv6:
                  2a0d:da06::/32

    Signature Algorithm: sha256WithRSAEncryption
         6d:8b:0b:7e:01:cb:b2:d7:51:01:46:1f:c1:47:60:fc:77:6e:
         22:d2:6c:89:47:6a:38:19:55:3f:13:07:6f:82:96:af:78:4a:
         12:2d:6b:24:6f:11:f8:52:1f:62:5f:a7:26:1d:08:39:33:0d:
         61:51:0f:7a:c9:ef:26:e4:db:e5:3f:17:3c:b7:42:48:fb:a9:
         7d:4b:ab:c8:48:ea:42:5f:58:60:70:cd:a0:17:1e:ed:5f:fa:
         fa:10:ed:9a:55:88:8f:87:ee:0a:02:36:0a:2e:d0:70:16:4b:
         20:8e:4a:f0:1c:eb:df:fb:6c:8c:71:e7:1b:94:30:1d:6c:81:
         be:a6:cc:e2:ca:88:2f:ac:61:b4:b3:e9:9b:95:da:fa:62:16:
         cb:7f:a5:73:fb:9d:d1:42:1a:bd:99:83:9d:80:53:62:77:02:
         c8:18:9b:43:2b:40:1e:3e:81:47:10:8e:ea:0c:98:ac:17:5d:
         7a:39:99:f5:19:c4:02:82:07:ca:60:7a:8b:e0:f1:ee:c5:48:
         84:39:fe:17:ce:6f:f3:f9:52:bf:7a:26:f8:bc:15:7b:8d:13:
         3a:7a:a0:ff:5d:7c:bd:18:a3:77:89:79:05:6e:38:b3:d5:12:
         b6:3d:5f:a5:8a:18:f8:18:ae:cf:99:91:a4:bd:fb:0f:d2:d9:
         ce:10:4a:26
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQlIfTAd3qNMAtONWfFDNxEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY2ZTkyYzM0MWU3Njk0NDNmZGUxZDI3NTY2MDQ0YjRiNjUx
NTkwNjAwHhcNMjUwMTAyMDM0OTI5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzY5MmNiNzI4MDFmZjU0M2U0Zjg1YTkyNDVkNWYwZjA5ODk4ZmI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9CYU0ktsUsfyPzByTVZA4zqDarM
KwUs4pJRyBennSppNq/gxf/9yObN36VVt3m5UQBl+ubLe+BYWq/PLU+GJJy8/B3K
XFnX89aBaBm55P2ntbLIALCEDIOtI6cjOE4kwfCFI3rcSIK2Qe0dSByWbA/qO7NU
bAVfnvXFf9wSDCP2ZuOxhMJOAFmsSinwMqjvtXQYWqX0pqUg604x5Zb1ZE15MozS
rl8clVpUh65Pb3XnuwfU+4Tzxn18xvT23GSdgYLoIIyR5R6VdaSr0sYh5xY5PQFt
9mrOA9+VjHZ+z/ehHNbpq1uKLYOcNlsn7nOyFQ4DWfMALZ9y33MxJ53snQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNNpLLcoAf9UPk+FqSRdXw8JiY+2MB8GA1UdIwQY
MBaAFGbpLDQedpRD/eHSdWYES0tlFZBgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWnVrc05CNTJsRVA5NGRKMVpnUkxTMlVWa0dBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OS84ZjE5NjgtYTc5YS00YTA3LWFjZTYt
YzFkMjk2ZjhmZDA3LzEvMDJrc3R5Z0JfMVEtVDRXcEpGMWZEd21KajdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OS84ZjE5NjgtYTc5YS00YTA3LWFjZTYtYzFkMjk2ZjhmZDA3
LzEvWnVrc05CNTJsRVA5NGRKMVpnUkxTMlVWa0dBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQBaNtIMA0E
AgACMAcDBQAqDdoGMA0GCSqGSIb3DQEBCwUAA4IBAQBtiwt+Acuy11EBRh/BR2D8
d24i0myJR2o4GVU/EwdvgpaveEoSLWskbxH4Uh9iX6cmHQg5Mw1hUQ96ye8m5Nvl
Pxc8t0JI+6l9S6vISOpCX1hgcM2gFx7tX/r6EO2aVYiPh+4KAjYKLtBwFksgjkrw
HOvf+2yMcecblDAdbIG+psziyogvrGG0s+mbldr6YhbLf6Vz+53RQhq9mYOdgFNi
dwLIGJtDK0AePoFHEI7qDJisF116OZn1GcQCggfKYHqL4PHuxUiEOf4Xzm/z+VK/
eib4vBV7jRM6eqD/XXy9GKN3iXkFbjiz1RK2PV+lihj4GK7PmZGkvfsP0tnOEEom
-----END CERTIFICATE-----